TemplateMan Update [Mon Mar 4 08:20:22 UTC 2024] 🤖

2024-03-04 08:20:22 +00:00 · 2024-03-04 08:20:22 +00:00 · c7b50b2af4
parent a72c5ac5e7
commit c7b50b2af4
104 changed files with 296 additions and 234 deletions
--- a/code/cves/2019/CVE-2019-14287.yaml
+++ b/code/cves/2019/CVE-2019-14287.yaml
@ -9,11 +9,22 @@ info:
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
    - https://www.exploit-db.com/exploits/47502
    - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
    - http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
    - http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2019-14287
    cwe-id: CWE-755
    epss-score: 0.34299
    epss-percentile: 0.96958
    cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
-    vendor: canonical
+    vendor: sudo_project
-    product: ubuntu_linux
+    product: sudo
  tags: cve,cve2019,sudo,code,linux,privesc,local,canonical
 self-contained: true
--- a/code/cves/2021/CVE-2021-3156.yaml
+++ b/code/cves/2021/CVE-2021-3156.yaml
@ -10,8 +10,20 @@ info:
    - https://medium.com/mii-cybersec/privilege-escalation-cve-2021-3156-new-sudo-vulnerability-4f9e84a9f435
    - https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
    - https://infosecwriteups.com/baron-samedit-cve-2021-3156-tryhackme-76d7dedc3cff
    - http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
    - http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.8
    cve-id: CVE-2021-3156
    cwe-id: CWE-193
    epss-score: 0.97085
    epss-percentile: 0.99752
    cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    vendor: sudo_project
    product: sudo
  tags: cve,cve2021,sudo,code,linux,privesc,local,kev
 self-contained: true
--- a/code/cves/2023/CVE-2023-2640.yaml
+++ b/code/cves/2023/CVE-2023-2640.yaml
@ -21,8 +21,8 @@ info:
    cvss-score: 7.8
    cve-id: CVE-2023-2640
    cwe-id: CWE-863
-    epss-score: 0.00047
+    epss-score: 0.00174
-    epss-percentile: 0.14754
+    epss-percentile: 0.53697
    cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
  metadata:
    verified: true
--- a/code/cves/2023/CVE-2023-4911.yaml
+++ b/code/cves/2023/CVE-2023-4911.yaml
@ -10,16 +10,21 @@ info:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-4911
    - https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
    - https://www.youtube.com/watch?v=1iV-CD9Apn8
    - http://www.openwall.com/lists/oss-security/2023/10/05/1
    - http://www.openwall.com/lists/oss-security/2023/10/13/11
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.8
    cve-id: CVE-2023-4911
-    cwe-id: CWE-787
+    cwe-id: CWE-787,CWE-122
-    cpe: cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
+    epss-score: 0.0171
    epss-percentile: 0.87439
    cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
-    vendor: glibc
+    vendor: gnu
-  tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local
+    product: glibc
  tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
 self-contained: true
 code:
--- a/code/cves/2023/CVE-2023-6246.yaml
+++ b/code/cves/2023/CVE-2023-6246.yaml
@ -9,15 +9,21 @@ info:
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6246
    - https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
    - https://access.redhat.com/security/cve/CVE-2023-6246
    - https://bugzilla.redhat.com/show_bug.cgi?id=2249053
    - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
  classification:
    cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.8
    cve-id: CVE-2023-6246
-    cwe-id: CWE-787
+    cwe-id: CWE-787,CWE-122
    epss-score: 0.00383
    epss-percentile: 0.72435
    cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
-    vendor: glibc
+    vendor: gnu
    product: glibc
  tags: cve,cve2023,code,glibc,linux,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-choom.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-choom.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://gtfobins.github.io/gtfobins/choom/
  metadata:
    max-request: 3
    verified: true
    max-request: 3
  tags: code,linux,choom,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-find.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-find.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://gtfobins.github.io/gtfobins/find/
  metadata:
    max-request: 3
    verified: true
    max-request: 3
  tags: code,linux,find,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-lua.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-lua.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://gtfobins.github.io/gtfobins/lua/
  metadata:
    max-request: 3
    verified: true
    max-request: 3
  tags: code,linux,lua,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-mysql.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-mysql.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://gtfobins.github.io/gtfobins/mysql/
  metadata:
    max-request: 3
    verified: true
    max-request: 3
  tags: code,linux,mysql,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-node.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-node.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://gtfobins.github.io/gtfobins/node/
  metadata:
    max-request: 4
    verified: true
    max-request: 4
  tags: code,linux,node,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-rc.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-rc.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://gtfobins.github.io/gtfobins/rc/
  metadata:
    max-request: 3
    verified: true
    max-request: 3
  tags: code,linux,rc,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-run-parts.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-run-parts.yaml
@ -8,8 +8,8 @@ info:
    The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
  reference: https://gtfobins.github.io/gtfobins/run-parts/
  metadata:
    max-request: 3
    verified: true
    max-request: 3
  tags: code,linux,run-parts,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-strace.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-strace.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://gtfobins.github.io/gtfobins/strace/
  metadata:
    max-request: 3
    verified: true
    max-request: 3
  tags: code,linux,strace,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-torify.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-torify.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://gtfobins.github.io/gtfobins/torify/
  metadata:
    max-request: 3
    verified: true
    max-request: 3
  tags: code,linux,torify,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-view.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-view.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://gtfobins.github.io/gtfobins/view/
  metadata:
    max-request: 3
    verified: true
    max-request: 3
  tags: code,linux,view,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/binary/privesc-xargs.yaml
+++ b/code/privilege-escalation/linux/binary/privesc-xargs.yaml
@ -9,8 +9,8 @@ info:
  reference:
    - https://gtfobins.github.io/gtfobins/xargs/
  metadata:
    max-request: 3
    verified: true
    max-request: 3
  tags: code,linux,xargs,privesc,local
 self-contained: true
--- a/code/privilege-escalation/linux/rw-shadow.yaml
+++ b/code/privilege-escalation/linux/rw-shadow.yaml
@ -7,8 +7,8 @@ info:
  reference:
    - https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow
  metadata:
    max-request: 2
    verified: true
    max-request: 2
  tags: code,linux,privesc,local
 self-contained: true
--- a/dns/dns-rebinding.yaml
+++ b/dns/dns-rebinding.yaml
@ -10,6 +10,8 @@ info:
    - https://capec.mitre.org/data/definitions/275.html
    - https://payatu.com/blog/dns-rebinding/
    - https://heimdalsecurity.com/blog/dns-rebinding/
  metadata:
    max-request: 2
  tags: redirect,dns,network
 dns:
--- a/headless/cves/2018/CVE-2018-25031.yaml
+++ b/headless/cves/2018/CVE-2018-25031.yaml
@ -20,7 +20,7 @@ info:
    cve-id: CVE-2018-25031
    cwe-id: CWE-20
    epss-score: 0.00265
-    epss-percentile: 0.64105
+    epss-percentile: 0.65414
    cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
  metadata:
    verified: true
@ -30,7 +30,6 @@ info:
    shodan-query: http.component:"Swagger"
    fofa-query: icon_hash="-1180440057"
  tags: headless,cve,cve2018,swagger,xss,smartbear
 headless:
  - steps:
      - args:
--- a/http/cves/2014/CVE-2014-6271.yaml
+++ b/http/cves/2014/CVE-2014-6271.yaml
@ -20,8 +20,8 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2014-6271
    cwe-id: CWE-78
-    epss-score: 0.97564
+    epss-score: 0.97559
-    epss-percentile: 0.99999
+    epss-percentile: 0.99997
    cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
  metadata:
    max-request: 8
--- a/http/cves/2014/CVE-2014-8799.yaml
+++ b/http/cves/2014/CVE-2014-8799.yaml
@ -21,7 +21,7 @@ info:
    cve-id: CVE-2014-8799
    cwe-id: CWE-22
    epss-score: 0.17844
-    epss-percentile: 0.95686
+    epss-percentile: 0.96002
    cpe: cpe:2.3:a:dukapress:dukapress:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
--- a/http/cves/2018/CVE-2018-17431.yaml
+++ b/http/cves/2018/CVE-2018-17431.yaml
@ -20,8 +20,8 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2018-17431
    cwe-id: CWE-287
-    epss-score: 0.11315
+    epss-score: 0.11416
-    epss-percentile: 0.94677
+    epss-percentile: 0.95073
    cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
--- a/http/cves/2018/CVE-2018-20463.yaml
+++ b/http/cves/2018/CVE-2018-20463.yaml
@ -15,13 +15,14 @@ info:
    - https://wordpress.org/plugins/jsmol2wp/
    - https://github.com/sullo/advisory-archives/blob/master/wordpress-jsmol2wp-CVE-2018-20463-CVE-2018-20462.txt
    - https://nvd.nist.gov/vuln/detail/CVE-2018-20463
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2018-20463
    cwe-id: CWE-22
    epss-score: 0.01939
-    epss-percentile: 0.87393
+    epss-percentile: 0.88289
    cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
--- a/http/cves/2020/CVE-2020-24223.yaml
+++ b/http/cves/2020/CVE-2020-24223.yaml
@ -20,8 +20,8 @@ info:
    cvss-score: 6.1
    cve-id: CVE-2020-24223
    cwe-id: CWE-79
-    epss-score: 0.00976
+    epss-score: 0.0069
-    epss-percentile: 0.81758
+    epss-percentile: 0.79602
    cpe: cpe:2.3:a:mara_cms_project:mara_cms:7.5:*:*:*:*:*:*:*
  metadata:
    max-request: 1
--- a/http/cves/2021/CVE-2021-21805.yaml
+++ b/http/cves/2021/CVE-2021-21805.yaml
@ -14,13 +14,15 @@ info:
    - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1274
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21805
    - https://nvd.nist.gov/vuln/detail/CVE-2021-21805
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-21805
    cwe-id: CWE-78
    epss-score: 0.97374
-    epss-percentile: 0.99892
+    epss-percentile: 0.99895
    cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:*
  metadata:
    verified: true
--- a/http/cves/2021/CVE-2021-22873.yaml
+++ b/http/cves/2021/CVE-2021-22873.yaml
@ -21,7 +21,7 @@ info:
    cve-id: CVE-2021-22873
    cwe-id: CWE-601
    epss-score: 0.00922
-    epss-percentile: 0.81209
+    epss-percentile: 0.82474
    cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
  metadata:
    verified: true
--- a/http/cves/2021/CVE-2021-24849.yaml
+++ b/http/cves/2021/CVE-2021-24849.yaml
@ -6,26 +6,26 @@ info:
  severity: critical
  description: |
    The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections.
  remediation: Fixed in 3.4.12
  reference:
    - https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24849
    - https://wordpress.org/plugins/wc-multivendor-marketplace/
  remediation: Fixed in 3.4.12
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-24849
    cwe-id: CWE-89
    cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
    epss-score: 0.00199
    epss-percentile: 0.56492
    cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
  metadata:
-    verified: true
+    product: "frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible"
    max-request: 1
    vendor: wclovers
    product: frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible
    framework: wordpress
    publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace"
    verified: true
    max-request: 3
    vendor: wclovers
  tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,wpscan,sqli
 flow: http(1) && http(2)
--- a/http/cves/2021/CVE-2021-40651.yaml
+++ b/http/cves/2021/CVE-2021-40651.yaml
@ -18,8 +18,8 @@ info:
    cwe-id: CWE-22
    cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:*
  metadata:
-    max-request: 1
+    shodan-query: "title:\"openSIS\""
-    shodan-query: title:"openSIS"
+    max-request: 2
  tags: cve,cve2021,lfi,os4ed,opensis,authenticated
 http:
--- a/http/cves/2022/CVE-2022-0776.yaml
+++ b/http/cves/2022/CVE-2022-0776.yaml
@ -21,7 +21,7 @@ info:
    cve-id: CVE-2022-0776
    cwe-id: CWE-79
    epss-score: 0.001
-    epss-percentile: 0.40832
+    epss-percentile: 0.40075
    cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
  metadata:
    vendor: revealjs
--- a/http/cves/2022/CVE-2022-26263.yaml
+++ b/http/cves/2022/CVE-2022-26263.yaml
@ -22,7 +22,7 @@ info:
    cve-id: CVE-2022-26263
    cwe-id: CWE-79
    epss-score: 0.00147
-    epss-percentile: 0.50638
+    epss-percentile: 0.49633
    cpe: cpe:2.3:a:yonyou:u8\+:13.0:*:*:*:*:*:*:*
  metadata:
    verified: true
--- a/http/cves/2022/CVE-2022-30776.yaml
+++ b/http/cves/2022/CVE-2022-30776.yaml
@ -22,7 +22,7 @@ info:
    cve-id: CVE-2022-30776
    cwe-id: CWE-79
    epss-score: 0.00112
-    epss-percentile: 0.44504
+    epss-percentile: 0.43631
    cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*
  metadata:
    verified: true
--- a/http/cves/2022/CVE-2022-38131.yaml
+++ b/http/cves/2022/CVE-2022-38131.yaml
@ -6,28 +6,29 @@ info:
  severity: medium
  description: |
    RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.
  impact: |
    An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
  remediation: |
    This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
  reference:
    - https://tenable.com/security/research/tra-2022-30
    - https://support.posit.co/hc/en-us/articles/10983374992023-CVE-2022-38131-configuration-issue-in-Posit-Connect
    - https://github.com/JoshuaMart/JoshuaMart
  impact: |
    An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
  remediation: |
    This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-38131
    cwe-id: CWE-601
    cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
    epss-score: 0.0006
    epss-percentile: 0.23591
    cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
  metadata:
    product: connect
    shodan-query: "http.favicon.hash:217119619"
    fofa-query: "app=\"RStudio-Connect\""
    max-request: 1
    verified: true
    vendor: rstudio
    product: connect
    shodan-query: http.favicon.hash:217119619
    fofa-query: app="RStudio-Connect"
  tags: tenable,cve,cve2022,redirect,rstudio
 http:
--- a/http/cves/2022/CVE-2022-4140.yaml
+++ b/http/cves/2022/CVE-2022-4140.yaml
@ -18,8 +18,8 @@ info:
    cvss-score: 7.5
    cve-id: CVE-2022-4140
    cwe-id: CWE-552
-    epss-score: 0.01317
+    epss-score: 0.00932
-    epss-percentile: 0.84504
+    epss-percentile: 0.82572
    cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
--- a/http/cves/2023/CVE-2023-0552.yaml
+++ b/http/cves/2023/CVE-2023-0552.yaml
@ -17,7 +17,7 @@ info:
    cve-id: CVE-2023-0552
    cwe-id: CWE-601
    epss-score: 0.00086
-    epss-percentile: 0.35637
+    epss-percentile: 0.34914
    cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
--- a/http/cves/2023/CVE-2023-26255.yaml
+++ b/http/cves/2023/CVE-2023-26255.yaml
@ -22,7 +22,7 @@ info:
    cve-id: CVE-2023-26255
    cwe-id: CWE-22
    epss-score: 0.15138
-    epss-percentile: 0.95348
+    epss-percentile: 0.95663
    cpe: cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:jira:*:*
  metadata:
    max-request: 1
--- a/http/cves/2023/CVE-2023-28662.yaml
+++ b/http/cves/2023/CVE-2023-28662.yaml
@ -6,28 +6,29 @@ info:
  severity: critical
  description: |
    The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
  remediation: |
    Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
  reference:
    - https://www.tenable.com/security/research/tra-2023-2
    - https://wordpress.org/plugins/gift-voucher/
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/JoshuaMart/JoshuaMart
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
  remediation: |
    Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-28662
    cwe-id: CWE-89
    cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
    epss-score: 0.00076
    epss-percentile: 0.31593
    cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
  metadata:
    vendor: codemenschen
-    product: gift_vouchers
+    product: "gift_vouchers"
    framework: wordpress
-    fofa-query: body="/wp-content/plugins/gift-voucher/"
+    fofa-query: "body=\"/wp-content/plugins/gift-voucher/\""
    max-request: 2
  tags: cve,cve2023,wordpress,wp,wp-plugin,sqli,unauth,gift-voucher
 flow: http(1) && http(2)
--- a/http/cves/2023/CVE-2023-32563.yaml
+++ b/http/cves/2023/CVE-2023-32563.yaml
@ -13,13 +13,14 @@ info:
    - https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939
    - https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
    - https://nvd.nist.gov/vuln/detail/CVE-2023-32563
    - https://github.com/mayur-esh/vuln-liners
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2023-32563
    cwe-id: CWE-22
-    epss-score: 0.43261
+    epss-score: 0.42647
-    epss-percentile: 0.97013
+    epss-percentile: 0.97218
    cpe: cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
--- a/http/cves/2023/CVE-2023-42344.yaml
+++ b/http/cves/2023/CVE-2023-42344.yaml
@ -6,14 +6,14 @@ info:
  severity: high
  description: |
    users can execute code without authentication.  An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
  remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
  reference:
    - https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
    - https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
  remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
  metadata:
-    verified: true
+    max-request: 2
    max-request: 1
    fofa-query: "OpenCms-9.5.3"
    verified: true
  tags: cve,cve2023,xxe,opencms
 http:
--- a/http/cves/2023/CVE-2023-46805.yaml
+++ b/http/cves/2023/CVE-2023-46805.yaml
@ -16,8 +16,9 @@ info:
    cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
  metadata:
    vendor: ivanti
-    product: connect_secure
+    product: "connect_secure"
-    shodan-query: html:"welcome.cgi?p=logo"
+    shodan-query: "html:\"welcome.cgi?p=logo\""
    max-request: 2
  tags: cve,cve2023,kev,auth-bypass,ivanti
 http:
--- a/http/cves/2023/CVE-2023-52085.yaml
+++ b/http/cves/2023/CVE-2023-52085.yaml
@ -14,14 +14,15 @@ info:
    cvss-score: 5.4
    cve-id: CVE-2023-52085
    cwe-id: CWE-22
    cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
    epss-score: 0.00046
    epss-percentile: 0.12483
    cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
  metadata:
    vendor: wintercms
    product: winter
-    shodan-query: title:"Winter CMS"
+    shodan-query: "title:\"Winter CMS\""
-    fofa-query: title="Winter CMS"
+    fofa-query: "title=\"Winter CMS\""
    max-request: 4
  tags: cve,cve2023,authenticated,lfi,wintercms
 http:
--- a/http/cves/2023/CVE-2023-6831.yaml
+++ b/http/cves/2023/CVE-2023-6831.yaml
@ -6,25 +6,26 @@ info:
  severity: high
  description: |
    Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
  remediation: |
    Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6831
    - https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
    - https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
  remediation: |
    Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
    cvss-score: 8.1
    cve-id: CVE-2023-6831
    cwe-id: CWE-22
    epss-score: 0.000460000
    epss-percentile: 0.126930000
    cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
    epss-score: 0.00046
    epss-percentile: 0.12693
  metadata:
    verified: true
    vendor: lfprojects
    product: mlflow
-    shodan-query: http.title:"mlflow"
+    shodan-query: "http.title:\"mlflow\""
    max-request: 2
    verified: true
  tags: cve,cve2023,mlflow,pathtraversal,lfprojects
 http:
--- a/http/cves/2023/CVE-2023-6909.yaml
+++ b/http/cves/2023/CVE-2023-6909.yaml
@ -6,24 +6,25 @@ info:
  severity: critical
  description: |
    Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
  impact: |
    Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
  remediation: |
    To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
  reference:
    - https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-6909
    - https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
  impact: |
    Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
  remediation: |
    To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
    cvss-score: 9.3
    cve-id: CVE-2023-6909
    cwe-id: CWE-29
  metadata:
    max-request: 5
    verified: true
    vendor: lfprojects
    product: mlflow
-    shodan-query: http.title:"mlflow"
+    shodan-query: "http.title:\"mlflow\""
  tags: cve,cve2023,mlflow,lfi
 http:
--- a/http/cves/2024/CVE-2024-0713.yaml
+++ b/http/cves/2024/CVE-2024-0713.yaml
@ -15,14 +15,15 @@ info:
    cvss-score: 8.8
    cve-id: CVE-2024-0713
    cwe-id: CWE-434
    cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
    epss-score: 0.00061
    epss-percentile: 0.2356
    cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
  metadata:
    vendor: monitorr
    product: monitorr
    verified: true
-    fofa-query: icon_hash="-211006074"
+    fofa-query: "icon_hash=\"-211006074\""
    max-request: 2
  tags: cve,cve2024,file-upload,intrusive,monitorr
 variables:
--- a/http/cves/2024/CVE-2024-1021.yaml
+++ b/http/cves/2024/CVE-2024-1021.yaml
@ -6,17 +6,17 @@ info:
  severity: medium
  description: |
    There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.
  reference:
    - https://github.com/getrebuild/rebuild
    - https://nvd.nist.gov/vuln/detail/CVE-2024-1021
  impact: |
    Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources.
  remediation: |
    Apply the latest security patches or updates provided by Rebuild to fix this vulnerability.
  reference:
    - https://github.com/getrebuild/rebuild
    - https://nvd.nist.gov/vuln/detail/CVE-2024-1021
  metadata:
-    max-request: 1
+    max-request: 2
    verified: true
-    fofa-query: icon_hash="871154672"
+    fofa-query: "icon_hash=\"871154672\""
  tags: cve2024,cve,rebuild,ssrf
 http:
--- a/http/cves/2024/CVE-2024-1061.yaml
+++ b/http/cves/2024/CVE-2024-1061.yaml
@ -6,14 +6,14 @@ info:
  severity: high
  description: |
    WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
  remediation: |
    Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
  reference:
    - https://www.tenable.com/security/research/tra-2024-02
    - https://wordpress.org/plugins/html5-video-player
    - https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1061
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
  remediation: |
    Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    cvss-score: 8.6
@ -21,7 +21,8 @@ info:
    cwe-id: CWE-89
  metadata:
    verified: true
-    fofa-query: '"wordpress" && body="html5-video-player"'
+    fofa-query: "\"wordpress\" && body=\"html5-video-player\""
    max-request: 1
  tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player
 http:
--- a/http/cves/2024/CVE-2024-21645.yaml
+++ b/http/cves/2024/CVE-2024-21645.yaml
@ -6,25 +6,26 @@ info:
  severity: medium
  description: |
    A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.
  impact: |
    Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
  reference:
    - https://github.com/advisories/GHSA-ghmw-rwh8-6qmr
    - https://nvd.nist.gov/vuln/detail/CVE-2024-21645
    - https://github.com/fkie-cad/nvd-json-data-feeds
  impact: |
    Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-21645
    cwe-id: CWE-74
    cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
    epss-score: 0.00046
    epss-percentile: 0.13723
    cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    vendor: pyload
    product: pyload
-    shodan-query: title:"pyload"
+    shodan-query: "title:\"pyload\""
    max-request: 2
  tags: cve,cve2024,pyload,authenticated,injection
 variables:
--- a/http/cves/2024/CVE-2024-21893.yaml
+++ b/http/cves/2024/CVE-2024-21893.yaml
@ -18,8 +18,9 @@ info:
    cpe: cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*
  metadata:
    vendor: ivanti
-    product: connect_secure
+    product: "connect_secure"
    shodan-query: "html:\"welcome.cgi?p=logo\""
    max-request: 1
  tags: cve,cve2024,kev,ssrf,ivanti
 http:
--- a/http/default-logins/ibm/ibm-dcbc-default-login.yaml
+++ b/http/default-logins/ibm/ibm-dcbc-default-login.yaml
@ -8,7 +8,8 @@ info:
    - https://www.ibm.com/docs/en/odm/8.0.1?topic=users-tutorial-getting-started-decision-center-business-console
  metadata:
    verified: true
-    shodan-query: title="Decision Center | Business Console"
+    shodan-query: "title=\"Decision Center | Business Console\""
    max-request: 1
  tags: ibm,default-login,decision-center
 http:
--- a/http/default-logins/ibm/ibm-dcec-default-login.yaml
+++ b/http/default-logins/ibm/ibm-dcec-default-login.yaml
@ -8,7 +8,8 @@ info:
    - https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
  metadata:
    verified: true
-    shodan-query: html="Decision Center Enterprise console"
+    shodan-query: "html=\"Decision Center Enterprise console\""
    max-request: 1
  tags: ibm,default-login,decision-center
 http:
--- a/http/default-logins/ibm/ibm-dsc-default-login.yaml
+++ b/http/default-logins/ibm/ibm-dsc-default-login.yaml
@ -8,7 +8,8 @@ info:
    - https://www.ibm.com/docs/en/odm/8.8.0?topic=center-overview-decision
  metadata:
    verified: true
-    shodan-query: title:"Rule Execution Server"
+    shodan-query: "title:\"Rule Execution Server\""
    max-request: 1
  tags: ibm,default-login,decision-server
 http:
--- a/http/default-logins/webmethod/webmethod-integration-default-login.yaml
+++ b/http/default-logins/webmethod/webmethod-integration-default-login.yaml
@ -7,8 +7,9 @@ info:
  reference:
    - https://documentation.softwareag.com/
  metadata:
    shodan-query: "http.favicon.hash:-234335289"
    max-request: 5
    verified: true
    shodan-query: http.favicon.hash:-234335289
  tags: default-login,webmethod
 flow: http(1) && http(2)
--- a/http/exposed-panels/cisco-unity-panel.yaml
+++ b/http/exposed-panels/cisco-unity-panel.yaml
@ -7,9 +7,9 @@ info:
  description: |
    A Cisco Unity Connection instance was detected.
  metadata:
-    max-request: 1
+    shodan-query: "html:\"Cisco Unity Connection\""
    max-request: 2
    verified: true
    shodan-query: html:"Cisco Unity Connection"
  tags: panel,cisco,unity,login,detect
 http:
--- a/http/exposed-panels/dockge-panel.yaml
+++ b/http/exposed-panels/dockge-panel.yaml
@ -1,20 +1,19 @@
 id: dockge-panel
-info:
+info:
-  name: Dockge Panel - Detect
+  name: Dockge Panel - Detect
-  author: rxerium
+  author: rxerium
-  severity: info
+  severity: info
-  description: |
+  description: |
-    A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager
+    A fancy, easy-to-use and reactive self-hosted docker compose.yaml stack-oriented manager
-  reference:
+  reference:
-    - https://github.com/louislam/dockge
+    - https://github.com/louislam/dockge
-    - https://dockge.kuma.pet/
+    - https://dockge.kuma.pet/
-  metadata:
+  metadata:
-    verified: true
+    verified: true
-    max-request: 2
+    max-request: 1
-    shodan-query: title:"Dockge"
+    shodan-query: "title:\"Dockge\""
-  tags: panel,dockge,login
+  tags: panel,dockge,login
 http:
  - method: GET
    path:
--- a/http/exposed-panels/easyjob-panel.yaml
+++ b/http/exposed-panels/easyjob-panel.yaml
@ -5,12 +5,13 @@ info:
  author: righettod
  severity: info
  description: |
-     EasyJOB login panel was detected.
+    EasyJOB login panel was detected.
  reference:
    - https://www.en.because-software.com/software/easyjob/
  metadata:
    verified: true
-    shodan-query: http.title:"Log in - easyJOB"
+    shodan-query: "http.title:\"Log in - easyJOB\""
    max-request: 1
  tags: panel,easyjob,login
 http:
--- a/http/exposed-panels/goanywhere-mft-login.yaml
+++ b/http/exposed-panels/goanywhere-mft-login.yaml
@ -7,12 +7,11 @@ info:
  description: GoAnywhere Managed File Transfer login panel was detected.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    shodan-query: "http.html:\"GoAnywhere Managed File Transfer\""
    verified: true
-    max-request: 1
+    max-request: 2
    shodan-query: http.html:"GoAnywhere Managed File Transfer"
  tags: panel,goanywhere,login,filetransfer
 http:
--- a/http/exposed-panels/gotify-panel.yaml
+++ b/http/exposed-panels/gotify-panel.yaml
@ -11,7 +11,8 @@ info:
    vendor: gotify
    product: server
    verified: true
-    shodan-query: http.title:"Gotify"
+    shodan-query: "http.title:\"Gotify\""
    max-request: 1
  tags: panel,gotify,login,detect
 http:
--- a/http/exposed-panels/grails-database-admin-console.yaml
+++ b/http/exposed-panels/grails-database-admin-console.yaml
@ -13,9 +13,9 @@ info:
    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
    max-request: 2
    vendor: grails
    product: grails
    max-request: 2
  tags: grails,panel
 http:
--- a/http/exposed-panels/haivision-gateway-panel.yaml
+++ b/http/exposed-panels/haivision-gateway-panel.yaml
@ -9,7 +9,8 @@ info:
    - https://www.haivision.com/
  metadata:
    verified: true
-    shodan-query: http.title:"Haivision Gateway"
+    shodan-query: "http.title:\"Haivision Gateway\""
    max-request: 1
  tags: panel,haivision,login,detect
 http:
--- a/http/exposed-panels/haivision-media-platform-panel.yaml
+++ b/http/exposed-panels/haivision-media-platform-panel.yaml
@ -1,17 +1,17 @@
 id: haivision-media-platform-panel
-info:
+info:
-  name: Haivision Media Platform Login Panel - Detect
+  name: Haivision Media Platform Login Panel - Detect
-  author: righettod
+  author: righettod
-  severity: info
+  severity: info
-  description: Haivision Media Platform login panel was detected.
+  description: Haivision Media Platform login panel was detected.
