TemplateMan Update [Mon Mar 4 08:20:22 UTC 2024] 🤖
parent
a72c5ac5e7
commit
c7b50b2af4
|
@ -9,11 +9,22 @@ info:
|
|||
reference:
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
|
||||
- https://www.exploit-db.com/exploits/47502
|
||||
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
|
||||
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
|
||||
- http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 8.8
|
||||
cve-id: CVE-2019-14287
|
||||
cwe-id: CWE-755
|
||||
epss-score: 0.34299
|
||||
epss-percentile: 0.96958
|
||||
cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: canonical
|
||||
product: ubuntu_linux
|
||||
vendor: sudo_project
|
||||
product: sudo
|
||||
tags: cve,cve2019,sudo,code,linux,privesc,local,canonical
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -10,8 +10,20 @@ info:
|
|||
- https://medium.com/mii-cybersec/privilege-escalation-cve-2021-3156-new-sudo-vulnerability-4f9e84a9f435
|
||||
- https://blog.qualys.com/vulnerabilities-threat-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
|
||||
- https://infosecwriteups.com/baron-samedit-cve-2021-3156-tryhackme-76d7dedc3cff
|
||||
- http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html
|
||||
- http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2021-3156
|
||||
cwe-id: CWE-193
|
||||
epss-score: 0.97085
|
||||
epss-percentile: 0.99752
|
||||
cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
vendor: sudo_project
|
||||
product: sudo
|
||||
tags: cve,cve2021,sudo,code,linux,privesc,local,kev
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -21,8 +21,8 @@ info:
|
|||
cvss-score: 7.8
|
||||
cve-id: CVE-2023-2640
|
||||
cwe-id: CWE-863
|
||||
epss-score: 0.00047
|
||||
epss-percentile: 0.14754
|
||||
epss-score: 0.00174
|
||||
epss-percentile: 0.53697
|
||||
cpe: cpe:2.3:o:canonical:ubuntu_linux:23.04:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -10,16 +10,21 @@ info:
|
|||
- https://nvd.nist.gov/vuln/detail/CVE-2023-4911
|
||||
- https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
|
||||
- https://www.youtube.com/watch?v=1iV-CD9Apn8
|
||||
- http://www.openwall.com/lists/oss-security/2023/10/05/1
|
||||
- http://www.openwall.com/lists/oss-security/2023/10/13/11
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2023-4911
|
||||
cwe-id: CWE-787
|
||||
cpe: cpe:2.3:a:gnu:glibc:-:*:*:*:*:*:*:*
|
||||
cwe-id: CWE-787,CWE-122
|
||||
epss-score: 0.0171
|
||||
epss-percentile: 0.87439
|
||||
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: glibc
|
||||
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local
|
||||
vendor: gnu
|
||||
product: glibc
|
||||
tags: cve,cve2023,code,glibc,looneytunables,linux,privesc,local,kev
|
||||
|
||||
self-contained: true
|
||||
code:
|
||||
|
|
|
@ -9,15 +9,21 @@ info:
|
|||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-6246
|
||||
- https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
|
||||
- https://access.redhat.com/security/cve/CVE-2023-6246
|
||||
- https://bugzilla.redhat.com/show_bug.cgi?id=2249053
|
||||
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2FIH77VHY3KCRROCXOT6L27WMZXSJ2G/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 7.8
|
||||
cve-id: CVE-2023-6246
|
||||
cwe-id: CWE-787
|
||||
cwe-id: CWE-787,CWE-122
|
||||
epss-score: 0.00383
|
||||
epss-percentile: 0.72435
|
||||
cpe: cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
vendor: glibc
|
||||
vendor: gnu
|
||||
product: glibc
|
||||
tags: cve,cve2023,code,glibc,linux,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/choom/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,choom,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/find/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,find,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/lua/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,lua,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/mysql/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,mysql,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/node/
|
||||
metadata:
|
||||
max-request: 4
|
||||
verified: true
|
||||
max-request: 4
|
||||
tags: code,linux,node,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/rc/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,rc,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -8,8 +8,8 @@ info:
|
|||
The run-parts command in Linux is used to run all the executable files in a directory. It is commonly used for running scripts or commands located in a specific directory, such as system maintenance scripts in /etc/cron.daily. The run-parts command provides a convenient way to execute multiple scripts or commands in a batch manner.
