Merge branch 'main' into main
commit
c43b5d84a8
|
@ -3,47 +3,17 @@ on:
|
|||
push:
|
||||
paths:
|
||||
- '.new-additions'
|
||||
- 'http/cnvd/2017/CNVD-2017-06001.yaml'
|
||||
- 'http/cves/2023/CVE-2023-29827.yaml'
|
||||
- 'http/cves/2023/CVE-2023-35158.yaml'
|
||||
- 'http/cves/2023/CVE-2023-36347.yaml'
|
||||
- 'http/cves/2023/CVE-2023-43374.yaml'
|
||||
- 'http/cves/2023/CVE-2023-44813.yaml'
|
||||
- 'http/cves/2023/CVE-2023-45855.yaml'
|
||||
- 'http/cves/2023/CVE-2023-5991.yaml'
|
||||
- 'http/cves/2024/CVE-2024-0200.yaml'
|
||||
- 'http/cves/2024/CVE-2024-1561.yaml'
|
||||
- 'http/cves/2024/CVE-2024-3097.yaml'
|
||||
- 'http/default-logins/softether/softether-vpn-default-login.yaml'
|
||||
- 'http/exposed-panels/ackee-panel.yaml'
|
||||
- 'http/exposed-panels/craftercms-panel.yaml'
|
||||
- 'http/exposed-panels/easyvista-panel.yaml'
|
||||
- 'http/exposed-panels/fortinet/f5-next-central-manager.yaml'
|
||||
- 'http/exposed-panels/ghost-panel.yaml'
|
||||
- 'http/exposed-panels/matomo-panel.yaml'
|
||||
- 'http/exposed-panels/n8n-panel.yaml'
|
||||
- 'http/exposed-panels/nocodb-panel.yaml'
|
||||
- 'http/exposed-panels/pocketbase-panel.yaml'
|
||||
- 'http/exposed-panels/qlikview-accesspoint-panel.yaml'
|
||||
- 'http/exposed-panels/tiny-rss-panel.yaml'
|
||||
- 'http/exposed-panels/unleash-panel.yaml'
|
||||
- 'http/honeypot/tpot-honeypot-detect.yaml'
|
||||
- 'http/misconfiguration/installer/custom-xoops-installer.yaml'
|
||||
- 'http/misconfiguration/installer/froxlor-installer.yaml'
|
||||
- 'http/misconfiguration/installer/moosocial-installer.yaml'
|
||||
- 'http/misconfiguration/installer/phpmyfaq-installer.yaml'
|
||||
- 'http/misconfiguration/installer/trilium-notes-installer.yaml'
|
||||
- 'http/misconfiguration/unigui-server-monitor-exposure.yaml'
|
||||
- 'http/technologies/apache/apache-answer-detect.yaml'
|
||||
- 'http/technologies/boa-web-server.yaml'
|
||||
- 'http/technologies/craftercms-detect.yaml'
|
||||
- 'http/technologies/imgproxy-detect.yaml'
|
||||
- 'http/technologies/statamic-detect.yaml'
|
||||
- 'http/technologies/tinyproxy-detect.yaml'
|
||||
- 'http/technologies/uni-gui-framework.yaml'
|
||||
- 'http/technologies/wordpress/themes/wp-bricks-builder-theme.yaml'
|
||||
- 'http/vulnerabilities/other/castel-digital-sqli.yaml'
|
||||
- 'javascript/enumeration/checkpoint-firewall-enum.yaml'
|
||||
- 'http/cves/2021/CVE-2021-38146.yaml'
|
||||
- 'http/cves/2021/CVE-2021-38147.yaml'
|
||||
- 'http/cves/2023/CVE-2023-38194.yaml'
|
||||
- 'http/cves/2023/CVE-2023-43472.yaml'
|
||||
- 'http/cves/2023/CVE-2023-6505.yaml'
|
||||
- 'http/cves/2023/CVE-2023-6786.yaml'
|
||||
- 'http/cves/2024/CVE-2024-23692.yaml'
|
||||
- 'http/exposed-panels/oracle-application-server-panel.yaml'
|
||||
- 'http/exposed-panels/veeam-backup-manager-login.yaml'
|
||||
- 'http/exposed-panels/wildix-collaboration-panel.yaml'
|
||||
- 'http/technologies/nperf-server-detect.yaml'
|
||||
workflow_dispatch:
|
||||
jobs:
|
||||
triggerRemoteWorkflow:
|
||||
|
|
|
@ -1,41 +1,11 @@
|
|||
http/cnvd/2017/CNVD-2017-06001.yaml
|
||||
http/cves/2023/CVE-2023-29827.yaml
|
||||
http/cves/2023/CVE-2023-35158.yaml
|
||||
http/cves/2023/CVE-2023-36347.yaml
|
||||
http/cves/2023/CVE-2023-43374.yaml
|
||||
http/cves/2023/CVE-2023-44813.yaml
|
||||
http/cves/2023/CVE-2023-45855.yaml
|
||||
http/cves/2023/CVE-2023-5991.yaml
|
||||
http/cves/2024/CVE-2024-0200.yaml
|
||||
http/cves/2024/CVE-2024-1561.yaml
|
||||
http/cves/2024/CVE-2024-3097.yaml
|
||||
http/default-logins/softether/softether-vpn-default-login.yaml
|
||||
http/exposed-panels/ackee-panel.yaml
|
||||
http/exposed-panels/craftercms-panel.yaml
|
||||
http/exposed-panels/easyvista-panel.yaml
|
||||
http/exposed-panels/fortinet/f5-next-central-manager.yaml
|
||||
http/exposed-panels/ghost-panel.yaml
|
||||
http/exposed-panels/matomo-panel.yaml
|
||||
http/exposed-panels/n8n-panel.yaml
|
||||
http/exposed-panels/nocodb-panel.yaml
|
||||
http/exposed-panels/pocketbase-panel.yaml
|
||||
http/exposed-panels/qlikview-accesspoint-panel.yaml
|
||||
http/exposed-panels/tiny-rss-panel.yaml
|
||||
http/exposed-panels/unleash-panel.yaml
|
||||
http/honeypot/tpot-honeypot-detect.yaml
|
||||
http/misconfiguration/installer/custom-xoops-installer.yaml
|
||||
http/misconfiguration/installer/froxlor-installer.yaml
|
||||
http/misconfiguration/installer/moosocial-installer.yaml
|
||||
http/misconfiguration/installer/phpmyfaq-installer.yaml
|
||||
http/misconfiguration/installer/trilium-notes-installer.yaml
|
||||
http/misconfiguration/unigui-server-monitor-exposure.yaml
|
||||
http/technologies/apache/apache-answer-detect.yaml
|
||||
http/technologies/boa-web-server.yaml
|
||||
http/technologies/craftercms-detect.yaml
|
||||
http/technologies/imgproxy-detect.yaml
|
||||
http/technologies/statamic-detect.yaml
|
||||
http/technologies/tinyproxy-detect.yaml
|
||||
http/technologies/uni-gui-framework.yaml
|
||||
http/technologies/wordpress/themes/wp-bricks-builder-theme.yaml
|
||||
http/vulnerabilities/other/castel-digital-sqli.yaml
|
||||
javascript/enumeration/checkpoint-firewall-enum.yaml
|
||||
http/cves/2021/CVE-2021-38146.yaml
|
||||
http/cves/2021/CVE-2021-38147.yaml
|
||||
http/cves/2023/CVE-2023-38194.yaml
|
||||
http/cves/2023/CVE-2023-43472.yaml
|
||||
http/cves/2023/CVE-2023-6505.yaml
|
||||
http/cves/2023/CVE-2023-6786.yaml
|
||||
http/cves/2024/CVE-2024-23692.yaml
|
||||
http/exposed-panels/oracle-application-server-panel.yaml
|
||||
http/exposed-panels/veeam-backup-manager-login.yaml
|
||||
http/exposed-panels/wildix-collaboration-panel.yaml
|
||||
http/technologies/nperf-server-detect.yaml
|
||||
|
|
22
README.md
22
README.md
|
@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
|
|||
|
||||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
|
||||
| cve | 2474 | dhiyaneshdk | 1277 | http | 7417 | info | 3657 | file | 337 |
|
||||
| panel | 1133 | daffainfo | 864 | file | 337 | high | 1703 | dns | 25 |
|
||||
| wordpress | 973 | dwisiswant0 | 803 | workflows | 191 | medium | 1517 | | |
|
||||
| exposure | 908 | pikpikcu | 353 | network | 138 | critical | 1029 | | |
|
||||
| xss | 904 | pussycat0x | 353 | cloud | 98 | low | 265 | | |
|
||||
| wp-plugin | 844 | ritikchaddha | 336 | code | 81 | unknown | 39 | | |
|
||||
| osint | 804 | pdteam | 297 | javascript | 56 | | | | |
|
||||
| tech | 674 | princechaddha | 268 | ssl | 29 | | | | |
|
||||
| lfi | 654 | ricardomaia | 232 | dns | 22 | | | | |
|
||||
| misconfig | 606 | geeknik | 230 | dast | 21 | | | | |
|
||||
| cve | 2511 | dhiyaneshdk | 1322 | http | 7547 | info | 3697 | file | 337 |
|
||||
| panel | 1157 | daffainfo | 865 | file | 337 | high | 1770 | dns | 25 |
|
||||
| wordpress | 983 | dwisiswant0 | 803 | workflows | 191 | medium | 1528 | | |
|
||||
| exposure | 948 | pussycat0x | 362 | network | 134 | critical | 1044 | | |
|
||||
| xss | 911 | ritikchaddha | 354 | cloud | 99 | low | 265 | | |
|
||||
| wp-plugin | 852 | pikpikcu | 353 | code | 81 | unknown | 39 | | |
|
||||
| osint | 804 | pdteam | 297 | javascript | 60 | | | | |
|
||||
| tech | 686 | princechaddha | 269 | ssl | 29 | | | | |
|
||||
| lfi | 662 | ricardomaia | 232 | dns | 22 | | | | |
|
||||
| misconfig | 659 | geeknik | 231 | dast | 21 | | | | |
|
||||
|
||||
**638 directories, 8694 files**.
|
||||
**649 directories, 8828 files**.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
|
File diff suppressed because one or more lines are too long
10891
TEMPLATES-STATS.md
10891
TEMPLATES-STATS.md
File diff suppressed because it is too large
Load Diff
20
TOP-10.md
20
TOP-10.md
|
@ -1,12 +1,12 @@
|
|||
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|
||||
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
|
||||
| cve | 2474 | dhiyaneshdk | 1277 | http | 7417 | info | 3657 | file | 337 |
|
||||
| panel | 1133 | daffainfo | 864 | file | 337 | high | 1703 | dns | 25 |
|
||||
| wordpress | 973 | dwisiswant0 | 803 | workflows | 191 | medium | 1517 | | |
|
||||
| exposure | 908 | pikpikcu | 353 | network | 138 | critical | 1029 | | |
|
||||
| xss | 904 | pussycat0x | 353 | cloud | 98 | low | 265 | | |
|
||||
| wp-plugin | 844 | ritikchaddha | 336 | code | 81 | unknown | 39 | | |
|
||||
| osint | 804 | pdteam | 297 | javascript | 56 | | | | |
|
||||
| tech | 674 | princechaddha | 268 | ssl | 29 | | | | |
|
||||
| lfi | 654 | ricardomaia | 232 | dns | 22 | | | | |
|
||||
| misconfig | 606 | geeknik | 230 | dast | 21 | | | | |
|
||||
| cve | 2511 | dhiyaneshdk | 1322 | http | 7547 | info | 3697 | file | 337 |
|
||||
| panel | 1157 | daffainfo | 865 | file | 337 | high | 1770 | dns | 25 |
|
||||
| wordpress | 983 | dwisiswant0 | 803 | workflows | 191 | medium | 1528 | | |
|
||||
| exposure | 948 | pussycat0x | 362 | network | 134 | critical | 1044 | | |
|
||||
| xss | 911 | ritikchaddha | 354 | cloud | 99 | low | 265 | | |
|
||||
| wp-plugin | 852 | pikpikcu | 353 | code | 81 | unknown | 39 | | |
|
||||
| osint | 804 | pdteam | 297 | javascript | 60 | | | | |
|
||||
| tech | 686 | princechaddha | 269 | ssl | 29 | | | | |
|
||||
| lfi | 662 | ricardomaia | 232 | dns | 22 | | | | |
|
||||
| misconfig | 659 | geeknik | 231 | dast | 21 | | | | |
|
||||
|
|
|
@ -11,8 +11,9 @@ info:
|
|||
Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,acm,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -54,4 +55,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The AWS ACM Certificate " + certificate +" is about to expire in 30 days"'
|
||||
# digest: 4a0a004730450220756b5be6dcc7136b4b633c69403bc8a7d096c35c2a8275b99855b974e5c6ddd102210097de27a237f011112a45966e4320e15b0b9ee2af6762bd66817106963c31b0d8:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100bc7d6e62968fc709c8201354d29b61784664ef5c5ebed70a6a8b305447b93725022100bad54d48aab6fdd1356608d1940730ea10536641398de6172861695612abd412:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Set up Amazon CloudWatch to monitor ACM certificate expiration and automate renewal notifications or processes.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/acm/latest/userguide/acm-renewal.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,acm,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -54,4 +55,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The AWS ACM Certificate " + certificate +" is about to expire in 30 days"'
|
||||
# digest: 490a00463044022030b5597eb0c060a9e40e23a74f07216222b2df8f53391b091624a8fb3a5fc7b8022007201e8fa3b8699eed20222e46d207fb8b271fbc1c20092e96bb5a2d3740a5d5:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402202b2fedb03a19db3f9d0f87fdc3982c926a2478e6e2903d2fbb55b63561d3a29c0220337c43e0512cc540287235d9f3489fb5af0dc783ae118c4341c27e2812a8d8c7:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Use AWS ACM for certificate provisioning and ensure domain validation steps are correctly followed for each certificate issued or renewed.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-validate.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,acm,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The issue/renewal request for " + certificatearn + " SSL/TLS certificate was not validated"'
|
||||
# digest: 4a0a0047304502210089639de3f7c36e53216707ebb4296d7ca7744e1227c45977772e3a5a2fa492e2022032c5f3a8a70224d2aad87a042558ad554bc58170e274510715cca40dc0e67ec3:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502210092b18eb3a24d6dea12fc385763c84745bf8201424ef620661e9c9fbb1b3b513a02201dc10c6f007cea631d51e81c2b6c883bf6c530a4de13398dea1c605b4a925714:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Replace wildcard ACM certificates with single domain name certificates for each domain/subdomain within your AWS account. This enhances security by ensuring each domain/subdomain has its own unique private key and certificate.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,acm,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'certificatearn + " AWS ACM certificate is a wildcard certificate"'
|
||||
# digest: 4a0a00473045022100f6ea9830b40920522f8151d891ae384572efefa30076cbf061bb313303abe50d022030dcf2a11227f66c51c43294228e264bf6b0eee1ae359cc2b84272c834de6351:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022078c25c2aeb4e1ecb7851bfcf3e176bbd0eff547432a2a5ec04d150b1c3fbfdaf022100b3e428a513082fb7357f95e92309d0dfe47823bc6eb40cc403cc2836756ccd60:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
Checks if AWS CLI is set up and all necessary tools are installed on the environment.
|
||||
reference:
|
||||
- https://aws.amazon.com/cli/
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazone,aws-cloud-config
|
||||
|
||||
variables:
|
||||
|
@ -50,4 +52,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"AWS CLI is properly configured for account \"" + account + "\" and all the necessary tools required are installed"'
|
||||
# digest: 4b0a00483046022100a05a196d8113f7a6f2a0ad341f9cecb882fe6fb7067812b6fc3d60482a736759022100a2d1867891aecfc696770bef70553de20c1cf97b6dbb29a4158fee3a08522c69:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100c79a6583acb05a00dfa742962972031f8c42ae9ce85aabc1c9edb1ae7ebd9368022100b98762cb406a952a4115e28bb639f0d16d02e0b737012da638e3bf3f5d73f5f5:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable data event logging in CloudTrail for S3 buckets to ensure detailed activity monitoring and logging for better security and compliance.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"CloudTrail trail" + trail + " is not configured to capture resource operations performed on or within an AWS cloud resource"'
|
||||
# digest: 490a0046304402201faa9752ffea7342ad3012c17528ce7ac93a419f258bc0022f82daca0c116b060220047829932aa4d96d6a578faf2884e39bb46badf9ec8f4f4704a2cabdc2cc93a5:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100da87f9b597db66bbcf87384782b53d2b838ad5c8b6c89924afc2607aa6c92bdf022100849208d4cb009645e9a5d9bf73dd7dfa351b390b23991bffa72a85d99ca0ac4c:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable CloudTrail in all AWS regions through the AWS Management Console or CLI to ensure comprehensive activity logging and monitoring.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-getting-started.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"CloudTrail trail" + trail + " is not configured to receive log files from all the AWS cloud regions"'
|
||||
# digest: 490a0046304402201443ece0d6b4fbc1cddf7c13cedcdea324540e873081d0b64225178ee3dc2d1402203d677bdd02490a8f5a90d8e2abfa5499df844303bd18b1c2250ee3737a6ce1c3:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100a7330af1aa9ad989dc95304b0e71f8479849de9782179443c3b7caf9d9373add022034c783da46b9b3b530bbb04d08b70e1803c5d298104e3d65659addd1a8c839d9:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Configure only one multi-region trail to log global service events and disable global service logging for all other trails.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Ensure only one trail in Amazon CloudTrail is configured for global service events to avoid duplicates: " + trail'
|
||||
# digest: 4a0a00473045022100863a23e0d723ae8fd1912b96f52fdd5a22168d4fedd110138ac6b8e75434ef83022040c6c4f2d88276a08fc5faa9c4601c70615bcf8d0969cbe2dbf642c7f8186b43:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100c35edad75ea1ac20bfb4e2cbe8b2b4e8fc3b29c40e7ff611808957ab6d83f303022100a77f7c148769b6ca2d6277298d4a5269e1bb2092f609f67cef8e8152a67f02eb:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable global service logging in CloudTrail by creating or updating a trail to include global services. This ensures comprehensive activity monitoring.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"CloudTrail trail" + trail + " is not configured to record API calls for AWS global services"'
|
||||
# digest: 4a0a004730450221009edff671d27bdeaf0556428297d56afb1404ff3032d9ae4b61578c2b239ec4c502202ea0baf81ef1917992591736e8dfd44578f85f84bbb8c869fca718fecefac3c0:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100f10c2c9b4cb87ac0e4d1bdcdbf1f22db6d84b775136499410fe1fd92ba1ad9c5022100eecaa6515470a95ff633ad2df025ded9d8c20f051189a648b1f862861ceb3599:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable CloudTrail log file validation and configure CloudWatch Logs to monitor CloudTrail log files. Create CloudWatch Alarms for specific events of interest.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/send-cloudtrail-events-to-cloudwatch-logs.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,cloudtrail,cloudwatch,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"CloudTrail trail" + trail + " is not configured to send events to CloudWatch Logs for monitoring purposes"'
|
||||
# digest: 4a0a00473045022003841e6c5e526ca9c51573554cb8b79f921518607b91025823f13325bc700fd7022100c936d849e5d2106d6079dc7524894c444881996c94755ba76bff9a313b01b47b:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450221008bdf150f8abb8be1e258c067aae73857443f219a130cf41d0cc3d9c0c6d45ab302205479a358041954f9d0aa04b2145860008c3732d303a381268f0c31a0148495dd:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable log file integrity validation on all CloudTrail trails to ensure the integrity and authenticity of your logs.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The log file integrity validation is not enabled for CloudTrail trail" + trail'
|
||||
# digest: 4a0a00473045022100facdee59eb1d2eca53313cf4f8de941c2f7a0857645f153ad2a64c81b51d9a67022059981aa1842b49de13fc78b6673e74c755632f673f08c402ad66f59074cc2e37:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100e301d2ce8df52b0170dbbbee6ca44cc69ea46fd81c0ff3dd3264dc81a8548c2402206321af47afdb4655e6ed862dbdc015d73cf98840e24c43636f0a2a28e2feb81c:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable Server-Side Encryption (SSE) for CloudTrail logs using an AWS KMS key through the CloudTrail console or AWS CLI.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -60,4 +61,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"CloudTrail trail " + trail + " is not configured to encrypt log files using SSE-KMS encryption"'
|
||||
# digest: 4b0a00483046022100b39586900f3cb7a7ce2582be709c7b3d1b25bceaf0f6d35887c3a3d62bfff8d80221009aa3a72ddade09b522655349a54b6cb7e6e0ebd3b36d85b30899b283e77dc90d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100fb8aa2e414f88294926325f90076733d4a7d4af4ac18c47b9b82564412f5a2250220104bc5c6dcda1248db44229720dda05561319e3549bb6437ea1c97c6c099421c:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable MFA Delete on CloudTrail buckets via the S3 console or AWS CLI.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/MultiFactorAuthenticationDelete.html
|
||||
metadata:
|
||||
max-request: 3
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -70,4 +71,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The MFA Delete feature is not enabled for the S3 bucket " + bucket + " associated with the CloudTrail " + trail'
|
||||
# digest: 490a00463044022042298637fc3947aaaab32dc59fb448c2c08e310bc0ca8a81f04d219b3e3643e4022029d99b37008c16622b5f08d7c27548c42cbfa80b8face6e766a180fe14abb003:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022003bb18e55eae6aa19233a988216a85ab85d1321a68dee66dc295ce19735d9900022100bbfbf82a13f2a4e5693299287c29e50507941e1576d01425abdb7a5b0e68f775:922c64590222798bb761d5b6d8e72950
|
|
@ -11,9 +11,9 @@ info:
|
|||
Enable management event logging in CloudTrail by creating a new trail or updating existing trails to include management events.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-and-data-events-with-cloudtrail.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
|
||||
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -54,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"CloudTrail trail" + trail + " is not configured to capture management operations performed on your AWS cloud resources"'
|
||||
# digest: 4a0a00473045022071c61afb61f0c431e2f7edf10563f582ede9a3a52e70a847ac8c6423758f5777022100e921cca38de3640c42ba86369837d9015c0b7b371c218eac3281f789392f77bd:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100f0879bcbe45c9ed0c8921338f6384c009e9a4e2b4e9b8199e3b462fcb93ca7bb02202ba77a0927be3707abc226f4b5d0c4116cd8f2b4d463e8f822e8defbe7934e4e:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Restrict S3 bucket access using bucket policies or IAM policies to ensure that CloudTrail logs are not publicly accessible.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-find-log-files.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"CloudTrail trail" + trail + " is not configured to record API calls for AWS global services"'
|
||||
# digest: 4a0a00473045022039127acbaf7f578247fb47cdfe1a2fdd2a67e57bca815a7786011743df98451c022100c8e1b247da863d14ae8ba023a1f7d05ea77faf28cc1d1c4eb5752c0976d54b0b:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220153c8058c6e3274fd6caf2b309baa876492c64fa5978590b21938000e9416aa6022100faaf8886e0deb971d17b2f325fc402814e59ce66ff16ea343543e3b6b3f13773:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable Server Access Logging on the S3 bucket used by CloudTrail. Configure the logging feature to capture all requests made to the CloudTrail bucket.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-log-file-validation-intro.html
|
||||
metadata:
|
||||
max-request: 3
|
||||
tags: cloud,devops,aws,amazon,s3,cloudtrail,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -70,4 +71,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Access logging is not enabled for the S3 bucket associated with CloudTrail trail " + trail'
|
||||
# digest: 4a0a00473045022100fc881c1ddc9a2e0229e8f3fbac211a1e5c3b7dac4363cd0611c002a55f455dc602201c3c0d885e1b03e7c10a09dbe42871bd2eeb1ffb62360ece9e5297a0d07e6953:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100bfe94b20d18063458c694381cd23f96dd8023473e8b9e8151922295b88bff033022044b9f7a79baa2caa0d4ae5406a2701c73c77ddc43da72190b32f1e6ec1fa21ca:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable S3 Object Lock in Governance mode with a retention period that meets your compliance requirements for CloudTrail S3 buckets.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock-overview.html
|
||||
metadata:
|
||||
max-request: 3
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-south-1"
|
||||
|
||||
|
@ -71,4 +72,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The Object Lock feature is not enabled for the S3 bucket associated with the CloudTrail trail " + trail'
|
||||
# digest: 4b0a00483046022100cdae2dc4719a039aae0873a5c1a1b4f5797593a1f555ee93a6752d408a181ebd022100f0decf46ad9b338bbcd2ea531acf088dcb76a0e605d9d7032130351113b92b43:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100adf9327a943f74cada1c893502adad96b8db198c24c0211486944503bc818dc202205d41291ad41820b5afe0d7d1eb4061acde307124ff04b588b1cb3fbeec75f54c:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Configure at least one action for each CloudWatch alarm to ensure timely response to monitored issues.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The Amazon CloudWatch " + alarm +" is not configured with any actions for the ALARM state."'
|
||||
# digest: 4a0a004730450220699edd21da9a908d8160230a38300e78c76cce31988d83565ed8b7a0c9b41d70022100c607f34933362074e992f81390dae32347f888ffa68a9d97aac8aad03a388f55:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100f3558add899cfc87cef41ebadd1b931c1250bf0f7255e53a67e1aa663b37925b02204010a3c40e8a0ad49ac62d537bcf1a2e4da4d59b40ebc78d5c56e03d1f89348d:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable actions for each CloudWatch alarm by setting the ActionEnabled parameter to true, allowing for automated responses to alarms.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,cloudwatch,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The Amazon CloudWatch " + alarm + " does not have any active actions configured"'
|
||||
# digest: 4b0a00483046022100c25b4a5bed3d8e28421708a03ab05c2b09f619f6c38472a34377d2db18e4d730022100d057819cf7fbf55503e3a93b82daa4b438fb204056422e34bbcb5a6ddb4d425e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204f22697b5c7a4b568fa37b48600e0f99f469922bdd208491966d4eef4fd6355d02204f33504b85a9de2df430dde270e0f481760be59ca0340bb93c245143558b0444:922c64590222798bb761d5b6d8e72950
|
|
@ -11,9 +11,9 @@ info:
|
|||
Modify the EC2 instance metadata options to set `HttpTokens` to `required`, enforcing the use of IMDSv2. This can be done via the AWS Management Console, CLI, or EC2 API.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
|
||||
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +53,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'ami + " is publically shared"'
|
||||
# digest: 4b0a00483046022100a9c93182cc816c3d5bc33cf11b0b8fa7f667153ee8f1c742c1c50da21309f666022100eec3b3b58d54dc9609e9b3b5cbe5feefd239ed07c12958cf75456d961aa3258a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022014b5f386ded068e3ca4990545da3f49124b5e48e86bea8ea94a380c367e3aeb9022100ed0ecb915d4c1b7be7a7906ffa2a55a2988669e3418301b6886a45df6a57b337:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Restrict public IP assignment for EC2 instances, particularly for backend instances. Use private IPs and manage access via AWS VPC and security groups.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-instance-addressing.html#concepts-public-addresses
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The Amazon Instance " + ec2instance + " uses public IP addresses"'
|
||||
# digest: 4a0a00473045022100f1dcc6e7fab82b9688102b0f02fddc8c9930007bc885800ac26e4e5ea412ed670220667fdf2d67ebff9d4346a853856402dbd78197c727feae253e6629f53de0f957:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100d6d48dea82c4b3c88a81c6060dbedadb56502f1d2b692dd7d309e67b7d20504602203063ae7dcaa055dc54d9d6f0f534a96feb3966280b2a9004201fc21fe7752964:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Restrict egress traffic in EC2 security groups to only necessary IP addresses and ranges, adhering to the Principle of Least Privilege.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html#sg-rules
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -54,4 +55,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Amazon EC2 security group(s) " + groupid + " allows unrestricted outbound traffic"'
|
||||
# digest: 490a0046304402200e8c75db5d5e8809d4e97173605a8d845e49d80bd788de5a7ba6cefc77f9110202200e57d1342300e4858c189e8dd15e8084cbf17f2f75ab3f8fbe8134979f4a6bbe:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022020d4b03ec7e884a6a9516b16ab27112d3d1e307bdd145875d8a47c5f85e8c5dd022100c3bcec6be21508dcf10fe542df392d777029d8f8658479f1690c7d38f234f7fc:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Restrict access to uncommon ports in EC2 security groups, permitting only necessary traffic and implementing stringent access controls.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -54,4 +55,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Amazon EC2 security group(s) " + groupid + " allows unrestricted inbound traffic"'
|
||||
# digest: 4b0a004830460221009b9e3e94679739de1a688c3b15bc4f592472272245df9bfbc675211eeaa6f45602210097597c2bae7f04a1d2440e25e37986679daa91e6e8fe277cb1fb99874d2e5fd0:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100881b4639e87b866a26e2397b65cebda755a3e870faa83f93122314e58a111837022100bf8b00a4e7ac9fc0f71faf6314470a221c9a95af8b3590c7076267d4badd9592:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Restrict AMI sharing to specific, trusted AWS accounts and ensure they are not publicly accessible.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-explicit.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,ami,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'ami + " AMI is publically shared"'
|
||||
# digest: 4a0a004730450220193e6725ccb97bbd7071e4dad36601e0e8625dd4901a653eacf3141faf6e8a82022100d7d61c14183f4a6563ac749634aa9af5e01332d52583cba6e703cf4958bbe63f:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502202170a728aa9a257c4f5c57f8cbe604df3b4288eb8d54deeaf7e1c8961e392c4d022100c0f6fffcdfbf887cdf6b0bf253f5d468b33670e054ff2669b3dc4c2245560595:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Encrypt your AMIs using AWS managed keys or customer-managed keys in the AWS Key Management Service (KMS) to ensure data security.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,ec2,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'ami + " AMI is not encrypted"'
|
||||
# digest: 4a0a00473045022100a7b00e475c508994eab83d044d65086d511d0dcdde83abed644133c35775d4a402203ff217b94895c174e5d6036a27c3cedba4e74cc0b2a4fb957b71390c2d7454eb:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022006b2a8f1493aca05a5bbb6dd85e177cfacec3cf7e380e0bdd32179719555a881022100f893098f309383eacc3b8fff8a3394101a3bd39897babe77b4ac0911555498ba:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
Verifies that no Amazon IAM policies grant full administrative privileges, ensuring adherence to the Principle of Least Privilege
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/iam/get-policy-version.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,iam,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -49,4 +51,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The IAM policy " + policy +" is Overly Permissive"'
|
||||
# digest: 4a0a0047304502203eeeb24dbf1cfd3f41550e0c0b66bfb9ba23ea9912139aa2385e48b3a668d336022100dcb4c90fbb816ab247ea9d506497b900640b3d052bb2ce2b2f8b9a9e7fe58d9e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450221008bc9f722616e4216ee5bccead511cb6086d4f998014314d8a8478ec44f424f40022029c5288eda6b59b7217a8836cb5d506e7b7ad234f6272fe94570815dc7b0d0a6:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
Checks if IAM user access keys are rotated every 90 days to minimize accidental exposures and unauthorized access risks
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/iam/list-access-keys.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,iam,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -47,4 +49,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The IAM Key " + accesskey +" is older than 90 days"'
|
||||
# digest: 4a0a00473045022100d15b76ce838fa09da565afb9414204e3a5bc5487d1cca1ea4fb3560c339ac6f60220291edc1503af6dfa14709487d50d0eff776aafaaf1d07580cc1199ea21fb48ed:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502202a9b12e596c433a426976cc985f93e87eb624f05932b7e78a72dd633496726fa022100db223fbc664946a1d52e6916fa64fb18bb07efcb40ddba5110bb24c8a29d932b:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
Verifies that Multi-Factor Authentication (MFA) is enabled for all IAM users with console access in AWS
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/iam/list-mfa-devices.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,iam,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -46,4 +48,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"MFA is no enabled for IAM User " + user'
|
||||
# digest: 4a0a00473045022100f326cf9a9fdd5f737d1126dd4938a233059a58f816e7e75a9a0bbab2f9a5d8230220219f4277870b52c124be28db9d8adfe6b88d2ea8b1570756a3f7772384887eff:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450221008072a04e0f68ee2345d1bfeee304675bc22468a061fd9fa3fbed31279e399640022057efc7bfe58fc41c86be4cfdc0870e4d998282ff71b6d70a3da557cb67cd2d09:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
Verifies that IAM SSH public keys are rotated every 90 days, enhancing security and preventing unauthorized access to AWS CodeCommit repositories
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/iam/list-ssh-public-keys.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,iam,ssh,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -47,4 +49,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The SSH Public Key " + accesskey +" is older than 90 days"'
|
||||
# digest: 490a00463044022017e707c66f9a058bd875e7a516d99585a1be526405545647011958874bd784a702201259fdf89b05b2fa171d789e014fe98d7949010ff420be02f0ef7183565544ef:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502200df47806e0ebcba6e0cbd3e933b7db44c7e85cb3e43bbb634ee48521d2c441e7022100b0694e5404356f0219d841a6ec17f3d756542a0c4137973b21d45dec07f12e47:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable Copy Tags to Snapshots for Aurora clusters via the AWS Management Console or modify the DB cluster to include this feature using AWS CLI.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Tagging.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Copy Tags To Snapshot is not enable for cluster " + cluster'
|
||||
# digest: 490a00463044022017828b27f24bd205df0e6c14c80b4cae52d2f6366dde8c60cc58302d7ca9c8ba022062233631583c3e674bb1daebdb9375c3501900fb1ba9ed7a06d972f8b7265b85:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100bc4ba9d64dbc0cb8bfebf677ff5b05c1eae8736bf8e64544dd8d0fc9b6daa762022100fd690deaf7ba10c756be945828cd76f7a03eb4442aeadf3c2cadf5bdb6f995c9:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable Deletion Protection by modifying the Aurora cluster settings in the AWS Management Console or via the AWS CLI.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/DBInstanceDeletionProtection.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,aurora,rds,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Deletion Protection safety feature is not enabled for " + cluster'
|
||||
# digest: 4b0a00483046022100c1c1ed75c7401266f13e1fc388a357df843c7994ab44ae8f501b14842ab7ec24022100b6c077b49006fb9ca13885abddf6be9c787d64eb415a13972e5fa3ea637792f3:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402203957dae25c011794e69952e0a2122ce835294c72217b3dab63dfb30cec9fb36a02200bcd6f0ed9487a240393aebd0937196c729d98ecf8a3c86cb65a854534da925c:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable IAM Database Authentication for MySQL and PostgreSQL RDS database instances to leverage IAM for secure, token-based access control.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Database Authentication feature is not enabled for RDS database instance " + db'
|
||||
# digest: 4a0a00473045022100de421600413f2bb3306a9173334cd465c628dd5a198cec9ebe3bf5a373b4479602200bd9a29ac4bc3efe52763411a53243855f599f703baa22c7292da16898754f12:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100c13b8d1e92988ff64fb71594f77d83105a2c8381fb5de3a284e41ee9b5c707940220585d60f323e31b9bc5ad2c72b045b1645c4a1546555f29c1ffb99936519dea83:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable automated backups for RDS instances by setting the backup retention period to a value other than 0.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithAutomatedBackups.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Automated backups are not enabled for " + db + " RDS database instance"'
|
||||
# digest: 490a0046304402202cafc27efb26d112eaeeda54182636abc27e1c7d4c685250eee139e6016ad0e00220696ff967f5e74543e24b1f563a48870e20c7a651ebf098221cb3aa53d92d0a4a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100886ff717bb53ef7b235b73d9d22a861dee9a08a2c196289d611085a7e0418faa02200ad55fc97ce71f4828dc428a743be339174c1fdd6b0e68b4501e0ef6acf6b9de:922c64590222798bb761d5b6d8e72950
|
|
@ -11,9 +11,9 @@ info:
|
|||
Enable Deletion Protection for all Amazon RDS instances via the AWS Management Console or using the AWS CLI.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_DeleteInstance.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
|
||||
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -54,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"RDS Deletion protection feature is not enabled for RDS database instance " + db'
|
||||
# digest: 4b0a00483046022100914032dbc9479e0c23f03d553ff358b24dbb159d2b0e39591c929e1b7392f357022100dd0d109579a0dba307e0e203996af0754cc7d40cf1ef7adb218b01cba7fae2a0:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022038daa8448190d837886c059bdc5c6ac4e48af03bf77572125c2465420d62224a02206ee2419a639762e33d52f890714e4e1dcb9aac3b10882d8accbdfc4e3324d67f:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable encryption for your Amazon RDS instances by modifying the instance and setting the "Storage Encrypted" option to true. For new instances, enable encryption within the launch wizard.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.Encryption.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The encryption of data at rest is not enabled for " + db + " RDS database instance"'
|
||||
# digest: 4a0a00473045022057333f0cba59e048aec18908bd8cbda6a4ab5398581190a3602a82d1f7f63f140221008c6002f40daa4eef203c0be542377e675dd0b28d3595fa4664449f30f13f325d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022013a493868c5989511d93d8702f49b30f995463ea94c0e0b9bfc859864b301cf3022100e40eecfced944d0776dcc8cc0f6b762902df7fcffc45e727b3a6a2b25630cf79:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Convert RDS instances from Provisioned IOPS to General Purpose SSDs to optimize costs without sacrificing I/O performance for most database workloads.
|
||||
reference:
|
||||
- https://aws.amazon.com/rds/features/storage/
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'db + " RDS instance uses Provisioned IOPS SSD, not the most cost-effective storage"'
|
||||
# digest: 4a0a00473045022002f5c7fdd4d9d80a6820cfc1f222bfed3a1d9ad2e9f25cd1ef7757d60774a7dc022100c202e64f627d1aadd2a131aecdc048917a11798572597b382064897ed0848d3d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204abe02c1e1c465599d29b1e4d649d7076822a9529f8bd82e2005335f88b3e19402203cfedc9da10ff590c6b8dd01917ebce8b1c58c4c78f6af76e826b94d5aaa50e7:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Modify the snapshot's visibility settings to ensure it is not public, only shared with specific AWS accounts.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ShareSnapshot.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"RDS snapshot " + snapshot + " is public"'
|
||||
# digest: 4a0a0047304502210081a28e626fa15113ec4728cae1cd78218b292f7c71adc72cdb0b6d957475955302207063c6eda8c853ca2b1041f2751246979a75381a89e64b262b679667da1eb1eb:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220406064aac939d4deee904e965a39e74b5b6a866aa0120dc7a3ac03683a464fcb02204c1c229f967d74c64b9b3ebc03c6d31678f471305d10f708528996202549111f:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Migrate RDS instances to private subnets within the VPC and ensure proper network ACLs and security group settings are in place to restrict access.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html#USER_VPC.Subnets
|
||||
metadata:
|
||||
max-request: 3
|
||||
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -71,4 +72,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'db + " RDS instance is setup within a public subnet"'
|
||||
# digest: 4b0a00483046022100d05dd8cfd16004c66141210fee94b5b5b1bdca54b4320091e86f7b7d018c336e022100fcf57d954bb32ef2d5eaf09ca000c729ef9d372ef651d5066f8d1a1e6aee8746:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402201e28cc0c54504b565396262e298134db5eda4e445c0dace7e8fea7908536db5a02207fe42a32f0d5dad744c51a08700afaad542699ee0d0e6edcef743ccf825ec3f0:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Review the payment methods on file and retry the reservation purchase for RDS instances to secure discounted rates.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_WorkingWithReservedDBInstances.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"RDS Reserved Instance purchase has failed for " + db'
|
||||
# digest: 4a0a00473045022040705df585fbeec117d8605a7eb385b6fb0ae5cca87f948b79aef51f4a4b5b19022100a62f52ca4c10ab087a8d672d8288e120540531595b354c0663a7b5c7426ee198:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204a87e8dbc52f8aa2867a09fe762c4eace58048fadd793ae073b556f4814e4e50022013d99683b2f38021dd6593524fc114936c990879b36fe374fde999d9a7764d00:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable encryption for RDS snapshots by using AWS KMS Customer Master Keys (CMKs) for enhanced data security and compliance.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_EncryptSnapshot.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,rds,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "ap-northeast-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Amazon RDS database snapshot " + snapshot + " is not encrypted"'
|
||||
# digest: 490a0046304402207212f314b007f635435474f0ab2253e018047b2f878450e253223d5daa74da3f022064293bf9b3a736189797d2b46e1ad224dd05fa73dfe1ff2d0531a229ab2c89c5:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402205835b9ea589fc13c9871eb2bb67185366bd4e82f24d8f172fd9f92ba53042e890220604cdbd900e33f44ad4e7dbf7b801719455093a3b1a326b0a06dd364ac6e9528:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
This template verifies if the Server Access Logging feature is enabled for Amazon S3 buckets, which is essential for tracking access requests for security and audit purposes.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-encryption.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -46,4 +48,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The S3 bucket " + bucket +" does not have access logging enabled."'
|
||||
# digest: 4b0a004830460221009c7c7b0d5efd419b91df9f3a9c18cbb5c3cf3e05586c1a2feaf8e1c1c1b5d5b5022100ac7392ba990a22432ad62945a93d61578dd95013697d6c3aefd30fa5e9decaac:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100fd29baed40f4c511911881ff79e5672f4533dfa6b19e717d05a961de2df470d502202eb21cdb29ae73b3bfbeabf3cb447bdfc777887e9e6a85b5cfe7edb82bba6e81:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
Checks if Amazon S3 buckets grant FULL_CONTROL access to authenticated users, preventing unauthorized operations
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -46,4 +48,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"FULL_CONTROL is enabled for Authenticated Users on S3 Bucket " + bucket'
|
||||
# digest: 4b0a00483046022100ae50a09843b165ba2fcd9f5fb5774c60c2ba2ca3ec8461b893c6eb47cce50cf8022100ab31d7ca772ca4fdce476fb02441aaae4130fe68605b346dd30bcaa9f2fb0c3d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022030e1999b1896b95b962ca877986fb0cf30c6804d6833dd62593a6f4e679759cc022100e43b6694c7aa13dff4686ad1d99e980cef361871b9267b06da36f2878c923a60:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
This template verifies if Amazon S3 buckets have bucket keys enabled to optimize the cost of AWS Key Management Service (SSE-KMS) for server-side encryption
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -46,4 +48,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Key is not enabled for S3 Bucket " + bucket'
|
||||
# digest: 490a0046304402207628f02f223a9c45013004373f631bfe358fe0898a91b4558b461cdbcb0cb33f02204c02ff4be552778912c6b81a4d7f06b0436bf0facd4066dd1b7b6a60c7fe8727:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502201c522f260419eb69ca4b6a84f00cb91ab124c3bffc1e43e212b56ac15819dbce022100abbef96323f036a8483f553224f7a98cf8c6d5c863ac4faab4ef6b6e7831ab50:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
This template checks if Amazon S3 buckets are configured to prevent public access via bucket policies
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-policy.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -54,4 +56,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The S3 bucket " + bucket +" is publicly accessible via Policy"'
|
||||
# digest: 4b0a004830460221009b48d546c9c75d61879e6371e646807f994d64408c3f84d48c9a9b344b9743410221009ed66db2acf2d13fb22b03344e70b7679191e4d76de5615fb69753c02d49306d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502204fae5eb6e1f955f5a9d53c8f30d1d5fb8742e57e0c2ee96f342abbaa4e2c86fd022100dce6a398ef04206209cf3fc4714c9a933458aca9558d8387e8b42a0aabcc0c57:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
This template verifies that Amazon S3 buckets are configured with Multi-Factor Authentication (MFA) Delete feature, ensuring enhanced protection against unauthorized deletion of versioned objects
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-versioning.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -46,4 +48,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The S3 bucket " + bucket +" is not configured to use MFA Delete feature"'
|
||||
# digest: 4a0a0047304502207b18bcd326a382b691f9645ba66223e79733146fbaaa7632197a652cb7319085022100d690b22a500eb8036ca670d596ead85d56ce5e576f1147e5e73430a5d49c3765:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502206258e96a2294f4871ad68d7abdd1564bcb2de1c6696b48b399eb483f48b80f6102210083bc2afe82afaa0825a8360e89b22f988e7e989ac57c9f4a1d9f8169a5e6f0bc:922c64590222798bb761d5b6d8e72950
|
|
@ -8,6 +8,8 @@ info:
|
|||
Verifies that Amazon S3 buckets do not permit public 'READ_ACP' (LIST) access to anonymous users, protecting against unauthorized data exposure
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -47,4 +49,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The S3 bucket " + bucket +" have public READ_ACP access"'
|
||||
# digest: 4b0a00483046022100ed3c7c8177b632e1968b920b9eef94ffdc0784d3b4cfef7073e31fa45879d929022100a4515cf3df6e19fdcc7f9c9460074d6310983bbdd4687e83cce86c290cb62c18:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100bcbc17aee844273a0b66faf3957469462eec3e5869547d8652d739501fa028d2022070cd3aa2cf6fcd572dbe1e0e9b989cc1e3a3d25bbe5d7c3f1f45182d0a9047bc:922c64590222798bb761d5b6d8e72950
|
|
@ -8,6 +8,8 @@ info:
|
|||
Verifies that Amazon S3 buckets do not permit public 'READ' (LIST) access to anonymous users, protecting against unauthorized data exposure
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -47,4 +49,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The S3 bucket " + bucket +" have public READ access"'
|
||||
# digest: 4a0a0047304502210096282cee509cda8603576b6bf36e9726a85cd0e5c7ffbf1a1b521840e04b9a0f022003295ca19e84cf783276bd6c7a2fa978a92543199f6da355ddfb130e465442da:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100c0a9951cf1834f311dda7e8506d77563ca19b261254b07db518196933a224149022073682f61c196ae7d6f8f09f162fa702d05ee6f9e70b813d796517a318b6a3724:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
Checks if Amazon S3 buckets are secured against public WRITE_ACP access, preventing unauthorized modifications to access control permissions.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -46,4 +48,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The S3 bucket " + bucket +" have public WRITE_ACP access"'
|
||||
# digest: 490a004630440220164c9d55d2b50ac44caa26edd47e799e3ec62871676e74736d108a8541f0c2440220136ef5897894c74ad7fb3f936e269b6a777cc4e8f520c42142558990bea8eba9:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204de77d0507f74d782786aef08b62ecbcf9c82eea8522955eb98af9573cccdeb102206b485a9f8b358d4a10de5c2aa8f2c8a0592eb8a32a757b2cd49de953f7c58de5:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
Checks if Amazon S3 buckets are secured against public WRITE access, preventing unauthorized modifications to access control permissions.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-acl.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -46,4 +48,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The S3 bucket " + bucket +" have public WRITE access"'
|
||||
# digest: 490a004630440220795c3882ab9cb8a093b5e2e83c7822aaf15bfe4cff0426f3a6e5743196aa67730220375072f3c8dff6626dd361a31d12615188c7e8bd445e92f41fe755c323cefc22:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100845642c440c897503168e56980b76b3c167ec82fe1804b8302f0b8de3e0b2578022100f876c6d5ef3bb7c84e665b0c31fc7614bf7c9ec46b630fa6cb90f72e7f7f2d78:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
This template verifies if Amazon S3 buckets have server-side encryption enabled for protecting sensitive content at rest, using either AWS S3-managed keys (SSE-S3) or AWS KMS-managed keys (SSE-KMS).
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/cli/latest/reference/s3api/get-bucket-encryption.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -46,4 +48,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"The S3 bucket " + bucket +" is not encrypted at rest"'
|
||||
# digest: 490a0046304402203e012cd857cace30b445932f893b9bd0f7bc709eec9f6cb5689fd30a520525e0022029cde524c58042593e654d36bfd7dcfb81b9508c534ec7750afe9ff96ad921d1:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100b2f7ec06942729d8e4cd463ded9ad780f70660535ae12edcd5371d8c4726b213022100acc1da483bedd46efe1004ba122b638b7e429dcc291052bb7b784f139af5815d:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
Verifies that Amazon S3 buckets have object versioning enabled, providing a safeguard for recovering overwritten or deleted objects
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,s3,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
|
@ -47,4 +49,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Versioning is not enabled for S3 Bucket " + bucket'
|
||||
# digest: 4b0a00483046022100ceb8b6be9871b6b9b57c5aa9add8902c3177845310afee02c6f8acc0cec48331022100fc98d53a049eaf0f8450f979233fffec17fd5c23d4c90fb78e68d8f05869f7d4:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220188c6eff76e5890e9487a7990ebc939706257a8d168f4e746b7a10b168f69882022100871f34e7125204a00ffb042ccaf984570af3f3a6a2c582613b4e8333a4f3ba87:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,65 @@
|
|||
id: sns-topic-public-accessible
|
||||
|
||||
info:
|
||||
name: Public Access of SNS Topics via Policy
|
||||
author: Ritesh_Gohil(#L4stPL4Y3R)
|
||||
severity: high
|
||||
description: |
|
||||
This template checks if Amazon SNS topics are configured to prevent public access via topic policies.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/sns/latest/api/API_GetTopicAttributes.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,sns,aws-cloud-config
|
||||
|
||||
flow: |
|
||||
code(1)
|
||||
for (let topicArn of iterate(template.topics)) {
|
||||
set("topicArn", topicArn)
|
||||
code(2)
|
||||
}
|
||||
|
||||
self-contained: true
|
||||
code:
|
||||
- engine:
|
||||
- sh
|
||||
- bash
|
||||
source: |
|
||||
aws sns list-topics --query 'Topics[*].TopicArn'
|
||||
|
||||
extractors:
|
||||
- type: json
|
||||
internal: true
|
||||
name: topics
|
||||
json:
|
||||
- '.[]'
|
||||
|
||||
- engine:
|
||||
- sh
|
||||
- bash
|
||||
source: |
|
||||
aws sns get-topic-attributes --topic-arn $topicArn --query Attributes.Policy --output text
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"Effect":"Allow"'
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"Principal":{"AWS":"*"}'
|
||||
|
||||
- type: regex
|
||||
part: body
|
||||
negative: true
|
||||
regex:
|
||||
- '"Condition"'
|
||||
|
||||
extractors:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- '"The SNS topic " + topicArn + " is publicly accessible via Policy"'
|
||||
# digest: 4b0a00483046022100cbb02679b206daa0a1138c3c7d400ca3ccf3aea22840064633a6ac54fbe6a44d022100f23545b9fc5cdb35c1c853d68c2cb35904bd22385117daa75cf0923441d212d4:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Restrict Network ACL inbound rules to only allow necessary IP ranges and ports as per the Principle of Least Privilege.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -60,4 +61,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."'
|
||||
# digest: 4a0a0047304502200de3239f933f1b468292a1ac4504bc398cad18ac3aa6f2de12357bd0e8a65759022100ee901336ec076eb9058f105f779e66be7bac556e1751713419df333cca4eaddf:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502210090f1a4c3cf579052839a7c17926792dc80956b0a3ef6716f594d5dd3539e0e3f02205c9073431d5ad40af0eeb8a4ee457808e7ecac97f253ab129e5f27b78e4e9377:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Modify NACL outbound rules to limit traffic to only the ports required for legitimate business needs.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -60,4 +61,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."'
|
||||
# digest: 4a0a00473045022021e25dd23124572a8f6dbe6381024f3ecb8f78907d7ba0aafa2eb9c63990e140022100ba7669b283e58bf5b0fd08f3d5501d54221fc7a48b73b088c95330ea4c633f67:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022024d4f02c513a648afb7661835f3744b1696e4866ac46f3be73f69d11264f6c69022100ce93ba9b7fb4b0e9f750ed04fbd68eb6df23e4979ecc05906bd8be9a19bd320e:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Replace NAT instances with Amazon Managed NAT Gateway to ensure high availability and scalability in your VPC network.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'vpc + " VPC is not using Managed NAT Gateways"'
|
||||
# digest: 4b0a00483046022100f5f55c1da4e2aaca4b9547bf032c91c95a45a559e294e66e3a04343878e6416c022100919f04f7539cccd971883f2ac51a5a40f17c588dc2bb561902f5397715facf2a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100f15845608859adbcb7bc461874985337e016b6bcb1d26f443fd2a91ff851c9340220694f547d8ddea40af0456426f61944e9ca77f5cffbe76e991099683455728858:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Restrict access to ports 22 and 3389 to trusted IPs or IP ranges to adhere to the Principle of Least Privilege (POLP).
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -62,4 +63,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Access to the VPC subnets associated with your NACL " + naclid + " is not restricted."'
|
||||
# digest: 4a0a0047304502204e05c381a073d28047bdf9026597e5d331abca5011bbd8887ac323dd2b2983fb02210097ddd0dd706718f37b2c2f54820e543a9c6549883adc31296235e4b04fe04e97:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022028901135e75f8db19081e604cf1a970f707aba8ba33166b67eba938ebd823cf3022100d783804e924a32e191e35df29155fb31db60251900a5b60efe4aefceb91db299:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Update the VPC endpoint's policy to restrict access only to authorized entities and ensure all requests are signed.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints-access.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -60,4 +61,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"VPC endpoints for " + vpc + "are exposed."'
|
||||
# digest: 4a0a004730450221009cd9ca7d1c7ce5d6db43cc95291be7e509c29f9ed1c7559ee1aeb31a6579920902206e30e36ec371d03d1c5d805d349458ee43fd27bd65917e4f33050e359de8ea3b:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402200506111e97b28461eceb3c5334265051c3383b8a0eb553d5177f1c6344d933fb0220455e9ba374c56d762b53f3261e06eb79fca8809640330ecac13021f99a98aaed:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Implement VPC endpoints for supported AWS services to secure and optimize connectivity within your VPC, minimizing external access risks.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/vpc/latest/userguide/vpc-endpoints.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"VPC Endpoints Not Deployed in the VPC network " + vpc'
|
||||
# digest: 4a0a004730450220305c7cb9ef27a7249c71a3e30664db9f051b0f5438fe8ce42f2024ea91bfa24e022100e5b9e9b019adf2b1fcfd5121540efdbaf0c5fd39072523eacf41b5a50319666e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a004830460221009cd67a7be189a4090753f24473354d6e9ea5260fefa513d791e762adabe13082022100d3ef3e2c090c022def55697e03a329df0cfb9ef0bba2b3a7e01e1438af444617:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Enable VPC Flow Logs in the AWS Management Console under the VPC dashboard to collect data on IP traffic going to and from network interfaces in your VPC.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,vpc,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -55,4 +56,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Flow Logs feature is not enabled for the VPC " + vpc'
|
||||
# digest: 4a0a00473045022016d83c316f318298be2c514542422c1a2f3a42517ac740d4b85ca980c9bf4676022100e7af7b416817f374b418962094ee777893f8fed6b17880fea736d1eb6caa38b2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204d7a7d1871ae4512c2ddb09b3645f3c6198d9b1a2e3a23f9f6c4b64dd72f50270220375ec12b44621a7a765b301bf627747d6610602e3275091e81cabf53f0a65684:922c64590222798bb761d5b6d8e72950
|
|
@ -11,8 +11,9 @@ info:
|
|||
Monitor VPN tunnel status via the AWS Management Console or CLI. If a tunnel is DOWN, troubleshoot according to AWS documentation and ensure redundancy by configuring multiple tunnels.
|
||||
reference:
|
||||
- https://docs.aws.amazon.com/vpn/latest/s2svpn/VPNConnections.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: cloud,devops,aws,amazon,vpn,aws-cloud-config
|
||||
|
||||
variables:
|
||||
region: "us-east-1"
|
||||
|
||||
|
@ -53,4 +54,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- 'vpnid + " VPN tunnel is down"'
|
||||
# digest: 490a0046304402205ecec5a00e3d0521ad5a2e9ac0cebbe83e91d206c2233f683dcd750ff5b3841c02205528afb57d459d2c5075638280afcf53459f71aaeb2a5cabc21c41659d91f510:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100dbcc51ec0d056e6f9a356238c660009c4b4fc8f3664e147b8c98c8a417631463022056928c4b49b652c38428461808244e27882fa7e30c7580d1d67511571d4b9c35:922c64590222798bb761d5b6d8e72950
|
|
@ -9,7 +9,7 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
tags: cloud,enum,cloud-enum,azure
|
||||
tags: cloud,enum,cloud-enum,azure,dns
|
||||
|
||||
self-contained: true
|
||||
|
||||
|
@ -29,5 +29,4 @@ dns:
|
|||
part: answer
|
||||
words:
|
||||
- "IN\tA"
|
||||
|
||||
# digest: 4a0a0047304502206a999e317308128dc9a9f3114f003b2c29cad9f569d6922502a8ac90971cf927022100c4fe9eea1496997e9ef66f8a46c2ece4bd511dede88aaf58d36410be3f2cc758:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402202d82e21007ea9d2f9d609d5737dc4073c578f37b06b0023c12b39024ed7b63c302203b740c9bff84e6e2e21d0edf1cde2ed9dc4d878a5bf35e6080edfe32cb24fee0:922c64590222798bb761d5b6d8e72950
|
|
@ -9,7 +9,7 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
tags: cloud,cloud-enum,azure,fuzz,enum
|
||||
tags: cloud,cloud-enum,azure,fuzz,enum,dns
|
||||
|
||||
self-contained: true
|
||||
|
||||
|
@ -63,5 +63,4 @@ dns:
|
|||
part: answer
|
||||
words:
|
||||
- "IN\tA"
|
||||
|
||||
# digest: 490a0046304402200614bd35195e042742d9840244b46d9f68e4918956d5672a7549edaedbfe5f2e022051271716ac72339c39f76569585c0a256b19ce6238da5e3ea6a9d36b2d80011e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502210098b015215646fc57a33bf05ec1cd3363b21d9f635738f80193fab1edb1eb41c5022029c97c1df1d99734a1b67093023f2540fc877695c84573d61d3072c6167572ab:922c64590222798bb761d5b6d8e72950
|
|
@ -25,7 +25,7 @@ info:
|
|||
max-request: 2
|
||||
vendor: sudo_project
|
||||
product: sudo
|
||||
tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical
|
||||
tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical,sudo_project
|
||||
|
||||
self-contained: true
|
||||
code:
|
||||
|
@ -47,4 +47,4 @@ code:
|
|||
- '!contains(code_1_response, "root")'
|
||||
- 'contains(code_2_response, "root")'
|
||||
condition: and
|
||||
# digest: 4a0a0047304502204e166f9afc32a9e3f2aa20cf10f4dc7c4ccc6d9ecfb25279db42ee4884fd9a09022100e24c0145e3cb670939ecba31b847513224c52277827290d7358cd3b5e8531825:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402207c6a17c6dcfa5e1c0705af985ede699d418ae7488b1f1a1d29faf8b7dcc7e8920220008d95bc160ad21eb5224ab61a5f4ffc0c7ae1d1b6513f4add54a8e1624df386:922c64590222798bb761d5b6d8e72950
|
|
@ -24,7 +24,7 @@ info:
|
|||
verified: true
|
||||
vendor: sudo_project
|
||||
product: sudo
|
||||
tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev
|
||||
tags: packetstorm,cve,cve2021,sudo,code,linux,privesc,local,kev,sudo_project
|
||||
|
||||
self-contained: true
|
||||
code:
|
||||
|
@ -40,4 +40,4 @@ code:
|
|||
- "malloc(): memory corruption"
|
||||
- "Aborted (core dumped)"
|
||||
condition: and
|
||||
# digest: 4a0a0047304502204de6d29ee97c296f1046225fd664237cb80c163370f316bfa2c0174718fa0654022100cbd49f46b75314934af75dde946dbe4a3d135d87368f2dead3b9b2fa40bb839b:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100b0e1b0f8d02b42918c0845dc5e5d78fc1c8d9a16120a30c0607392239fd7acc1022000b3670974ad0b3ae3912068b5315a610b9a2e6028401acf310cc430a4d9facc:922c64590222798bb761d5b6d8e72950
|
|
@ -29,6 +29,7 @@ info:
|
|||
max-request: 2
|
||||
vendor: canonical
|
||||
product: ubuntu_linux
|
||||
shodan-query: cpe:"cpe:2.3:o:canonical:ubuntu_linux"
|
||||
tags: cve,cve2023,code,packetstorm,kernel,ubuntu,linux,privesc,local,canonical
|
||||
|
||||
self-contained: true
|
||||
|
@ -54,4 +55,4 @@ code:
|
|||
- '!contains(code_1_response, "(root)")'
|
||||
- 'contains(code_2_response, "(root)")'
|
||||
condition: and
|
||||
# digest: 490a004630440220115656a336b2d20b4c44fe1ade030de40d947cf0fd7fb8f8a5a910dca2ab200602205ead45f6f081b3555a7924050cd922e13d30139e64254790b1368627d59b4389:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100f71ea7f284c92f61ede41dec7bf632da2b6f19950112c01dc700e8ad877d5e6e0221009569eafc6aacde58eeb2243f2af58f3e80fc23ae5631b894d03b5a17be1d7201:922c64590222798bb761d5b6d8e72950
|
|
@ -17,14 +17,18 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-49105
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.21237
|
||||
epss-percentile: 0.96302
|
||||
epss-score: 0.18166
|
||||
epss-percentile: 0.96172
|
||||
cpe: cpe:2.3:a:owncloud:owncloud:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: owncloud
|
||||
product: owncloud
|
||||
shodan-query: title:"owncloud"
|
||||
shodan-query:
|
||||
- title:"owncloud"
|
||||
- http.title:"owncloud"
|
||||
fofa-query: title="owncloud"
|
||||
google-query: intitle:"owncloud"
|
||||
tags: cve,cve2023,code,owncloud,auth-bypass
|
||||
variables:
|
||||
username: admin
|
||||
|
@ -86,4 +90,4 @@ http:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- '"Username => "+ username'
|
||||
# digest: 490a00463044022036740507180fa43831d3d59a5ccaae05fa1108c27c42a19564fa3f0fc5da439f02205a94a9cbb26731a679d9d39a80c72ff0ff1c48346680963d6aa05f94de9b2e95:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100cd75893be6bdbdd291261de98eaaf9655419b306536c647069f97bc6b71ddbe2022029ba873b1e50b5a01e59c18aaa95b53a8217ef58ccec9e655b60d8dfc63259eb:922c64590222798bb761d5b6d8e72950
|
|
@ -24,7 +24,7 @@ info:
|
|||
max-request: 1
|
||||
vendor: gnu
|
||||
product: glibc
|
||||
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
|
||||
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev,gnu
|
||||
|
||||
self-contained: true
|
||||
code:
|
||||
|
@ -39,4 +39,4 @@ code:
|
|||
- type: word
|
||||
words:
|
||||
- "139" # Segmentation Fault Exit Code
|
||||
# digest: 4a0a00473045022100f0ab74cd6ae5323c4a571e6c858cbbb8ced3b3b2b8dbb8d8c65b380a03a28f8302203aced1de4878bced98bb7d6bd296b9187a2d4795325e1f62debb338f363295f5:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402202d08133fa6531aad4e00eb212908470e14839334ed5db3de00407ea2cee249660220021a38d5d167fb379028d9c9f8fecd46d3360fd546c566ad3767be0e9913cca4:922c64590222798bb761d5b6d8e72950
|
|
@ -24,7 +24,7 @@ info:
|
|||
max-request: 1
|
||||
vendor: gnu
|
||||
product: glibc
|
||||
tags: cve,cve2023,code,glibc,linux,privesc,local
|
||||
tags: cve,cve2023,code,glibc,linux,privesc,local,gnu
|
||||
|
||||
self-contained: true
|
||||
code:
|
||||
|
@ -39,4 +39,4 @@ code:
|
|||
- type: word
|
||||
words:
|
||||
- "127" # Segmentation Fault Exit Code
|
||||
# digest: 490a0046304402204e884ed16aed759a6b31c001e50ee4aed4db45f060d3335e1b6f28935eae4135022051929119a0bf2eac944500d98af2720a6ff835dcb875f35cc6390fbdf47c8bda:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a004830460221009a919cd26f6c36adc91930b301d7861d1049bb0bc1222498a4f3115bc53ff10a022100954ecf5dc41c3dad43fb10d639f353368aed51b849f59d1b23462b1a02ab86a1:922c64590222798bb761d5b6d8e72950
|
|
@ -24,7 +24,7 @@ info:
|
|||
verified: true
|
||||
vendor: tukaani
|
||||
product: xz
|
||||
tags: cve,cve2024,local,code,xz,backdoor
|
||||
tags: cve,cve2024,local,code,xz,backdoor,tukaani
|
||||
|
||||
self-contained: true
|
||||
code:
|
||||
|
@ -59,4 +59,4 @@ code:
|
|||
- type: dsl
|
||||
dsl:
|
||||
- response
|
||||
# digest: 4b0a00483046022100ac6864410c93e586885b4473cebffd245bb5c0448e7ece0ab162f92f0ecfe4f302210092315c5373e9393c838e7b5e78d7dbc755ccaf673efdb536ec799630299352e3:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100ff27fd00a95152d34d7bfd96983b912ed0539184f94ee57f0fc4446451a0536402203929b77426326e3cb6baa2e5afcf3bdf3cf73bd93195f7ed2432dede184b3ff6:922c64590222798bb761d5b6d8e72950
|
|
@ -11,7 +11,7 @@ info:
|
|||
metadata:
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,sqlite3,privesc,local
|
||||
tags: code,linux,sqlite3,privesc,local,sqli
|
||||
|
||||
self-contained: true
|
||||
code:
|
||||
|
@ -46,4 +46,4 @@ code:
|
|||
- 'contains(code_2_response, "root")'
|
||||
- 'contains(code_3_response, "root")'
|
||||
condition: or
|
||||
# digest: 4a0a00473045022022a00ad1518880dc881748fd331a8f7a3c599927934d342c7221c5ecccd445c1022100cff484fd929a67261efcef2917d8976308c8062ca11652d78b36b40c195c08aa:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4b0a00483046022100aa56cf60985d9b7af0481de9704b276f7dfb4729c6247f40e41e195c36dbfe51022100a36990c84dd3cc92747016bf36d3c1eb1fddbec3e40c312393abde1d75d1489f:922c64590222798bb761d5b6d8e72950
|
56
cves.json
56
cves.json
|
@ -500,7 +500,7 @@
|
|||
{"ID":"CVE-2018-10818","Info":{"Name":"LG NAS Devices - Remote Code Execution","Severity":"critical","Description":"LG NAS devices contain a pre-auth remote command injection via the \"password\" parameter.","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2018/CVE-2018-10818.yaml"}
|
||||
{"ID":"CVE-2018-10822","Info":{"Name":"D-Link Routers - Local File Inclusion","Severity":"high","Description":"D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after \"GET /uir\" in an HTTP request to the web interface.","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10822.yaml"}
|
||||
{"ID":"CVE-2018-10823","Info":{"Name":"D-Link Routers - Remote Command Injection","Severity":"high","Description":"D-Link DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-111 through 1.01 device may allow an authenticated attacker to execute arbitrary code by injecting the shell command into the chkisg.htm page Sip parameter. This allows for full control over the device internals.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2018/CVE-2018-10823.yaml"}
|
||||
{"ID":"CVE-2018-10942","Info":{"Name":"Prestashop AttributeWizardPro Module - Arbitrary File Upload","Severity":"critical","Description":"In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2018/CVE-2018-10942.yaml"}
|
||||
{"ID":"CVE-2018-10942","Info":{"Name":"Prestashop AttributeWizardPro Module - Arbitrary File Upload","Severity":"critical","Description":"In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php file.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2018/CVE-2018-10942.yaml"}
|
||||
{"ID":"CVE-2018-10956","Info":{"Name":"IPConfigure Orchid Core VMS 2.0.5 - Local File Inclusion","Severity":"high","Description":"IPConfigure Orchid Core VMS 2.0.5 is susceptible to local file inclusion.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2018/CVE-2018-10956.yaml"}
|
||||
{"ID":"CVE-2018-11227","Info":{"Name":"Monstra CMS \u003c=3.0.4 - Cross-Site Scripting","Severity":"medium","Description":"Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2018/CVE-2018-11227.yaml"}
|
||||
{"ID":"CVE-2018-11231","Info":{"Name":"Opencart Divido - Sql Injection","Severity":"high","Description":"OpenCart Divido plugin is susceptible to SQL injection\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2018/CVE-2018-11231.yaml"}
|
||||
|
@ -1372,6 +1372,8 @@
|
|||
{"ID":"CVE-2021-37589","Info":{"Name":"Virtua Software Cobranca \u003c12R - Blind SQL Injection","Severity":"high","Description":"Virtua Cobranca before 12R allows blind SQL injection on the login page.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-37589.yaml"}
|
||||
{"ID":"CVE-2021-37704","Info":{"Name":"phpfastcache - phpinfo Resource Exposure","Severity":"medium","Description":"phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/phpfastcache.","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2021/CVE-2021-37704.yaml"}
|
||||
{"ID":"CVE-2021-37833","Info":{"Name":"Hotel Druid 3.0.2 - Cross-Site Scripting","Severity":"medium","Description":"Hotel Druid 3.0.2 contains a cross-site scripting vulnerability in multiple pages which allows for arbitrary execution of JavaScript commands.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2021/CVE-2021-37833.yaml"}
|
||||
{"ID":"CVE-2021-38146","Info":{"Name":"Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download","Severity":"high","Description":"The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-38146.yaml"}
|
||||
{"ID":"CVE-2021-38147","Info":{"Name":"Wipro Holmes Orchestrator 20.4.1 - Information Disclosure","Severity":"high","Description":"Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2021/CVE-2021-38147.yaml"}
|
||||
{"ID":"CVE-2021-38314","Info":{"Name":"WordPress Redux Framework \u003c=4.2.11 - Information Disclosure","Severity":"medium","Description":"WordPress Redux Framework plugin through 4.2.11 is susceptible to information disclosure. The plugin registers several unique AJAX actions available to unauthenticated users in the includes function in redux-core/class-redux-core.php. These are predictable, given that they are based on an md5 hash of the site URL with a known salt value of -redux and an md5 hash of the previous hash with a known salt value of -support. An attacker can potentially employ these AJAX actions to retrieve a list of active plugins and their versions, the site's PHP version, and an unsalted md5 hash of the site's AUTH_KEY concatenated with the SECURE_AUTH_KEY.","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2021/CVE-2021-38314.yaml"}
|
||||
{"ID":"CVE-2021-38540","Info":{"Name":"Apache Airflow - Unauthenticated Variable Import","Severity":"critical","Description":"Apache Airflow Airflow \u003e=2.0.0 and \u003c2.1.3 does not protect the variable import endpoint which allows unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, potentially resulting in a denial of service, information disclosure or remote code execution.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-38540.yaml"}
|
||||
{"ID":"CVE-2021-38647","Info":{"Name":"Microsoft Open Management Infrastructure - Remote Code Execution","Severity":"critical","Description":"Microsoft Open Management Infrastructure is susceptible to remote code execution (OMIGOD).","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2021/CVE-2021-38647.yaml"}
|
||||
|
@ -1550,6 +1552,7 @@
|
|||
{"ID":"CVE-2022-0656","Info":{"Name":"uDraw \u003c3.3.3 - Local File Inclusion","Severity":"high","Description":"uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc).","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0656.yaml"}
|
||||
{"ID":"CVE-2022-0658","Info":{"Name":"CommonsBooking \u003c 2.6.8 - SQL Injection","Severity":"critical","Description":"The plugin does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0658.yaml"}
|
||||
{"ID":"CVE-2022-0660","Info":{"Name":"Microweber \u003c1.2.11 - Information Disclosure","Severity":"high","Description":"Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0660.yaml"}
|
||||
{"ID":"CVE-2022-0666","Info":{"Name":"Microweber \u003c 1.2.11 - CRLF Injection","Severity":"high","Description":"CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-0666.yaml"}
|
||||
{"ID":"CVE-2022-0678","Info":{"Name":"Microweber \u003c1.2.11 - Cross-Site Scripting","Severity":"medium","Description":"Packagist prior to 1.2.11 contains a cross-site scripting vulnerability via microweber/microweber. User can escape the meta tag because the user doesn't escape the double-quote in the $redirectUrl parameter when logging out.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0678.yaml"}
|
||||
{"ID":"CVE-2022-0679","Info":{"Name":"WordPress Narnoo Distributor \u003c=2.5.1 - Local File Inclusion","Severity":"critical","Description":"WordPress Narnoo Distributor plugin 2.5.1 and prior is susceptible to local file inclusion. The plugin does not validate and sanitize the lib_path parameter before being passed into a call to require() via the narnoo_distributor_lib_request AJAX action, and the content of the file is displayed in the response as JSON data. This can also lead to a remote code execution vulnerability depending on system and configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-0679.yaml"}
|
||||
{"ID":"CVE-2022-0692","Info":{"Name":"Rudloff alltube prior to 3.0.1 - Open Redirect","Severity":"medium","Description":"An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-0692.yaml"}
|
||||
|
@ -1607,6 +1610,7 @@
|
|||
{"ID":"CVE-2022-1439","Info":{"Name":"Microweber \u003c1.2.15 - Cross-Site Scripting","Severity":"medium","Description":"Microweber prior to 1.2.15 contains a reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1439.yaml"}
|
||||
{"ID":"CVE-2022-1442","Info":{"Name":"WordPress Metform \u003c=2.1.3 - Information Disclosure","Severity":"high","Description":"WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-1442.yaml"}
|
||||
{"ID":"CVE-2022-1574","Info":{"Name":"WordPress HTML2WP \u003c=1.0.0 - Arbitrary File Upload","Severity":"critical","Description":"WordPress HTML2WP plugin through 1.0.0 contains an arbitrary file upload vulnerability. The plugin does not perform authorization and CSRF checks when importing files and does not validate them. As a result, an attacker can upload arbitrary files on the remote server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-1574.yaml"}
|
||||
{"ID":"CVE-2022-1580","Info":{"Name":"Site Offline WP Plugin \u003c 1.5.3 - Authorization Bypass","Severity":"medium","Description":"The plugin prevents users from accessing a website but does not do so if the URL contained certain keywords. Adding those keywords to the URL's query string would bypass the plugin's main feature.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2022/CVE-2022-1580.yaml"}
|
||||
{"ID":"CVE-2022-1595","Info":{"Name":"WordPress HC Custom WP-Admin URL \u003c=1.4 - Admin Login URL Disclosure","Severity":"medium","Description":"WordPress HC Custom WP-Admin URL plugin through 1.4 leaks the secret login URL when sending a specially crafted request, thereby allowing an attacker to discover the administrative login URL.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1595.yaml"}
|
||||
{"ID":"CVE-2022-1597","Info":{"Name":"WordPress WPQA \u003c5.4 - Cross-Site Scripting","Severity":"medium","Description":"WordPress WPQA plugin prior to 5.4 contains a reflected cross-site scripting vulnerability. It does not sanitize and escape a parameter on its reset password form.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-1597.yaml"}
|
||||
{"ID":"CVE-2022-1598","Info":{"Name":"WordPress WPQA \u003c5.5 - Improper Access Control","Severity":"medium","Description":"WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2022/CVE-2022-1598.yaml"}
|
||||
|
@ -1639,7 +1643,7 @@
|
|||
{"ID":"CVE-2022-22242","Info":{"Name":"Juniper Web Device Manager - Cross-Site Scripting","Severity":"medium","Description":"Juniper Web Device Manager (J-Web) in Junos OS contains a cross-site scripting vulnerability. This can allow an unauthenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue affects all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-22242.yaml"}
|
||||
{"ID":"CVE-2022-22536","Info":{"Name":"SAP Memory Pipes (MPI) Desynchronization","Severity":"critical","Description":"SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable to request smuggling and request concatenation attacks. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22536.yaml"}
|
||||
{"ID":"CVE-2022-22733","Info":{"Name":"Apache ShardingSphere ElasticJob-UI privilege escalation","Severity":"medium","Description":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2022/CVE-2022-22733.yaml"}
|
||||
{"ID":"CVE-2022-22897","Info":{"Name":"PrestaShop Ap Pagebuilder \u003c= 2.4.4 SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22897.yaml"}
|
||||
{"ID":"CVE-2022-22897","Info":{"Name":"PrestaShop AP Pagebuilder \u003c= 2.4.4 - SQL Injection","Severity":"critical","Description":"A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22897.yaml"}
|
||||
{"ID":"CVE-2022-2290","Info":{"Name":"Trilium \u003c0.52.4 - Cross-Site Scripting","Severity":"medium","Description":"Trilium prior to 0.52.4, 0.53.1-beta contains a cross-site scripting vulnerability which can allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-2290.yaml"}
|
||||
{"ID":"CVE-2022-22947","Info":{"Name":"Spring Cloud Gateway Code Injection","Severity":"critical","Description":"Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2022/CVE-2022-22947.yaml"}
|
||||
{"ID":"CVE-2022-22954","Info":{"Name":"VMware Workspace ONE Access - Server-Side Template Injection","Severity":"critical","Description":"VMware Workspace ONE Access is susceptible to a remote code execution vulnerability due to a server-side template injection flaw. An unauthenticated attacker with network access could exploit this vulnerability by sending a specially crafted request to a vulnerable VMware Workspace ONE or Identity Manager.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-22954.yaml"}
|
||||
|
@ -1787,7 +1791,6 @@
|
|||
{"ID":"CVE-2022-31846","Info":{"Name":"WAVLINK WN535 G3 - Information Disclosure","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31846.yaml"}
|
||||
{"ID":"CVE-2022-31847","Info":{"Name":"WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure","Severity":"high","Description":"WAVLINK WN579 X3 M79X3.V5030.180719 is susceptible to information disclosure in /cgi-bin/ExportAllSettings.sh. An attacker can obtain sensitive router information via a crafted POST request and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-31847.yaml"}
|
||||
{"ID":"CVE-2022-31854","Info":{"Name":"Codoforum 5.1 - Arbitrary File Upload","Severity":"high","Description":"Codoforum 5.1 contains an arbitrary file upload vulnerability via the logo change option in the admin panel. An attacker can upload arbitrary files to the server, which in turn can be used to make the application execute file content as code. As a result, an attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31854.yaml"}
|
||||
{"ID":"CVE-2022-31879","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date parameter.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-31879.yaml"}
|
||||
{"ID":"CVE-2022-31974","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports\u0026date=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31974.yaml"}
|
||||
{"ID":"CVE-2022-31975","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"high","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user\u0026id=.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-31975.yaml"}
|
||||
{"ID":"CVE-2022-31976","Info":{"Name":"Online Fire Reporting System v1.0 - SQL injection","Severity":"critical","Description":"Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2022/CVE-2022-31976.yaml"}
|
||||
|
@ -1830,6 +1833,7 @@
|
|||
{"ID":"CVE-2022-34094","Info":{"Name":"Software Publico Brasileiro i3geo v7.0.5 - Cross-Site Scripting","Severity":"medium","Description":"Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34094.yaml"}
|
||||
{"ID":"CVE-2022-34121","Info":{"Name":"CuppaCMS v1.0 - Local File Inclusion","Severity":"high","Description":"Cuppa CMS v1.0 is vulnerable to local file inclusion via the component /templates/default/html/windows/right.php.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34121.yaml"}
|
||||
{"ID":"CVE-2022-34328","Info":{"Name":"PMB 7.3.10 - Cross-Site Scripting","Severity":"medium","Description":"PMB 7.3.10 contains a reflected cross-site scripting vulnerability via the id parameter in an lvl=author_see request to index.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-34328.yaml"}
|
||||
{"ID":"CVE-2022-34534","Info":{"Name":"Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure","Severity":"high","Description":"Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34534.yaml"}
|
||||
{"ID":"CVE-2022-34576","Info":{"Name":"WAVLINK WN535 G3 - Improper Access Control","Severity":"high","Description":"WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to improper access control. A vulnerability in /cgi-bin/ExportAllSettings.sh allows an attacker to execute arbitrary code via a crafted POST request and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-34576.yaml"}
|
||||
{"ID":"CVE-2022-34590","Info":{"Name":"Hospital Management System 1.0 - SQL Injection","Severity":"high","Description":"Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2022/CVE-2022-34590.yaml"}
|
||||
{"ID":"CVE-2022-34753","Info":{"Name":"SpaceLogic C-Bus Home Controller \u003c=1.31.460 - Remote Command Execution","Severity":"high","Description":"SpaceLogic C-Bus Home Controller through 1.31.460 is susceptible to remote command execution via improper neutralization of special elements. Remote root exploit can be enabled when the command is compromised, and an attacker can potentially execute malware, obtain sensitive information, modify data, and/or gain full control without entering necessary credentials.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2022/CVE-2022-34753.yaml"}
|
||||
|
@ -2015,11 +2019,12 @@
|
|||
{"ID":"CVE-2023-1835","Info":{"Name":"Ninja Forms \u003c 3.6.22 - Cross-Site Scripting","Severity":"medium","Description":"Ninja Forms before 3.6.22 is susceptible to cross-site scripting via the page parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1835.yaml"}
|
||||
{"ID":"CVE-2023-1880","Info":{"Name":"Phpmyfaq v3.1.11 - Cross-Site Scripting","Severity":"medium","Description":"Phpmyfaq v3.1.11 is vulnerable to reflected XSS in send2friend because the 'artlang' parameter is not sanitized.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1880.yaml"}
|
||||
{"ID":"CVE-2023-1890","Info":{"Name":"Tablesome \u003c 1.0.9 - Cross-Site Scripting","Severity":"medium","Description":"Tablesome before 1.0.9 is susceptible to cross-site scripting via the tab parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-1890.yaml"}
|
||||
{"ID":"CVE-2023-1892","Info":{"Name":"Sidekiq \u003c 7.0.8 - Cross-Site Scripting","Severity":"high","Description":"An XSS vulnerability on a Sidekiq admin panel can pose serious risks to the security and functionality of the system.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2023/CVE-2023-1892.yaml"}
|
||||
{"ID":"CVE-2023-1892","Info":{"Name":"Sidekiq \u003c 7.0.8 - Cross-Site Scripting","Severity":"critical","Description":"An XSS vulnerability on a Sidekiq admin panel can pose serious risks to the security and functionality of the system.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2023/CVE-2023-1892.yaml"}
|
||||
{"ID":"CVE-2023-20073","Info":{"Name":"Cisco VPN Routers - Unauthenticated Arbitrary File Upload","Severity":"critical","Description":"A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20073.yaml"}
|
||||
{"ID":"CVE-2023-2009","Info":{"Name":"Pretty Url \u003c= 1.5.4 - Cross-Site Scripting","Severity":"medium","Description":"Plugin does not sanitize and escape the URL field in the plugin settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).\n","Classification":{"CVSSScore":"4.8"}},"file_path":"http/cves/2023/CVE-2023-2009.yaml"}
|
||||
{"ID":"CVE-2023-20198","Info":{"Name":"Cisco IOS XE - Authentication Bypass","Severity":"critical","Description":"Cisco is aware of active exploitation of a previously unknown vulnerability in the web UI feature of Cisco IOS XE Software when exposed to the internet or to untrusted networks. This vulnerability allows a remote, unauthenticated attacker to create an account on an affected system with privilege level 15 access. The attacker can then use that account to gain control of the affected system.\nFor steps to close the attack vector for this vulnerability, see the Recommendations section of this advisory.\nCisco will provide updates on the status of this investigation and when a software patch is available.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-20198.yaml"}
|
||||
{"ID":"CVE-2023-2023","Info":{"Name":"Custom 404 Pro \u003c 3.7.3 - Cross-Site Scripting","Severity":"medium","Description":"Custom 404 Pro before 3.7.3 is susceptible to cross-site scripting via the search parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-2023.yaml"}
|
||||
{"ID":"CVE-2023-2059","Info":{"Name":"DedeCMS 5.7.87 - Directory Traversal","Severity":"medium","Description":"Directory traversal vulnerability in DedeCMS 5.7.87 allows reading sensitive files via the $activepath parameter.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-2059.yaml"}
|
||||
{"ID":"CVE-2023-20864","Info":{"Name":"VMware Aria Operations for Logs - Unauthenticated Remote Code Execution","Severity":"critical","Description":"VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20864.yaml"}
|
||||
{"ID":"CVE-2023-20887","Info":{"Name":"VMware VRealize Network Insight - Remote Code Execution","Severity":"critical","Description":"VMWare Aria Operations for Networks (vRealize Network Insight) is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the root user. The RPC interface is protected by a reverse proxy which can be bypassed. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. A malicious actor can get remote code execution in the context of 'root' on the appliance. VMWare 6.x version are\n vulnerable.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-20887.yaml"}
|
||||
{"ID":"CVE-2023-20888","Info":{"Name":"VMware Aria Operations for Networks - Remote Code Execution","Severity":"high","Description":"Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code execution.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-20888.yaml"}
|
||||
|
@ -2129,6 +2134,7 @@
|
|||
{"ID":"CVE-2023-30258","Info":{"Name":"MagnusBilling - Unauthenticated Remote Code Execution","Severity":"critical","Description":"Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-30258.yaml"}
|
||||
{"ID":"CVE-2023-30534","Info":{"Name":"Cacti \u003c 1.2.25 Insecure Deserialization","Severity":"medium","Description":"Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2023/CVE-2023-30534.yaml"}
|
||||
{"ID":"CVE-2023-30625","Info":{"Name":"Rudder Server \u003c 1.3.0-rc.1 - SQL Injection","Severity":"high","Description":"Rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-30625.yaml"}
|
||||
{"ID":"CVE-2023-3077","Info":{"Name":"MStore API \u003c 3.9.8 - SQL Injection","Severity":"critical","Description":"The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3077.yaml"}
|
||||
{"ID":"CVE-2023-30777","Info":{"Name":"Advanced Custom Fields \u003c 6.1.6 - Cross-Site Scripting","Severity":"medium","Description":"Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_status parameter due to insufficient input sanitization and output escaping. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30777.yaml"}
|
||||
{"ID":"CVE-2023-30868","Info":{"Name":"Tree Page View Plugin \u003c 1.6.7 - Cross-Site Scripting","Severity":"medium","Description":"The CMS Tree Page View plugin for WordPress has a Reflected Cross-Site Scripting vulnerability up to version 1.6.7. This is due to the post_type parameter not properly escaping user input. As a result, users with administrator privileges or higher can inject JavaScript code that will execute whenever accessed.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-30868.yaml"}
|
||||
{"ID":"CVE-2023-30943","Info":{"Name":"Moodle - Cross-Site Scripting/Remote Code Execution","Severity":"medium","Description":"The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. Moodle versions 4.1.x before 4.1.3 and 4.2.x before 4.2.0 are susceptible to an unauthenticated arbitrary folder creation, tracked as CVE-2023-30943. An attacker can leverage the creation of arbitrary folders to carry out a Stored Cross-Site Scripting (XSS) attack on the administration panel, resulting in arbitrary code execution on the server as soon as an administrator visits the panel.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-30943.yaml"}
|
||||
|
@ -2154,7 +2160,7 @@
|
|||
{"ID":"CVE-2023-33629","Info":{"Name":"H3C Magic R300-2100M - Remote Code Execution","Severity":"high","Description":"H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm.\n","Classification":{"CVSSScore":"7.2"}},"file_path":"http/cves/2023/CVE-2023-33629.yaml"}
|
||||
{"ID":"CVE-2023-3368","Info":{"Name":"Chamilo LMS \u003c= v1.11.20 Unauthenticated Command Injection","Severity":"critical","Description":"Command injection in `/main/webservices/additional_webservices.php`\nin Chamilo LMS \u003c= v1.11.20 allows unauthenticated attackers to obtain\nremote code execution via improper neutralisation of special characters.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3368.yaml"}
|
||||
{"ID":"CVE-2023-33831","Info":{"Name":"FUXA - Unauthenticated Remote Code Execution","Severity":"critical","Description":"A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-33831.yaml"}
|
||||
{"ID":"CVE-2023-34020","Info":{"Name":"Uncanny Toolkit for LearnDash - Open Redirection","Severity":"low","Description":"A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34020.yaml"}
|
||||
{"ID":"CVE-2023-34020","Info":{"Name":"Uncanny Toolkit for LearnDash - Open Redirection","Severity":"medium","Description":"A vulnerability in the WordPress Uncanny Toolkit for LearnDash Plugin allowed malicious actors to redirect users, posing a potential risk of phishing incidents. The issue has been resolved in version 3.6.4.4, and users are urged to update for security.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2023/CVE-2023-34020.yaml"}
|
||||
{"ID":"CVE-2023-34124","Info":{"Name":"SonicWall GMS and Analytics Web Services - Shell Injection","Severity":"critical","Description":"The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34124.yaml"}
|
||||
{"ID":"CVE-2023-34192","Info":{"Name":"Zimbra Collaboration Suite (ZCS) v.8.8.15 - Cross-Site Scripting","Severity":"critical","Description":"Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.\n","Classification":{"CVSSScore":"9"}},"file_path":"http/cves/2023/CVE-2023-34192.yaml"}
|
||||
{"ID":"CVE-2023-34259","Info":{"Name":"Kyocera TASKalfa printer - Path Traversal","Severity":"medium","Description":"CCRX has a Path Traversal vulnerability. Path Traversal is an attack on web applications. By manipulating the value of the file path, an attacker can gain access to the file system, including source code and critical system settings.\n","Classification":{"CVSSScore":"4.9"}},"file_path":"http/cves/2023/CVE-2023-34259.yaml"}
|
||||
|
@ -2172,15 +2178,17 @@
|
|||
{"ID":"CVE-2023-3479","Info":{"Name":"Hestiacp \u003c= 1.7.7 - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-3479.yaml"}
|
||||
{"ID":"CVE-2023-34843","Info":{"Name":"Traggo Server - Local File Inclusion","Severity":"high","Description":"traggo/server version 0.3.0 is vulnerable to directory traversal.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-34843.yaml"}
|
||||
{"ID":"CVE-2023-34960","Info":{"Name":"Chamilo Command Injection","Severity":"critical","Description":"A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34960.yaml"}
|
||||
{"ID":"CVE-2023-34993","Info":{"Name":"Fortinet FortiWLM Unauthenticated Command Injection Vulnerability","Severity":"critical","Description":"A improper neutralization of special elements used in an os command ('os\ncommand injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and\n8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands\nSuccessful exploitation of this vulnerability could allow an attacker to\nbypass authentication and gain unauthorized access to the affected system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34993.yaml"}
|
||||
{"ID":"CVE-2023-34993","Info":{"Name":"Fortinet FortiWLM Unauthenticated Command Injection Vulnerability","Severity":"critical","Description":"A improper neutralization of special elements used in an os command ('os\ncommand injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and\n8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands\nSuccessful exploitation of this vulnerability could allow an attacker to\nbypass authentication and gain unauthorized access to the affected system.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-34993.yaml"}
|
||||
{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"}
|
||||
{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web application’s security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"}
|
||||
{"ID":"CVE-2023-35158","Info":{"Name":"XWiki - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: \u003e /xwiki/bin/view/XWiki/Main?xpage=restore\u0026showBatch=true\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35158.yaml"}
|
||||
{"ID":"CVE-2023-35162","Info":{"Name":"XWiki \u003c 14.10.5 - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is vulnerable to reflected XSS via the previewactions template. An attacker can inject JavaScript through the xcontinue parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35162.yaml"}
|
||||
{"ID":"CVE-2023-35813","Info":{"Name":"Sitecore - Remote Code Execution","Severity":"critical","Description":"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35813.yaml"}
|
||||
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
|
||||
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}
|
||||
{"ID":"CVE-2023-35885","Info":{"Name":"Cloudpanel 2 \u003c 2.3.1 - Remote Code Execution","Severity":"critical","Description":"CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35885.yaml"}
|
||||
{"ID":"CVE-2023-36144","Info":{"Name":"Intelbras Switch - Information Disclosure","Severity":"high","Description":"An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-36144.yaml"}
|
||||
{"ID":"CVE-2023-36284","Info":{"Name":"QloApps 1.6.0 - SQL Injection","Severity":"high","Description":"An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameters date_from, date_to, and id_product allows a remote attacker to retrieve the contents of an entire database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-36284.yaml"}
|
||||
{"ID":"CVE-2023-36287","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36287.yaml"}
|
||||
{"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"}
|
||||
{"ID":"CVE-2023-36306","Info":{"Name":"Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting","Severity":"medium","Description":"A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36306.yaml"}
|
||||
|
@ -2202,6 +2210,7 @@
|
|||
{"ID":"CVE-2023-37728","Info":{"Name":"IceWarp Webmail Server v10.2.1 - Cross Site Scripting","Severity":"medium","Description":"Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37728.yaml"}
|
||||
{"ID":"CVE-2023-37979","Info":{"Name":"Ninja Forms \u003c 3.6.26 - Cross-Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-37979.yaml"}
|
||||
{"ID":"CVE-2023-38035","Info":{"Name":"Ivanti Sentry - Authentication Bypass","Severity":"critical","Description":"A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38035.yaml"}
|
||||
{"ID":"CVE-2023-38194","Info":{"Name":"SuperWebMailer - Cross-Site Scripting","Severity":"medium","Description":"An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-38194.yaml"}
|
||||
{"ID":"CVE-2023-38203","Info":{"Name":"Adobe ColdFusion - Deserialization of Untrusted Data","Severity":"critical","Description":"Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-38203.yaml"}
|
||||
{"ID":"CVE-2023-38205","Info":{"Name":"Adobe ColdFusion - Access Control Bypass","Severity":"high","Description":"There is an access control bypass vulnerability in Adobe ColdFusion versions 2023 Update 2 and below, 2021 Update 8 and below and 2018 update 18 and below, which allows a remote attacker to bypass the ColdFusion mechanisms that restrict unauthenticated external access to ColdFusion's Administrator.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-38205.yaml"}
|
||||
{"ID":"CVE-2023-3836","Info":{"Name":"Dahua Smart Park Management - Arbitrary File Upload","Severity":"critical","Description":"Dahua wisdom park integrated management platform is a comprehensive management platform, a park operations,resource allocation, and intelligence services,and other functions, including/emap/devicePoint_addImgIco?.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-3836.yaml"}
|
||||
|
@ -2265,6 +2274,7 @@
|
|||
{"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"}
|
||||
{"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"}
|
||||
{"ID":"CVE-2023-43374","Info":{"Name":"Hoteldruid v3.0.5 - SQL Injection","Severity":"critical","Description":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43374.yaml"}
|
||||
{"ID":"CVE-2023-43472","Info":{"Name":"MLFlow \u003c 2.8.1 - Sensitive Information Disclosure","Severity":"high","Description":"An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43472.yaml"}
|
||||
{"ID":"CVE-2023-43795","Info":{"Name":"GeoServer WPS - Server Side Request Forgery","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43795.yaml"}
|
||||
{"ID":"CVE-2023-4415","Info":{"Name":"Ruijie RG-EW1200G Router Background - Login Bypass","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4415.yaml"}
|
||||
{"ID":"CVE-2023-44352","Info":{"Name":"Adobe Coldfusion - Cross-Site Scripting","Severity":"medium","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44352.yaml"}
|
||||
|
@ -2274,6 +2284,7 @@
|
|||
{"ID":"CVE-2023-44813","Info":{"Name":"mooSocial v.3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"Cross-Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44813.yaml"}
|
||||
{"ID":"CVE-2023-4521","Info":{"Name":"Import XML and RSS Feeds \u003c 2.1.5 - Unauthenticated RCE","Severity":"critical","Description":"The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4521.yaml"}
|
||||
{"ID":"CVE-2023-45375","Info":{"Name":"PrestaShop PireosPay - SQL Injection","Severity":"high","Description":"In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-45375.yaml"}
|
||||
{"ID":"CVE-2023-4542","Info":{"Name":"D-Link DAR-8000-10 - Command Injection","Severity":"critical","Description":"D-Link DAR-8000-10 version has an operating system command injection vulnerability. The vulnerability originates from the parameter id of the file /app/sys1.php which can lead to operating system command injection.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4542.yaml"}
|
||||
{"ID":"CVE-2023-4547","Info":{"Name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4547.yaml"}
|
||||
{"ID":"CVE-2023-45542","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-45542.yaml"}
|
||||
{"ID":"CVE-2023-45671","Info":{"Name":"Frigate \u003c 0.13.0 Beta 3 - Cross-Site Scripting","Severity":"medium","Description":"Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/\u003ccamera_name\u003e` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2023/CVE-2023-45671.yaml"}
|
||||
|
@ -2283,18 +2294,19 @@
|
|||
{"ID":"CVE-2023-4596","Info":{"Name":"WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload","Severity":"critical","Description":"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4596.yaml"}
|
||||
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
|
||||
{"ID":"CVE-2023-46347","Info":{"Name":"PrestaShop Step by Step products Pack - SQL Injection","Severity":"critical","Description":"In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46347.yaml"}
|
||||
{"ID":"CVE-2023-46359","Info":{"Name":"cPH2 Charging Station v1.87.0 - OS Command Injection","Severity":"critical","Description":"An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.\n","Classification":{"CVSSScore":"9.6"}},"file_path":"http/cves/2023/CVE-2023-46359.yaml"}
|
||||
{"ID":"CVE-2023-46359","Info":{"Name":"cPH2 Charging Station v1.87.0 - OS Command Injection","Severity":"critical","Description":"An OS command injection vulnerability in Hardy Barth cPH2 Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the connectivity check feature.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46359.yaml"}
|
||||
{"ID":"CVE-2023-46574","Info":{"Name":"TOTOLINK A3700R - Command Injection","Severity":"critical","Description":"An issue in TOTOLINK A3700R v.9.1.2u.6165_20211012 allows a remote attacker to execute arbitrary code via the FileName parameter of the UploadFirmwareFile function.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46574.yaml"}
|
||||
{"ID":"CVE-2023-46747","Info":{"Name":"F5 BIG-IP - Unauthenticated RCE via AJP Smuggling","Severity":"critical","Description":"CVE-2023-46747 is a critical severity authentication bypass vulnerability in F5 BIG-IP that could allow an unauthenticated attacker to achieve remote code execution (RCE). The vulnerability impacts the BIG-IP Configuration utility, also known as the TMUI, wherein arbitrary requests can bypass authentication. The vulnerability received a CVSSv3 score of 9.8.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46747.yaml"}
|
||||
{"ID":"CVE-2023-46805","Info":{"Name":"Ivanti ICS - Authentication Bypass","Severity":"high","Description":"An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2023/CVE-2023-46805.yaml"}
|
||||
{"ID":"CVE-2023-47115","Info":{"Name":"Label Studio - Cross-Site Scripting","Severity":"high","Description":"Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website.\n","Classification":{"CVSSScore":"7.1"}},"file_path":"http/cves/2023/CVE-2023-47115.yaml"}
|
||||
{"ID":"CVE-2023-4714","Info":{"Name":"PlayTube 3.0.1 - Information Disclosure","Severity":"high","Description":"A vulnerability was found in PlayTube 3.0.1 and classified as problematic. This issue affects some unknown processing of the component Redirect Handler. The manipulation leads to information disclosure. The attack may be initiated remotely.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4714.yaml"}
|
||||
{"ID":"CVE-2023-47211","Info":{"Name":"ManageEngine OpManager - Directory Traversal","Severity":"high","Description":"A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. A specially crafted HTTP request can lead to arbitrary file creation. An attacker can send a malicious MiB file to trigger this vulnerability.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2023/CVE-2023-47211.yaml"}
|
||||
{"ID":"CVE-2023-47218","Info":{"Name":"QNAP QTS and QuTS Hero - OS Command Injection","Severity":"high","Description":"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2023/CVE-2023-47218.yaml"}
|
||||
{"ID":"CVE-2023-47218","Info":{"Name":"QNAP QTS and QuTS Hero - OS Command Injection","Severity":"medium","Description":"An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.\n","Classification":{"CVSSScore":"5.8"}},"file_path":"http/cves/2023/CVE-2023-47218.yaml"}
|
||||
{"ID":"CVE-2023-47246","Info":{"Name":"SysAid Server - Remote Code Execution","Severity":"critical","Description":"In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-47246.yaml"}
|
||||
{"ID":"CVE-2023-47643","Info":{"Name":"SuiteCRM Unauthenticated Graphql Introspection","Severity":"medium","Description":"Graphql Introspection is enabled without authentication, exposing the scheme defining all object types, arguments, and functions.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-47643.yaml"}
|
||||
{"ID":"CVE-2023-48023","Info":{"Name":"Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery","Severity":"high","Description":"The Ray Dashboard API is affected by a Server-Side Request Forgery (SSRF) vulnerability in the url parameter of the /log_proxy API endpoint. The API does not perform sufficient input validation within the affected parameter and any HTTP or HTTPS URLs are accepted as valid.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-48023.yaml"}
|
||||
{"ID":"CVE-2023-48777","Info":{"Name":"WordPress Elementor 3.18.1 - File Upload/Remote Code Execution","Severity":"critical","Description":"The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-48777.yaml"}
|
||||
{"ID":"CVE-2023-48084","Info":{"Name":"Nagios XI \u003c 5.11.3 - SQL Injection","Severity":"critical","Description":"SQL injection vulnerability in Nagios XI before version 5.11.3 via the bulk modification tool.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-48084.yaml"}
|
||||
{"ID":"CVE-2023-48777","Info":{"Name":"WordPress Elementor 3.18.1 - File Upload/Remote Code Execution","Severity":"critical","Description":"The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the server.\n","Classification":{"CVSSScore":"9.9"}},"file_path":"http/cves/2023/CVE-2023-48777.yaml"}
|
||||
{"ID":"CVE-2023-49070","Info":{"Name":"Apache OFBiz \u003c 18.12.10 - Arbitrary Code Execution","Severity":"critical","Description":"Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to XML-RPC no longer maintained still present. This issue affects Apache OFBiz: before 18.12.10.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-49070.yaml"}
|
||||
{"ID":"CVE-2023-49103","Info":{"Name":"OwnCloud - Phpinfo Configuration","Severity":"high","Description":"An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PHP environment (phpinfo). This information includes all the environment variables of the webserver. In containerized deployments, these environment variables may include sensitive data such as the ownCloud admin password, mail server credentials, and license key. Simply disabling the graphapi app does not eliminate the vulnerability. Additionally, phpinfo exposes various other potentially sensitive configuration details that could be exploited by an attacker to gather information about the system.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-49103.yaml"}
|
||||
{"ID":"CVE-2023-4966","Info":{"Name":"Citrix Bleed - Leaking Session Tokens","Severity":"high","Description":"Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-4966.yaml"}
|
||||
|
@ -2321,26 +2333,31 @@
|
|||
{"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"}
|
||||
{"ID":"CVE-2023-6023","Info":{"Name":"VertaAI ModelDB - Path Traversal","Severity":"high","Description":"The endpoint \"/api/v1/artifact/getArtifact?artifact_path=\" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifact_path parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6023.yaml"}
|
||||
{"ID":"CVE-2023-6038","Info":{"Name":"H2O ImportFiles - Local File Inclusion","Severity":"high","Description":"An attacker is able to read any file on the server hosting the H2O dashboard without any authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6038.yaml"}
|
||||
{"ID":"CVE-2023-6063","Info":{"Name":"WP Fastest Cache 1.2.2 - Unauthenticated SQL Injection","Severity":"high","Description":"The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6063.yaml"}
|
||||
{"ID":"CVE-2023-6063","Info":{"Name":"WP Fastest Cache 1.2.2 - SQL Injection","Severity":"high","Description":"The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6063.yaml"}
|
||||
{"ID":"CVE-2023-6065","Info":{"Name":"Quttera Web Malware Scanner \u003c= 3.4.1.48 - Sensitive Data Exposure","Severity":"medium","Description":"The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-6065.yaml"}
|
||||
{"ID":"CVE-2023-6114","Info":{"Name":"Duplicator \u003c 1.5.7.1; Duplicator Pro \u003c 4.5.14.2 - Unauthenticated Sensitive Data Exposure","Severity":"high","Description":"The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory in the Pro version), which temporarily stores files containing sensitive data. When directory listing is enabled in the web server, this allows unauthenticated attackers to discover and access these sensitive files, which include a full database dump and a zip archive of the site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6114.yaml"}
|
||||
{"ID":"CVE-2023-6360","Info":{"Name":"WordPress My Calendar \u003c3.4.22 - SQL Injection","Severity":"critical","Description":"WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6360.yaml"}
|
||||
{"ID":"CVE-2023-6379","Info":{"Name":"OpenCMS 14 \u0026 15 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6379.yaml"}
|
||||
{"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"}
|
||||
{"ID":"CVE-2023-6389","Info":{"Name":"WordPress Toolbar \u003c= 2.2.6 - Open Redirect","Severity":"medium","Description":"The plugin redirects to any URL via the \"wptbto\" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6389.yaml"}
|
||||
{"ID":"CVE-2023-6505","Info":{"Name":"Prime Mover \u003c 1.9.3 - Sensitive Data Exposure","Severity":"high","Description":"Prime Mover plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.2 via directory listing in the 'prime-mover-export-files/1/' folder. This makes it possible for unauthenticated attackers to extract sensitive data including site and configuration information, directories, files, and password hashes.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6505.yaml"}
|
||||
{"ID":"CVE-2023-6553","Info":{"Name":"Worpress Backup Migration \u003c= 1.3.7 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6553.yaml"}
|
||||
{"ID":"CVE-2023-6567","Info":{"Name":"LearnPress \u003c= 4.2.5.7 - SQL Injection","Severity":"high","Description":"The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6567.yaml"}
|
||||
{"ID":"CVE-2023-6623","Info":{"Name":"Essential Blocks \u003c 4.4.3 - Local File Inclusion","Severity":"critical","Description":"Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6623.yaml"}
|
||||
{"ID":"CVE-2023-6634","Info":{"Name":"LearnPress \u003c 4.2.5.8 - Remote Code Execution","Severity":"critical","Description":"The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. This is due to the plugin making use of the call_user_func function with user input. This makes it possible for unauthenticated attackers to execute any public function with one parameter, which could result in remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6634.yaml"}
|
||||
{"ID":"CVE-2023-6786","Info":{"Name":"Payment Gateway for Telcell \u003c 2.0.4 - Open Redirect","Severity":"medium","Description":"The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect issue\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-6786.yaml"}
|
||||
{"ID":"CVE-2023-6831","Info":{"Name":"mlflow - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"8.1"}},"file_path":"http/cves/2023/CVE-2023-6831.yaml"}
|
||||
{"ID":"CVE-2023-6875","Info":{"Name":"WordPress POST SMTP Mailer \u003c= 2.8.7 - Authorization Bypass","Severity":"critical","Description":"The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6875.yaml"}
|
||||
{"ID":"CVE-2023-6895","Info":{"Name":"Hikvision IP ping.php - Command Execution","Severity":"critical","Description":"A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6895.yaml"}
|
||||
{"ID":"CVE-2023-6909","Info":{"Name":"Mlflow \u003c2.9.2 - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6909.yaml"}
|
||||
{"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
|
||||
{"ID":"CVE-2023-6989","Info":{"Name":"Shield Security WP Plugin \u003c= 18.5.9 - Local File Inclusion","Severity":"critical","Description":"The Shield Security Smart Bot Blocking \u0026 Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6989.yaml"}
|
||||
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
|
||||
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"high","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
|
||||
{"ID":"CVE-2024-0195","Info":{"Name":"SpiderFlow Crawler Platform - Remote Code Execution","Severity":"critical","Description":"A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0195.yaml"}
|
||||
{"ID":"CVE-2024-0200","Info":{"Name":"Github Enterprise Authenticated Remote Code Execution","Severity":"critical","Description":"An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0200.yaml"}
|
||||
{"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
|
||||
{"ID":"CVE-2024-0235","Info":{"Name":"EventON (Free \u003c 2.2.8, Premium \u003c 4.5.5) - Information Disclosure","Severity":"medium","Description":"The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-0235.yaml"}
|
||||
{"ID":"CVE-2024-0250","Info":{"Name":"Analytics Insights for Google Analytics 4 \u003c 6.3 - Open Redirect","Severity":"medium","Description":"The plugin is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0250.yaml"}
|
||||
{"ID":"CVE-2024-0305","Info":{"Name":"Ncast busiFacade - Remote Command Execution","Severity":"high","Description":"The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-0305.yaml"}
|
||||
{"ID":"CVE-2024-0337","Info":{"Name":"Travelpayouts \u003c= 1.1.16 - Open Redirect","Severity":"medium","Description":"The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0337.yaml"}
|
||||
{"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"critical","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"}
|
||||
|
@ -2354,12 +2371,14 @@
|
|||
{"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
|
||||
{"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
|
||||
{"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"}
|
||||
{"ID":"CVE-2024-1380","Info":{"Name":"Relevanssi (A Better Search) \u003c= 4.22.0 - Query Log Export","Severity":"medium","Description":"The Relevanssi Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1380.yaml"}
|
||||
{"ID":"CVE-2024-1561","Info":{"Name":"Gradio Applications - Local File Read","Severity":"high","Description":"Local file read by calling arbitrary methods of Components class\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1561.yaml"}
|
||||
{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
|
||||
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
|
||||
{"ID":"CVE-2024-20767","Info":{"Name":"Adobe ColdFusion - Arbitrary File Read","Severity":"high","Description":"ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-20767.yaml"}
|
||||
{"ID":"CVE-2024-21644","Info":{"Name":"pyLoad Flask Config - Access Control","Severity":"high","Description":"pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-21644.yaml"}
|
||||
{"ID":"CVE-2024-21645","Info":{"Name":"pyload - Log Injection","Severity":"medium","Description":"A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-21645.yaml"}
|
||||
{"ID":"CVE-2024-21683","Info":{"Name":"Atlassian Confluence Data Center and Server - Remote Code Execution","Severity":"high","Description":"Detects a Remote Code Execution vulnerability in Confluence Data Center and Server versions prior to X.X (affected versions). This issue allows authenticated attackers to execute arbitrary code.\n","Classification":{"CVSSScore":"8.3"}},"file_path":"http/cves/2024/CVE-2024-21683.yaml"}
|
||||
{"ID":"CVE-2024-21887","Info":{"Name":"Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) - Command Injection","Severity":"critical","Description":"A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2024/CVE-2024-21887.yaml"}
|
||||
{"ID":"CVE-2024-21893","Info":{"Name":"Ivanti SAML - Server Side Request Forgery (SSRF)","Severity":"high","Description":"A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-21893.yaml"}
|
||||
{"ID":"CVE-2024-22024","Info":{"Name":"Ivanti Connect Secure - XXE","Severity":"high","Description":"Ivanti Connect Secure is vulnerable to XXE (XML External Entity) injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-22024.yaml"}
|
||||
|
@ -2368,15 +2387,18 @@
|
|||
{"ID":"CVE-2024-22927","Info":{"Name":"eyoucms v.1.6.5 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-22927.yaml"}
|
||||
{"ID":"CVE-2024-23334","Info":{"Name":"aiohttp - Directory Traversal","Severity":"high","Description":"aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-23334.yaml"}
|
||||
{"ID":"CVE-2024-2340","Info":{"Name":"Avada \u003c 7.11.7 - Information Disclosure","Severity":"medium","Description":"The Avada theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.11.6 via the '/wp-content/uploads/fusion-forms/' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-2340.yaml"}
|
||||
{"ID":"CVE-2024-23692","Info":{"Name":"Rejetto HTTP File Server - Template injection","Severity":"critical","Description":"This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23692.yaml"}
|
||||
{"ID":"CVE-2024-2389","Info":{"Name":"Progress Kemp Flowmon - Command Injection","Severity":"critical","Description":"In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-2389.yaml"}
|
||||
{"ID":"CVE-2024-23917","Info":{"Name":"JetBrains TeamCity \u003e 2023.11.3 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-23917.yaml"}
|
||||
{"ID":"CVE-2024-24131","Info":{"Name":"SuperWebMailer 9.31.0.01799 - Cross-Site Scripting","Severity":"medium","Description":"SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-24131.yaml"}
|
||||
{"ID":"CVE-2024-24919","Info":{"Name":"Check Point Quantum Gateway - Information Disclosure","Severity":"high","Description":"CVE-2024-24919 is an information disclosure vulnerability that can allow an attacker to access certain information on internet-connected Gateways which have been configured with IPSec VPN, remote access VPN, or mobile access software blade.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-24919.yaml"}
|
||||
{"ID":"CVE-2024-25600","Info":{"Name":"Unauthenticated Remote Code Execution – Bricks \u003c= 1.9.6","Severity":"critical","Description":"Bricks Builder is a popular WordPress development theme with approximately 25,000 active installations. It provides an intuitive drag-and-drop interface for designing and building WordPress websites. Bricks \u003c= 1.9.6 is vulnerable to unauthenticated remote code execution (RCE) which means that anybody can run arbitrary commands and take over the site/server. This can lead to various malicious activities\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25600.yaml"}
|
||||
{"ID":"CVE-2024-25669","Info":{"Name":"CaseAware a360inc - Cross-Site Scripting","Severity":"medium","Description":"a360inc CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. This is a bypass of the fix reported in CVE-2017-\u003e\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2024/CVE-2024-25669.yaml"}
|
||||
{"ID":"CVE-2024-25735","Info":{"Name":"WyreStorm Apollo VX20 - Information Disclosure","Severity":"high","Description":"An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET request.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-25735.yaml"}
|
||||
{"ID":"CVE-2024-26331","Info":{"Name":"ReCrystallize Server - Authentication Bypass","Severity":"high","Description":"This vulnerability allows an attacker to bypass authentication in the ReCrystallize Server application by manipulating the 'AdminUsername' cookie. This gives the attacker administrative access to the application's functionality, even when the default password has been changed.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-26331.yaml"}
|
||||
{"ID":"CVE-2024-27198","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"critical","Description":"In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27198.yaml"}
|
||||
{"ID":"CVE-2024-27199","Info":{"Name":"TeamCity \u003c 2023.11.4 - Authentication Bypass","Severity":"high","Description":"In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-27199.yaml"}
|
||||
{"ID":"CVE-2024-27348","Info":{"Name":"Apache HugeGraph-Server - Remote Command Execution","Severity":"high","Description":"Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27348.yaml"}
|
||||
{"ID":"CVE-2024-27497","Info":{"Name":"Linksys E2000 1.0.06 position.js Improper Authentication","Severity":"high","Description":"Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27497.yaml"}
|
||||
{"ID":"CVE-2024-27564","Info":{"Name":"ChatGPT个人专用版 - Server Side Request Forgery","Severity":"high","Description":"A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-27564.yaml"}
|
||||
{"ID":"CVE-2024-27954","Info":{"Name":"WordPress Automatic Plugin \u003c3.92.1 - Arbitrary File Download and SSRF","Severity":"critical","Description":"WordPress Automatic plugin \u003c3.92.1 is vulnerable to unauthenticated Arbitrary File Download and SSRF Located in the downloader.php file, could permit attackers to download any file from a site. Sensitive data, including login credentials and backup files, could fall into the wrong hands. This vulnerability has been patched in version 3.92.1.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-27954.yaml"}
|
||||
|
@ -2384,7 +2406,7 @@
|
|||
{"ID":"CVE-2024-28255","Info":{"Name":"OpenMetadata - Authentication Bypass","Severity":"critical","Description":"OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-28255.yaml"}
|
||||
{"ID":"CVE-2024-28734","Info":{"Name":"Coda v.2024Q1 - Cross-Site Scripting","Severity":"medium","Description":"Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-28734.yaml"}
|
||||
{"ID":"CVE-2024-2876","Info":{"Name":"Wordpress Email Subscribers by Icegram Express - SQL Injection","Severity":"critical","Description":"The Email Subscribers by Icegram Express - Email Marketing, Newsletters, Automation for WordPress \u0026 WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-2876.yaml"}
|
||||
{"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"critical","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"}
|
||||
{"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"high","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"}
|
||||
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
|
||||
{"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"}
|
||||
{"ID":"CVE-2024-3097","Info":{"Name":"NextGEN Gallery \u003c= 3.59 - Missing Authorization to Unauthenticated Information Disclosure","Severity":"medium","Description":"The WordPress Gallery Plugin – NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3097.yaml"}
|
||||
|
@ -2397,12 +2419,20 @@
|
|||
{"ID":"CVE-2024-32399","Info":{"Name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","Severity":"high","Description":"Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32399.yaml"}
|
||||
{"ID":"CVE-2024-32640","Info":{"Name":"Mura/Masa CMS - SQL Injection","Severity":"critical","Description":"The Mura/Masa CMS is vulnerable to SQL Injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32640.yaml"}
|
||||
{"ID":"CVE-2024-32651","Info":{"Name":"Change Detection - Server Side Template Injection","Severity":"critical","Description":"A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-32651.yaml"}
|
||||
{"ID":"CVE-2024-3273","Info":{"Name":"D-Link Network Attached Storage - Command Injection and Backdoor Account","Severity":"high","Description":"UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-3273.yaml"}
|
||||
{"ID":"CVE-2024-3273","Info":{"Name":"D-Link Network Attached Storage - Command Injection and Backdoor Account","Severity":"critical","Description":"UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3273.yaml"}
|
||||
{"ID":"CVE-2024-33288","Info":{"Name":"Prison Management System - SQL Injection Authentication Bypass","Severity":"high","Description":"Sql injection vulnerability was found on the login page in Prison Management System\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33288.yaml"}
|
||||
{"ID":"CVE-2024-33575","Info":{"Name":"User Meta WP Plugin \u003c 3.1 - Sensitive Information Exposure","Severity":"medium","Description":"The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-33575.yaml"}
|
||||
{"ID":"CVE-2024-33724","Info":{"Name":"SOPlanning 1.52.00 Cross Site Scripting","Severity":"medium","Description":"SOPlanning v1.52.00 is vulnerable to XSS via the 'groupe_id' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33724.yaml"}
|
||||
{"ID":"CVE-2024-3400","Info":{"Name":"GlobalProtect - OS Command Injection","Severity":"critical","Description":"A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-3400.yaml"}
|
||||
{"ID":"CVE-2024-34470","Info":{"Name":"HSC Mailinspector 5.2.17-3 through 5.2.18 - Local File Inclusion","Severity":"high","Description":"An Unauthenticated Path Traversal vulnerability exists in the /public/loaderphp file The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-34470.yaml"}
|
||||
{"ID":"CVE-2024-3495","Info":{"Name":"Wordpress Country State City Dropdown \u003c=2.7.2 - SQL Injection","Severity":"critical","Description":"The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3495.yaml"}
|
||||
{"ID":"CVE-2024-3822","Info":{"Name":"Base64 Encoder/Decoder \u003c= 0.9.2 - Cross-Site Scripting","Severity":"medium","Description":"The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2024/CVE-2024-3822.yaml"}
|
||||
{"ID":"CVE-2024-4040","Info":{"Name":"CrushFTP VFS - Sandbox Escape LFR","Severity":"critical","Description":"VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-4040.yaml"}
|
||||
{"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"}
|
||||
{"ID":"CVE-2024-4358","Info":{"Name":"Progress Telerik Report Server - Authentication Bypass","Severity":"critical","Description":"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4358.yaml"}
|
||||
{"ID":"CVE-2024-4577","Info":{"Name":"PHP CGI - Argument Injection","Severity":"critical","Description":"PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-4577.yaml"}
|
||||
{"ID":"CVE-2024-4956","Info":{"Name":"Sonatype Nexus Repository Manager 3 - Local File Inclusion","Severity":"high","Description":"Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-4956.yaml"}
|
||||
{"ID":"CVE-2024-5230","Info":{"Name":"FleetCart 4.1.1 - Information Disclosure","Severity":"medium","Description":"Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the \"Razorpay\" \"razorpayKeyId\".\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-5230.yaml"}
|
||||
{"ID":"CVE-2001-1473","Info":{"Name":"Deprecated SSHv1 Protocol Detection","Severity":"high","Description":"SSHv1 is deprecated and has known cryptographic issues.","Classification":{"CVSSScore":"7.5"}},"file_path":"network/cves/2001/CVE-2001-1473.yaml"}
|
||||
{"ID":"CVE-2011-2523","Info":{"Name":"VSFTPD 2.3.4 - Backdoor Command Execution","Severity":"critical","Description":"VSFTPD v2.3.4 had a serious backdoor vulnerability allowing attackers to execute arbitrary commands on the server with root-level access. The backdoor was triggered by a specific string of characters in a user login request, which allowed attackers to execute any command they wanted.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"network/cves/2011/CVE-2011-2523.yaml"}
|
||||
{"ID":"CVE-2015-3306","Info":{"Name":"ProFTPd - Remote Code Execution","Severity":"critical","Description":"ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.","Classification":{"CVSSScore":"10"}},"file_path":"network/cves/2015/CVE-2015-3306.yaml"}
|
||||
|
|
|
@ -1 +1 @@
|
|||
6cee9d81045ba3fb25589784532a78e4
|
||||
ccfb062d74fe49f673c3566b7bedbb47
|
||||
|
|
|
@ -17,6 +17,7 @@ info:
|
|||
cve-id: CVE-2018-19518
|
||||
cwe-id: CWE-88
|
||||
metadata:
|
||||
max-request: 1
|
||||
confidence: tenative
|
||||
tags: imap,dast,vulhub,cve,cve2018,rce,oast,php
|
||||
|
||||
|
@ -46,4 +47,4 @@ http:
|
|||
part: interactsh_request
|
||||
words:
|
||||
- "User-Agent: curl"
|
||||
# digest: 4a0a00473045022100af7a090c8826b8f7eb0934a5a130dc05780441afce33b5e31dda44213d47691e02205499f8bad4923cabbddd841491363890751a97b823905e848b6ed457c4d2ecab:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502201f31f8ec34e95d06649fe4f66b2a6d12228cfb9ee6419361b4fded4af16c0e40022100d8f11206e0687b2d6aaa0982697f3ec62313b744167209f819487b74b40df159:922c64590222798bb761d5b6d8e72950
|
|
@ -17,6 +17,7 @@ info:
|
|||
cve-id: CVE-2021-45046
|
||||
cwe-id: CWE-502
|
||||
metadata:
|
||||
max-request: 1
|
||||
confidence: tenative
|
||||
tags: cve,cve2021,rce,oast,log4j,injection,dast
|
||||
|
||||
|
@ -59,4 +60,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
|
||||
# digest: 4a0a00473045022036888452035d1bfa69cbc32805393a712fdcd5595224466cc327e681ba5ef5770221008096d4d19c6975ad5bd44b06d4bc1cdfd0746570cb65c17c50cf4eb2e8a7b10d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502200467421a3a87f908e224035a2fdc0fb73bd7d08eecf66f046a0d240588621b35022100b03c60899e681e43c7b4a94df8b13f392e82abc07c9dfc12f41ba3028d9b3038:922c64590222798bb761d5b6d8e72950
|
|
@ -6,19 +6,20 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default.
|
||||
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
|
||||
reference:
|
||||
- https://lists.apache.org/thread/n2bd4vdsgkqh2tm14l1wyc3jyol7s1om
|
||||
- http://www.openwall.com/lists/oss-security/2022/10/13/4
|
||||
- http://www.openwall.com/lists/oss-security/2022/10/18/1
|
||||
- https://securitylab.github.com/advisories/GHSL-2022-018_Apache_Commons_Text/
|
||||
- https://github.com/silentsignal/burp-text4shell
|
||||
remediation: Upgrade to Apache Commons Text component between 1.5.0 to 1.10.0.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-42889
|
||||
cwe-id: CWE-94
|
||||
metadata:
|
||||
max-request: 1
|
||||
confidence: tenative
|
||||
tags: cve,cve2022,rce,oast,text4shell,dast
|
||||
|
||||
|
@ -65,4 +66,4 @@ http:
|
|||
group: 1
|
||||
regex:
|
||||
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${hostName} in output
|
||||
# digest: 4a0a00473045022100adec8de25b518a2bc2dec461a62f19c384ddac2951bd98b9ec21df05061c84d9022013f544b276c203c4846921eddf8c0be1a997fd68f5d3c8b8ff71f02873788aed:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100e9bdde7ed78042f12c288dcd94dfa4c5ffbf89b2a02783733b4b129e589296aa02202d2ddef37d3aadf3ca90725eb0718fd6115f2528a2517b612e9f1c1c5598ee89:922c64590222798bb761d5b6d8e72950
|
|
@ -5,11 +5,13 @@ info:
|
|||
author: pdteam,geeknik
|
||||
severity: high
|
||||
description: |
|
||||
Potential blind OS command injection vulnerabilities, where the application constructs OS commands using unsanitized user input.
|
||||
Successful exploitation could lead to arbitrary command execution on the system.
|
||||
Potential blind OS command injection vulnerabilities, where the application constructs OS commands using unsanitized user input.
|
||||
Successful exploitation could lead to arbitrary command execution on the system.
|
||||
reference:
|
||||
- https://portswigger.net/research/hunting-asynchronous-vulnerabilities
|
||||
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Command%20Injection/README.md
|
||||
metadata:
|
||||
max-request: 4
|
||||
tags: cmdi,oast,dast,blind,polyglot
|
||||
|
||||
variables:
|
||||
|
@ -45,4 +47,4 @@ http:
|
|||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
||||
# digest: 490a00463044022058dacdd25a0687edf873bcfed32eb383e77deb0e9ea9673e111501121429df2702202005d54354bf6a06cd873145dea3139f0b094a3baad9e7313fd9d65ef7b31876:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100dae6b9cabb8758e509dbba100f4df5f2372bdcad798fb059c701f05913f90ef202202f043730c663c513439af2ea02f13a86704c53b728b584e3ffaf148070eb9d40:922c64590222798bb761d5b6d8e72950
|
|
@ -5,10 +5,12 @@ info:
|
|||
author: pdteam
|
||||
severity: high
|
||||
description: |
|
||||
Ruby's Kernel#open and URI.open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open(“| ls”)). So, it may lead to Remote Code Execution by using variable input to the argument of Kernel#open and URI.open.
|
||||
Ruby's Kernel#open and URI.open enables not only file access but also process invocation by prefixing a pipe symbol (e.g., open(“| ls”)). So, it may lead to Remote Code Execution by using variable input to the argument of Kernel#open and URI.open.
|
||||
reference:
|
||||
- https://bishopfox.com/blog/ruby-vulnerabilities-exploits
|
||||
- https://codeql.github.com/codeql-query-help/ruby/rb-kernel-open/
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: cmdi,oast,dast,blind,ruby,rce
|
||||
|
||||
variables:
|
||||
|
@ -35,4 +37,4 @@ http:
|
|||
part: interactsh_protocol
|
||||
words:
|
||||
- "dns"
|
||||
# digest: 490a0046304402206aa8aaaae832c775eb192a6fa98138271fa21bc2ac34b3881f0e06d24fb48f78022040513ba5b73cbfb5fe42c3a312ae9d8e76fb0d6f942ad7bcfe8dfff4f173d00c:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220424a72be2b73d7cb1af746905a58c5e09a4f4a4a4b1426742a5cf4f958f0ba6a02200a7a101e4035dee4feaadf003a37eb1e4d8f3ecca542337e5dc9767075863334:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
reference:
|
||||
- https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
|
||||
- https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: reflected,dast,cookie,injection
|
||||
|
||||
variables:
|
||||
|
@ -33,4 +35,4 @@ http:
|
|||
part: header
|
||||
regex:
|
||||
- '(?m)(?i)(^set-cookie.*cookie_injection.*)'
|
||||
# digest: 4a0a00473045022100af6e35a8b4c4d4533e339e81393faed157da2e68144557ca3fe73fb16178919c022073127c1b729ab0c8c273cbc022b2aca2b7a91a6c4c314633a20059e6b10e22ed:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450221008e8261dd2cb7d91b396e9113182736c74c9d2bf320de2e64cb7f21012c6a8eff022014e9227dd17849eac076639e72ffe2e84da4bb5b4b01cffb95771968b4f0ad21:922c64590222798bb761d5b6d8e72950
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: CRLF Injection
|
||||
author: pdteam
|
||||
severity: low
|
||||
metadata:
|
||||
max-request: 41
|
||||
tags: crlf,dast
|
||||
|
||||
http:
|
||||
|
@ -68,4 +70,4 @@ http:
|
|||
part: header
|
||||
regex:
|
||||
- '(?m)^(?:Set-Cookie\s*?:(?:\s*?|.*?;\s*?))(crlfinjection=crlfinjection)(?:\s*?)(?:$|;)'
|
||||
# digest: 4b0a00483046022100cb88bef820fa9247bc7ddc126d8bb67c4d2371c0b4a33f64b4caa5360007f1750221009ea9e7de7dc5fe7e75cf9d215a9c2d9e3323f2caa40b7c4b39cf214f661cce48:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022000c5e1faa6655bbb3adcbba890473900bb1a7ea522bbee7684da04fcd58ad613022100c3dffcd18d8133aebdad962d7013490ca3e90c50a0cfdf684c5ac54ab0ad2e34:922c64590222798bb761d5b6d8e72950
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: unknown
|
||||
reference:
|
||||
- https://owasp.org/www-community/attacks/Unicode_Encoding
|
||||
metadata:
|
||||
max-request: 25
|
||||
tags: dast,pathtraversal,lfi
|
||||
|
||||
variables:
|
||||
|
@ -117,4 +119,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- '(<system.webServer[\s\S]+<\/system.webServer>)'
|
||||
# digest: 4b0a004830460221008cfcfdf2c3bffd887bfe964b433efe76af72df0f94ecea20ec1917cd00641c0f022100874e6ff747dbd4fa96124d034a126534558b56a7c317b32525e3d08199409065:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402204f25e304b713186e620bc4448b9277a9874b77763bbf31e8b099b97bbcab85c702207be12ef346bdc11f03b226da7811a9f0fccbf6dc7e818020cdd707dade3c7508:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
reference:
|
||||
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/Intruder/directory_traversal.txt
|
||||
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/File%20Inclusion
|
||||
metadata:
|
||||
max-request: 46
|
||||
tags: lfi,dast,linux
|
||||
|
||||
http:
|
||||
|
@ -77,4 +79,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- 'root:.*:0:0:'
|
||||
# digest: 4b0a00483046022100a1e70a22bc4f17a046a9b366a9015608da82f88439ab75d052b64088a7009da8022100e29c115d86b47951f1da2fb56d7953ec1e59e93d86b70d24d34ad8c14ad3064d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502206c53383c7a148e9311173ee5bb2bf1177386db240eff9b2f6d8256e88cbf5f1a022100ddb39020f7957af58c62c6ec59c7094277c8193e4ab089cd4cce994da4d140d8:922c64590222798bb761d5b6d8e72950
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Local File Inclusion - Windows
|
||||
author: pussycat0x
|
||||
severity: high
|
||||
metadata:
|
||||
max-request: 39
|
||||
tags: lfi,windows,dast
|
||||
|
||||
http:
|
||||
|
@ -70,4 +72,4 @@ http:
|
|||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
# digest: 490a00463044022061480301387935155bae9c0e84b58e21d4d9f1051b2e5fd9954c1397fdd9b67202204b03f96125fa3991ac2a30b43dac7a140a9ec509131b4203cd15efe2179f3b4a:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100a6f8ee294173fc629f71ec9dfe9c61ad2fbec55dce015a895d126264c15db4f902204dd04d624e3dd7f4bc7cec991d5d87df7c33db24bf681c23b6f18564abfbf644:922c64590222798bb761d5b6d8e72950
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Open Redirect Detection
|
||||
author: princechaddha,AmirHossein Raeisi
|
||||
severity: medium
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: redirect,dast
|
||||
|
||||
http:
|
||||
|
@ -179,4 +181,4 @@ http:
|
|||
- 301
|
||||
- 302
|
||||
- 307
|
||||
# digest: 4b0a00483046022100e9bf67056b260dc2bc0f200f2d1853287f4f9b916a9a10f53fc7e643868df3200221008daacf7355ba1c40d34b672e78c096110e60601fdd1afa5932cd69b109c27d18:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a004630440220798dab0882b46e287f296c1f1ba1f9b47422c2b080486183184727f3de119087022044b26046d5aba5529bb7583ccebd65748198fff98a625c16b07432abf5a4fe8c:922c64590222798bb761d5b6d8e72950
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
reference:
|
||||
- https://www.invicti.com/learn/remote-file-inclusion-rfi/
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: rfi,dast,oast
|
||||
|
||||
http:
|
||||
|
@ -30,4 +32,4 @@ http:
|
|||
part: body # Confirms the PHP was executed
|
||||
words:
|
||||
- "NessusCodeExecTest"
|
||||
# digest: 490a0046304402201f706bb5944d3a4a5ee6f4a6920de5a04d097d9a8abaa3a4b3fc992dc96b97c6022059107f23f16f0e83e38f27702bf6184e2a17c11940d204a50a060879c932a76e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022029d2873c4bd52bc2237f5807f6053de597738e331d83ff8661e78b54b9f8eabc02200aef90a617b1a1997f782d347cdea43e3cba3e453b60aa77148a0632bade8d7c:922c64590222798bb761d5b6d8e72950
|
|
@ -8,6 +8,8 @@ info:
|
|||
Direct SQL Command Injection is a technique where an attacker creates or alters existing SQL commands to expose hidden data,
|
||||
or to override valuable ones, or even to execute dangerous system level commands on the database host.
|
||||
This is accomplished by the application taking user input and combining it with static parameters to build an SQL query .
|
||||
metadata:
|
||||
max-request: 3
|
||||
tags: sqli,error,dast
|
||||
|
||||
http:
|
||||
|
@ -491,4 +493,4 @@ http:
|
|||
- "SQ200: No table "
|
||||
- "Virtuoso S0002 Error"
|
||||
- "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]"
|
||||
# digest: 4a0a00473045022100991ee3aa73500a4773ffbc23f50ab000999d53da3f5ab8723a4abc146eba69ee02207ef58106e21c140b29dfabac8270bbe11bd86b7b14f51b785f437e20d1f124de:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100def6b6c4c85fe7786b61273d67b03bdcee001f0c68a862eaefdb3b9683291467022016d745831a21fa1c90b37bd0b0557828da77cf36662ddec1898ee436d5990a38:922c64590222798bb761d5b6d8e72950
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Blind SSRF OAST Detection
|
||||
author: pdteam
|
||||
severity: medium
|
||||
metadata:
|
||||
max-request: 3
|
||||
tags: ssrf,dast,oast
|
||||
|
||||
http:
|
||||
|
@ -39,4 +41,4 @@ http:
|
|||
part: interactsh_protocol # Confirms the HTTP Interaction
|
||||
words:
|
||||
- "http"
|
||||
# digest: 4a0a004730450221008e67c53d4368607db787a520c50ce1ae8c742483ea80c0e7d34ab8ef529d2c9902205c049079f166eae9a8e5c5c99b72a048bebaa05de3eb3828adb9d81fab3543aa:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a00463044022043639a2b3d837698f0ad1d5c78b81a92dc67cfe8ea18afeb57f006cf44e2803902204a61e6eeb0c529913899c9f8aae306dbddcac78f5f41837679b8ba15ada3b5db:922c64590222798bb761d5b6d8e72950
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: high
|
||||
reference:
|
||||
- https://github.com/bugcrowd/HUNT/blob/master/ZAP/scripts/passive/SSRF.py
|
||||
metadata:
|
||||
max-request: 12
|
||||
tags: ssrf,dast
|
||||
|
||||
http:
|
||||
|
@ -126,4 +128,4 @@ http:
|
|||
part: body
|
||||
regex:
|
||||
- 'id[\s\S]+interfaces\/'
|
||||
# digest: 4a0a00473045022100f1036d0d83d2d319f244f143873a16f2ae222e1f0d7dfa3a12604bc50547945c022014f428e033f9ac02ba873325301b910fde7ae7fac3613ab0388ea5d9a14e5f56:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100df5e466f9b2de4655561801dacd8444d412cca9556662839a5955b6c360fe47e022070272a7069a37a5df17d1177769fa87a3c21dcf8b8898e2b36652602d64adc9c:922c64590222798bb761d5b6d8e72950
|
|
@ -7,6 +7,8 @@ info:
|
|||
reference:
|
||||
- https://github.com/zaproxy/zap-extensions/blob/2d9898900abe85a47b9fe0ceb85ec39070816b98/addOns/ascanrulesAlpha/src/main/java/org/zaproxy/zap/extension/ascanrulesAlpha/SstiScanRule.java
|
||||
- https://github.com/DiogoMRSilva/websitesVulnerableToSSTI#list-of-seversneeds-update
|
||||
metadata:
|
||||
max-request: 14
|
||||
tags: ssti,dast
|
||||
|
||||
variables:
|
||||
|
@ -50,4 +52,4 @@ http:
|
|||
part: body
|
||||
words:
|
||||
- "{{result}}"
|
||||
# digest: 4a0a00473045022060b24ab805932a9aae5635d76725d92d78d3366f76b103480386f7db2231b750022100cf4e3feff8153a59a9b668bbe6c989c4940074ec6857c5f4f4f920660719143d:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a00473045022100d708d1c94470ed6b8905dc03b2e87fd5408f31412d9cb8e002a271e13eae29ed02204c3c34ba3a148255d64a9513e36fe35a57032a0c9c5ede1d1c4d14d7813cc6c4:922c64590222798bb761d5b6d8e72950
|
|
@ -4,6 +4,8 @@ info:
|
|||
name: Reflected Cross-Site Scripting
|
||||
author: pdteam,0xKayala
|
||||
severity: medium
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: xss,rxss,dast
|
||||
|
||||
variables:
|
||||
|
@ -47,5 +49,4 @@ http:
|
|||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- "text/html"
|
||||
# digest: 4a0a0047304502205a9aa38841e7308e5d1bf21526d6ae14c3ea4b5b00def0f0f0b95501c0df237d022100ca9a3145f00b6278b60ccc0cb44b525a7bfcf2f86ead8664c33c0ce345a623ea:922c64590222798bb761d5b6d8e72950
|
||||
- "text/html"
|
|
@ -6,6 +6,8 @@ info:
|
|||
severity: medium
|
||||
reference:
|
||||
- https://github.com/andresriancho/w3af/blob/master/w3af/plugins/audit/xxe.py
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: dast,xxe
|
||||
|
||||
variables:
|
||||
|
@ -49,4 +51,4 @@ http:
|
|||
part: body
|
||||
words:
|
||||
- 'for 16-bit app support'
|
||||
# digest: 490a00463044022057ed734a899a6e84282567122e7cbd55d596db47869a9f1079fdda8222765cdd02206129d4a12c906388ae43c37e4048a1913371fc637748eaaefc1356dbae82d139:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 490a0046304402200765457e7ce86f2875c9b0446d1e4d4a3f035e95c8cb70d2c685bed047e1883c022000fb0dbfce1acce174129de4808904972d457aae4cc27dd68672d8e5a14d49b1:922c64590222798bb761d5b6d8e72950
|
|
@ -1,15 +1,16 @@
|
|||
id: bimi-record-detect
|
||||
|
||||
info:
|
||||
name: BIMI Record - Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A BIMI record was detected
|
||||
reference:
|
||||
- https://postmarkapp.com/blog/what-the-heck-is-bimi
|
||||
tags: dns,bimi
|
||||
|
||||
info:
|
||||
name: BIMI Record - Detection
|
||||
author: rxerium
|
||||
severity: info
|
||||
description: |
|
||||
A BIMI record was detected
|
||||
reference:
|
||||
- https://postmarkapp.com/blog/what-the-heck-is-bimi
|
||||
metadata:
|
||||
max-request: 1
|
||||
tags: dns,bimi
|
||||
dns:
|
||||
- name: "{{FQDN}}"
|
||||
type: TXT
|
||||
|
@ -22,4 +23,4 @@ dns:
|
|||
- type: regex
|
||||
regex:
|
||||
- "v=BIMI1(.+)"
|
||||
# digest: 4a0a004730450221008445fc238e87f9342ce983f65c136755a858f4b59106a74fe0a685b7cbc0d9d20220723212d91ee35908c09375b9eef99966b5c4e47ca3d5dab26b2013f76ff5891e:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220605ed411689a170cf998da54d5e46492d87ddd699d4e863af5c74ab042d84f26022100d1dcec6514e480b66731a11ee26545bc301c8a6aa7c25d90e0ffce2da14dae54:922c64590222798bb761d5b6d8e72950
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: Sy3Omda,geeknik,forgedhallpass,ayadi
|
||||
severity: unknown
|
||||
description: Check for multiple keys/tokens/passwords hidden inside of files.
|
||||
tags: exposure,token,file,disclosure
|
||||
tags: exposure,token,file,disclosure,keys
|
||||
# Extract secrets regex like api keys, password, token, etc ... for different services.
|
||||
# Always validate the leaked key/tokens/passwords to make sure it's valid, a token/keys without any impact is not an valid issue.
|
||||
# Severity is not fixed in this case, it varies from none to critical depending upon impact of disclosed key/tokes.
|
||||
|
@ -3465,4 +3465,4 @@ file:
|
|||
- "(?i)(([a-z0-9]+)[-|_])?(key|password|passwd|pass|pwd|private|credential|auth|cred|creds|secret|access|token)([-|_][a-z]+)?(\\s)*(:|=)+"
|
||||
|
||||
# Enhanced by md on 2023/05/04
|
||||
# digest: 4a0a00473045022100b72b69d337c25863bb7f860b4a6811ae2eefe0dd86e750fec9e74e84acbe9f61022035683b418d60d3eadb52eafc6261e03e9eb0e08e2c6f0f3d51bf38f43da64e66:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a004730450220045ec05e89307c40d97b871dedb06fc2e6c29e7f9472652f27a3af78cbb47c6a0221008aa1c6521a840b9f7dbf8e4c0f83863894011561e0d3d244858683684293f221:922c64590222798bb761d5b6d8e72950
|
|
@ -27,7 +27,10 @@ info:
|
|||
max-request: 1
|
||||
vendor: smartbear
|
||||
product: swagger_ui
|
||||
shodan-query: http.component:"Swagger"
|
||||
shodan-query:
|
||||
- http.component:"Swagger"
|
||||
- http.component:"swagger"
|
||||
- http.favicon.hash:"-1180440057"
|
||||
fofa-query: icon_hash="-1180440057"
|
||||
tags: headless,cve,cve2018,swagger,xss,smartbear
|
||||
headless:
|
||||
|
@ -70,4 +73,4 @@ headless:
|
|||
words:
|
||||
- "swagger"
|
||||
case-insensitive: true
|
||||
# digest: 4b0a004830460221008c5bb8afdc142dbf782c9bb579a7ed08079c67387a1285aaa34a20bd5f67a8e9022100905594915fd641bd07174ef818dd215bc18bc32845731f1aeb85ca745c8612e2:922c64590222798bb761d5b6d8e72950
|
||||
# digest: 4a0a0047304502206b620185825b2c7dd85b7d2fb9e5863acfd2c2b606b86934fc08cbc8fc997be3022100d10e8cd09cbe237f829b10d1e0a5226cf9e34a7a2c007f3e53029cae7f920b52:922c64590222798bb761d5b6d8e72950
|
|
@ -0,0 +1,222 @@
|
|||
id: webpack-sourcemap
|
||||
|
||||
info:
|
||||
name: Webpack Sourcemap
|
||||
author: lucky0x0d,PulseSecurity.co.nz
|
||||
severity: low
|
||||
description: |
|
||||
Detects if Webpack source maps are exposed.
|
||||
impact: |
|
||||
Exposure of source maps can leak sensitive information about the application's source code and potentially aid attackers in identifying vulnerabilities.
|
||||
remediation: |
|
||||
Ensure that Webpack source maps are not exposed to the public by configuring the server to restrict access to them.
|
||||
reference:
|
||||
- https://pulsesecurity.co.nz/articles/javascript-from-sourcemaps
|
||||
- https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/05-Review_Web_Page_Content_for_Information_Leakage
|
||||
metadata:
|
||||
max-request: 9
|
||||
tags: javascript,webpack,sourcemaps,headless
|
||||
headless:
|
||||
- steps:
|
||||
- args:
|
||||
url: "{{BaseURL}}"
|
||||
action: navigate
|
||||
|
||||
- action: sleep
|
||||
args:
|
||||
duration: 10
|
||||
|
||||
- action: script
|
||||
name: extract
|
||||
args:
|
||||
code: |
|
||||
() => {
|
||||
AAA = [];
|
||||
window.performance.getEntriesByType("resource").forEach((element) => { if (element.initiatorType === 'script' || element.initiatorType === 'fetch'|| element.initiatorType === 'xmlhttprequest') {AAA.push(element.name)}});
|
||||
BBB = [...new Set(Array.from(document.querySelectorAll('script')).map(i => i.src))]
|
||||
CCC = [...new Set(Array.from(document.querySelectorAll('link[as=script]')).map(i => i.href))]
|
||||
return [...new Set([...AAA, ...BBB, ...CCC])];
|
||||
}
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: allscripts
|
||||
internal: true
|
||||
part: extract
|
||||
regex:
|
||||
- (?i)http(.[~a-zA-Z0-9.\/\-_:]+)
|
||||
flow: |
|
||||
headless();
|
||||
http("check_base_srcmap_inline");
|
||||
for (let scripturi of iterate(template["allscripts"])) {
|
||||
set ("scripturi", scripturi);
|
||||
http("check_for_srcmap_header");
|
||||
http("check_for_srcmap_inline");
|
||||
http("check_for_srcmap_url");
|
||||
for (let mapuri of iterate(template["allmaps"])) {
|
||||
set ("mapuri", mapuri);
|
||||
http("fetch_absolute_srcmap");
|
||||
http("fetch_relative_srcmap");
|
||||
http("fetch_root_relative_srcmap");
|
||||
http("fetch_noscheme_srcmaps");
|
||||
};
|
||||
set ("allmaps", null);
|
||||
};
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
id: check_base_srcmap_inline
|
||||
disable-cookie: true
|
||||
redirects: true
|
||||
path:
|
||||
- '{{BaseURL}}'
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
name: Inline_SourceMap
|
||||
regex:
|
||||
- '(?i)sourceMappingURL=.*eyJ2ZXJzaW9uIjo'
|
||||
|
||||
- type: regex
|
||||
name: SourceMapConsumer_Present
|
||||
regex:
|
||||
- '(?i)SourceMapConsumer'
|
||||
|
||||
- method: GET
|
||||
id: check_for_srcmap_url
|
||||
disable-cookie: true
|
||||
redirects: true
|
||||
path:
|
||||
- '{{scripturi}}'
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: allmaps
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- (?i)\/\/#\ssourceMappingURL=(.[~a-zA-Z0-9.\/\-_:]+)
|
||||
|
||||
- method: GET
|
||||
id: check_for_srcmap_inline
|
||||
disable-cookie: true
|
||||
redirects: true
|
||||
path:
|
||||
- '{{scripturi}}'
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
name: Inline_SourceMap
|
||||
regex:
|
||||
- '(?i)sourceMappingURL=.*eyJ2ZXJzaW9uIjo'
|
||||
|
||||
- type: regex
|
||||
name: SourceMapConsumer_Present
|
||||
regex:
|
||||
- '(?i)SourceMapConsumer'
|
||||
|
||||
- method: GET
|
||||
id: check_for_srcmap_header
|
||||
disable-cookie: true
|
||||
redirects: true
|
||||
path:
|
||||
- '{{scripturi}}'
|
||||
|
||||
matchers:
|
||||
- type: dsl
|
||||
name: Source_Map_Header
|
||||
dsl:
|
||||
- "regex('(?i)SourceMap', header)"
|
||||
- "status_code != 301 && status_code != 302"
|
||||
condition: and
|
||||
|
||||
extractors:
|
||||
- type: kval
|
||||
kval:
|
||||
- X_SourceMap
|
||||
- SourceMap
|
||||
|
||||
- method: GET
|
||||
id: fetch_absolute_srcmap
|
||||
disable-cookie: true
|
||||
redirects: true
|
||||
path:
|
||||
- '{{mapuri}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
condition: and
|
||||
part: body
|
||||
words:
|
||||
- '"version":'
|
||||
- '"mappings":'
|
||||
- '"sources":'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- method: GET
|
||||
id: fetch_relative_srcmap
|
||||
disable-cookie: true
|
||||
redirects: true
|
||||
path:
|
||||
- '{{replace_regex(scripturi,"([^/]+$)","")}}{{replace_regex(mapuri,"(^\/+)","")}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
condition: and
|
||||
part: body
|
||||
words:
|
||||
- '"version":'
|
||||
- '"mappings":'
|
||||
- '"sources":'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- method: GET
|
||||
id: fetch_root_relative_srcmap
|
||||
disable-cookie: true
|
||||
redirects: true
|
||||
path:
|
||||
- '{{replace_regex(scripturi,replace_regex(scripturi,"http.+//[^/]+",""),"")}}{{mapuri}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
condition: and
|
||||
part: body
|
||||
words:
|
||||
- '"version":'
|
||||
- '"mappings":'
|
||||
- '"sources":'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
- method: GET
|
||||
id: fetch_noscheme_srcmaps
|
||||
disable-cookie: true
|
||||
redirects: true
|
||||
path:
|
||||
- '{{Scheme}}{{mapuri}}'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
condition: and
|
||||
part: body
|
||||
words:
|
||||
- '"version":'
|
||||
- '"mappings":'
|
||||
- '"sources":'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# digest: 4a0a004730450220010b004e9a80e7bcef4de9826e973992a8ea72217ce2d6813700f1aceded13db0221008b37c8a048d1a96621dae497d9241f2ee0b8920f952cfa6d9f92a69715504fff:922c64590222798bb761d5b6d8e72950
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue