daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

TemplateMan Update [Mon Mar 4 08:20:22 UTC 2024] 🤖

patch-1
GitHub Action 2024-03-04 08:20:22 +00:00
parent a72c5ac5e7
commit c7b50b2af4
104 changed files with 296 additions and 234 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
code/cves/2019/CVE-2019-14287.yaml
View File

@ -9,11 +9,22 @@ info:
reference:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
- https://www.exploit-db.com/exploits/47502
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
- http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
cve-id: CVE-2019-14287
cwe-id: CWE-755
epss-score: 0.34299
epss-percentile: 0.96958
cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
vendor: canonical
product: ubuntu_linux
vendor: sudo_project
product: sudo
tags: cve,cve2019,sudo,code,linux,privesc,local,canonical
self-contained: true

12
code/cves/2021/CVE-2021-3156.yaml
View File

@ -10,8 +10,20 @@ info:
- https://medium.com/mii-cybersec/privilege-escalation-cve-2021-3156-new-sudo-vulnerability-4f9e84a9f435
- https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
- https://infosecwriteups.com/baron-samedit-cve-2021-3156-tryhackme-76d7dedc3cff
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.8
cve-id: CVE-2021-3156
cwe-id: CWE-193
epss-score: 0.97085
epss-percentile: 0.99752
cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
metadata:
verified: true
vendor: sudo_project
product: sudo
tags: cve,cve2021,sudo,code,linux,privesc,local,kev
self-contained: true

4
code/cves/2023/CVE-2023-2640.yaml
View File

@ -21,8 +21,8 @@ info:
cvss-score: 7.8
cve-id: CVE-2023-2640
cwe-id: CWE-863
epss-score: 0.00047
epss-percentile: 0.14754
epss-score: 0.00174
epss-percentile: 0.53697
cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
metadata:
verified: true

13
code/cves/2023/CVE-2023-4911.yaml
View File

@ -10,16 +10,21 @@ info:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4911
- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
- https://www.youtube.com/watch?v=1iV-CD9Apn8
- http://www.openwall.com/lists/oss-security/2023/10/05/1
- http://www.openwall.com/lists/oss-security/2023/10/13/11
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.8
cve-id: CVE-2023-4911
cwe-id: CWE-787
cpe: cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
cwe-id: CWE-787,CWE-122
epss-score: 0.0171
epss-percentile: 0.87439
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: glibc
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local
vendor: gnu
product: glibc
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
self-contained: true
code:

10
code/cves/2023/CVE-2023-6246.yaml
View File

@ -9,15 +9,21 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-6246
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
- https://access.redhat.com/security/cve/CVE-2023-6246
- https://bugzilla.redhat.com/show_bug.cgi?id=2249053
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
classification:
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 7.8
cve-id: CVE-2023-6246
cwe-id: CWE-787
cwe-id: CWE-787,CWE-122
epss-score: 0.00383
epss-percentile: 0.72435
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: glibc
vendor: gnu
product: glibc
tags: cve,cve2023,code,glibc,linux,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-choom.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/choom/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,choom,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-find.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/find/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,find,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-lua.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/lua/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,lua,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-mysql.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/mysql/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,mysql,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-node.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/node/
metadata:
max-request: 4
verified: true
max-request: 4
tags: code,linux,node,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-rc.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/rc/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,rc,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-run-parts.yaml
View File

@ -8,8 +8,8 @@ info:
The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
reference: https://gtfobins.github.io/gtfobins/run-parts/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,run-parts,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-strace.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/strace/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,strace,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-torify.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/torify/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,torify,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-view.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/view/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,view,privesc,local
self-contained: true

2
code/privilege-escalation/linux/binary/privesc-xargs.yaml
View File

@ -9,8 +9,8 @@ info:
reference:
- https://gtfobins.github.io/gtfobins/xargs/
metadata:
max-request: 3
verified: true
max-request: 3
tags: code,linux,xargs,privesc,local
self-contained: true

2
code/privilege-escalation/linux/rw-shadow.yaml
View File

@ -7,8 +7,8 @@ info:
reference:
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow
metadata:
max-request: 2
verified: true
max-request: 2
tags: code,linux,privesc,local
self-contained: true

2
dns/dns-rebinding.yaml
View File

@ -10,6 +10,8 @@ info:
- https://capec.mitre.org/data/definitions/275.html
- https://payatu.com/blog/dns-rebinding/
- https://heimdalsecurity.com/blog/dns-rebinding/
metadata:
max-request: 2
tags: redirect,dns,network
dns:

3
headless/cves/2018/CVE-2018-25031.yaml
View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2018-25031
cwe-id: CWE-20
epss-score: 0.00265
epss-percentile: 0.64105
epss-percentile: 0.65414
cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
metadata:
verified: true
@ -30,7 +30,6 @@ info:
shodan-query: http.component:"Swagger"
fofa-query: icon_hash="-1180440057"
tags: headless,cve,cve2018,swagger,xss,smartbear
headless:
- steps:
- args:

4
http/cves/2014/CVE-2014-6271.yaml
View File

@ -20,8 +20,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2014-6271
cwe-id: CWE-78
epss-score: 0.97564
epss-percentile: 0.99999
epss-score: 0.97559
epss-percentile: 0.99997
cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
metadata:
max-request: 8

2
http/cves/2014/CVE-2014-8799.yaml
View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2014-8799
cwe-id: CWE-22
epss-score: 0.17844
epss-percentile: 0.95686
epss-percentile: 0.96002
cpe: cpe:2.3:a:dukapress:dukapress:*:*:*:*:*:wordpress:*:*
metadata:
max-request: 1

4
http/cves/2018/CVE-2018-17431.yaml
View File

@ -20,8 +20,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2018-17431
cwe-id: CWE-287
epss-score: 0.11315
epss-percentile: 0.94677
epss-score: 0.11416
epss-percentile: 0.95073
cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:*
metadata:
max-request: 2

3
http/cves/2018/CVE-2018-20463.yaml
View File

@ -15,13 +15,14 @@ info:
- https://wordpress.org/plugins/jsmol2wp/
- https://github.com/sullo/advisory-archives/blob/master/wordpress-jsmol2wp-CVE-2018-20463-CVE-2018-20462.txt
- https://nvd.nist.gov/vuln/detail/CVE-2018-20463
- https://github.com/ARPSyndicate/cvemon
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2018-20463
cwe-id: CWE-22
epss-score: 0.01939
epss-percentile: 0.87393
epss-percentile: 0.88289
cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:*
metadata:
verified: true

4
http/cves/2020/CVE-2020-24223.yaml
View File

@ -20,8 +20,8 @@ info:
cvss-score: 6.1
cve-id: CVE-2020-24223
cwe-id: CWE-79
epss-score: 0.00976
epss-percentile: 0.81758
epss-score: 0.0069
epss-percentile: 0.79602
cpe: cpe:2.3:a:mara_cms_project:mara_cms:7.5:*:*:*:*:*:*:*
metadata:
max-request: 1

4
http/cves/2021/CVE-2021-21805.yaml
View File

@ -14,13 +14,15 @@ info:
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1274
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21805
- https://nvd.nist.gov/vuln/detail/CVE-2021-21805
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-21805
cwe-id: CWE-78
epss-score: 0.97374
epss-percentile: 0.99892
epss-percentile: 0.99895
cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:*
metadata:
verified: true

2
http/cves/2021/CVE-2021-22873.yaml
View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2021-22873
cwe-id: CWE-601
epss-score: 0.00922
epss-percentile: 0.81209
epss-percentile: 0.82474
cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
metadata:
verified: true

12
http/cves/2021/CVE-2021-24849.yaml
View File

@ -6,26 +6,26 @@ info:
severity: critical
description: |
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections.
remediation: Fixed in 3.4.12
reference:
- https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e/
- https://nvd.nist.gov/vuln/detail/CVE-2021-24849
- https://wordpress.org/plugins/wc-multivendor-marketplace/
remediation: Fixed in 3.4.12
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2021-24849
cwe-id: CWE-89
cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
epss-score: 0.00199
epss-percentile: 0.56492
cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: wclovers
product: frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible
product: "frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible"
framework: wordpress
publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace"
verified: true
max-request: 3
vendor: wclovers
tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,wpscan,sqli
flow: http(1) && http(2)

4
http/cves/2021/CVE-2021-40651.yaml
View File

@ -18,8 +18,8 @@ info:
cwe-id: CWE-22
cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:*
metadata:
max-request: 1
shodan-query: title:"openSIS"
shodan-query: "title:\"openSIS\""
max-request: 2
tags: cve,cve2021,lfi,os4ed,opensis,authenticated
http:

2
http/cves/2022/CVE-2022-0776.yaml
View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2022-0776
cwe-id: CWE-79
epss-score: 0.001
epss-percentile: 0.40832
epss-percentile: 0.40075
cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
metadata:
vendor: revealjs

2
http/cves/2022/CVE-2022-26263.yaml
View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2022-26263
cwe-id: CWE-79
epss-score: 0.00147
epss-percentile: 0.50638
epss-percentile: 0.49633
cpe: cpe:2.3:a:yonyou:u8\+:13.0:*:*:*:*:*:*:*
metadata:
verified: true

2
http/cves/2022/CVE-2022-30776.yaml
View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2022-30776
cwe-id: CWE-79
epss-score: 0.00112
epss-percentile: 0.44504
epss-percentile: 0.43631
cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*
metadata:
verified: true

17
http/cves/2022/CVE-2022-38131.yaml
View File

@ -6,28 +6,29 @@ info:
severity: medium
description: |
RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.
impact: |
An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
remediation: |
This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
reference:
- https://tenable.com/security/research/tra-2022-30
- https://support.posit.co/hc/en-us/articles/10983374992023-CVE-2022-38131-configuration-issue-in-Posit-Connect
- https://github.com/JoshuaMart/JoshuaMart
impact: |
An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
remediation: |
This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2022-38131
cwe-id: CWE-601
cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
epss-score: 0.0006
epss-percentile: 0.23591
cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
metadata:
product: connect
shodan-query: "http.favicon.hash:217119619"
fofa-query: "app=\"RStudio-Connect\""
max-request: 1
verified: true
vendor: rstudio
product: connect
shodan-query: http.favicon.hash:217119619
fofa-query: app="RStudio-Connect"
tags: tenable,cve,cve2022,redirect,rstudio
http:

4
http/cves/2022/CVE-2022-4140.yaml
View File

@ -18,8 +18,8 @@ info:
cvss-score: 7.5
cve-id: CVE-2022-4140
cwe-id: CWE-552
epss-score: 0.01317
epss-percentile: 0.84504
epss-score: 0.00932
epss-percentile: 0.82572
cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*
metadata:
verified: true

2
http/cves/2023/CVE-2023-0552.yaml
View File

@ -17,7 +17,7 @@ info:
cve-id: CVE-2023-0552
cwe-id: CWE-601
epss-score: 0.00086
epss-percentile: 0.35637
epss-percentile: 0.34914
cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*
metadata:
verified: true

2
http/cves/2023/CVE-2023-26255.yaml
View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2023-26255
cwe-id: CWE-22
epss-score: 0.15138
epss-percentile: 0.95348
epss-percentile: 0.95663
cpe: cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:jira:*:*
metadata:
max-request: 1

15
http/cves/2023/CVE-2023-28662.yaml
View File

@ -6,28 +6,29 @@ info:
severity: critical
description: |
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
impact: |
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
remediation: |
Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
reference:
- https://www.tenable.com/security/research/tra-2023-2
- https://wordpress.org/plugins/gift-voucher/
- https://github.com/ARPSyndicate/cvemon
- https://github.com/JoshuaMart/JoshuaMart
impact: |
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
remediation: |
Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-28662
cwe-id: CWE-89
cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
epss-score: 0.00076
epss-percentile: 0.31593
cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
metadata:
vendor: codemenschen
product: gift_vouchers
product: "gift_vouchers"
framework: wordpress
fofa-query: body="/wp-content/plugins/gift-voucher/"
fofa-query: "body=\"/wp-content/plugins/gift-voucher/\""
max-request: 2
tags: cve,cve2023,wordpress,wp,wp-plugin,sqli,unauth,gift-voucher
flow: http(1) && http(2)

5
http/cves/2023/CVE-2023-32563.yaml
View File

@ -13,13 +13,14 @@ info:
- https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939
- https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
- https://nvd.nist.gov/vuln/detail/CVE-2023-32563
- https://github.com/mayur-esh/vuln-liners
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-32563
cwe-id: CWE-22
epss-score: 0.43261
epss-percentile: 0.97013
epss-score: 0.42647
epss-percentile: 0.97218
cpe: cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
metadata:
max-request: 2

6
http/cves/2023/CVE-2023-42344.yaml
View File

@ -6,14 +6,14 @@ info:
severity: high
description: |
users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
reference:
- https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
metadata:
verified: true
max-request: 1
max-request: 2
fofa-query: "OpenCms-9.5.3"
verified: true
tags: cve,cve2023,xxe,opencms
http:

5
http/cves/2023/CVE-2023-46805.yaml
View File

@ -16,8 +16,9 @@ info:
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
metadata:
vendor: ivanti
product: connect_secure
shodan-query: html:"welcome.cgi?p=logo"
product: "connect_secure"
shodan-query: "html:\"welcome.cgi?p=logo\""
max-request: 2
tags: cve,cve2023,kev,auth-bypass,ivanti
http:

7
http/cves/2023/CVE-2023-52085.yaml
View File

@ -14,14 +14,15 @@ info:
cvss-score: 5.4
cve-id: CVE-2023-52085
cwe-id: CWE-22
cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
epss-score: 0.00046
epss-percentile: 0.12483
cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
metadata:
vendor: wintercms
product: winter
shodan-query: title:"Winter CMS"
fofa-query: title="Winter CMS"
shodan-query: "title:\"Winter CMS\""
fofa-query: "title=\"Winter CMS\""
max-request: 4
tags: cve,cve2023,authenticated,lfi,wintercms
http:

13
http/cves/2023/CVE-2023-6831.yaml
View File

@ -6,25 +6,26 @@ info:
severity: high
description: |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
remediation: |
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-6831
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
- https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
remediation: |
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2023-6831
cwe-id: CWE-22
epss-score: 0.000460000
epss-percentile: 0.126930000
cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
epss-score: 0.00046
epss-percentile: 0.12693
metadata:
verified: true
vendor: lfprojects
product: mlflow
shodan-query: http.title:"mlflow"
shodan-query: "http.title:\"mlflow\""
max-request: 2
verified: true
tags: cve,cve2023,mlflow,pathtraversal,lfprojects
http:

11
http/cves/2023/CVE-2023-6909.yaml
View File

@ -6,24 +6,25 @@ info:
severity: critical
description: |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
impact: |
Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
remediation: |
To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
reference:
- https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850/
- https://nvd.nist.gov/vuln/detail/CVE-2023-6909
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
impact: |
Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
remediation: |
To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
cvss-score: 9.3
cve-id: CVE-2023-6909
cwe-id: CWE-29
metadata:
max-request: 5
verified: true
vendor: lfprojects
product: mlflow
shodan-query: http.title:"mlflow"
shodan-query: "http.title:\"mlflow\""
tags: cve,cve2023,mlflow,lfi
http:

5
http/cves/2024/CVE-2024-0713.yaml
View File

@ -15,14 +15,15 @@ info:
cvss-score: 8.8
cve-id: CVE-2024-0713
cwe-id: CWE-434
cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
epss-score: 0.00061
epss-percentile: 0.2356
cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
metadata:
vendor: monitorr
product: monitorr
verified: true
fofa-query: icon_hash="-211006074"
fofa-query: "icon_hash=\"-211006074\""
max-request: 2
tags: cve,cve2024,file-upload,intrusive,monitorr
variables:

10
http/cves/2024/CVE-2024-1021.yaml
View File

@ -6,17 +6,17 @@ info:
severity: medium
description: |
There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.
reference:
- https://github.com/getrebuild/rebuild
- https://nvd.nist.gov/vuln/detail/CVE-2024-1021
impact: |
Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources.
remediation: |
Apply the latest security patches or updates provided by Rebuild to fix this vulnerability.
reference:
- https://github.com/getrebuild/rebuild
- https://nvd.nist.gov/vuln/detail/CVE-2024-1021
metadata:
max-request: 1
max-request: 2
verified: true
fofa-query: icon_hash="871154672"
fofa-query: "icon_hash=\"871154672\""
tags: cve2024,cve,rebuild,ssrf
http:

11
http/cves/2024/CVE-2024-1061.yaml
View File

@ -6,14 +6,14 @@ info:
severity: high
description: |
WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.
impact: |
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
remediation: |
Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
reference:
- https://www.tenable.com/security/research/tra-2024-02
- https://wordpress.org/plugins/html5-video-player
- https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1061
impact: |
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
remediation: |
Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
cvss-score: 8.6
@ -21,7 +21,8 @@ info:
cwe-id: CWE-89
metadata:
verified: true
fofa-query: '"wordpress" && body="html5-video-player"'
fofa-query: "\"wordpress\" && body=\"html5-video-player\""
max-request: 1
tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player
http:

9
http/cves/2024/CVE-2024-21645.yaml
View File

@ -6,25 +6,26 @@ info:
severity: medium
description: |
A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.
impact: |
Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
reference:
- https://github.com/advisories/GHSA-ghmw-rwh8-6qmr
- https://nvd.nist.gov/vuln/detail/CVE-2024-21645
- https://github.com/fkie-cad/nvd-json-data-feeds
impact: |
Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
cve-id: CVE-2024-21645
cwe-id: CWE-74
cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
epss-score: 0.00046
epss-percentile: 0.13723
cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
metadata:
verified: true
vendor: pyload
product: pyload
shodan-query: title:"pyload"
shodan-query: "title:\"pyload\""
max-request: 2
tags: cve,cve2024,pyload,authenticated,injection
variables:

3
http/cves/2024/CVE-2024-21893.yaml
View File

@ -18,8 +18,9 @@ info:
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*
metadata:
vendor: ivanti
product: connect_secure
product: "connect_secure"
shodan-query: "html:\"welcome.cgi?p=logo\""
max-request: 1
tags: cve,cve2024,kev,ssrf,ivanti
http:

3
http/default-logins/ibm/ibm-dcbc-default-login.yaml
View File

@ -8,7 +8,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.0.1?topic=users-tutorial-getting-started-decision-center-business-console
metadata:
verified: true
shodan-query: title="Decision Center | Business Console"
shodan-query: "title=\"Decision Center | Business Console\""
max-request: 1
tags: ibm,default-login,decision-center
http:

3
http/default-logins/ibm/ibm-dcec-default-login.yaml
View File

@ -8,7 +8,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
metadata:
verified: true
shodan-query: html="Decision Center Enterprise console"
shodan-query: "html=\"Decision Center Enterprise console\""
max-request: 1
tags: ibm,default-login,decision-center
http:

3
http/default-logins/ibm/ibm-dsc-default-login.yaml
View File

@ -8,7 +8,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.8.0?topic=center-overview-decision
metadata:
verified: true
shodan-query: title:"Rule Execution Server"
shodan-query: "title:\"Rule Execution Server\""
max-request: 1
tags: ibm,default-login,decision-server
http:

3
http/default-logins/webmethod/webmethod-integration-default-login.yaml
View File

@ -7,8 +7,9 @@ info:
reference:
- https://documentation.softwareag.com/
metadata:
shodan-query: "http.favicon.hash:-234335289"
max-request: 5
verified: true
shodan-query: http.favicon.hash:-234335289
tags: default-login,webmethod
flow: http(1) && http(2)

4
http/exposed-panels/cisco-unity-panel.yaml
View File

@ -7,9 +7,9 @@ info:
description: |
A Cisco Unity Connection instance was detected.
metadata:
max-request: 1
shodan-query: "html:\"Cisco Unity Connection\""
max-request: 2
verified: true
shodan-query: html:"Cisco Unity Connection"
tags: panel,cisco,unity,login,detect
http:

29
http/exposed-panels/dockge-panel.yaml
View File

@ -1,20 +1,19 @@
id: dockge-panel
info:
name: Dockge Panel - Detect
author: rxerium
severity: info
description: |
A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager
reference:
- https://github.com/louislam/dockge
- https://dockge.kuma.pet/
metadata:
verified: true
max-request: 2
shodan-query: title:"Dockge"
tags: panel,dockge,login
info:
name: Dockge Panel - Detect
author: rxerium
severity: info
description: |
A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager
reference:
- https://github.com/louislam/dockge
- https://dockge.kuma.pet/
metadata:
verified: true
max-request: 1
shodan-query: "title:\"Dockge\""
tags: panel,dockge,login
http:
- method: GET
path:

5
http/exposed-panels/easyjob-panel.yaml
View File

@ -5,12 +5,13 @@ info:
author: righettod
severity: info
description: |
EasyJOB login panel was detected.
EasyJOB login panel was detected.
reference:
- https://www.en.because-software.com/software/easyjob/
metadata:
verified: true
shodan-query: http.title:"Log in - easyJOB"
shodan-query: "http.title:\"Log in - easyJOB\""
max-request: 1
tags: panel,easyjob,login
http:

5
http/exposed-panels/goanywhere-mft-login.yaml
View File

@ -7,12 +7,11 @@ info:
description: GoAnywhere Managed File Transfer login panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
shodan-query: "http.html:\"GoAnywhere Managed File Transfer\""
verified: true
max-request: 1
shodan-query: http.html:"GoAnywhere Managed File Transfer"
max-request: 2
tags: panel,goanywhere,login,filetransfer
http:

3
http/exposed-panels/gotify-panel.yaml
View File

@ -11,7 +11,8 @@ info:
vendor: gotify
product: server
verified: true
shodan-query: http.title:"Gotify"
shodan-query: "http.title:\"Gotify\""
max-request: 1
tags: panel,gotify,login,detect
http:

2
http/exposed-panels/grails-database-admin-console.yaml
View File

@ -13,9 +13,9 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 2
vendor: grails
product: grails
max-request: 2
tags: grails,panel
http:

3
http/exposed-panels/haivision-gateway-panel.yaml
View File

@ -9,7 +9,8 @@ info:
- https://www.haivision.com/
metadata:
verified: true
shodan-query: http.title:"Haivision Gateway"
shodan-query: "http.title:\"Haivision Gateway\""
max-request: 1
tags: panel,haivision,login,detect
http:

24
http/exposed-panels/haivision-media-platform-panel.yaml
View File

@ -1,17 +1,17 @@
id: haivision-media-platform-panel
info:
name: Haivision Media Platform Login Panel - Detect
author: righettod
severity: info
description: Haivision Media Platform login panel was detected.
reference:
- https://www.haivision.com/
metadata:
verified: true
shodan-query: http.title:"Haivision Media Platform"
tags: panel,haivision,login,detect
info:
name: Haivision Media Platform Login Panel - Detect
author: righettod
severity: info
description: Haivision Media Platform login panel was detected.
reference:
- https://www.haivision.com/
metadata:
verified: true
shodan-query: "http.title:\"Haivision Media Platform\""
max-request: 1
tags: panel,haivision,login,detect
http:
- method: GET
path:

3
http/exposed-panels/ibm/ibm-dcec-panel.yaml
View File

@ -10,7 +10,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
metadata:
verified: true
shodan-query: html:"Decision Center Enterprise console"
shodan-query: "html:\"Decision Center Enterprise console\""
max-request: 1
tags: panel,ibm,login,detect,decision-center
http:

3
http/exposed-panels/ibm/ibm-decision-server-console.yaml
View File

@ -10,7 +10,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.12.0?topic=overview-introducing-rule-execution-server
metadata:
verified: true
shodan-query: title:"Rule Execution Server"
shodan-query: "title:\"Rule Execution Server\""
max-request: 1
tags: panel,ibm,login,detect,decision-server
http:

3
http/exposed-panels/ibm/ibm-odm-panel.yaml
View File

@ -10,7 +10,8 @@ info:
- https://www.ibm.com/docs/en/odm/8.12.0
metadata:
verified: true
fofa-query: title="Decision Center | Business Console"
fofa-query: "title=\"Decision Center | Business Console\""
max-request: 1
tags: panel,ibm,login,detect,decision-center
http:

6
http/exposed-panels/ivanti-connect-secure-panel.yaml
View File

@ -10,10 +10,10 @@ info:
- https://www.ivanti.com/products/connect-secure-vpn
metadata:
vendor: ivanti
product: connect_secure
product: "connect_secure"
verified: true
max-request: 1
shodan-query: title:"Ivanti Connect Secure"
max-request: 2
shodan-query: "title:\"Ivanti Connect Secure\""
tags: panel,connectsecure,login
http:

5
http/exposed-panels/juniper-panel.yaml
View File

@ -10,12 +10,11 @@ info:
- https://www.juniper.net/documentation/us/en/software/jweb-ex/jweb-ex-application-package/topics/concept/ex-series-j-web-interface-overview.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0
cwe-id: CWE-200
metadata:
max-request: 2
max-request: 1
verified: true
shodan-query: http.title:"Juniper Web Device Manager"
shodan-query: "http.title:\"Juniper Web Device Manager\""
tags: panel,juniper,vpn,login
http:

3
http/exposed-panels/kafka-topics-ui.yaml
View File

@ -10,13 +10,12 @@ info:
- https://github.com/provectus/kafka-ui
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
vendor: provectus
product: ui
platform: kafka
max-request: 1
max-request: 2
tags: panel,kafka,apache,detect
http:

3
http/exposed-panels/kopano-webapp-panel.yaml
View File

@ -9,7 +9,8 @@ info:
- https://kopano.com/
metadata:
verified: true
shodan-query: http.title:"Kopano WebApp"
shodan-query: "http.title:\"Kopano WebApp\""
max-request: 1
tags: panel,kopano,login,detect
http:

3
http/exposed-panels/linshare-panel.yaml
View File

@ -10,7 +10,8 @@ info:
- https://github.com/linagora/linshare
metadata:
verified: true
shodan-query: http.title:"LinShare"
shodan-query: "http.title:\"LinShare\""
max-request: 3
tags: panel,linshare,login,detect
http:

4
http/exposed-panels/odoo-panel.yaml
View File

@ -8,8 +8,8 @@ info:
vendor: odoo
product: odoo
verified: true
max-request: 1
shodan-query: title:"Odoo"
max-request: 2
shodan-query: "title:\"Odoo\""
tags: login,panel,odoo
http:

26
http/exposed-panels/passbolt-panel.yaml
View File

@ -1,18 +1,18 @@
id: passbolt-panel
info:
name: Passbolt Login Panel
author: righettod
severity: info
description: |
Passbolt login panel was detected.
reference:
- https://www.passbolt.com/
metadata:
verified: true
shodan-query: http.title:"Passbolt | Open source password manager for teams"
tags: panel,passbolt,login
info:
name: Passbolt Login Panel
author: righettod
severity: info
description: |
Passbolt login panel was detected.
reference:
- https://www.passbolt.com/
metadata:
verified: true
shodan-query: "http.title:\"Passbolt | Open source password manager for teams\""
max-request: 1
tags: panel,passbolt,login
http:
- method: GET
path:

5
http/exposed-panels/phpmyadmin-panel.yaml
View File

@ -7,13 +7,12 @@ info:
description: phpMyAdmin panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
shodan-query: "http.title:phpMyAdmin"
vendor: phpmyadmin
product: phpmyadmin
max-request: 12
shodan-query: http.title:phpMyAdmin
max-request: 13
tags: panel,phpmyadmin
http:

7
http/exposed-panels/proofpoint-protection-server-panel.yaml
View File

@ -7,14 +7,13 @@ info:
description: Proofpoint Protection Server panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
product: "proofpoint protection server"
shodan-query: "http.favicon.hash:942678640"
verified: true
max-request: 1
max-request: 2
vendor: proofpoint
product: proofpoint protection server
shodan-query: http.favicon.hash:942678640
tags: panel,proofpoint,login,detect
http:

2
http/exposed-panels/pulse-secure-version.yaml
View File

@ -5,9 +5,9 @@ info:
author: dadevel
severity: info
metadata:
max-request: 2
vendor: pulsesecure
product: pulse_connect_secure
max-request: 2
tags: pulse,panel
http:

3
http/exposed-panels/rocketchat-panel.yaml
View File

@ -9,7 +9,8 @@ info:
- https://www.rocket.chat/
metadata:
verified: true
shodan-query: http.title:"Rocket.Chat"
shodan-query: "http.title:\"Rocket.Chat\""
max-request: 1
tags: panel,rocketchat,login,detect
http:

5
http/exposed-panels/sentry-panel.yaml
View File

@ -5,14 +5,15 @@ info:
author: righettod
severity: info
description: |
Sentry login panel was detected.
Sentry login panel was detected.
reference:
- https://sentry.io/
metadata:
vendor: sentry
product: sentry
verified: true
shodan-query: http.title:"Login | Sentry"
shodan-query: "http.title:\"Login | Sentry\""
max-request: 1
tags: panel,sentry,login
http:

4
http/exposed-panels/truenas-scale-panel.yaml
View File

@ -9,10 +9,10 @@ info:
reference:
- https://www.truenas.com
metadata:
vendor: ixsystems
product: truenas
verified: true
max-request: 1
vendor: ixsystems
product: truenas
shodan-query: html:"TrueNAS"
tags: login,panel,truenas

3
http/exposed-panels/vistaweb-panel.yaml
View File

@ -5,11 +5,12 @@ info:
author: righettod
severity: info
description: |
Vista Web login panel was detected.
Vista Web login panel was detected.
reference:
- https://resa.aero/solutions-operations-facturation/vista-web/
metadata:
verified: true
max-request: 1
tags: panel,vistaweb,login
http:

4
http/exposures/apis/swagger-api.yaml
View File

@ -10,9 +10,9 @@ info:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
metadata:
max-request: 59
shodan-query: "http.title:\"swagger\""
verified: true
max-request: 57
shodan-query: http.title:"swagger"
tags: exposure,api,swagger
http:

2
http/exposures/backups/zip-backup-files.yaml
View File

@ -10,7 +10,7 @@ info:
cvss-score: 5.3
cwe-id: CWE-200
metadata:
max-request: 1440
max-request: 1305
tags: exposure,backup
http:

3
http/exposures/configs/awstats-script.yaml
View File

@ -8,10 +8,9 @@ info:
reference: https://www.awstats.org/docs/awstats_setup.html
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0
cwe-id: CWE-200
metadata:
max-request: 3
max-request: 4
tags: config,exposure,awstats
http:

2
http/exposures/logs/roundcube-log-disclosure.yaml
View File

@ -8,7 +8,7 @@ info:
reference:
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/roundcube-log-disclosure.json
metadata:
max-request: 12
max-request: 16
tags: exposure,logs
http:

2
http/fuzzing/wordpress-plugins-detect.yaml
View File

@ -5,7 +5,7 @@ info:
author: 0xcrypto
severity: info
metadata:
max-request: 98135
max-request: 100563
tags: fuzzing,bruteforce,wordpress
http:

3
http/technologies/google/chromecast-detect.yaml
View File

@ -10,8 +10,9 @@ info:
- https://github.com/thewhiteh4t/killcast/blob/ee81cfa03c963d47d3335770fcea2ca48bddeabf/killcast.py#L100C25-L100C43
- https://rithvikvibhu.github.io/GHLocalApi/#section/Google-Home-Local-API/Authentication
metadata:
shodan-query: "Chromecast"
verified: true
max-request: 1
shodan-query: Chromecast
tags: google,chromecast,detect
http:

3
http/technologies/ibm/ibm-odm-detect.yaml
View File

@ -10,7 +10,8 @@ info:
- https://www.ibm.com/products/operational-decision-manager
metadata:
verified: true
fofa-query: icon_hash="707491698"
fofa-query: "icon_hash=\"707491698\""
max-request: 1
tags: ibm,decision-center,tech,detect
http:

6
http/technologies/lucee-detect.yaml
View File

@ -6,9 +6,9 @@ info:
severity: info
description: Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development -- https://github.com/lucee/Lucee/
metadata:
max-request: 1
shodan-query: html:"Lucee"
fofa-query: app="Lucee-Engine"
max-request: 2
shodan-query: "html:\"Lucee\""
fofa-query: "app=\"Lucee-Engine\""
tags: tech,lucee
http:

4
http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml
View File

@ -7,9 +7,9 @@ info:
reference:
- https://github.com/wy876/POC/blob/main/%E5%A4%A7%E5%8D%8E%E6%99%BA%E6%85%A7%E5%9B%AD%E5%8C%BA%E7%BB%BC%E5%90%88%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0bitmap%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md
metadata:
max-request: 1
fofa-query: app="dahua-智慧园区综合管理平台"
fofa-query: "app=\"dahua-智慧园区综合管理平台\""
verified: true
max-request: 2
tags: dahua,file-upload,rce,intrusive
variables:

4
http/vulnerabilities/generic/xss-fuzz.yaml
View File

@ -10,8 +10,8 @@ info:
cvss-score: 7.2
cwe-id: CWE-79
metadata:
max-request: 3
parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year
max-request: 29
parameters: "q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year"
tags: xss,generic,fuzz
http:

4
http/vulnerabilities/other/bitrix-open-redirect.yaml
View File

@ -12,8 +12,8 @@ info:
cvss-score: 6.1
cwe-id: CWE-601
metadata:
max-request: 12
shodan-query: html:"/bitrix/"
max-request: 14
shodan-query: "html:\"/bitrix/\""
tags: redirect,bitrix,packetstorm
http:

2
http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml
View File

@ -8,7 +8,7 @@ info:
- https://github.com/OWASP/vbscan
- https://blog.sucuri.net/2017/01/vbulletin-malware-hackers-compete-backdoor-control.html
metadata:
max-request: 31
max-request: 21
tags: backdoor,php,vbulletin,rce
flow: http(1) && http(2)

4
javascript/cves/2016/CVE-2016-8706.yaml
View File

@ -17,8 +17,8 @@ info:
cvss-score: 8.1
cve-id: CVE-2016-8706
cwe-id: CWE-190
epss-score: 0.91612
epss-percentile: 0.98696
epss-score: 0.89998
epss-percentile: 0.987
cpe: cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*
metadata:
max-request: 1

4
javascript/cves/2023/CVE-2023-34039.yaml
View File

@ -22,8 +22,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2023-34039
cwe-id: CWE-327
epss-score: 0.89263
epss-percentile: 0.98515
epss-score: 0.88996
epss-percentile: 0.98637
cpe: cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:*
metadata:
verified: true

4
javascript/cves/2023/CVE-2023-46604.yaml
View File

@ -18,8 +18,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2023-46604
cwe-id: CWE-502
epss-score: 0.97147
epss-percentile: 0.99762
epss-score: 0.97273
epss-percentile: 0.99837
cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*
metadata:
verified: true

9
javascript/cves/2024/CVE-2024-23897.yaml
View File

@ -3,7 +3,7 @@ id: CVE-2024-23897
info:
name: Jenkins < 2.441 - Arbitrary File Read
author: iamnoooob,rootxharsh,pdresearch
severity: critical
severity: high
description: |
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
reference:
@ -12,6 +12,13 @@ info:
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/forsaken0127/CVE-2024-23897
- https://github.com/nomi-sec/PoC-in-GitHub
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-23897
epss-score: 0.41536
epss-percentile: 0.97188
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
metadata:
verified: true
max-request: 1

4
network/cves/2016/CVE-2016-2004.yaml
View File

@ -20,8 +20,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2016-2004
cwe-id: CWE-306
epss-score: 0.09306
epss-percentile: 0.94149
epss-score: 0.12552
epss-percentile: 0.95291
cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
metadata:
max-request: 2

2
network/cves/2016/CVE-2016-3510.yaml
View File

@ -20,7 +20,7 @@ info:
cve-id: CVE-2016-3510
cwe-id: CWE-119
epss-score: 0.04254
epss-percentile: 0.914
epss-percentile: 0.92018
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
metadata:
verified: true

4
network/cves/2017/CVE-2017-3881.yaml
View File

@ -20,8 +20,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2017-3881
cwe-id: CWE-20
epss-score: 0.9747
epss-percentile: 0.99961
epss-score: 0.9745
epss-percentile: 0.99948
cpe: cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
metadata:
max-request: 2

2
network/cves/2017/CVE-2017-5645.yaml
View File

@ -22,7 +22,7 @@ info:
cve-id: CVE-2017-5645
cwe-id: CWE-502
epss-score: 0.81948
epss-percentile: 0.98126
epss-percentile: 0.98287
cpe: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
metadata:
max-request: 2

2
network/cves/2018/CVE-2018-2628.yaml
View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2018-2628
cwe-id: CWE-502
epss-score: 0.97523
epss-percentile: 0.99988
epss-percentile: 0.99987
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
metadata:
max-request: 1

3
network/cves/2018/CVE-2018-2893.yaml
View File

@ -20,14 +20,13 @@ info:
cvss-score: 9.8
cve-id: CVE-2018-2893
epss-score: 0.97327
epss-percentile: 0.99866
epss-percentile: 0.99869
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: oracle
product: weblogic_server
tags: cve,cve2018,weblogic,network,deserialization,rce,oracle
tcp:
- inputs:
- data: "t3 12.2.1

2
network/cves/2020/CVE-2020-11981.yaml
View File

@ -21,7 +21,7 @@ info:
cve-id: CVE-2020-11981
cwe-id: CWE-78
epss-score: 0.9386
epss-percentile: 0.98967
epss-percentile: 0.99073
cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
metadata:
verified: true

5
network/cves/2020/CVE-2020-1938.yaml
View File

@ -19,8 +19,8 @@ info:
cvss-score: 9.8
cve-id: CVE-2020-1938
cwe-id: CWE-269
epss-score: 0.97499
epss-percentile: 0.99978
epss-score: 0.97384
epss-percentile: 0.99902
cpe: cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*
metadata:
max-request: 4
@ -28,7 +28,6 @@ info:
product: geode
shodan-query: title:"Apache Tomcat"
tags: cve,cve2020,kev,tenable,apache,lfi,network,tomcat,ajp
tcp:
- host:
- "{{Hostname}}"

Some files were not shown because too many files have changed in this diff Show More