|
||||
reference: https://gtfobins.github.io/gtfobins/run-parts/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,run-parts,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/strace/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,strace,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/torify/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,torify,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/view/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,view,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -9,8 +9,8 @@ info:
|
|||
reference:
|
||||
- https://gtfobins.github.io/gtfobins/xargs/
|
||||
metadata:
|
||||
max-request: 3
|
||||
verified: true
|
||||
max-request: 3
|
||||
tags: code,linux,xargs,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -7,8 +7,8 @@ info:
|
|||
reference:
|
||||
- https://book.hacktricks.xyz/linux-hardening/privilege-escalation#writable-etc-shadow
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 2
|
||||
tags: code,linux,privesc,local
|
||||
|
||||
self-contained: true
|
||||
|
|
|
@ -10,6 +10,8 @@ info:
|
|||
- https://capec.mitre.org/data/definitions/275.html
|
||||
- https://payatu.com/blog/dns-rebinding/
|
||||
- https://heimdalsecurity.com/blog/dns-rebinding/
|
||||
metadata:
|
||||
max-request: 2
|
||||
tags: redirect,dns,network
|
||||
|
||||
dns:
|
||||
|
|
|
@ -20,7 +20,7 @@ info:
|
|||
cve-id: CVE-2018-25031
|
||||
cwe-id: CWE-20
|
||||
epss-score: 0.00265
|
||||
epss-percentile: 0.64105
|
||||
epss-percentile: 0.65414
|
||||
cpe: cpe:2.3:a:smartbear:swagger_ui:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
@ -30,7 +30,6 @@ info:
|
|||
shodan-query: http.component:"Swagger"
|
||||
fofa-query: icon_hash="-1180440057"
|
||||
tags: headless,cve,cve2018,swagger,xss,smartbear
|
||||
|
||||
headless:
|
||||
- steps:
|
||||
- args:
|
||||
|
|
|
@ -20,8 +20,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2014-6271
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.97564
|
||||
epss-percentile: 0.99999
|
||||
epss-score: 0.97559
|
||||
epss-percentile: 0.99997
|
||||
cpe: cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 8
|
||||
|
|
|
@ -21,7 +21,7 @@ info:
|
|||
cve-id: CVE-2014-8799
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.17844
|
||||
epss-percentile: 0.95686
|
||||
epss-percentile: 0.96002
|
||||
cpe: cpe:2.3:a:dukapress:dukapress:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
|
|
@ -20,8 +20,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-17431
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.11315
|
||||
epss-percentile: 0.94677
|
||||
epss-score: 0.11416
|
||||
epss-percentile: 0.95073
|
||||
cpe: cpe:2.3:a:comodo:unified_threat_management_firewall:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
|
|
|
@ -15,13 +15,14 @@ info:
|
|||
- https://wordpress.org/plugins/jsmol2wp/
|
||||
- https://github.com/sullo/advisory-archives/blob/master/wordpress-jsmol2wp-CVE-2018-20463-CVE-2018-20462.txt
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-20463
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2018-20463
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.01939
|
||||
epss-percentile: 0.87393
|
||||
epss-percentile: 0.88289
|
||||
cpe: cpe:2.3:a:jsmol2wp_project:jsmol2wp:1.07:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -20,8 +20,8 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2020-24223
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00976
|
||||
epss-percentile: 0.81758
|
||||
epss-score: 0.0069
|
||||
epss-percentile: 0.79602
|
||||
cpe: cpe:2.3:a:mara_cms_project:mara_cms:7.5:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
|
|
@ -14,13 +14,15 @@ info:
|
|||
- https://talosintelligence.com/vulnerability_reports/TALOS-2021-1274
|
||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21805
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-21805
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/ARPSyndicate/kenzer-templates
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-21805
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.97374
|
||||
epss-percentile: 0.99892
|
||||
epss-percentile: 0.99895
|
||||
cpe: cpe:2.3:a:advantech:r-seenet:2.4.12:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -21,7 +21,7 @@ info:
|
|||
cve-id: CVE-2021-22873
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00922
|
||||
epss-percentile: 0.81209
|
||||
epss-percentile: 0.82474
|
||||
cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -6,26 +6,26 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin before 3.4.12, available to unauthenticated and authenticated user, does not properly sanitise multiple parameters before using them in SQL statements, leading to SQL injections.
|
||||
remediation: Fixed in 3.4.12
|
||||
reference:
|
||||
- https://wpscan.com/vulnerability/763c08a0-4b2b-4487-b91c-be6cc2b9322e/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-24849
|
||||
- https://wordpress.org/plugins/wc-multivendor-marketplace/
|
||||
remediation: Fixed in 3.4.12
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2021-24849
|
||||
cwe-id: CWE-89
|
||||
cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
|
||||
epss-score: 0.00199
|
||||
epss-percentile: 0.56492
|
||||
cpe: cpe:2.3:a:wclovers:frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: wclovers
|
||||
product: frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible
|
||||
product: "frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible"
|
||||
framework: wordpress
|
||||
publicwww-query: "/wp-content/plugins/wc-multivendor-marketplace"
|
||||
verified: true
|
||||
max-request: 3
|
||||
vendor: wclovers
|
||||
tags: wpscan,cve,cve2021,wp,wp-plugin,wordpress,wc-multivendor-marketplace,wpscan,sqli
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
|
|
@ -18,8 +18,8 @@ info:
|
|||
cwe-id: CWE-22
|
||||
cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:community:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: title:"openSIS"
|
||||
shodan-query: "title:\"openSIS\""
|
||||
max-request: 2
|
||||
tags: cve,cve2021,lfi,os4ed,opensis,authenticated
|
||||
|
||||
http:
|
||||
|
|
|
@ -21,7 +21,7 @@ info:
|
|||
cve-id: CVE-2022-0776
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.001
|
||||
epss-percentile: 0.40832
|
||||
epss-percentile: 0.40075
|
||||
cpe: cpe:2.3:a:revealjs:reveal.js:*:*:*:*:*:node.js:*:*
|
||||
metadata:
|
||||
vendor: revealjs
|
||||
|
|
|
@ -22,7 +22,7 @@ info:
|
|||
cve-id: CVE-2022-26263
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00147
|
||||
epss-percentile: 0.50638
|
||||
epss-percentile: 0.49633
|
||||
cpe: cpe:2.3:a:yonyou:u8\+:13.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -22,7 +22,7 @@ info:
|
|||
cve-id: CVE-2022-30776
|
||||
cwe-id: CWE-79
|
||||
epss-score: 0.00112
|
||||
epss-percentile: 0.44504
|
||||
epss-percentile: 0.43631
|
||||
cpe: cpe:2.3:a:atmail:atmail:6.5.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -6,28 +6,29 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites.