-  reference:
+  reference:
-    - https://www.haivision.com/
+    - https://www.haivision.com/
-  metadata:
+  metadata:
-    verified: true
+    verified: true
-    shodan-query: http.title:"Haivision Media Platform"
+    shodan-query: "http.title:\"Haivision Media Platform\""
-  tags: panel,haivision,login,detect
+    max-request: 1
-
+  tags: panel,haivision,login,detect
 http:
  - method: GET
    path:
--- a/http/exposed-panels/ibm/ibm-dcec-panel.yaml
+++ b/http/exposed-panels/ibm/ibm-dcec-panel.yaml
@ -10,7 +10,8 @@ info:
    - https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
  metadata:
    verified: true
-    shodan-query: html:"Decision Center Enterprise console"
+    shodan-query: "html:\"Decision Center Enterprise console\""
    max-request: 1
  tags: panel,ibm,login,detect,decision-center
 http:
--- a/http/exposed-panels/ibm/ibm-decision-server-console.yaml
+++ b/http/exposed-panels/ibm/ibm-decision-server-console.yaml
@ -10,7 +10,8 @@ info:
    - https://www.ibm.com/docs/en/odm/8.12.0?topic=overview-introducing-rule-execution-server
  metadata:
    verified: true
-    shodan-query: title:"Rule Execution Server"
+    shodan-query: "title:\"Rule Execution Server\""
    max-request: 1
  tags: panel,ibm,login,detect,decision-server
 http:
--- a/http/exposed-panels/ibm/ibm-odm-panel.yaml
+++ b/http/exposed-panels/ibm/ibm-odm-panel.yaml
@ -10,7 +10,8 @@ info:
    - https://www.ibm.com/docs/en/odm/8.12.0
  metadata:
    verified: true
-    fofa-query: title="Decision Center | Business Console"
+    fofa-query: "title=\"Decision Center | Business Console\""
    max-request: 1
  tags: panel,ibm,login,detect,decision-center
 http:
--- a/http/exposed-panels/ivanti-connect-secure-panel.yaml
+++ b/http/exposed-panels/ivanti-connect-secure-panel.yaml
@ -10,10 +10,10 @@ info:
    - https://www.ivanti.com/products/connect-secure-vpn
  metadata:
    vendor: ivanti
-    product: connect_secure
+    product: "connect_secure"
    verified: true
-    max-request: 1
+    max-request: 2
-    shodan-query: title:"Ivanti Connect Secure"
+    shodan-query: "title:\"Ivanti Connect Secure\""
  tags: panel,connectsecure,login
 http:
--- a/http/exposed-panels/juniper-panel.yaml
+++ b/http/exposed-panels/juniper-panel.yaml
@ -10,12 +10,11 @@ info:
    - https://www.juniper.net/documentation/us/en/software/jweb-ex/jweb-ex-application-package/topics/concept/ex-series-j-web-interface-overview.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0.0
    cwe-id: CWE-200
  metadata:
-    max-request: 2
+    max-request: 1
    verified: true
-    shodan-query: http.title:"Juniper Web Device Manager"
+    shodan-query: "http.title:\"Juniper Web Device Manager\""
  tags: panel,juniper,vpn,login
 http:
--- a/http/exposed-panels/kafka-topics-ui.yaml
+++ b/http/exposed-panels/kafka-topics-ui.yaml
@ -10,13 +10,12 @@ info:
    - https://github.com/provectus/kafka-ui
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    vendor: provectus
    product: ui
    platform: kafka
-    max-request: 1
+    max-request: 2
  tags: panel,kafka,apache,detect
 http:
--- a/http/exposed-panels/kopano-webapp-panel.yaml
+++ b/http/exposed-panels/kopano-webapp-panel.yaml
@ -9,7 +9,8 @@ info:
    - https://kopano.com/
  metadata:
    verified: true
-    shodan-query: http.title:"Kopano WebApp"
+    shodan-query: "http.title:\"Kopano WebApp\""
    max-request: 1
  tags: panel,kopano,login,detect
 http:
--- a/http/exposed-panels/linshare-panel.yaml
+++ b/http/exposed-panels/linshare-panel.yaml
@ -10,7 +10,8 @@ info:
    - https://github.com/linagora/linshare
  metadata:
    verified: true
-    shodan-query: http.title:"LinShare"
+    shodan-query: "http.title:\"LinShare\""
    max-request: 3
  tags: panel,linshare,login,detect
 http:
--- a/http/exposed-panels/odoo-panel.yaml
+++ b/http/exposed-panels/odoo-panel.yaml
@ -8,8 +8,8 @@ info:
    vendor: odoo
    product: odoo
    verified: true
-    max-request: 1
+    max-request: 2
-    shodan-query: title:"Odoo"
+    shodan-query: "title:\"Odoo\""
  tags: login,panel,odoo
 http:
--- a/http/exposed-panels/passbolt-panel.yaml
+++ b/http/exposed-panels/passbolt-panel.yaml
@ -1,18 +1,18 @@
 id: passbolt-panel
-info:
+info:
-  name: Passbolt Login Panel
+  name: Passbolt Login Panel
-  author: righettod
+  author: righettod
-  severity: info
+  severity: info
-  description: |
+  description: |
-     Passbolt login panel was detected.
+    Passbolt login panel was detected.
-  reference:
+  reference:
-    - https://www.passbolt.com/
+    - https://www.passbolt.com/
-  metadata:
+  metadata:
-    verified: true
+    verified: true
-    shodan-query: http.title:"Passbolt | Open source password manager for teams"
+    shodan-query: "http.title:\"Passbolt | Open source password manager for teams\""
-  tags: panel,passbolt,login
+    max-request: 1
-
+  tags: panel,passbolt,login
 http:
  - method: GET
    path:
--- a/http/exposed-panels/phpmyadmin-panel.yaml
+++ b/http/exposed-panels/phpmyadmin-panel.yaml
@ -7,13 +7,12 @@ info:
  description: phpMyAdmin panel was detected.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    shodan-query: "http.title:phpMyAdmin"
    vendor: phpmyadmin
    product: phpmyadmin
-    max-request: 12
+    max-request: 13
    shodan-query: http.title:phpMyAdmin
  tags: panel,phpmyadmin
 http:
--- a/http/exposed-panels/proofpoint-protection-server-panel.yaml
+++ b/http/exposed-panels/proofpoint-protection-server-panel.yaml
@ -7,14 +7,13 @@ info:
  description: Proofpoint Protection Server panel was detected.
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
    product: "proofpoint protection server"
    shodan-query: "http.favicon.hash:942678640"
    verified: true
-    max-request: 1
+    max-request: 2
    vendor: proofpoint
    product: proofpoint protection server
    shodan-query: http.favicon.hash:942678640
  tags: panel,proofpoint,login,detect
 http:
--- a/http/exposed-panels/pulse-secure-version.yaml
+++ b/http/exposed-panels/pulse-secure-version.yaml
@ -5,9 +5,9 @@ info:
  author: dadevel
  severity: info
  metadata:
    max-request: 2
    vendor: pulsesecure
    product: pulse_connect_secure
    max-request: 2
  tags: pulse,panel
 http:
--- a/http/exposed-panels/rocketchat-panel.yaml
+++ b/http/exposed-panels/rocketchat-panel.yaml
@ -9,7 +9,8 @@ info:
    - https://www.rocket.chat/
  metadata:
    verified: true
-    shodan-query: http.title:"Rocket.Chat"
+    shodan-query: "http.title:\"Rocket.Chat\""
    max-request: 1
  tags: panel,rocketchat,login,detect
 http:
--- a/http/exposed-panels/sentry-panel.yaml
+++ b/http/exposed-panels/sentry-panel.yaml
@ -5,14 +5,15 @@ info:
  author: righettod
  severity: info
  description: |
-     Sentry login panel was detected.
+    Sentry login panel was detected.
  reference:
    - https://sentry.io/
  metadata:
    vendor: sentry
    product: sentry
    verified: true
-    shodan-query: http.title:"Login | Sentry"
+    shodan-query: "http.title:\"Login | Sentry\""
    max-request: 1
  tags: panel,sentry,login
 http:
--- a/http/exposed-panels/truenas-scale-panel.yaml
+++ b/http/exposed-panels/truenas-scale-panel.yaml
@ -9,10 +9,10 @@ info:
  reference:
    - https://www.truenas.com
  metadata:
    vendor: ixsystems
    product: truenas
    verified: true
    max-request: 1
    vendor: ixsystems
    product: truenas
    shodan-query: html:"TrueNAS"
  tags: login,panel,truenas
--- a/http/exposed-panels/vistaweb-panel.yaml
+++ b/http/exposed-panels/vistaweb-panel.yaml
@ -5,11 +5,12 @@ info:
  author: righettod
  severity: info
  description: |
-     Vista Web login panel was detected.
+    Vista Web login panel was detected.
  reference:
    - https://resa.aero/solutions-operations-facturation/vista-web/
  metadata:
    verified: true
    max-request: 1
  tags: panel,vistaweb,login
 http:
--- a/http/exposures/apis/swagger-api.yaml
+++ b/http/exposures/apis/swagger-api.yaml
@ -10,9 +10,9 @@ info:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cwe-id: CWE-200
  metadata:
    max-request: 59
    shodan-query: "http.title:\"swagger\""
    verified: true
    max-request: 57
    shodan-query: http.title:"swagger"
  tags: exposure,api,swagger
 http:
--- a/http/exposures/backups/zip-backup-files.yaml
+++ b/http/exposures/backups/zip-backup-files.yaml
@ -10,7 +10,7 @@ info:
    cvss-score: 5.3
    cwe-id: CWE-200
  metadata:
-    max-request: 1440
+    max-request: 1305
  tags: exposure,backup
 http:
--- a/http/exposures/configs/awstats-script.yaml
+++ b/http/exposures/configs/awstats-script.yaml
@ -8,10 +8,9 @@ info:
  reference: https://www.awstats.org/docs/awstats_setup.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
    cvss-score: 0
    cwe-id: CWE-200
  metadata:
-    max-request: 3
+    max-request: 4
  tags: config,exposure,awstats
 http:
--- a/http/exposures/logs/roundcube-log-disclosure.yaml
+++ b/http/exposures/logs/roundcube-log-disclosure.yaml
@ -8,7 +8,7 @@ info:
  reference:
    - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/roundcube-log-disclosure.json
  metadata:
-    max-request: 12
+    max-request: 16
  tags: exposure,logs
 http:
--- a/http/fuzzing/wordpress-plugins-detect.yaml
+++ b/http/fuzzing/wordpress-plugins-detect.yaml
@ -5,7 +5,7 @@ info:
  author: 0xcrypto
  severity: info
  metadata:
-    max-request: 98135
+    max-request: 100563
  tags: fuzzing,bruteforce,wordpress
 http:
--- a/http/technologies/google/chromecast-detect.yaml
+++ b/http/technologies/google/chromecast-detect.yaml
@ -10,8 +10,9 @@ info:
    - https://github.com/thewhiteh4t/killcast/blob/ee81cfa03c963d47d3335770fcea2ca48bddeabf/killcast.py#L100C25-L100C43
    - https://rithvikvibhu.github.io/GHLocalApi/#section/Google-Home-Local-API/Authentication
  metadata:
    shodan-query: "Chromecast"
    verified: true
    max-request: 1
    shodan-query: Chromecast
  tags: google,chromecast,detect
 http:
--- a/http/technologies/ibm/ibm-odm-detect.yaml
+++ b/http/technologies/ibm/ibm-odm-detect.yaml
@ -10,7 +10,8 @@ info:
    - https://www.ibm.com/products/operational-decision-manager
  metadata:
    verified: true
-    fofa-query: icon_hash="707491698"
+    fofa-query: "icon_hash=\"707491698\""
    max-request: 1
  tags: ibm,decision-center,tech,detect
 http:
--- a/http/technologies/lucee-detect.yaml
+++ b/http/technologies/lucee-detect.yaml
@ -6,9 +6,9 @@ info:
  severity: info
  description: Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development -- https://github.com/lucee/Lucee/
  metadata:
-    max-request: 1
+    max-request: 2
-    shodan-query: html:"Lucee"
+    shodan-query: "html:\"Lucee\""
-    fofa-query: app="Lucee-Engine"
+    fofa-query: "app=\"Lucee-Engine\""
  tags: tech,lucee
 http:
--- a/http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml
+++ b/http/vulnerabilities/dahua/dahua-bitmap-fileupload.yaml
@ -7,9 +7,9 @@ info:
  reference:
    - https://github.com/wy876/POC/blob/main/%E5%A4%A7%E5%8D%8E%E6%99%BA%E6%85%A7%E5%9B%AD%E5%8C%BA%E7%BB%BC%E5%90%88%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0bitmap%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md
  metadata:
-    max-request: 1
+    fofa-query: "app=\"dahua-智慧园区综合管理平台\""
    fofa-query: app="dahua-智慧园区综合管理平台"
    verified: true
    max-request: 2
  tags: dahua,file-upload,rce,intrusive
 variables:
--- a/http/vulnerabilities/generic/xss-fuzz.yaml
+++ b/http/vulnerabilities/generic/xss-fuzz.yaml
@ -10,8 +10,8 @@ info:
    cvss-score: 7.2
    cwe-id: CWE-79
  metadata:
-    max-request: 3
+    max-request: 29
-    parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year
+    parameters: "q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year"
  tags: xss,generic,fuzz
 http:
--- a/http/vulnerabilities/other/bitrix-open-redirect.yaml
+++ b/http/vulnerabilities/other/bitrix-open-redirect.yaml
@ -12,8 +12,8 @@ info:
    cvss-score: 6.1
    cwe-id: CWE-601
  metadata:
-    max-request: 12
+    max-request: 14
-    shodan-query: html:"/bitrix/"
+    shodan-query: "html:\"/bitrix/\""
  tags: redirect,bitrix,packetstorm
 http:
--- a/http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml
+++ b/http/vulnerabilities/vbulletin/vbulletin-backdoor.yaml
@ -8,7 +8,7 @@ info:
    - https://github.com/OWASP/vbscan
    - https://blog.sucuri.net/2017/01/vbulletin-malware-hackers-compete-backdoor-control.html
  metadata:
-    max-request: 31
+    max-request: 21
  tags: backdoor,php,vbulletin,rce
 flow: http(1) && http(2)
--- a/javascript/cves/2016/CVE-2016-8706.yaml
+++ b/javascript/cves/2016/CVE-2016-8706.yaml
@ -17,8 +17,8 @@ info:
    cvss-score: 8.1
    cve-id: CVE-2016-8706
    cwe-id: CWE-190
-    epss-score: 0.91612
+    epss-score: 0.89998
-    epss-percentile: 0.98696
+    epss-percentile: 0.987
    cpe: cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
--- a/javascript/cves/2023/CVE-2023-34039.yaml
+++ b/javascript/cves/2023/CVE-2023-34039.yaml
@ -22,8 +22,8 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2023-34039
    cwe-id: CWE-327
-    epss-score: 0.89263
+    epss-score: 0.88996
-    epss-percentile: 0.98515
+    epss-percentile: 0.98637
    cpe: cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:*
  metadata:
    verified: true
--- a/javascript/cves/2023/CVE-2023-46604.yaml
+++ b/javascript/cves/2023/CVE-2023-46604.yaml
@ -18,8 +18,8 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2023-46604
    cwe-id: CWE-502
-    epss-score: 0.97147
+    epss-score: 0.97273
-    epss-percentile: 0.99762
+    epss-percentile: 0.99837
    cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*
  metadata:
    verified: true
--- a/javascript/cves/2024/CVE-2024-23897.yaml
+++ b/javascript/cves/2024/CVE-2024-23897.yaml
@ -3,7 +3,7 @@ id: CVE-2024-23897
 info:
  name: Jenkins < 2.441 - Arbitrary File Read
  author: iamnoooob,rootxharsh,pdresearch
-  severity: critical
+  severity: high
  description: |
    Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
  reference:
@ -12,6 +12,13 @@ info:
    - https://github.com/Mr-xn/Penetration_Testing_POC
    - https://github.com/forsaken0127/CVE-2024-23897
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-23897
    epss-score: 0.41536
    epss-percentile: 0.97188
    cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
  metadata:
    verified: true
    max-request: 1
--- a/network/cves/2016/CVE-2016-2004.yaml
+++ b/network/cves/2016/CVE-2016-2004.yaml
@ -20,8 +20,8 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2016-2004
    cwe-id: CWE-306
-    epss-score: 0.09306
+    epss-score: 0.12552
-    epss-percentile: 0.94149
+    epss-percentile: 0.95291
    cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
--- a/network/cves/2016/CVE-2016-3510.yaml
+++ b/network/cves/2016/CVE-2016-3510.yaml
@ -20,7 +20,7 @@ info:
    cve-id: CVE-2016-3510
    cwe-id: CWE-119
    epss-score: 0.04254
-    epss-percentile: 0.914
+    epss-percentile: 0.92018
    cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  metadata:
    verified: true
--- a/network/cves/2017/CVE-2017-3881.yaml
+++ b/network/cves/2017/CVE-2017-3881.yaml
@ -20,8 +20,8 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2017-3881
    cwe-id: CWE-20
-    epss-score: 0.9747
+    epss-score: 0.9745
-    epss-percentile: 0.99961
+    epss-percentile: 0.99948
    cpe: cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
--- a/network/cves/2017/CVE-2017-5645.yaml
+++ b/network/cves/2017/CVE-2017-5645.yaml
@ -22,7 +22,7 @@ info:
    cve-id: CVE-2017-5645
    cwe-id: CWE-502
    epss-score: 0.81948
-    epss-percentile: 0.98126
+    epss-percentile: 0.98287
    cpe: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
--- a/network/cves/2018/CVE-2018-2628.yaml
+++ b/network/cves/2018/CVE-2018-2628.yaml
@ -21,7 +21,7 @@ info:
    cve-id: CVE-2018-2628
    cwe-id: CWE-502
    epss-score: 0.97523
-    epss-percentile: 0.99988
+    epss-percentile: 0.99987
    cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
--- a/network/cves/2018/CVE-2018-2893.yaml
+++ b/network/cves/2018/CVE-2018-2893.yaml
@ -20,14 +20,13 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2018-2893
    epss-score: 0.97327
-    epss-percentile: 0.99866
+    epss-percentile: 0.99869
    cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: oracle
    product: weblogic_server
  tags: cve,cve2018,weblogic,network,deserialization,rce,oracle
 tcp:
  - inputs:
      - data: "t3 12.2.1
--- a/network/cves/2020/CVE-2020-11981.yaml
+++ b/network/cves/2020/CVE-2020-11981.yaml
@ -21,7 +21,7 @@ info:
    cve-id: CVE-2020-11981
    cwe-id: CWE-78
    epss-score: 0.9386
-    epss-percentile: 0.98967
+    epss-percentile: 0.99073
    cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
  metadata:
    verified: true
--- a/network/cves/2020/CVE-2020-1938.yaml
+++ b/network/cves/2020/CVE-2020-1938.yaml
@ -19,8 +19,8 @@ info:
    cvss-score: 9.8
    cve-id: CVE-2020-1938
    cwe-id: CWE-269
-    epss-score: 0.97499
+    epss-score: 0.97384
-    epss-percentile: 0.99978
+    epss-percentile: 0.99902
    cpe: cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*
  metadata:
    max-request: 4
@ -28,7 +28,6 @@ info:
    product: geode
    shodan-query: title:"Apache Tomcat"
  tags: cve,cve2020,kev,tenable,apache,lfi,network,tomcat,ajp
 tcp:
  - host:
      - "{{Hostname}}"
--- a/Show More
+++ b/Show More