diff --git a/code/cves/2019/CVE-2019-14287.yaml b/code/cves/2019/CVE-2019-14287.yaml index 7383293454..d15d3ae331 100644 --- a/code/cves/2019/CVE-2019-14287.yaml +++ b/code/cves/2019/CVE-2019-14287.yaml @@ -9,11 +9,22 @@ info: reference: - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287 - https://www.exploit-db.com/exploits/47502 + - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html + - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html + - http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 8.8 + cve-id: CVE-2019-14287 + cwe-id: CWE-755 + epss-score: 0.34299 + epss-percentile: 0.96958 + cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 - vendor: canonical - product: ubuntu_linux + vendor: sudo_project + product: sudo tags: cve,cve2019,sudo,code,linux,privesc,local,canonical self-contained: true diff --git a/code/cves/2021/CVE-2021-3156.yaml b/code/cves/2021/CVE-2021-3156.yaml index 3004515a10..86126a19e9 100644 --- a/code/cves/2021/CVE-2021-3156.yaml +++ b/code/cves/2021/CVE-2021-3156.yaml @@ -10,8 +10,20 @@ info: - https://medium.com/mii-cybersec/privilege-escalation-cve-2021-3156-new-sudo-vulnerability-4f9e84a9f435 - https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit - https://infosecwriteups.com/baron-samedit-cve-2021-3156-tryhackme-76d7dedc3cff + - http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html + - http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html + classification: + cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H + cvss-score: 7.8 + cve-id: CVE-2021-3156 + cwe-id: CWE-193 + epss-score: 0.97085 + epss-percentile: 0.99752 + cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:* metadata: verified: true + vendor: sudo_project + product: sudo tags: cve,cve2021,sudo,code,linux,privesc,local,kev self-contained: true diff --git a/code/cves/2023/CVE-2023-2640.yaml b/code/cves/2023/CVE-2023-2640.yaml index 8554bd8a9d..b2a66a76fc 100644 --- a/code/cves/2023/CVE-2023-2640.yaml +++ b/code/cves/2023/CVE-2023-2640.yaml @@ -21,8 +21,8 @@ info: cvss-score: 7.8 cve-id: CVE-2023-2640 cwe-id: CWE-863 - epss-score: 0.00047 - epss-percentile: 0.14754 + epss-score: 0.00174 + epss-percentile: 0.53697 cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:* metadata: verified: true diff --git a/code/cves/2023/CVE-2023-4911.yaml b/code/cves/2023/CVE-2023-4911.yaml index 130d2597cb..67eb2ccb35 100644 --- a/code/cves/2023/CVE-2023-4911.yaml +++ b/code/cves/2023/CVE-2023-4911.yaml @@ -10,16 +10,21 @@ info: - https://nvd.nist.gov/vuln/detail/CVE-2023-4911 - https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt - https://www.youtube.com/watch?v=1iV-CD9Apn8 + - http://www.openwall.com/lists/oss-security/2023/10/05/1 + - http://www.openwall.com/lists/oss-security/2023/10/13/11 classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.8 cve-id: CVE-2023-4911 - cwe-id: CWE-787 - cpe: cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:* + cwe-id: CWE-787,CWE-122 + epss-score: 0.0171 + epss-percentile: 0.87439 + cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: glibc - tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local + vendor: gnu + product: glibc + tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev self-contained: true code: diff --git a/code/cves/2023/CVE-2023-6246.yaml b/code/cves/2023/CVE-2023-6246.yaml index d4dc164656..f6006751c2 100644 --- a/code/cves/2023/CVE-2023-6246.yaml +++ b/code/cves/2023/CVE-2023-6246.yaml @@ -9,15 +9,21 @@ info: reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-6246 - https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt + - https://access.redhat.com/security/cve/CVE-2023-6246 + - https://bugzilla.redhat.com/show_bug.cgi?id=2249053 + - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/ classification: cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score: 7.8 cve-id: CVE-2023-6246 - cwe-id: CWE-787 + cwe-id: CWE-787,CWE-122 + epss-score: 0.00383 + epss-percentile: 0.72435 cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:* metadata: max-request: 1 - vendor: glibc + vendor: gnu + product: glibc tags: cve,cve2023,code,glibc,linux,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-choom.yaml b/code/privilege-escalation/linux/binary/privesc-choom.yaml index e1ace50aba..4a9ccd2480 100644 --- a/code/privilege-escalation/linux/binary/privesc-choom.yaml +++ b/code/privilege-escalation/linux/binary/privesc-choom.yaml @@ -9,8 +9,8 @@ info: reference: - https://gtfobins.github.io/gtfobins/choom/ metadata: - max-request: 3 verified: true + max-request: 3 tags: code,linux,choom,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-find.yaml b/code/privilege-escalation/linux/binary/privesc-find.yaml index 83be694188..49013e9aa5 100644 --- a/code/privilege-escalation/linux/binary/privesc-find.yaml +++ b/code/privilege-escalation/linux/binary/privesc-find.yaml @@ -9,8 +9,8 @@ info: reference: - https://gtfobins.github.io/gtfobins/find/ metadata: - max-request: 3 verified: true + max-request: 3 tags: code,linux,find,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-lua.yaml b/code/privilege-escalation/linux/binary/privesc-lua.yaml index c5d43374de..d1d7298fc5 100644 --- a/code/privilege-escalation/linux/binary/privesc-lua.yaml +++ b/code/privilege-escalation/linux/binary/privesc-lua.yaml @@ -9,8 +9,8 @@ info: reference: - https://gtfobins.github.io/gtfobins/lua/ metadata: - max-request: 3 verified: true + max-request: 3 tags: code,linux,lua,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-mysql.yaml b/code/privilege-escalation/linux/binary/privesc-mysql.yaml index 6865f91dbf..a4852d4a33 100644 --- a/code/privilege-escalation/linux/binary/privesc-mysql.yaml +++ b/code/privilege-escalation/linux/binary/privesc-mysql.yaml @@ -9,8 +9,8 @@ info: reference: - https://gtfobins.github.io/gtfobins/mysql/ metadata: - max-request: 3 verified: true + max-request: 3 tags: code,linux,mysql,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-node.yaml b/code/privilege-escalation/linux/binary/privesc-node.yaml index ebb32c926c..be5065d397 100644 --- a/code/privilege-escalation/linux/binary/privesc-node.yaml +++ b/code/privilege-escalation/linux/binary/privesc-node.yaml @@ -9,8 +9,8 @@ info: reference: - https://gtfobins.github.io/gtfobins/node/ metadata: - max-request: 4 verified: true + max-request: 4 tags: code,linux,node,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-rc.yaml b/code/privilege-escalation/linux/binary/privesc-rc.yaml index 8136f4c0bf..f37d3fdea6 100644 --- a/code/privilege-escalation/linux/binary/privesc-rc.yaml +++ b/code/privilege-escalation/linux/binary/privesc-rc.yaml @@ -9,8 +9,8 @@ info: reference: - https://gtfobins.github.io/gtfobins/rc/ metadata: - max-request: 3 verified: true + max-request: 3 tags: code,linux,rc,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-run-parts.yaml b/code/privilege-escalation/linux/binary/privesc-run-parts.yaml index 31b208a6d7..e7eee49e2c 100644 --- a/code/privilege-escalation/linux/binary/privesc-run-parts.yaml +++ b/code/privilege-escalation/linux/binary/privesc-run-parts.yaml @@ -8,8 +8,8 @@ info: The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner. reference: https://gtfobins.github.io/gtfobins/run-parts/ metadata: - max-request: 3 verified: true + max-request: 3 tags: code,linux,run-parts,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-strace.yaml b/code/privilege-escalation/linux/binary/privesc-strace.yaml index e5a895596b..e607df0c20 100644 --- a/code/privilege-escalation/linux/binary/privesc-strace.yaml +++ b/code/privilege-escalation/linux/binary/privesc-strace.yaml @@ -9,8 +9,8 @@ info: reference: - https://gtfobins.github.io/gtfobins/strace/ metadata: - max-request: 3 verified: true + max-request: 3 tags: code,linux,strace,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-torify.yaml b/code/privilege-escalation/linux/binary/privesc-torify.yaml index 51eb949675..951f2858b5 100644 --- a/code/privilege-escalation/linux/binary/privesc-torify.yaml +++ b/code/privilege-escalation/linux/binary/privesc-torify.yaml @@ -9,8 +9,8 @@ info: reference: - https://gtfobins.github.io/gtfobins/torify/ metadata: - max-request: 3 verified: true + max-request: 3 tags: code,linux,torify,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-view.yaml b/code/privilege-escalation/linux/binary/privesc-view.yaml index 67551216c4..ec8c20270e 100644 --- a/code/privilege-escalation/linux/binary/privesc-view.yaml +++ b/code/privilege-escalation/linux/binary/privesc-view.yaml @@ -9,8 +9,8 @@ info: reference: - https://gtfobins.github.io/gtfobins/view/ metadata: - max-request: 3 verified: true + max-request: 3 tags: code,linux,view,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/binary/privesc-xargs.yaml b/code/privilege-escalation/linux/binary/privesc-xargs.yaml index 23db34f78b..0ca047a7a7 100644 --- a/code/privilege-escalation/linux/binary/privesc-xargs.yaml +++ b/code/privilege-escalation/linux/binary/privesc-xargs.yaml @@ -9,8 +9,8 @@ info: reference: - https://gtfobins.github.io/gtfobins/xargs/ metadata: - max-request: 3 verified: true + max-request: 3 tags: code,linux,xargs,privesc,local self-contained: true diff --git a/code/privilege-escalation/linux/rw-shadow.yaml b/code/privilege-escalation/linux/rw-shadow.yaml index 0fee852708..da515a679a 100644 --- a/code/privilege-escalation/linux/rw-shadow.yaml +++ b/code/privilege-escalation/linux/rw-shadow.yaml @@ -7,8 +7,8 @@ info: reference: - https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow metadata: - max-request: 2 verified: true + max-request: 2 tags: code,linux,privesc,local self-contained: true diff --git a/dns/dns-rebinding.yaml b/dns/dns-rebinding.yaml index 0ffb8778b6..afb4f03272 100644 --- a/dns/dns-rebinding.yaml +++ b/dns/dns-rebinding.yaml @@ -10,6 +10,8 @@ info: - https://capec.mitre.org/data/definitions/275.html - https://payatu.com/blog/dns-rebinding/ - https://heimdalsecurity.com/blog/dns-rebinding/ + metadata: + max-request: 2 tags: redirect,dns,network dns: diff --git a/headless/cves/2018/CVE-2018-25031.yaml b/headless/cves/2018/CVE-2018-25031.yaml index a495c1a753..d3c7f88877 100644 --- a/headless/cves/2018/CVE-2018-25031.yaml +++ b/headless/cves/2018/CVE-2018-25031.yaml @@ -20,7 +20,7 @@ info: cve-id: CVE-2018-25031 cwe-id: CWE-20 epss-score: 0.00265 - epss-percentile: 0.64105 + epss-percentile: 0.65414 cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:* metadata: verified: true @@ -30,7 +30,6 @@ info: shodan-query: http.component:"Swagger" fofa-query: icon_hash="-1180440057" tags: headless,cve,cve2018,swagger,xss,smartbear - headless: - steps: - args: diff --git a/http/cves/2014/CVE-2014-6271.yaml b/http/cves/2014/CVE-2014-6271.yaml index 2d3350da55..3d6d943bdc 100644 --- a/http/cves/2014/CVE-2014-6271.yaml +++ b/http/cves/2014/CVE-2014-6271.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2014-6271 cwe-id: CWE-78 - epss-score: 0.97564 - epss-percentile: 0.99999 + epss-score: 0.97559 + epss-percentile: 0.99997 cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:* metadata: max-request: 8 diff --git a/http/cves/2014/CVE-2014-8799.yaml b/http/cves/2014/CVE-2014-8799.yaml index 93400a28c3..b521defaf3 100644 --- a/http/cves/2014/CVE-2014-8799.yaml +++ b/http/cves/2014/CVE-2014-8799.yaml @@ -21,7 +21,7 @@ info: cve-id: CVE-2014-8799 cwe-id: CWE-22 epss-score: 0.17844 - epss-percentile: 0.95686 + epss-percentile: 0.96002 cpe: cpe:2.3:a:dukapress:dukapress:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 diff --git a/http/cves/2018/CVE-2018-17431.yaml b/http/cves/2018/CVE-2018-17431.yaml index 1c899630fc..2d6bd19525 100644 --- a/http/cves/2018/CVE-2018-17431.yaml +++ b/http/cves/2018/CVE-2018-17431.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2018-17431 cwe-id: CWE-287 - epss-score: 0.11315 - epss-percentile: 0.94677 + epss-score: 0.11416 + epss-percentile: 0.95073 cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2018/CVE-2018-20463.yaml b/http/cves/2018/CVE-2018-20463.yaml index e4dd013391..183a4f27bf 100644 --- a/http/cves/2018/CVE-2018-20463.yaml +++ b/http/cves/2018/CVE-2018-20463.yaml @@ -15,13 +15,14 @@ info: - https://wordpress.org/plugins/jsmol2wp/ - https://github.com/sullo/advisory-archives/blob/master/wordpress-jsmol2wp-CVE-2018-20463-CVE-2018-20462.txt - https://nvd.nist.gov/vuln/detail/CVE-2018-20463 + - https://github.com/ARPSyndicate/cvemon classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2018-20463 cwe-id: CWE-22 epss-score: 0.01939 - epss-percentile: 0.87393 + epss-percentile: 0.88289 cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2020/CVE-2020-24223.yaml b/http/cves/2020/CVE-2020-24223.yaml index 3d1b6e45c8..68b4a8f42d 100644 --- a/http/cves/2020/CVE-2020-24223.yaml +++ b/http/cves/2020/CVE-2020-24223.yaml @@ -20,8 +20,8 @@ info: cvss-score: 6.1 cve-id: CVE-2020-24223 cwe-id: CWE-79 - epss-score: 0.00976 - epss-percentile: 0.81758 + epss-score: 0.0069 + epss-percentile: 0.79602 cpe: cpe:2.3:a:mara_cms_project:mara_cms:7.5:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/http/cves/2021/CVE-2021-21805.yaml b/http/cves/2021/CVE-2021-21805.yaml index 39d420c0ea..aca97db5a8 100644 --- a/http/cves/2021/CVE-2021-21805.yaml +++ b/http/cves/2021/CVE-2021-21805.yaml @@ -14,13 +14,15 @@ info: - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1274 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21805 - https://nvd.nist.gov/vuln/detail/CVE-2021-21805 + - https://github.com/ARPSyndicate/cvemon + - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-21805 cwe-id: CWE-78 epss-score: 0.97374 - epss-percentile: 0.99892 + epss-percentile: 0.99895 cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-22873.yaml b/http/cves/2021/CVE-2021-22873.yaml index 65ab692f39..7a93dec42b 100644 --- a/http/cves/2021/CVE-2021-22873.yaml +++ b/http/cves/2021/CVE-2021-22873.yaml @@ -21,7 +21,7 @@ info: cve-id: CVE-2021-22873 cwe-id: CWE-601 epss-score: 0.00922 - epss-percentile: 0.81209 + epss-percentile: 0.82474 cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2021/CVE-2021-24849.yaml b/http/cves/2021/CVE-2021-24849.yaml index a396d3d507..149a7b7cb9 100644 --- a/http/cves/2021/CVE-2021-24849.yaml +++ b/http/cves/2021/CVE-2021-24849.yaml @@ -6,26 +6,26 @@ info: severity: critical description: | The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections. - remediation: Fixed in 3.4.12 reference: - https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e/ - https://nvd.nist.gov/vuln/detail/CVE-2021-24849 - https://wordpress.org/plugins/wc-multivendor-marketplace/ + remediation: Fixed in 3.4.12 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-24849 cwe-id: CWE-89 + cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:* epss-score: 0.00199 epss-percentile: 0.56492 - cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:* metadata: - verified: true - max-request: 1 - vendor: wclovers - product: frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible + product: "frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible" framework: wordpress publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace" + verified: true + max-request: 3 + vendor: wclovers tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,wpscan,sqli flow: http(1) && http(2) diff --git a/http/cves/2021/CVE-2021-40651.yaml b/http/cves/2021/CVE-2021-40651.yaml index cac65b9dd7..0bf732d8a7 100644 --- a/http/cves/2021/CVE-2021-40651.yaml +++ b/http/cves/2021/CVE-2021-40651.yaml @@ -18,8 +18,8 @@ info: cwe-id: CWE-22 cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:* metadata: - max-request: 1 - shodan-query: title:"openSIS" + shodan-query: "title:\"openSIS\"" + max-request: 2 tags: cve,cve2021,lfi,os4ed,opensis,authenticated http: diff --git a/http/cves/2022/CVE-2022-0776.yaml b/http/cves/2022/CVE-2022-0776.yaml index f5d7062a48..48baeba1f2 100644 --- a/http/cves/2022/CVE-2022-0776.yaml +++ b/http/cves/2022/CVE-2022-0776.yaml @@ -21,7 +21,7 @@ info: cve-id: CVE-2022-0776 cwe-id: CWE-79 epss-score: 0.001 - epss-percentile: 0.40832 + epss-percentile: 0.40075 cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:* metadata: vendor: revealjs diff --git a/http/cves/2022/CVE-2022-26263.yaml b/http/cves/2022/CVE-2022-26263.yaml index 1897d2e5e5..080d095ffd 100644 --- a/http/cves/2022/CVE-2022-26263.yaml +++ b/http/cves/2022/CVE-2022-26263.yaml @@ -22,7 +22,7 @@ info: cve-id: CVE-2022-26263 cwe-id: CWE-79 epss-score: 0.00147 - epss-percentile: 0.50638 + epss-percentile: 0.49633 cpe: cpe:2.3:a:yonyou:u8\+:13.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-30776.yaml b/http/cves/2022/CVE-2022-30776.yaml index a63c672fb5..77f99269ab 100644 --- a/http/cves/2022/CVE-2022-30776.yaml +++ b/http/cves/2022/CVE-2022-30776.yaml @@ -22,7 +22,7 @@ info: cve-id: CVE-2022-30776 cwe-id: CWE-79 epss-score: 0.00112 - epss-percentile: 0.44504 + epss-percentile: 0.43631 cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/http/cves/2022/CVE-2022-38131.yaml b/http/cves/2022/CVE-2022-38131.yaml index d08cc950ab..053c214221 100644 --- a/http/cves/2022/CVE-2022-38131.yaml +++ b/http/cves/2022/CVE-2022-38131.yaml @@ -6,28 +6,29 @@ info: severity: medium description: | RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. - impact: | - An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches. - remediation: | - This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article. reference: - https://tenable.com/security/research/tra-2022-30 - https://support.posit.co/hc/en-us/articles/10983374992023-CVE-2022-38131-configuration-issue-in-Posit-Connect - https://github.com/JoshuaMart/JoshuaMart + impact: | + An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches. + remediation: | + This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-38131 cwe-id: CWE-601 + cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:* epss-score: 0.0006 epss-percentile: 0.23591 - cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:* metadata: + product: connect + shodan-query: "http.favicon.hash:217119619" + fofa-query: "app=\"RStudio-Connect\"" + max-request: 1 verified: true vendor: rstudio - product: connect - shodan-query: http.favicon.hash:217119619 - fofa-query: app="RStudio-Connect" tags: tenable,cve,cve2022,redirect,rstudio http: diff --git a/http/cves/2022/CVE-2022-4140.yaml b/http/cves/2022/CVE-2022-4140.yaml index ab4a189283..8fce4f7a1e 100644 --- a/http/cves/2022/CVE-2022-4140.yaml +++ b/http/cves/2022/CVE-2022-4140.yaml @@ -18,8 +18,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-4140 cwe-id: CWE-552 - epss-score: 0.01317 - epss-percentile: 0.84504 + epss-score: 0.00932 + epss-percentile: 0.82572 cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-0552.yaml b/http/cves/2023/CVE-2023-0552.yaml index dcc120535d..9a4beadfd8 100644 --- a/http/cves/2023/CVE-2023-0552.yaml +++ b/http/cves/2023/CVE-2023-0552.yaml @@ -17,7 +17,7 @@ info: cve-id: CVE-2023-0552 cwe-id: CWE-601 epss-score: 0.00086 - epss-percentile: 0.35637 + epss-percentile: 0.34914 cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:* metadata: verified: true diff --git a/http/cves/2023/CVE-2023-26255.yaml b/http/cves/2023/CVE-2023-26255.yaml index 8369fa4e0f..373038a9a7 100644 --- a/http/cves/2023/CVE-2023-26255.yaml +++ b/http/cves/2023/CVE-2023-26255.yaml @@ -22,7 +22,7 @@ info: cve-id: CVE-2023-26255 cwe-id: CWE-22 epss-score: 0.15138 - epss-percentile: 0.95348 + epss-percentile: 0.95663 cpe: cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:jira:*:* metadata: max-request: 1 diff --git a/http/cves/2023/CVE-2023-28662.yaml b/http/cves/2023/CVE-2023-28662.yaml index cc0c8a63e7..2fdb7b22dd 100644 --- a/http/cves/2023/CVE-2023-28662.yaml +++ b/http/cves/2023/CVE-2023-28662.yaml @@ -6,28 +6,29 @@ info: severity: critical description: | The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action. - impact: | - Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. - remediation: | - Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available. reference: - https://www.tenable.com/security/research/tra-2023-2 - https://wordpress.org/plugins/gift-voucher/ - https://github.com/ARPSyndicate/cvemon - https://github.com/JoshuaMart/JoshuaMart + impact: | + Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. + remediation: | + Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-28662 cwe-id: CWE-89 + cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:* epss-score: 0.00076 epss-percentile: 0.31593 - cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:* metadata: vendor: codemenschen - product: gift_vouchers + product: "gift_vouchers" framework: wordpress - fofa-query: body="/wp-content/plugins/gift-voucher/" + fofa-query: "body=\"/wp-content/plugins/gift-voucher/\"" + max-request: 2 tags: cve,cve2023,wordpress,wp,wp-plugin,sqli,unauth,gift-voucher flow: http(1) && http(2) diff --git a/http/cves/2023/CVE-2023-32563.yaml b/http/cves/2023/CVE-2023-32563.yaml index 1a1370d7c7..78221a1316 100644 --- a/http/cves/2023/CVE-2023-32563.yaml +++ b/http/cves/2023/CVE-2023-32563.yaml @@ -13,13 +13,14 @@ info: - https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939 - https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US - https://nvd.nist.gov/vuln/detail/CVE-2023-32563 + - https://github.com/mayur-esh/vuln-liners classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-32563 cwe-id: CWE-22 - epss-score: 0.43261 - epss-percentile: 0.97013 + epss-score: 0.42647 + epss-percentile: 0.97218 cpe: cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/http/cves/2023/CVE-2023-42344.yaml b/http/cves/2023/CVE-2023-42344.yaml index 611ceffce1..bb1c3417f5 100644 --- a/http/cves/2023/CVE-2023-42344.yaml +++ b/http/cves/2023/CVE-2023-42344.yaml @@ -6,14 +6,14 @@ info: severity: high description: | users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable. - remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability reference: - https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344 - https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/ + remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability metadata: - verified: true - max-request: 1 + max-request: 2 fofa-query: "OpenCms-9.5.3" + verified: true tags: cve,cve2023,xxe,opencms http: diff --git a/http/cves/2023/CVE-2023-46805.yaml b/http/cves/2023/CVE-2023-46805.yaml index 400c1f7542..854f7e5e2c 100644 --- a/http/cves/2023/CVE-2023-46805.yaml +++ b/http/cves/2023/CVE-2023-46805.yaml @@ -16,8 +16,9 @@ info: cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:* metadata: vendor: ivanti - product: connect_secure - shodan-query: html:"welcome.cgi?p=logo" + product: "connect_secure" + shodan-query: "html:\"welcome.cgi?p=logo\"" + max-request: 2 tags: cve,cve2023,kev,auth-bypass,ivanti http: diff --git a/http/cves/2023/CVE-2023-52085.yaml b/http/cves/2023/CVE-2023-52085.yaml index 89061f4c7a..e80d974497 100644 --- a/http/cves/2023/CVE-2023-52085.yaml +++ b/http/cves/2023/CVE-2023-52085.yaml @@ -14,14 +14,15 @@ info: cvss-score: 5.4 cve-id: CVE-2023-52085 cwe-id: CWE-22 + cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:* epss-score: 0.00046 epss-percentile: 0.12483 - cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:* metadata: vendor: wintercms product: winter - shodan-query: title:"Winter CMS" - fofa-query: title="Winter CMS" + shodan-query: "title:\"Winter CMS\"" + fofa-query: "title=\"Winter CMS\"" + max-request: 4 tags: cve,cve2023,authenticated,lfi,wintercms http: diff --git a/http/cves/2023/CVE-2023-6831.yaml b/http/cves/2023/CVE-2023-6831.yaml index 878750743b..e1914c282b 100644 --- a/http/cves/2023/CVE-2023-6831.yaml +++ b/http/cves/2023/CVE-2023-6831.yaml @@ -6,25 +6,26 @@ info: severity: high description: | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. - remediation: | - Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-6831 - https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1 - https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314 + remediation: | + Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H cvss-score: 8.1 cve-id: CVE-2023-6831 cwe-id: CWE-22 - epss-score: 0.000460000 - epss-percentile: 0.126930000 cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:* + epss-score: 0.00046 + epss-percentile: 0.12693 metadata: - verified: true vendor: lfprojects product: mlflow - shodan-query: http.title:"mlflow" + shodan-query: "http.title:\"mlflow\"" + max-request: 2 + verified: true tags: cve,cve2023,mlflow,pathtraversal,lfprojects http: diff --git a/http/cves/2023/CVE-2023-6909.yaml b/http/cves/2023/CVE-2023-6909.yaml index 577dcf9783..5f519c0544 100644 --- a/http/cves/2023/CVE-2023-6909.yaml +++ b/http/cves/2023/CVE-2023-6909.yaml @@ -6,24 +6,25 @@ info: severity: critical description: | Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. - impact: | - Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations. - remediation: | - To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0. reference: - https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850/ - https://nvd.nist.gov/vuln/detail/CVE-2023-6909 - https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1 + impact: | + Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations. + remediation: | + To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N cvss-score: 9.3 cve-id: CVE-2023-6909 cwe-id: CWE-29 metadata: + max-request: 5 verified: true vendor: lfprojects product: mlflow - shodan-query: http.title:"mlflow" + shodan-query: "http.title:\"mlflow\"" tags: cve,cve2023,mlflow,lfi http: diff --git a/http/cves/2024/CVE-2024-0713.yaml b/http/cves/2024/CVE-2024-0713.yaml index 74459c114b..d7ab51239b 100644 --- a/http/cves/2024/CVE-2024-0713.yaml +++ b/http/cves/2024/CVE-2024-0713.yaml @@ -15,14 +15,15 @@ info: cvss-score: 8.8 cve-id: CVE-2024-0713 cwe-id: CWE-434 + cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:* epss-score: 0.00061 epss-percentile: 0.2356 - cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:* metadata: vendor: monitorr product: monitorr verified: true - fofa-query: icon_hash="-211006074" + fofa-query: "icon_hash=\"-211006074\"" + max-request: 2 tags: cve,cve2024,file-upload,intrusive,monitorr variables: diff --git a/http/cves/2024/CVE-2024-1021.yaml b/http/cves/2024/CVE-2024-1021.yaml index 6276be41a5..fbe7bdbd98 100644 --- a/http/cves/2024/CVE-2024-1021.yaml +++ b/http/cves/2024/CVE-2024-1021.yaml @@ -6,17 +6,17 @@ info: severity: medium description: | There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component. + reference: + - https://github.com/getrebuild/rebuild + - https://nvd.nist.gov/vuln/detail/CVE-2024-1021 impact: | Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources. remediation: | Apply the latest security patches or updates provided by Rebuild to fix this vulnerability. - reference: - - https://github.com/getrebuild/rebuild - - https://nvd.nist.gov/vuln/detail/CVE-2024-1021 metadata: - max-request: 1 + max-request: 2 verified: true - fofa-query: icon_hash="871154672" + fofa-query: "icon_hash=\"871154672\"" tags: cve2024,cve,rebuild,ssrf http: diff --git a/http/cves/2024/CVE-2024-1061.yaml b/http/cves/2024/CVE-2024-1061.yaml index 242eaa8b61..28b930a861 100644 --- a/http/cves/2024/CVE-2024-1061.yaml +++ b/http/cves/2024/CVE-2024-1061.yaml @@ -6,14 +6,14 @@ info: severity: high description: | WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks. - impact: | - Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. - remediation: | - Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25. reference: - https://www.tenable.com/security/research/tra-2024-02 - https://wordpress.org/plugins/html5-video-player - https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1061 + impact: | + Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site. + remediation: | + Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N cvss-score: 8.6 @@ -21,7 +21,8 @@ info: cwe-id: CWE-89 metadata: verified: true - fofa-query: '"wordpress" && body="html5-video-player"' + fofa-query: "\"wordpress\" && body=\"html5-video-player\"" + max-request: 1 tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player http: diff --git a/http/cves/2024/CVE-2024-21645.yaml b/http/cves/2024/CVE-2024-21645.yaml index 443f7c8633..c19be5a70f 100644 --- a/http/cves/2024/CVE-2024-21645.yaml +++ b/http/cves/2024/CVE-2024-21645.yaml @@ -6,25 +6,26 @@ info: severity: medium description: | A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. - impact: | - Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act. reference: - https://github.com/advisories/GHSA-ghmw-rwh8-6qmr - https://nvd.nist.gov/vuln/detail/CVE-2024-21645 - https://github.com/fkie-cad/nvd-json-data-feeds + impact: | + Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N cvss-score: 5.3 cve-id: CVE-2024-21645 cwe-id: CWE-74 + cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:* epss-score: 0.00046 epss-percentile: 0.13723 - cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:* metadata: verified: true vendor: pyload product: pyload - shodan-query: title:"pyload" + shodan-query: "title:\"pyload\"" + max-request: 2 tags: cve,cve2024,pyload,authenticated,injection variables: diff --git a/http/cves/2024/CVE-2024-21893.yaml b/http/cves/2024/CVE-2024-21893.yaml index 3f0ce48f53..fdb666a36a 100644 --- a/http/cves/2024/CVE-2024-21893.yaml +++ b/http/cves/2024/CVE-2024-21893.yaml @@ -18,8 +18,9 @@ info: cpe: cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:* metadata: vendor: ivanti - product: connect_secure + product: "connect_secure" shodan-query: "html:\"welcome.cgi?p=logo\"" + max-request: 1 tags: cve,cve2024,kev,ssrf,ivanti http: diff --git a/http/default-logins/ibm/ibm-dcbc-default-login.yaml b/http/default-logins/ibm/ibm-dcbc-default-login.yaml index 75e2653c94..e6ddfcfae8 100644 --- a/http/default-logins/ibm/ibm-dcbc-default-login.yaml +++ b/http/default-logins/ibm/ibm-dcbc-default-login.yaml @@ -8,7 +8,8 @@ info: - https://www.ibm.com/docs/en/odm/8.0.1?topic=users-tutorial-getting-started-decision-center-business-console metadata: verified: true - shodan-query: title="Decision Center | Business Console" + shodan-query: "title=\"Decision Center | Business Console\"" + max-request: 1 tags: ibm,default-login,decision-center http: diff --git a/http/default-logins/ibm/ibm-dcec-default-login.yaml b/http/default-logins/ibm/ibm-dcec-default-login.yaml index 3bcddb1f7a..367c973b11 100644 --- a/http/default-logins/ibm/ibm-dcec-default-login.yaml +++ b/http/default-logins/ibm/ibm-dcec-default-login.yaml @@ -8,7 +8,8 @@ info: - https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise metadata: verified: true - shodan-query: html="Decision Center Enterprise console" + shodan-query: "html=\"Decision Center Enterprise console\"" + max-request: 1 tags: ibm,default-login,decision-center http: diff --git a/http/default-logins/ibm/ibm-dsc-default-login.yaml b/http/default-logins/ibm/ibm-dsc-default-login.yaml index 95d0867fa7..cb6436fa0a 100644 --- a/http/default-logins/ibm/ibm-dsc-default-login.yaml +++ b/http/default-logins/ibm/ibm-dsc-default-login.yaml @@ -8,7 +8,8 @@ info: - https://www.ibm.com/docs/en/odm/8.8.0?topic=center-overview-decision metadata: verified: true - shodan-query: title:"Rule Execution Server" + shodan-query: "title:\"Rule Execution Server\"" + max-request: 1 tags: ibm,default-login,decision-server http: diff --git a/http/default-logins/webmethod/webmethod-integration-default-login.yaml b/http/default-logins/webmethod/webmethod-integration-default-login.yaml index d6acd84eb3..d57169afc1 100644 --- a/http/default-logins/webmethod/webmethod-integration-default-login.yaml +++ b/http/default-logins/webmethod/webmethod-integration-default-login.yaml @@ -7,8 +7,9 @@ info: reference: - https://documentation.softwareag.com/ metadata: + shodan-query: "http.favicon.hash:-234335289" + max-request: 5 verified: true - shodan-query: http.favicon.hash:-234335289 tags: default-login,webmethod flow: http(1) && http(2) diff --git a/http/exposed-panels/cisco-unity-panel.yaml b/http/exposed-panels/cisco-unity-panel.yaml index 1788a500c1..13ac8a124a 100644 --- a/http/exposed-panels/cisco-unity-panel.yaml +++ b/http/exposed-panels/cisco-unity-panel.yaml @@ -7,9 +7,9 @@ info: description: | A Cisco Unity Connection instance was detected. metadata: - max-request: 1 + shodan-query: "html:\"Cisco Unity Connection\"" + max-request: 2 verified: true - shodan-query: html:"Cisco Unity Connection" tags: panel,cisco,unity,login,detect http: diff --git a/http/exposed-panels/dockge-panel.yaml b/http/exposed-panels/dockge-panel.yaml index eb76452443..1e16d12c49 100644 --- a/http/exposed-panels/dockge-panel.yaml +++ b/http/exposed-panels/dockge-panel.yaml @@ -1,20 +1,19 @@ id: dockge-panel -info: - name: Dockge Panel - Detect - author: rxerium - severity: info - description: | - A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager - reference: - - https://github.com/louislam/dockge - - https://dockge.kuma.pet/ - metadata: - verified: true - max-request: 2 - shodan-query: title:"Dockge" - tags: panel,dockge,login - +info: + name: Dockge Panel - Detect + author: rxerium + severity: info + description: | + A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager + reference: + - https://github.com/louislam/dockge + - https://dockge.kuma.pet/ + metadata: + verified: true + max-request: 1 + shodan-query: "title:\"Dockge\"" + tags: panel,dockge,login http: - method: GET path: diff --git a/http/exposed-panels/easyjob-panel.yaml b/http/exposed-panels/easyjob-panel.yaml index f9fad5ddc6..24d7a8c68f 100644 --- a/http/exposed-panels/easyjob-panel.yaml +++ b/http/exposed-panels/easyjob-panel.yaml @@ -5,12 +5,13 @@ info: author: righettod severity: info description: | - EasyJOB login panel was detected. + EasyJOB login panel was detected. reference: - https://www.en.because-software.com/software/easyjob/ metadata: verified: true - shodan-query: http.title:"Log in - easyJOB" + shodan-query: "http.title:\"Log in - easyJOB\"" + max-request: 1 tags: panel,easyjob,login http: diff --git a/http/exposed-panels/goanywhere-mft-login.yaml b/http/exposed-panels/goanywhere-mft-login.yaml index 561ddc30c7..a55385306d 100644 --- a/http/exposed-panels/goanywhere-mft-login.yaml +++ b/http/exposed-panels/goanywhere-mft-login.yaml @@ -7,12 +7,11 @@ info: description: GoAnywhere Managed File Transfer login panel was detected. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0 cwe-id: CWE-200 metadata: + shodan-query: "http.html:\"GoAnywhere Managed File Transfer\"" verified: true - max-request: 1 - shodan-query: http.html:"GoAnywhere Managed File Transfer" + max-request: 2 tags: panel,goanywhere,login,filetransfer http: diff --git a/http/exposed-panels/gotify-panel.yaml b/http/exposed-panels/gotify-panel.yaml index c8d924b523..03bc912a7e 100644 --- a/http/exposed-panels/gotify-panel.yaml +++ b/http/exposed-panels/gotify-panel.yaml @@ -11,7 +11,8 @@ info: vendor: gotify product: server verified: true - shodan-query: http.title:"Gotify" + shodan-query: "http.title:\"Gotify\"" + max-request: 1 tags: panel,gotify,login,detect http: diff --git a/http/exposed-panels/grails-database-admin-console.yaml b/http/exposed-panels/grails-database-admin-console.yaml index 65e4953802..614965f760 100644 --- a/http/exposed-panels/grails-database-admin-console.yaml +++ b/http/exposed-panels/grails-database-admin-console.yaml @@ -13,9 +13,9 @@ info: cvss-score: 5.3 cwe-id: CWE-200 metadata: + max-request: 2 vendor: grails product: grails - max-request: 2 tags: grails,panel http: diff --git a/http/exposed-panels/haivision-gateway-panel.yaml b/http/exposed-panels/haivision-gateway-panel.yaml index 4041d39a75..77ae521b02 100644 --- a/http/exposed-panels/haivision-gateway-panel.yaml +++ b/http/exposed-panels/haivision-gateway-panel.yaml @@ -9,7 +9,8 @@ info: - https://www.haivision.com/ metadata: verified: true - shodan-query: http.title:"Haivision Gateway" + shodan-query: "http.title:\"Haivision Gateway\"" + max-request: 1 tags: panel,haivision,login,detect http: diff --git a/http/exposed-panels/haivision-media-platform-panel.yaml b/http/exposed-panels/haivision-media-platform-panel.yaml index 5b6bcfb7fa..bb7d9e7152 100644 --- a/http/exposed-panels/haivision-media-platform-panel.yaml +++ b/http/exposed-panels/haivision-media-platform-panel.yaml @@ -1,17 +1,17 @@ id: haivision-media-platform-panel -info: - name: Haivision Media Platform Login Panel - Detect - author: righettod - severity: info - description: Haivision Media Platform login panel was detected. - reference: - - https://www.haivision.com/ - metadata: - verified: true - shodan-query: http.title:"Haivision Media Platform" - tags: panel,haivision,login,detect - +info: + name: Haivision Media Platform Login Panel - Detect + author: righettod + severity: info + description: Haivision Media Platform login panel was detected. + reference: + - https://www.haivision.com/ + metadata: + verified: true + shodan-query: "http.title:\"Haivision Media Platform\"" + max-request: 1 + tags: panel,haivision,login,detect http: - method: GET path: diff --git a/http/exposed-panels/ibm/ibm-dcec-panel.yaml b/http/exposed-panels/ibm/ibm-dcec-panel.yaml index fa503a0749..f2f95b4be0 100644 --- a/http/exposed-panels/ibm/ibm-dcec-panel.yaml +++ b/http/exposed-panels/ibm/ibm-dcec-panel.yaml @@ -10,7 +10,8 @@ info: - https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise metadata: verified: true - shodan-query: html:"Decision Center Enterprise console" + shodan-query: "html:\"Decision Center Enterprise console\"" + max-request: 1 tags: panel,ibm,login,detect,decision-center http: diff --git a/http/exposed-panels/ibm/ibm-decision-server-console.yaml b/http/exposed-panels/ibm/ibm-decision-server-console.yaml index bf8f8d54b2..46e8153f61 100644 --- a/http/exposed-panels/ibm/ibm-decision-server-console.yaml +++ b/http/exposed-panels/ibm/ibm-decision-server-console.yaml @@ -10,7 +10,8 @@ info: - https://www.ibm.com/docs/en/odm/8.12.0?topic=overview-introducing-rule-execution-server metadata: verified: true - shodan-query: title:"Rule Execution Server" + shodan-query: "title:\"Rule Execution Server\"" + max-request: 1 tags: panel,ibm,login,detect,decision-server http: diff --git a/http/exposed-panels/ibm/ibm-odm-panel.yaml b/http/exposed-panels/ibm/ibm-odm-panel.yaml index 68c16b638b..b498718327 100644 --- a/http/exposed-panels/ibm/ibm-odm-panel.yaml +++ b/http/exposed-panels/ibm/ibm-odm-panel.yaml @@ -10,7 +10,8 @@ info: - https://www.ibm.com/docs/en/odm/8.12.0 metadata: verified: true - fofa-query: title="Decision Center | Business Console" + fofa-query: "title=\"Decision Center | Business Console\"" + max-request: 1 tags: panel,ibm,login,detect,decision-center http: diff --git a/http/exposed-panels/ivanti-connect-secure-panel.yaml b/http/exposed-panels/ivanti-connect-secure-panel.yaml index 5b750d8d3e..0ec033a4a3 100644 --- a/http/exposed-panels/ivanti-connect-secure-panel.yaml +++ b/http/exposed-panels/ivanti-connect-secure-panel.yaml @@ -10,10 +10,10 @@ info: - https://www.ivanti.com/products/connect-secure-vpn metadata: vendor: ivanti - product: connect_secure + product: "connect_secure" verified: true - max-request: 1 - shodan-query: title:"Ivanti Connect Secure" + max-request: 2 + shodan-query: "title:\"Ivanti Connect Secure\"" tags: panel,connectsecure,login http: diff --git a/http/exposed-panels/juniper-panel.yaml b/http/exposed-panels/juniper-panel.yaml index 36d31beb1b..4d9945eae6 100644 --- a/http/exposed-panels/juniper-panel.yaml +++ b/http/exposed-panels/juniper-panel.yaml @@ -10,12 +10,11 @@ info: - https://www.juniper.net/documentation/us/en/software/jweb-ex/jweb-ex-application-package/topics/concept/ex-series-j-web-interface-overview.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0.0 cwe-id: CWE-200 metadata: - max-request: 2 + max-request: 1 verified: true - shodan-query: http.title:"Juniper Web Device Manager" + shodan-query: "http.title:\"Juniper Web Device Manager\"" tags: panel,juniper,vpn,login http: diff --git a/http/exposed-panels/kafka-topics-ui.yaml b/http/exposed-panels/kafka-topics-ui.yaml index 56ce71df34..702ce9de46 100644 --- a/http/exposed-panels/kafka-topics-ui.yaml +++ b/http/exposed-panels/kafka-topics-ui.yaml @@ -10,13 +10,12 @@ info: - https://github.com/provectus/kafka-ui classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0 cwe-id: CWE-200 metadata: vendor: provectus product: ui platform: kafka - max-request: 1 + max-request: 2 tags: panel,kafka,apache,detect http: diff --git a/http/exposed-panels/kopano-webapp-panel.yaml b/http/exposed-panels/kopano-webapp-panel.yaml index e58a9bbe85..7f77aaba6c 100644 --- a/http/exposed-panels/kopano-webapp-panel.yaml +++ b/http/exposed-panels/kopano-webapp-panel.yaml @@ -9,7 +9,8 @@ info: - https://kopano.com/ metadata: verified: true - shodan-query: http.title:"Kopano WebApp" + shodan-query: "http.title:\"Kopano WebApp\"" + max-request: 1 tags: panel,kopano,login,detect http: diff --git a/http/exposed-panels/linshare-panel.yaml b/http/exposed-panels/linshare-panel.yaml index 3a3ab90ec3..80c5744aa0 100644 --- a/http/exposed-panels/linshare-panel.yaml +++ b/http/exposed-panels/linshare-panel.yaml @@ -10,7 +10,8 @@ info: - https://github.com/linagora/linshare metadata: verified: true - shodan-query: http.title:"LinShare" + shodan-query: "http.title:\"LinShare\"" + max-request: 3 tags: panel,linshare,login,detect http: diff --git a/http/exposed-panels/odoo-panel.yaml b/http/exposed-panels/odoo-panel.yaml index cf5c0bba22..257f3c1e1a 100644 --- a/http/exposed-panels/odoo-panel.yaml +++ b/http/exposed-panels/odoo-panel.yaml @@ -8,8 +8,8 @@ info: vendor: odoo product: odoo verified: true - max-request: 1 - shodan-query: title:"Odoo" + max-request: 2 + shodan-query: "title:\"Odoo\"" tags: login,panel,odoo http: diff --git a/http/exposed-panels/passbolt-panel.yaml b/http/exposed-panels/passbolt-panel.yaml index 642da8d5b3..b0ca3b9dcc 100644 --- a/http/exposed-panels/passbolt-panel.yaml +++ b/http/exposed-panels/passbolt-panel.yaml @@ -1,18 +1,18 @@ id: passbolt-panel -info: - name: Passbolt Login Panel - author: righettod - severity: info - description: | - Passbolt login panel was detected. - reference: - - https://www.passbolt.com/ - metadata: - verified: true - shodan-query: http.title:"Passbolt | Open source password manager for teams" - tags: panel,passbolt,login - +info: + name: Passbolt Login Panel + author: righettod + severity: info + description: | + Passbolt login panel was detected. + reference: + - https://www.passbolt.com/ + metadata: + verified: true + shodan-query: "http.title:\"Passbolt | Open source password manager for teams\"" + max-request: 1 + tags: panel,passbolt,login http: - method: GET path: diff --git a/http/exposed-panels/phpmyadmin-panel.yaml b/http/exposed-panels/phpmyadmin-panel.yaml index 03199700ee..be78a1ebfd 100644 --- a/http/exposed-panels/phpmyadmin-panel.yaml +++ b/http/exposed-panels/phpmyadmin-panel.yaml @@ -7,13 +7,12 @@ info: description: phpMyAdmin panel was detected. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0 cwe-id: CWE-200 metadata: + shodan-query: "http.title:phpMyAdmin" vendor: phpmyadmin product: phpmyadmin - max-request: 12 - shodan-query: http.title:phpMyAdmin + max-request: 13 tags: panel,phpmyadmin http: diff --git a/http/exposed-panels/proofpoint-protection-server-panel.yaml b/http/exposed-panels/proofpoint-protection-server-panel.yaml index 3fdfd45912..6ac156127b 100644 --- a/http/exposed-panels/proofpoint-protection-server-panel.yaml +++ b/http/exposed-panels/proofpoint-protection-server-panel.yaml @@ -7,14 +7,13 @@ info: description: Proofpoint Protection Server panel was detected. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0 cwe-id: CWE-200 metadata: + product: "proofpoint protection server" + shodan-query: "http.favicon.hash:942678640" verified: true - max-request: 1 + max-request: 2 vendor: proofpoint - product: proofpoint protection server - shodan-query: http.favicon.hash:942678640 tags: panel,proofpoint,login,detect http: diff --git a/http/exposed-panels/pulse-secure-version.yaml b/http/exposed-panels/pulse-secure-version.yaml index 604edc5cc1..49f4dc7da7 100644 --- a/http/exposed-panels/pulse-secure-version.yaml +++ b/http/exposed-panels/pulse-secure-version.yaml @@ -5,9 +5,9 @@ info: author: dadevel severity: info metadata: + max-request: 2 vendor: pulsesecure product: pulse_connect_secure - max-request: 2 tags: pulse,panel http: diff --git a/http/exposed-panels/rocketchat-panel.yaml b/http/exposed-panels/rocketchat-panel.yaml index fb8aff89e8..28a3cde2c2 100644 --- a/http/exposed-panels/rocketchat-panel.yaml +++ b/http/exposed-panels/rocketchat-panel.yaml @@ -9,7 +9,8 @@ info: - https://www.rocket.chat/ metadata: verified: true - shodan-query: http.title:"Rocket.Chat" + shodan-query: "http.title:\"Rocket.Chat\"" + max-request: 1 tags: panel,rocketchat,login,detect http: diff --git a/http/exposed-panels/sentry-panel.yaml b/http/exposed-panels/sentry-panel.yaml index d61b76a3bf..1d5ab6efde 100644 --- a/http/exposed-panels/sentry-panel.yaml +++ b/http/exposed-panels/sentry-panel.yaml @@ -5,14 +5,15 @@ info: author: righettod severity: info description: | - Sentry login panel was detected. + Sentry login panel was detected. reference: - https://sentry.io/ metadata: vendor: sentry product: sentry verified: true - shodan-query: http.title:"Login | Sentry" + shodan-query: "http.title:\"Login | Sentry\"" + max-request: 1 tags: panel,sentry,login http: diff --git a/http/exposed-panels/truenas-scale-panel.yaml b/http/exposed-panels/truenas-scale-panel.yaml index 4a2b80f35a..28fa201c67 100644 --- a/http/exposed-panels/truenas-scale-panel.yaml +++ b/http/exposed-panels/truenas-scale-panel.yaml @@ -9,10 +9,10 @@ info: reference: - https://www.truenas.com metadata: - vendor: ixsystems - product: truenas verified: true max-request: 1 + vendor: ixsystems + product: truenas shodan-query: html:"TrueNAS" tags: login,panel,truenas diff --git a/http/exposed-panels/vistaweb-panel.yaml b/http/exposed-panels/vistaweb-panel.yaml index 5fd82c8ce0..efb239222a 100644 --- a/http/exposed-panels/vistaweb-panel.yaml +++ b/http/exposed-panels/vistaweb-panel.yaml @@ -5,11 +5,12 @@ info: author: righettod severity: info description: | - Vista Web login panel was detected. + Vista Web login panel was detected. reference: - https://resa.aero/solutions-operations-facturation/vista-web/ metadata: verified: true + max-request: 1 tags: panel,vistaweb,login http: diff --git a/http/exposures/apis/swagger-api.yaml b/http/exposures/apis/swagger-api.yaml index 8041c14666..4453d4cd75 100644 --- a/http/exposures/apis/swagger-api.yaml +++ b/http/exposures/apis/swagger-api.yaml @@ -10,9 +10,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 metadata: + max-request: 59 + shodan-query: "http.title:\"swagger\"" verified: true - max-request: 57 - shodan-query: http.title:"swagger" tags: exposure,api,swagger http: diff --git a/http/exposures/backups/zip-backup-files.yaml b/http/exposures/backups/zip-backup-files.yaml index 88ccda406c..3a757636e0 100644 --- a/http/exposures/backups/zip-backup-files.yaml +++ b/http/exposures/backups/zip-backup-files.yaml @@ -10,7 +10,7 @@ info: cvss-score: 5.3 cwe-id: CWE-200 metadata: - max-request: 1440 + max-request: 1305 tags: exposure,backup http: diff --git a/http/exposures/configs/awstats-script.yaml b/http/exposures/configs/awstats-script.yaml index d7bac55b85..c256e2732f 100644 --- a/http/exposures/configs/awstats-script.yaml +++ b/http/exposures/configs/awstats-script.yaml @@ -8,10 +8,9 @@ info: reference: https://www.awstats.org/docs/awstats_setup.html classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - cvss-score: 0 cwe-id: CWE-200 metadata: - max-request: 3 + max-request: 4 tags: config,exposure,awstats http: diff --git a/http/exposures/logs/roundcube-log-disclosure.yaml b/http/exposures/logs/roundcube-log-disclosure.yaml index 55984b5e93..6a9d83eab7 100644 --- a/http/exposures/logs/roundcube-log-disclosure.yaml +++ b/http/exposures/logs/roundcube-log-disclosure.yaml @@ -8,7 +8,7 @@ info: reference: - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/roundcube-log-disclosure.json metadata: - max-request: 12 + max-request: 16 tags: exposure,logs http: diff --git a/http/fuzzing/wordpress-plugins-detect.yaml b/http/fuzzing/wordpress-plugins-detect.yaml index d1ec1d56e9..33438e38c2 100644 --- a/http/fuzzing/wordpress-plugins-detect.yaml +++ b/http/fuzzing/wordpress-plugins-detect.yaml @@ -5,7 +5,7 @@ info: author: 0xcrypto severity: info metadata: - max-request: 98135 + max-request: 100563 tags: fuzzing,bruteforce,wordpress http: diff --git a/http/technologies/google/chromecast-detect.yaml b/http/technologies/google/chromecast-detect.yaml index 2ae52c58c5..ae32a59cdd 100644 --- a/http/technologies/google/chromecast-detect.yaml +++ b/http/technologies/google/chromecast-detect.yaml @@ -10,8 +10,9 @@ info: - https://github.com/thewhiteh4t/killcast/blob/ee81cfa03c963d47d3335770fcea2ca48bddeabf/killcast.py#L100C25-L100C43 - https://rithvikvibhu.github.io/GHLocalApi/#section/Google-Home-Local-API/Authentication metadata: - shodan-query: "Chromecast" verified: true + max-request: 1 + shodan-query: Chromecast tags: google,chromecast,detect http: diff --git a/http/technologies/ibm/ibm-odm-detect.yaml b/http/technologies/ibm/ibm-odm-detect.yaml index 168fe828b4..34414fb129 100644 --- a/http/technologies/ibm/ibm-odm-detect.yaml +++ b/http/technologies/ibm/ibm-odm-detect.yaml @@ -10,7 +10,8 @@ info: - https://www.ibm.com/products/operational-decision-manager metadata: verified: true - fofa-query: icon_hash="707491698" + fofa-query: "icon_hash=\"707491698\"" + max-request: 1 tags: ibm,decision-center,tech,detect http: diff --git a/http/technologies/lucee-detect.yaml b/http/technologies/lucee-detect.yaml index 85169c3cbb..761c3155ee 100644 --- a/http/technologies/lucee-detect.yaml +++ b/http/technologies/lucee-detect.yaml @@ -6,9 +6,9 @@ info: severity: info description: Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development -- https://github.com/lucee/Lucee/ metadata: - max-request: 1 - shodan-query: html:"Lucee" - fofa-query: app="Lucee-Engine" + max-request: 2 + shodan-query: "html:\"Lucee\"" + fofa-query: "app=\"Lucee-Engine\"" tags: tech,lucee http: diff --git a/http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml b/http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml index 8e5c9ac6cb..bc1b31f69b 100644 --- a/http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml +++ b/http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml @@ -7,9 +7,9 @@ info: reference: - https://github.com/wy876/POC/blob/main/%E5%A4%A7%E5%8D%8E%E6%99%BA%E6%85%A7%E5%9B%AD%E5%8C%BA%E7%BB%BC%E5%90%88%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0bitmap%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md metadata: - max-request: 1 - fofa-query: app="dahua-智慧园区综合管理平台" + fofa-query: "app=\"dahua-智慧园区综合管理平台\"" verified: true + max-request: 2 tags: dahua,file-upload,rce,intrusive variables: diff --git a/http/vulnerabilities/generic/xss-fuzz.yaml b/http/vulnerabilities/generic/xss-fuzz.yaml index e7c4572f47..1b8adae233 100644 --- a/http/vulnerabilities/generic/xss-fuzz.yaml +++ b/http/vulnerabilities/generic/xss-fuzz.yaml @@ -10,8 +10,8 @@ info: cvss-score: 7.2 cwe-id: CWE-79 metadata: - max-request: 3 - parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year + max-request: 29 + parameters: "q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year" tags: xss,generic,fuzz http: diff --git a/http/vulnerabilities/other/bitrix-open-redirect.yaml b/http/vulnerabilities/other/bitrix-open-redirect.yaml index 1486d2483e..0f991fb034 100644 --- a/http/vulnerabilities/other/bitrix-open-redirect.yaml +++ b/http/vulnerabilities/other/bitrix-open-redirect.yaml @@ -12,8 +12,8 @@ info: cvss-score: 6.1 cwe-id: CWE-601 metadata: - max-request: 12 - shodan-query: html:"/bitrix/" + max-request: 14 + shodan-query: "html:\"/bitrix/\"" tags: redirect,bitrix,packetstorm http: diff --git a/http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml b/http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml index f2b7597135..6d829c1a3b 100644 --- a/http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml +++ b/http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml @@ -8,7 +8,7 @@ info: - https://github.com/OWASP/vbscan - https://blog.sucuri.net/2017/01/vbulletin-malware-hackers-compete-backdoor-control.html metadata: - max-request: 31 + max-request: 21 tags: backdoor,php,vbulletin,rce flow: http(1) && http(2) diff --git a/javascript/cves/2016/CVE-2016-8706.yaml b/javascript/cves/2016/CVE-2016-8706.yaml index 03f4bfaed8..2cb8445319 100644 --- a/javascript/cves/2016/CVE-2016-8706.yaml +++ b/javascript/cves/2016/CVE-2016-8706.yaml @@ -17,8 +17,8 @@ info: cvss-score: 8.1 cve-id: CVE-2016-8706 cwe-id: CWE-190 - epss-score: 0.91612 - epss-percentile: 0.98696 + epss-score: 0.89998 + epss-percentile: 0.987 cpe: cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/javascript/cves/2023/CVE-2023-34039.yaml b/javascript/cves/2023/CVE-2023-34039.yaml index a35db348bb..5cddcb03d9 100644 --- a/javascript/cves/2023/CVE-2023-34039.yaml +++ b/javascript/cves/2023/CVE-2023-34039.yaml @@ -22,8 +22,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-34039 cwe-id: CWE-327 - epss-score: 0.89263 - epss-percentile: 0.98515 + epss-score: 0.88996 + epss-percentile: 0.98637 cpe: cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/javascript/cves/2023/CVE-2023-46604.yaml b/javascript/cves/2023/CVE-2023-46604.yaml index 49f906a3ee..417cebc0d1 100644 --- a/javascript/cves/2023/CVE-2023-46604.yaml +++ b/javascript/cves/2023/CVE-2023-46604.yaml @@ -18,8 +18,8 @@ info: cvss-score: 9.8 cve-id: CVE-2023-46604 cwe-id: CWE-502 - epss-score: 0.97147 - epss-percentile: 0.99762 + epss-score: 0.97273 + epss-percentile: 0.99837 cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/javascript/cves/2024/CVE-2024-23897.yaml b/javascript/cves/2024/CVE-2024-23897.yaml index b91967e368..8dfdef19eb 100644 --- a/javascript/cves/2024/CVE-2024-23897.yaml +++ b/javascript/cves/2024/CVE-2024-23897.yaml @@ -3,7 +3,7 @@ id: CVE-2024-23897 info: name: Jenkins < 2.441 - Arbitrary File Read author: iamnoooob,rootxharsh,pdresearch - severity: critical + severity: high description: | Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. reference: @@ -12,6 +12,13 @@ info: - https://github.com/Mr-xn/Penetration_Testing_POC - https://github.com/forsaken0127/CVE-2024-23897 - https://github.com/nomi-sec/PoC-in-GitHub + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2024-23897 + epss-score: 0.41536 + epss-percentile: 0.97188 + cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:* metadata: verified: true max-request: 1 diff --git a/network/cves/2016/CVE-2016-2004.yaml b/network/cves/2016/CVE-2016-2004.yaml index 021aa4c78c..1d82d804ab 100644 --- a/network/cves/2016/CVE-2016-2004.yaml +++ b/network/cves/2016/CVE-2016-2004.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2016-2004 cwe-id: CWE-306 - epss-score: 0.09306 - epss-percentile: 0.94149 + epss-score: 0.12552 + epss-percentile: 0.95291 cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/network/cves/2016/CVE-2016-3510.yaml b/network/cves/2016/CVE-2016-3510.yaml index 970e2f22ff..874ab88a5c 100644 --- a/network/cves/2016/CVE-2016-3510.yaml +++ b/network/cves/2016/CVE-2016-3510.yaml @@ -20,7 +20,7 @@ info: cve-id: CVE-2016-3510 cwe-id: CWE-119 epss-score: 0.04254 - epss-percentile: 0.914 + epss-percentile: 0.92018 cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: verified: true diff --git a/network/cves/2017/CVE-2017-3881.yaml b/network/cves/2017/CVE-2017-3881.yaml index f544ab30ee..7ef31911bc 100644 --- a/network/cves/2017/CVE-2017-3881.yaml +++ b/network/cves/2017/CVE-2017-3881.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.8 cve-id: CVE-2017-3881 cwe-id: CWE-20 - epss-score: 0.9747 - epss-percentile: 0.99961 + epss-score: 0.9745 + epss-percentile: 0.99948 cpe: cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/network/cves/2017/CVE-2017-5645.yaml b/network/cves/2017/CVE-2017-5645.yaml index 83038a48fe..fa49ab6141 100644 --- a/network/cves/2017/CVE-2017-5645.yaml +++ b/network/cves/2017/CVE-2017-5645.yaml @@ -22,7 +22,7 @@ info: cve-id: CVE-2017-5645 cwe-id: CWE-502 epss-score: 0.81948 - epss-percentile: 0.98126 + epss-percentile: 0.98287 cpe: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/network/cves/2018/CVE-2018-2628.yaml b/network/cves/2018/CVE-2018-2628.yaml index 975459cf5c..0b6d0596dc 100644 --- a/network/cves/2018/CVE-2018-2628.yaml +++ b/network/cves/2018/CVE-2018-2628.yaml @@ -21,7 +21,7 @@ info: cve-id: CVE-2018-2628 cwe-id: CWE-502 epss-score: 0.97523 - epss-percentile: 0.99988 + epss-percentile: 0.99987 cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 1 diff --git a/network/cves/2018/CVE-2018-2893.yaml b/network/cves/2018/CVE-2018-2893.yaml index ce70a6cd74..f047737fd0 100644 --- a/network/cves/2018/CVE-2018-2893.yaml +++ b/network/cves/2018/CVE-2018-2893.yaml @@ -20,14 +20,13 @@ info: cvss-score: 9.8 cve-id: CVE-2018-2893 epss-score: 0.97327 - epss-percentile: 0.99866 + epss-percentile: 0.99869 cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:* metadata: max-request: 2 vendor: oracle product: weblogic_server tags: cve,cve2018,weblogic,network,deserialization,rce,oracle - tcp: - inputs: - data: "t3 12.2.1 diff --git a/network/cves/2020/CVE-2020-11981.yaml b/network/cves/2020/CVE-2020-11981.yaml index c24eb72b9c..f628c152d5 100644 --- a/network/cves/2020/CVE-2020-11981.yaml +++ b/network/cves/2020/CVE-2020-11981.yaml @@ -21,7 +21,7 @@ info: cve-id: CVE-2020-11981 cwe-id: CWE-78 epss-score: 0.9386 - epss-percentile: 0.98967 + epss-percentile: 0.99073 cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* metadata: verified: true diff --git a/network/cves/2020/CVE-2020-1938.yaml b/network/cves/2020/CVE-2020-1938.yaml index ebd34ebfea..25036d496e 100644 --- a/network/cves/2020/CVE-2020-1938.yaml +++ b/network/cves/2020/CVE-2020-1938.yaml @@ -19,8 +19,8 @@ info: cvss-score: 9.8 cve-id: CVE-2020-1938 cwe-id: CWE-269 - epss-score: 0.97499 - epss-percentile: 0.99978 + epss-score: 0.97384 + epss-percentile: 0.99902 cpe: cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:* metadata: max-request: 4 @@ -28,7 +28,6 @@ info: product: geode shodan-query: title:"Apache Tomcat" tags: cve,cve2020,kev,tenable,apache,lfi,network,tomcat,ajp - tcp: - host: - "{{Hostname}}" diff --git a/network/cves/2020/CVE-2020-7247.yaml b/network/cves/2020/CVE-2020-7247.yaml index 80b515e057..d23a98a412 100644 --- a/network/cves/2020/CVE-2020-7247.yaml +++ b/network/cves/2020/CVE-2020-7247.yaml @@ -20,15 +20,14 @@ info: cvss-score: 9.8 cve-id: CVE-2020-7247 cwe-id: CWE-755 - epss-score: 0.97504 - epss-percentile: 0.9998 + epss-score: 0.97506 + epss-percentile: 0.99976 cpe: cpe:2.3:a:openbsd:opensmtpd:6.6:*:*:*:*:*:*:* metadata: max-request: 2 vendor: openbsd product: opensmtpd tags: packetstorm,cve,cve2020,smtp,opensmtpd,network,rce,oast,kev - tcp: - host: - "{{Hostname}}" diff --git a/network/cves/2021/CVE-2021-44521.yaml b/network/cves/2021/CVE-2021-44521.yaml index c49229eaba..2d5f0da1b1 100644 --- a/network/cves/2021/CVE-2021-44521.yaml +++ b/network/cves/2021/CVE-2021-44521.yaml @@ -20,8 +20,8 @@ info: cvss-score: 9.1 cve-id: CVE-2021-44521 cwe-id: CWE-732,CWE-94 - epss-score: 0.04449 - epss-percentile: 0.91568 + epss-score: 0.04594 + epss-percentile: 0.92315 cpe: cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:* metadata: max-request: 2 diff --git a/network/cves/2022/CVE-2022-24706.yaml b/network/cves/2022/CVE-2022-24706.yaml index e567a5140b..24275454d1 100644 --- a/network/cves/2022/CVE-2022-24706.yaml +++ b/network/cves/2022/CVE-2022-24706.yaml @@ -21,8 +21,8 @@ info: cvss-score: 9.8 cve-id: CVE-2022-24706 cwe-id: CWE-1188 - epss-score: 0.97372 - epss-percentile: 0.99891 + epss-score: 0.9748 + epss-percentile: 0.99964 cpe: cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:* metadata: verified: "true" @@ -31,7 +31,6 @@ info: product: couchdb shodan-query: product:"CouchDB" tags: cve2022,network,cve,couch,rce,kev,couchdb,apache - variables: name_msg: "00156e00050007499c4141414141414041414141414141" challenge_reply: "00157201020304" diff --git a/network/cves/2022/CVE-2022-31793.yaml b/network/cves/2022/CVE-2022-31793.yaml index 164af895dc..2861081d50 100644 --- a/network/cves/2022/CVE-2022-31793.yaml +++ b/network/cves/2022/CVE-2022-31793.yaml @@ -20,8 +20,8 @@ info: cvss-score: 7.5 cve-id: CVE-2022-31793 cwe-id: CWE-22 - epss-score: 0.2754 - epss-percentile: 0.96365 + epss-score: 0.25241 + epss-percentile: 0.96539 cpe: cpe:2.3:a:inglorion:muhttpd:*:*:*:*:*:*:*:* metadata: verified: true