|
||||
impact: |
|
||||
An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
|
||||
remediation: |
|
||||
This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
|
||||
reference:
|
||||
- https://tenable.com/security/research/tra-2022-30
|
||||
- https://support.posit.co/hc/en-us/articles/10983374992023-CVE-2022-38131-configuration-issue-in-Posit-Connect
|
||||
- https://github.com/JoshuaMart/JoshuaMart
|
||||
impact: |
|
||||
An attacker can exploit the vulnerability to redirect users to malicious websites, potentially leading to phishing attacks or other security breaches.
|
||||
remediation: |
|
||||
This issue is fixed in Connect v2023.05. Additionally, for users running Connect v1.7.2 and later, the issue is resolvable via a configuration setting mentioned in the support article.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
||||
cvss-score: 6.1
|
||||
cve-id: CVE-2022-38131
|
||||
cwe-id: CWE-601
|
||||
cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.0006
|
||||
epss-percentile: 0.23591
|
||||
cpe: cpe:2.3:a:rstudio:connect:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
product: connect
|
||||
shodan-query: "http.favicon.hash:217119619"
|
||||
fofa-query: "app=\"RStudio-Connect\""
|
||||
max-request: 1
|
||||
verified: true
|
||||
vendor: rstudio
|
||||
product: connect
|
||||
shodan-query: http.favicon.hash:217119619
|
||||
fofa-query: app="RStudio-Connect"
|
||||
tags: tenable,cve,cve2022,redirect,rstudio
|
||||
|
||||
http:
|
||||
|
|
|
@ -18,8 +18,8 @@ info:
|
|||
cvss-score: 7.5
|
||||
cve-id: CVE-2022-4140
|
||||
cwe-id: CWE-552
|
||||
epss-score: 0.01317
|
||||
epss-percentile: 0.84504
|
||||
epss-score: 0.00932
|
||||
epss-percentile: 0.82572
|
||||
cpe: cpe:2.3:a:collne:welcart_e-commerce:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -17,7 +17,7 @@ info:
|
|||
cve-id: CVE-2023-0552
|
||||
cwe-id: CWE-601
|
||||
epss-score: 0.00086
|
||||
epss-percentile: 0.35637
|
||||
epss-percentile: 0.34914
|
||||
cpe: cpe:2.3:a:genetechsolutions:pie_register:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -22,7 +22,7 @@ info:
|
|||
cve-id: CVE-2023-26255
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.15138
|
||||
epss-percentile: 0.95348
|
||||
epss-percentile: 0.95663
|
||||
cpe: cpe:2.3:a:stagil:stagil_navigation:*:*:*:*:*:jira:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
|
|
@ -6,28 +6,29 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the wpgv_doajax_voucher_pdf_save_func action.
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
|
||||
remediation: |
|
||||
Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
|
||||
reference:
|
||||
- https://www.tenable.com/security/research/tra-2023-2
|
||||
- https://wordpress.org/plugins/gift-voucher/
|
||||
- https://github.com/ARPSyndicate/cvemon
|
||||
- https://github.com/JoshuaMart/JoshuaMart
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
|
||||
remediation: |
|
||||
Update the Gift Cards (Gift Vouchers and Packages) WordPress Plugin to the latest version available.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-28662
|
||||
cwe-id: CWE-89
|
||||
cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
|
||||
epss-score: 0.00076
|
||||
epss-percentile: 0.31593
|
||||
cpe: cpe:2.3:a:codemenschen:gift_vouchers:*:*:*:*:*:wordpress:*:*
|
||||
metadata:
|
||||
vendor: codemenschen
|
||||
product: gift_vouchers
|
||||
product: "gift_vouchers"
|
||||
framework: wordpress
|
||||
fofa-query: body="/wp-content/plugins/gift-voucher/"
|
||||
fofa-query: "body=\"/wp-content/plugins/gift-voucher/\""
|
||||
max-request: 2
|
||||
tags: cve,cve2023,wordpress,wp,wp-plugin,sqli,unauth,gift-voucher
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
|
|
@ -13,13 +13,14 @@ info:
|
|||
- https://twitter.com/wvuuuuuuuuuuuuu/status/1694956245742923939
|
||||
- https://forums.ivanti.com/s/article/Avalanche-Vulnerabilities-Addressed-in-6-4-1?language=en_US
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-32563
|
||||
- https://github.com/mayur-esh/vuln-liners
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-32563
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.43261
|
||||
epss-percentile: 0.97013
|
||||
epss-score: 0.42647
|
||||
epss-percentile: 0.97218
|
||||
cpe: cpe:2.3:a:ivanti:avalanche:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
|
|
|
@ -6,14 +6,14 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
users can execute code without authentication. An attacker can execute malicious requests on the OpenCms server. When the requests are successful vulnerable OpenCms can be exploited resulting in an unauthenticated XXE vulnerability. Based on research OpenCMS versions from 9.0.0 to 10.5.0 are vulnerable.
