Fixed yaml linting errors

cves/2012/CVE-2012-1835.yaml

@@ -11,11 +11,11 @@ info:
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
-#     - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
-#     - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
-#     - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
-#     - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
+      - "{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E"
+    # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget-form.php?title[id]=%22%3E%3Cscript%3Ealert%28123%29;%3C/script%3E'
+    # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?args[before_widget]=%3Cscript%3Ealert%28123%29;%3C/script%3E'
+    # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&before_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
+    # - '{{BaseURL}}/wp-content/plugins/all-in-one-event-calendar/app/view/agenda-widget.php?title=1&after_title=%3Cscript%3Ealert%28123%29;%3C/script%3E'
 
     matchers-condition: and
     matchers:

cves/2018/CVE-2018-10818.yaml

@@ -4,7 +4,7 @@ info:
   name: LG NAS Devices - Remote Code Execution (Unauthenticated)
   author: gy741
   severity: critical
-  description: The vulnerability (CVE-2018-10818) is a pre-auth remote command injection vulnerability found in the majority of LG NAS devices. You cannot simply log in with any random username and password. However, there lies a command injection vulnerability in the “password” parameter.
+  description: The vulnerability (CVE-2018-10818) is a pre-auth remote command injection vulnerability found in the majority of LG NAS devices. You cannot simply log in with any random username and password. However, there lies a command injection vulnerability in the "password" parameter.
   reference: |
     - https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/
     - https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247

cves/2018/CVE-2018-10822.yaml

@@ -4,7 +4,7 @@ info:
   name: D-Link Routers - Directory Traversal
   author: daffainfo
   severity: high
-  description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after “GET /uir” in an HTTP request.
+  description: Directory traversal vulnerability in the web interface on D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /.. or // after "GET /uir" in an HTTP request.
   reference: |
     - https://www.exploit-db.com/exploits/45678
     - https://nvd.nist.gov/vuln/detail/CVE-2018-10822

cves/2019/CVE-2019-12616.yaml

@@ -6,10 +6,10 @@ info:
   description: A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim.
   severity: medium
   tags: cve,cve2019,phpmyadmin,csrf
-  reference: |
-        - https://www.phpmyadmin.net/security/PMASA-2019-4/
-        - https://www.exploit-db.com/exploits/46982
-        - https://nvd.nist.gov/vuln/detail/CVE-2019-12616
+  reference:
+    - https://www.phpmyadmin.net/security/PMASA-2019-4/
+    - https://www.exploit-db.com/exploits/46982
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-12616
 
 requests:
   - method: GET
@@ -18,7 +18,6 @@ requests:
 
     matchers-condition: and
     matchers:
-
       - type: word
         words:
           - "phpmyadmin.net"
@@ -32,4 +31,4 @@ requests:
       - type: status
         status:
           - 200
-          - 401 #password protected
+          - 401 # password protected

cves/2019/CVE-2019-9618.yaml

@@ -8,6 +8,8 @@ info:
   reference: |
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9618
     - https://seclists.org/fulldisclosure/2019/Mar/26
+    - https://www.exploit-db.com/exploits/46537
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-9618
   tags: cve,cve2019,wordpress,wp-plugin,lfi
 
 requests:
@@ -17,7 +19,6 @@ requests:
 
     matchers-condition: and
     matchers:
-
       - type: regex
         regex:
           - "root:.*:0:0"

cves/2020/CVE-2020-7209.yaml

@@ -11,12 +11,11 @@ info:
     http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html
     https://github.com/HewlettPackard/LinuxKI/releases/tag/v6.0-2
 
-  # This template exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution.
-  # The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.
-
-  # https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78
-  # vendor: https://www.hpe.com/us/en/home.html
-  # software: https://github.com/HewlettPackard/LinuxKI
+    # This template exploits a vulnerability in LinuxKI Toolset <= 6.01 which allows remote code execution.
+    # The kivis.php pid parameter received from the user is sent to the shell_exec function, resulting in security vulnerability.
+    # https://github.com/HewlettPackard/LinuxKI/commit/10bef483d92a85a13a59ca65a288818e92f80d78
+    # vendor: https://www.hpe.com/us/en/home.html
+    # software: https://github.com/HewlettPackard/LinuxKI
 
 requests:
   - method: GET

cves/2020/CVE-2020-8813.yaml

@@ -4,7 +4,7 @@ info:
   name: Cacti v1.2.8 - Unauthenticated Remote Code Execution
   author: gy741
   severity: critical
-  description: This vulnerability could be exploited without authentication if Cacti is enabling “Guest Realtime Graphs” privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability
+  description: This vulnerability could be exploited without authentication if Cacti is enabling "Guest Realtime Graphs" privilege, So in this case no need for the authentication part and you can just use the following code to exploit the vulnerability
   reference: |
     - https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/
   tags: cve,cve2020,cacti,rce,oob

cves/2020/CVE-2020-9496.yaml

@@ -10,13 +10,12 @@ info:
     - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
     - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
 
-
-  # This template detects a Java deserialization vulnerability in Apache
-  # OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for
-  # versions prior to 17.12.04.
-  # --
-  # References:
-  # - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz
+    # This template detects a Java deserialization vulnerability in Apache
+    # OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for
+    # versions prior to 17.12.04.
+    # --
+    # References:
+    # - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz
 
 requests:
   - raw:

misconfiguration/java-melody-exposed.yaml

@@ -4,7 +4,7 @@ info:
   name: JavaMelody Monitoring Exposed
   author: dhiyaneshDK,thomas_from_offensity
   severity: medium
-  description: JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to “View http sessions”. This can be used by an attacker to steal a user’s session.
+  description: JavaMelody is a tool used to monitor Java or Java EE applications in QA and production environments. JavaMelody was detected on this web application. One option in the dashboard is to "View http sessions". This can be used by an attacker to steal a user’s session.
   reference: |
     - https://www.acunetix.com/vulnerabilities/web/javamelody-publicly-accessible/
     - https://github.com/javamelody/javamelody/wiki/UserGuide#16-security

vulnerabilities/other/mcafee-epo-rce.yaml

@@ -8,7 +8,7 @@ info:
     A ZipSlip vulnerability in McAfee ePolicy Orchestrator (ePO)
     is a type of Path Traversal occurring when archives are unpacked
     if the names of the packed files are not properly sanitized.
-    An attacker can create archives with files containing “../” in their names,
+    An attacker can create archives with files containing "../" in their names,
     making it possible to upload arbitrary files
     to arbitrary directories or overwrite existing ones during archive extraction.
 

vulnerabilities/other/netgear-router-auth-bypass.yaml

@@ -4,7 +4,7 @@ info:
   name: Netgear DGN2200v1 Router Authentication Bypass
   author: gy741
   severity: high
-  description: NETGEAR decided to use to check if a page has “.jpg”, “.gif” or “ess_” substrings, trying to match the entire URL. We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like “?.gif”).
+  description: NETGEAR decided to use to check if a page has ".jpg", ".gif" or "ess_" substrings, trying to match the entire URL. We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like "?.gif").
   reference: |
     - https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
     - https://kb.netgear.com/000062646/Security-Advisory-for-Multiple-HTTPd-Authentication-Vulnerabilities-on-DGN2200v1