|
||||
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
|
||||
reference:
|
||||
- https://blog.qualys.com/product-tech/2023/12/08/opencms-unauthenticated-xxe-vulnerability-cve-2023-42344
|
||||
- https://labs.watchtowr.com/xxe-you-can-depend-on-me-opencms/
|
||||
remediation: Advised to upgrade to OpenCMS 10.5.1 or later to patch the vulnerability
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
max-request: 2
|
||||
fofa-query: "OpenCms-9.5.3"
|
||||
verified: true
|
||||
tags: cve,cve2023,xxe,opencms
|
||||
|
||||
http:
|
||||
|
|
|
@ -16,8 +16,9 @@ info:
|
|||
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: ivanti
|
||||
product: connect_secure
|
||||
shodan-query: html:"welcome.cgi?p=logo"
|
||||
product: "connect_secure"
|
||||
shodan-query: "html:\"welcome.cgi?p=logo\""
|
||||
max-request: 2
|
||||
tags: cve,cve2023,kev,auth-bypass,ivanti
|
||||
|
||||
http:
|
||||
|
|
|
@ -14,14 +14,15 @@ info:
|
|||
cvss-score: 5.4
|
||||
cve-id: CVE-2023-52085
|
||||
cwe-id: CWE-22
|
||||
cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.00046
|
||||
epss-percentile: 0.12483
|
||||
cpe: cpe:2.3:a:wintercms:winter:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: wintercms
|
||||
product: winter
|
||||
shodan-query: title:"Winter CMS"
|
||||
fofa-query: title="Winter CMS"
|
||||
shodan-query: "title:\"Winter CMS\""
|
||||
fofa-query: "title=\"Winter CMS\""
|
||||
max-request: 4
|
||||
tags: cve,cve2023,authenticated,lfi,wintercms
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,25 +6,26 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
|
||||
remediation: |
|
||||
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-6831
|
||||
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
|
||||
- https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
|
||||
remediation: |
|
||||
Upgrade Mlflow to version 2.9.2 or later to mitigate the vulnerability.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
|
||||
cvss-score: 8.1
|
||||
cve-id: CVE-2023-6831
|
||||
cwe-id: CWE-22
|
||||
epss-score: 0.000460000
|
||||
epss-percentile: 0.126930000
|
||||
cpe: cpe:2.3:a:lfprojects:mlflow:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.00046
|
||||
epss-percentile: 0.12693
|
||||
metadata:
|
||||
verified: true
|
||||
vendor: lfprojects
|
||||
product: mlflow
|
||||
shodan-query: http.title:"mlflow"
|
||||
shodan-query: "http.title:\"mlflow\""
|
||||
max-request: 2
|
||||
verified: true
|
||||
tags: cve,cve2023,mlflow,pathtraversal,lfprojects
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,24 +6,25 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
|
||||
impact: |
|
||||
Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
|
||||
remediation: |
|
||||
To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
|
||||
reference:
|
||||
- https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-6909
|
||||
- https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
|
||||
impact: |
|
||||
Successful exploitation could be lead to disclose of sensitive information such as SSH Keys or Internal configurations.
|
||||
remediation: |
|
||||
To fix this vulnerability, it is important to update the mlflow package to the latest version 2.10.0.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
|
||||
cvss-score: 9.3
|
||||
cve-id: CVE-2023-6909
|
||||
cwe-id: CWE-29
|
||||
metadata:
|
||||
max-request: 5
|
||||
verified: true
|
||||
vendor: lfprojects
|
||||
product: mlflow
|
||||
shodan-query: http.title:"mlflow"
|
||||
shodan-query: "http.title:\"mlflow\""
|
||||
tags: cve,cve2023,mlflow,lfi
|
||||
|
||||
http:
|
||||
|
|
|
@ -15,14 +15,15 @@ info:
|
|||
cvss-score: 8.8
|
||||
cve-id: CVE-2024-0713
|
||||
cwe-id: CWE-434
|
||||
cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
|
||||
epss-score: 0.00061
|
||||
epss-percentile: 0.2356
|
||||
cpe: cpe:2.3:a:monitorr:monitorr:1.7.6m:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: monitorr
|
||||
product: monitorr
|
||||
verified: true
|
||||
fofa-query: icon_hash="-211006074"
|
||||
fofa-query: "icon_hash=\"-211006074\""
|
||||
max-request: 2
|
||||
tags: cve,cve2024,file-upload,intrusive,monitorr
|
||||
|
||||
variables:
|
||||
|
|
|
@ -6,17 +6,17 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.
|
||||
reference:
|
||||
- https://github.com/getrebuild/rebuild
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-1021
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability can result in unauthorized access to sensitive internal resources.
|
||||
remediation: |
|
||||
Apply the latest security patches or updates provided by Rebuild to fix this vulnerability.
|
||||
reference:
|
||||
- https://github.com/getrebuild/rebuild
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-1021
|
||||
metadata:
|
||||
max-request: 1
|
||||
max-request: 2
|
||||
verified: true
|
||||
fofa-query: icon_hash="871154672"
|
||||
fofa-query: "icon_hash=\"871154672\""
|
||||
tags: cve2024,cve,rebuild,ssrf
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,14 +6,14 @@ info:
|
|||
severity: high
|
||||
description: |
|
||||
WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
|
||||
remediation: |
|
||||
Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
|
||||
reference:
|
||||
- https://www.tenable.com/security/research/tra-2024-02
|
||||
- https://wordpress.org/plugins/html5-video-player
|
||||
- https://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-1061
|
||||
impact: |
|
||||
Successful exploitation of this vulnerability could allow an attacker to perform SQL injection attacks, potentially leading to unauthorized access, data leakage, or further compromise of the WordPress site.
|
||||
remediation: |
|
||||
Vendor did not acknowledge vulnerability but the issue seems to have been fixed in version 2.5.25.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
|
@ -21,7 +21,8 @@ info:
|
|||
cwe-id: CWE-89
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: '"wordpress" && body="html5-video-player"'
|
||||
fofa-query: "\"wordpress\" && body=\"html5-video-player\""
|
||||
max-request: 1
|
||||
tags: cve,cve2024,wp,wordpress,wp-plugin,sqli,html5-video-player
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,25 +6,26 @@ info:
|
|||
severity: medium
|
||||
description: |
|
||||
A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload.
|
||||
impact: |
|
||||
Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
|
||||
reference:
|
||||
- https://github.com/advisories/GHSA-ghmw-rwh8-6qmr
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-21645
|
||||
- https://github.com/fkie-cad/nvd-json-data-feeds
|
||||
impact: |
|
||||
Forged or otherwise, corrupted log files can be used to cover an attacker's tracks or even to implicate another party in the commission of a malicious act.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
||||
cvss-score: 5.3
|
||||
cve-id: CVE-2024-21645
|
||||
cwe-id: CWE-74
|
||||
cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.00046
|
||||
epss-percentile: 0.13723
|
||||
cpe: cpe:2.3:a:pyload:pyload:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
vendor: pyload
|
||||
product: pyload
|
||||
shodan-query: title:"pyload"
|
||||
shodan-query: "title:\"pyload\""
|
||||
max-request: 2
|
||||
tags: cve,cve2024,pyload,authenticated,injection
|
||||
|
||||
variables:
|
||||
|
|
|
@ -18,8 +18,9 @@ info:
|
|||
cpe: cpe:2.3:a:ivanti:connect_secure:9.0:-:*:*:*:*:*:*
|
||||
metadata:
|
||||
vendor: ivanti
|
||||
product: connect_secure
|
||||
product: "connect_secure"
|
||||
shodan-query: "html:\"welcome.cgi?p=logo\""
|
||||
max-request: 1
|
||||
tags: cve,cve2024,kev,ssrf,ivanti
|
||||
|
||||
http:
|
||||
|
|
|
@ -8,7 +8,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.0.1?topic=users-tutorial-getting-started-decision-center-business-console
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title="Decision Center | Business Console"
|
||||
shodan-query: "title=\"Decision Center | Business Console\""
|
||||
max-request: 1
|
||||
tags: ibm,default-login,decision-center
|
||||
|
||||
http:
|
||||
|
|
|
@ -8,7 +8,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html="Decision Center Enterprise console"
|
||||
shodan-query: "html=\"Decision Center Enterprise console\""
|
||||
max-request: 1
|
||||
tags: ibm,default-login,decision-center
|
||||
|
||||
http:
|
||||
|
|
|
@ -8,7 +8,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.8.0?topic=center-overview-decision
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Rule Execution Server"
|
||||
shodan-query: "title:\"Rule Execution Server\""
|
||||
max-request: 1
|
||||
tags: ibm,default-login,decision-server
|
||||
|
||||
http:
|
||||
|
|
|
@ -7,8 +7,9 @@ info:
|
|||
reference:
|
||||
- https://documentation.softwareag.com/
|
||||
metadata:
|
||||
shodan-query: "http.favicon.hash:-234335289"
|
||||
max-request: 5
|
||||
verified: true
|
||||
shodan-query: http.favicon.hash:-234335289
|
||||
tags: default-login,webmethod
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
A Cisco Unity Connection instance was detected.
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: "html:\"Cisco Unity Connection\""
|
||||
max-request: 2
|
||||
verified: true
|
||||
shodan-query: html:"Cisco Unity Connection"
|
||||
tags: panel,cisco,unity,login,detect
|
||||
|
||||
http:
|
||||
|
|
|
@ -11,10 +11,9 @@ info:
|
|||
- https://dockge.kuma.pet/
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 2
|
||||
shodan-query: title:"Dockge"
|
||||
max-request: 1
|
||||
shodan-query: "title:\"Dockge\""
|
||||
tags: panel,dockge,login
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
|
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://www.en.because-software.com/software/easyjob/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Log in - easyJOB"
|
||||
shodan-query: "http.title:\"Log in - easyJOB\""
|
||||
max-request: 1
|
||||
tags: panel,easyjob,login
|
||||
|
||||
http:
|
||||
|
|
|
@ -7,12 +7,11 @@ info:
|
|||
description: GoAnywhere Managed File Transfer login panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: "http.html:\"GoAnywhere Managed File Transfer\""
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: http.html:"GoAnywhere Managed File Transfer"
|
||||
max-request: 2
|
||||
tags: panel,goanywhere,login,filetransfer
|
||||
|
||||
http:
|
||||
|
|
|
@ -11,7 +11,8 @@ info:
|
|||
vendor: gotify
|
||||
product: server
|
||||
verified: true
|
||||
shodan-query: http.title:"Gotify"
|
||||
shodan-query: "http.title:\"Gotify\""
|
||||
max-request: 1
|
||||
tags: panel,gotify,login,detect
|
||||
|
||||
http:
|
||||
|
|
|
@ -13,9 +13,9 @@ info:
|
|||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: grails
|
||||
product: grails
|
||||
max-request: 2
|
||||
tags: grails,panel
|
||||
|
||||
http:
|
||||
|
|
|
@ -9,7 +9,8 @@ info:
|
|||
- https://www.haivision.com/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Haivision Gateway"
|
||||
shodan-query: "http.title:\"Haivision Gateway\""
|
||||
max-request: 1
|
||||
tags: panel,haivision,login,detect
|
||||
|
||||
http:
|
||||
|
|
|
@ -9,9 +9,9 @@ info:
|
|||
- https://www.haivision.com/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Haivision Media Platform"
|
||||
shodan-query: "http.title:\"Haivision Media Platform\""
|
||||
max-request: 1
|
||||
tags: panel,haivision,login,detect
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
|
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.5.1?topic=console-tutorial-getting-started-decision-center-enterprise
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: html:"Decision Center Enterprise console"
|
||||
shodan-query: "html:\"Decision Center Enterprise console\""
|
||||
max-request: 1
|
||||
tags: panel,ibm,login,detect,decision-center
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.12.0?topic=overview-introducing-rule-execution-server
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: title:"Rule Execution Server"
|
||||
shodan-query: "title:\"Rule Execution Server\""
|
||||
max-request: 1
|
||||
tags: panel,ibm,login,detect,decision-server
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://www.ibm.com/docs/en/odm/8.12.0
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: title="Decision Center | Business Console"
|
||||
fofa-query: "title=\"Decision Center | Business Console\""
|
||||
max-request: 1
|
||||
tags: panel,ibm,login,detect,decision-center
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,10 +10,10 @@ info:
|
|||
- https://www.ivanti.com/products/connect-secure-vpn
|
||||
metadata:
|
||||
vendor: ivanti
|
||||
product: connect_secure
|
||||
product: "connect_secure"
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"Ivanti Connect Secure"
|
||||
max-request: 2
|
||||
shodan-query: "title:\"Ivanti Connect Secure\""
|
||||
tags: panel,connectsecure,login
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,12 +10,11 @@ info:
|
|||
- https://www.juniper.net/documentation/us/en/software/jweb-ex/jweb-ex-application-package/topics/concept/ex-series-j-web-interface-overview.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
verified: true
|
||||
shodan-query: http.title:"Juniper Web Device Manager"
|
||||
shodan-query: "http.title:\"Juniper Web Device Manager\""
|
||||
tags: panel,juniper,vpn,login
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,13 +10,12 @@ info:
|
|||
- https://github.com/provectus/kafka-ui
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
vendor: provectus
|
||||
product: ui
|
||||
platform: kafka
|
||||
max-request: 1
|
||||
max-request: 2
|
||||
tags: panel,kafka,apache,detect
|
||||
|
||||
http:
|
||||
|
|
|
@ -9,7 +9,8 @@ info:
|
|||
- https://kopano.com/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Kopano WebApp"
|
||||
shodan-query: "http.title:\"Kopano WebApp\""
|
||||
max-request: 1
|
||||
tags: panel,kopano,login,detect
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://github.com/linagora/linshare
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"LinShare"
|
||||
shodan-query: "http.title:\"LinShare\""
|
||||
max-request: 3
|
||||
tags: panel,linshare,login,detect
|
||||
|
||||
http:
|
||||
|
|
|
@ -8,8 +8,8 @@ info:
|
|||
vendor: odoo
|
||||
product: odoo
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: title:"Odoo"
|
||||
max-request: 2
|
||||
shodan-query: "title:\"Odoo\""
|
||||
tags: login,panel,odoo
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,9 +10,9 @@ info:
|
|||
- https://www.passbolt.com/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Passbolt | Open source password manager for teams"
|
||||
shodan-query: "http.title:\"Passbolt | Open source password manager for teams\""
|
||||
max-request: 1
|
||||
tags: panel,passbolt,login
|
||||
|
||||
http:
|
||||
- method: GET
|
||||
path:
|
||||
|
|
|
@ -7,13 +7,12 @@ info:
|
|||
description: phpMyAdmin panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
shodan-query: "http.title:phpMyAdmin"
|
||||
vendor: phpmyadmin
|
||||
product: phpmyadmin
|
||||
max-request: 12
|
||||
shodan-query: http.title:phpMyAdmin
|
||||
max-request: 13
|
||||
tags: panel,phpmyadmin
|
||||
|
||||
http:
|
||||
|
|
|
@ -7,14 +7,13 @@ info:
|
|||
description: Proofpoint Protection Server panel was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
product: "proofpoint protection server"
|
||||
shodan-query: "http.favicon.hash:942678640"
|
||||
verified: true
|
||||
max-request: 1
|
||||
max-request: 2
|
||||
vendor: proofpoint
|
||||
product: proofpoint protection server
|
||||
shodan-query: http.favicon.hash:942678640
|
||||
tags: panel,proofpoint,login,detect
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,9 +5,9 @@ info:
|
|||
author: dadevel
|
||||
severity: info
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: pulsesecure
|
||||
product: pulse_connect_secure
|
||||
max-request: 2
|
||||
tags: pulse,panel
|
||||
|
||||
http:
|
||||
|
|
|
@ -9,7 +9,8 @@ info:
|
|||
- https://www.rocket.chat/
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.title:"Rocket.Chat"
|
||||
shodan-query: "http.title:\"Rocket.Chat\""
|
||||
max-request: 1
|
||||
tags: panel,rocketchat,login,detect
|
||||
|
||||
http:
|
||||
|
|
|
@ -12,7 +12,8 @@ info:
|
|||
vendor: sentry
|
||||
product: sentry
|
||||
verified: true
|
||||
shodan-query: http.title:"Login | Sentry"
|
||||
shodan-query: "http.title:\"Login | Sentry\""
|
||||
max-request: 1
|
||||
tags: panel,sentry,login
|
||||
|
||||
http:
|
||||
|
|
|
@ -9,10 +9,10 @@ info:
|
|||
reference:
|
||||
- https://www.truenas.com
|
||||
metadata:
|
||||
vendor: ixsystems
|
||||
product: truenas
|
||||
verified: true
|
||||
max-request: 1
|
||||
vendor: ixsystems
|
||||
product: truenas
|
||||
shodan-query: html:"TrueNAS"
|
||||
tags: login,panel,truenas
|
||||
|
||||
|
|
|
@ -10,6 +10,7 @@ info:
|
|||
- https://resa.aero/solutions-operations-facturation/vista-web/
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
tags: panel,vistaweb,login
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,9 +10,9 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 59
|
||||
shodan-query: "http.title:\"swagger\""
|
||||
verified: true
|
||||
max-request: 57
|
||||
shodan-query: http.title:"swagger"
|
||||
tags: exposure,api,swagger
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,7 +10,7 @@ info:
|
|||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 1440
|
||||
max-request: 1305
|
||||
tags: exposure,backup
|
||||
|
||||
http:
|
||||
|
|
|
@ -8,10 +8,9 @@ info:
|
|||
reference: https://www.awstats.org/docs/awstats_setup.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 3
|
||||
max-request: 4
|
||||
tags: config,exposure,awstats
|
||||
|
||||
http:
|
||||
|
|
|
@ -8,7 +8,7 @@ info:
|
|||
reference:
|
||||
- https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/roundcube-log-disclosure.json
|
||||
metadata:
|
||||
max-request: 12
|
||||
max-request: 16
|
||||
tags: exposure,logs
|
||||
|
||||
http:
|
||||
|
|
|
@ -5,7 +5,7 @@ info:
|
|||
author: 0xcrypto
|
||||
severity: info
|
||||
metadata:
|
||||
max-request: 98135
|
||||
max-request: 100563
|
||||
tags: fuzzing,bruteforce,wordpress
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,8 +10,9 @@ info:
|
|||
- https://github.com/thewhiteh4t/killcast/blob/ee81cfa03c963d47d3335770fcea2ca48bddeabf/killcast.py#L100C25-L100C43
|
||||
- https://rithvikvibhu.github.io/GHLocalApi/#section/Google-Home-Local-API/Authentication
|
||||
metadata:
|
||||
shodan-query: "Chromecast"
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: Chromecast
|
||||
tags: google,chromecast,detect
|
||||
|
||||
http:
|
||||
|
|
|
@ -10,7 +10,8 @@ info:
|
|||
- https://www.ibm.com/products/operational-decision-manager
|
||||
metadata:
|
||||
verified: true
|
||||
fofa-query: icon_hash="707491698"
|
||||
fofa-query: "icon_hash=\"707491698\""
|
||||
max-request: 1
|
||||
tags: ibm,decision-center,tech,detect
|
||||
|
||||
http:
|
||||
|
|
|
@ -6,9 +6,9 @@ info:
|
|||
severity: info
|
||||
description: Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development -- https://github.com/lucee/Lucee/
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: html:"Lucee"
|
||||
fofa-query: app="Lucee-Engine"
|
||||
max-request: 2
|
||||
shodan-query: "html:\"Lucee\""
|
||||
fofa-query: "app=\"Lucee-Engine\""
|
||||
tags: tech,lucee
|
||||
|
||||
http:
|
||||
|
|
|
@ -7,9 +7,9 @@ info:
|
|||
reference:
|
||||
- https://github.com/wy876/POC/blob/main/%E5%A4%A7%E5%8D%8E%E6%99%BA%E6%85%A7%E5%9B%AD%E5%8C%BA%E7%BB%BC%E5%90%88%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0bitmap%E6%8E%A5%E5%8F%A3%E5%AD%98%E5%9C%A8%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md
|
||||
metadata:
|
||||
max-request: 1
|
||||
fofa-query: app="dahua-智慧园区综合管理平台"
|
||||
fofa-query: "app=\"dahua-智慧园区综合管理平台\""
|
||||
verified: true
|
||||
max-request: 2
|
||||
tags: dahua,file-upload,rce,intrusive
|
||||
|
||||
variables:
|
||||
|
|
|
@ -10,8 +10,8 @@ info:
|
|||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
max-request: 3
|
||||
parameters: q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year
|
||||
max-request: 29
|
||||
parameters: "q,s,search,id,action,keyword,query,page,keywords,url,view,cat,name,key,p,month,page_id,password,terms,token,type,unsubscribe_token,api,api_key,begindate,callback,categoryid,csrf_token,email,emailto,enddate,immagine,item,jsonp,l,lang,list_type,year"
|
||||
tags: xss,generic,fuzz
|
||||
|
||||
http:
|
||||
|
|
|
@ -12,8 +12,8 @@ info:
|
|||
cvss-score: 6.1
|
||||
cwe-id: CWE-601
|
||||
metadata:
|
||||
max-request: 12
|
||||
shodan-query: html:"/bitrix/"
|
||||
max-request: 14
|
||||
shodan-query: "html:\"/bitrix/\""
|
||||
tags: redirect,bitrix,packetstorm
|
||||
|
||||
http:
|
||||
|
|
|
@ -8,7 +8,7 @@ info:
|
|||
- https://github.com/OWASP/vbscan
|
||||
- https://blog.sucuri.net/2017/01/vbulletin-malware-hackers-compete-backdoor-control.html
|
||||
metadata:
|
||||
max-request: 31
|
||||
max-request: 21
|
||||
tags: backdoor,php,vbulletin,rce
|
||||
|
||||
flow: http(1) && http(2)
|
||||
|
|
|
@ -17,8 +17,8 @@ info:
|
|||
cvss-score: 8.1
|
||||
cve-id: CVE-2016-8706
|
||||
cwe-id: CWE-190
|
||||
epss-score: 0.91612
|
||||
epss-percentile: 0.98696
|
||||
epss-score: 0.89998
|
||||
epss-percentile: 0.987
|
||||
cpe: cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
|
|
@ -22,8 +22,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-34039
|
||||
cwe-id: CWE-327
|
||||
epss-score: 0.89263
|
||||
epss-percentile: 0.98515
|
||||
epss-score: 0.88996
|
||||
epss-percentile: 0.98637
|
||||
cpe: cpe:2.3:a:vmware:aria_operations_for_networks:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -18,8 +18,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-46604
|
||||
cwe-id: CWE-502
|
||||
epss-score: 0.97147
|
||||
epss-percentile: 0.99762
|
||||
epss-score: 0.97273
|
||||
epss-percentile: 0.99837
|
||||
cpe: cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -3,7 +3,7 @@ id: CVE-2024-23897
|
|||
info:
|
||||
name: Jenkins < 2.441 - Arbitrary File Read
|
||||
author: iamnoooob,rootxharsh,pdresearch
|
||||
severity: critical
|
||||
severity: high
|
||||
description: |
|
||||
Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system.
|
||||
reference:
|
||||
|
@ -12,6 +12,13 @@ info:
|
|||
- https://github.com/Mr-xn/Penetration_Testing_POC
|
||||
- https://github.com/forsaken0127/CVE-2024-23897
|
||||
- https://github.com/nomi-sec/PoC-in-GitHub
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2024-23897
|
||||
epss-score: 0.41536
|
||||
epss-percentile: 0.97188
|
||||
cpe: cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
|
|
|
@ -20,8 +20,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2016-2004
|
||||
cwe-id: CWE-306
|
||||
epss-score: 0.09306
|
||||
epss-percentile: 0.94149
|
||||
epss-score: 0.12552
|
||||
epss-percentile: 0.95291
|
||||
cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
|
|
|
@ -20,7 +20,7 @@ info:
|
|||
cve-id: CVE-2016-3510
|
||||
cwe-id: CWE-119
|
||||
epss-score: 0.04254
|
||||
epss-percentile: 0.914
|
||||
epss-percentile: 0.92018
|
||||
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -20,8 +20,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2017-3881
|
||||
cwe-id: CWE-20
|
||||
epss-score: 0.9747
|
||||
epss-percentile: 0.99961
|
||||
epss-score: 0.9745
|
||||
epss-percentile: 0.99948
|
||||
cpe: cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
|
|
|
@ -22,7 +22,7 @@ info:
|
|||
cve-id: CVE-2017-5645
|
||||
cwe-id: CWE-502
|
||||
epss-score: 0.81948
|
||||
epss-percentile: 0.98126
|
||||
epss-percentile: 0.98287
|
||||
cpe: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
|
|
|
@ -21,7 +21,7 @@ info:
|
|||
cve-id: CVE-2018-2628
|
||||
cwe-id: CWE-502
|
||||
epss-score: 0.97523
|
||||
epss-percentile: 0.99988
|
||||
epss-percentile: 0.99987
|
||||
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
|
|
@ -20,14 +20,13 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-2893
|
||||
epss-score: 0.97327
|
||||
epss-percentile: 0.99866
|
||||
epss-percentile: 0.99869
|
||||
cpe: cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: oracle
|
||||
product: weblogic_server
|
||||
tags: cve,cve2018,weblogic,network,deserialization,rce,oracle
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
- data: "t3 12.2.1
|
||||
|
|
|
@ -21,7 +21,7 @@ info:
|
|||
cve-id: CVE-2020-11981
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.9386
|
||||
epss-percentile: 0.98967
|
||||
epss-percentile: 0.99073
|
||||
cpe: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
verified: true
|
||||
|
|
|
@ -19,8 +19,8 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-1938
|
||||
cwe-id: CWE-269
|
||||
epss-score: 0.97499
|
||||
epss-percentile: 0.99978
|
||||
epss-score: 0.97384
|
||||
epss-percentile: 0.99902
|
||||
cpe: cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 4
|
||||
|
@ -28,7 +28,6 @@ info:
|
|||
product: geode
|
||||
shodan-query: title:"Apache Tomcat"
|
||||
tags: cve,cve2020,kev,tenable,apache,lfi,network,tomcat,ajp
|
||||
|
||||
tcp:
|
||||
- host:
|
||||
- "{{Hostname}}"
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue