Merge pull request #3824 from MostInterestingBotInTheWorld/dashboard

Template Enhancements

cves/2010/CVE-2010-0219.yaml

@@ -1,10 +1,16 @@
-id: axis2-default-login
+id: CVE-2010-0219
 
 info:
-  name: Axis2 Default Login
+  name: Apache Axis2 Default Login
   author: pikpikcu
   severity: high
-  tags: axis,apache,default-login,axis2
+  description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
+  tags: cve,cve2010,axis,apache,default-login,axis2
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2010-0219
+    - https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html
+  classification:
+    cve-id: CVE-2010-0219
 
 requests:
   - raw:
@@ -39,3 +45,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/02

cves/2010/CVE-2010-1717.yaml

@@ -1,16 +1,17 @@
 id: CVE-2010-1717
+
 info:
   name: Joomla! Component iF surfALERT 1.2 - Local File Inclusion
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
-  remediation: Upgrade to a supported version.
   reference:
     - https://www.exploit-db.com/exploits/12291
     - https://www.cvedetails.com/cve/CVE-2010-1717
   tags: cve,cve2010,joomla,lfi
   classification:
     cve-id: CVE-2010-1717
+
 requests:
   - method: GET
     path:
@@ -23,4 +24,5 @@ requests:
       - type: status
         status:
           - 200
-# Enhanced by mp on 2022/02/15
+
+# Enhanced by mp on 2022/03/01

cves/2010/CVE-2010-1718.yaml

@@ -1,16 +1,17 @@
 id: CVE-2010-1718
+
 info:
   name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
-  remediation: Upgrade to a supported version.
   reference:
     - https://www.exploit-db.com/exploits/12282
     - https://www.cvedetails.com/cve/CVE-2010-1718
   tags: cve,cve2010,joomla,lfi
   classification:
     cve-id: CVE-2010-1718
+
 requests:
   - method: GET
     path:
@@ -23,4 +24,5 @@ requests:
       - type: status
         status:
           - 200
-# Enhanced by mp on 2022/02/15
+
+# Enhanced by mp on 2022/03/01

cves/2010/CVE-2010-1719.yaml

@@ -1,16 +1,17 @@
 id: CVE-2010-1719
+
 info:
   name: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
-  remediation: Upgrade to a supported version.
   reference:
     - https://www.exploit-db.com/exploits/12233
     - https://www.cvedetails.com/cve/CVE-2010-1719
   tags: cve,cve2010,joomla,lfi
   classification:
     cve-id: CVE-2010-1719
+
 requests:
   - method: GET
     path:
@@ -23,4 +24,5 @@ requests:
       - type: status
         status:
           - 200
-# Enhanced by mp on 2022/02/15
+
+# Enhanced by mp on 2022/03/01

cves/2010/CVE-2010-1722.yaml

@@ -1,16 +1,17 @@
 id: CVE-2010-1722
+
 info:
   name: Joomla! Component Online Market 2.x - Local File Inclusion
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
-  remediation: Upgrade to a supported version.
   reference:
     - https://www.exploit-db.com/exploits/12177
     - https://www.cvedetails.com/cve/CVE-2010-1722
   tags: cve,cve2010,joomla,lfi
   classification:
     cve-id: CVE-2010-1722
+
 requests:
   - method: GET
     path:
@@ -23,4 +24,5 @@ requests:
       - type: status
         status:
           - 200
-# Enhanced by mp on 2022/02/15
+
+# Enhanced by mp on 2022/03/01

cves/2010/CVE-2010-1723.yaml

@@ -1,16 +1,17 @@
 id: CVE-2010-1723
+
 info:
   name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion
   author: daffainfo
   severity: high
   description: A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
-  remediation: Upgrade to a supported version.
   reference:
     - https://www.exploit-db.com/exploits/12289
     - https://www.cvedetails.com/cve/CVE-2010-1723
   tags: cve,cve2010,joomla,lfi
   classification:
     cve-id: CVE-2010-1723
+
 requests:
   - method: GET
     path:
@@ -23,4 +24,5 @@ requests:
       - type: status
         status:
           - 200
-# Enhanced by mp on 2022/02/15
+
+# Enhanced by mp on 2022/03/01

cves/2015/CVE-2015-7297.yaml

@@ -1,11 +1,16 @@
 id: CVE-2015-7297
+
 info:
   name: Joomla Core SQL Injection
   author: princechaddha
   severity: high
-  description: SQL injection vulnerability in Joomla 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.
-  reference: http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
+  description: A SQL injection vulnerability in Joomla 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-7297
+    - http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
   tags: cve,cve2015,joomla,sqli
+  classification:
+    cve-id: CVE-2015-7297
 
 requests:
   - method: GET
@@ -17,3 +22,5 @@ requests:
         words:
           - "cf79ae6addba60ad018347359bd144d2"
         part: body
+
+# Enhanced by mp on 2022/03/02

default-logins/apache/superset-default-login.yaml

@@ -1,11 +1,17 @@
-id: apache-superset-default-login
+id: CVE-2021-44451
 
 info:
   name: Apache Superset Default Login
   author: dhiyaneshDK
   severity: high
-  reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json
+  description: Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way.
+  remediation: Users should upgrade to Apache Superset 1.4.0 or higher.
+  reference:
+    - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-44451
   tags: apache, default-login
+  classification:
+    cve-id: CVE-2021-44451
 
 requests:
   - raw:
@@ -57,3 +63,5 @@ requests:
       - type: status
         status:
           - 302
+
+# Enhanced by mp on 2022/03/02

default-logins/apache/tomcat-default-login.yaml

@@ -63,4 +63,4 @@ requests:
 
       - type: word
         words:
-          - Apache Tomcat
+          - Apache Tomcat

default-logins/azkaban/azkaban-default-login.yaml

@@ -1,47 +1,55 @@
-id: azkaban-default-login
-
-info:
-  name: Azkaban Web Client Default Credential
-  author: pussycat0x
-  severity: high
-  reference: https://www.shodan.io/search?query=http.title%3A%22Azkaban+Web+Client%22
-  tags: default-login,azkaban
-
-requests:
-  - raw:
-      - |
-        POST / HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        action=login&username={{username}}&password={{password}}
-
-    payloads:
-      username:
-        - admin
-      password:
-        - admin
-    attack: pitchfork
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '"session.id"'
-          - '"success"'
-        condition: and
-
-      - type: word
-        words:
-          - 'azkaban.browser.session.id'
-          - 'application/json'
-        condition: and
-        part: header
-
-      - type: status
-        status:
-          - 200
-
-    extractors:
-      - type: kval
-        kval:
-          - azkaban.browser.session.id
+id: azkaban-default-login
+
+info:
+  name: Azkaban Web Client Default Credential
+  author: pussycat0x
+  severity: high
+  description: Azkaban is a batch workflow job scheduler created at LinkedIn to run Hadoop jobs.  Default web client credentials were discovered.
+  reference:
+    - https://www.shodan.io/search?query=http.title%3A%22Azkaban+Web+Client%22
+  tags: default-login,azkaban
+  classification:
+    cwe-id: 255
+
+requests:
+  - raw:
+      - |
+        POST / HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        action=login&username={{username}}&password={{password}}
+
+    payloads:
+      username:
+        - admin
+      password:
+        - admin
+    attack: pitchfork
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"session.id"'
+          - '"success"'
+        condition: and
+
+      - type: word
+        words:
+          - 'azkaban.browser.session.id'
+          - 'application/json'
+        condition: and
+        part: header
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: kval
+        kval:
+          - azkaban.browser.session.id
+
+# Enhanced by mp on 2022/03/02
+
+# Enhanced by mp on 2022/03/02

default-logins/chinaunicom/chinaunicom-default-login.yaml

@@ -1,10 +1,13 @@
 id: chinaunicom-default-login
 
 info:
-  name: Chinaunicom Modem Default Login
+  name: China Unicom Modem Default Login
   author: princechaddha
   severity: high
+  description: Default login credentials were discovered for a China Unicom modem.
   tags: chinaunicom,default-login
+  classification:
+    cwe-id: 798
 
 requests:
   - raw:
@@ -31,3 +34,5 @@ requests:
         words:
           - "/menu.gch"
         part: header
+
+# Enhanced by mp on 2022/03/02

default-logins/cobbler/cobbler-default-login.yaml

@@ -3,11 +3,15 @@ id: cobbler-default-login
 info:
   name: Cobbler Default Login
   author: c-sh0
+  description: Cobbler default login credentials were discovered. When in /etc/cobbler/modules.conf in the [authentication] part of the "testing" module, the credential “testing:testing” is used to authenticate users.
   reference:
+    - https://seclists.org/oss-sec/2022/q1/146
     - https://github.com/cobbler/cobbler/issues/2307
     - https://github.com/cobbler/cobbler/issues/2909
   severity: high
   tags: cobbler,default-login,api
+  classification:
+    cwe-id: cwe-798
 
 requests:
   - raw:
@@ -64,3 +68,5 @@ requests:
         part: body
         regex:
           - "(.*[a-zA-Z0-9].+==)</string></value>"
+
+# Enhanced by mp on 2022/03/02

default-logins/dell/dell-idrac-default-login.yaml

@@ -1,9 +1,15 @@
 id: dell-idrac-default-login
+
 info:
-  name: Dell iDRAC6/7/8 Default login
+  name: Dell iDRAC6/7/8 Default Login
   author: kophjager007
   severity: high
+  description: Dell iDRAC6/7/8 default login information was discovered. The default iDRAC username and password are widely known, and any user with access to the server could change the default password.
+  reference:
+    - https://securityforeveryone.com/tools/dell-idrac6-7-8-default-login-scanner
   tags: dell,idrac,default-login
+  classification:
+    cwe-id: 798
 
 requests:
   - raw:
@@ -34,3 +40,5 @@ requests:
       - type: word
         words:
           - '<authResult>0</authResult>'
+
+# Enhanced by mp on 2022/03/02

default-logins/dell/dell-idrac9-default-login.yaml

@@ -4,7 +4,12 @@ info:
   name: DELL iDRAC9 Default Login
   author: kophjager007,milo2012
   severity: high
+  description: DELL iDRAC9 default login information was discovered. The default iDRAC username and password are widely known, and any user with access to the server could change the default password.
+  reference:
+    - https://www.dell.com/support/kbdoc/en-us/000177787/how-to-change-the-default-login-password-of-the-idrac-9
   tags: dell,idrac,default-login
+  classification:
+    cwe-id: 798
 
 requests:
   - raw:
@@ -33,3 +38,5 @@ requests:
         part: body
         words:
           - '"authResult":0'
+
+# Enhanced by mp on 2022/03/02

exposed-panels/barracuda-panel.yaml

@@ -5,6 +5,11 @@ info:
   author: dhiyaneshDK
   severity: info
   tags: barracuda,panel,vpn
+  description: The Barracuda SSL VPN is an integrated hardware and software solution enabling secure, clientless remote access to internal network resources from any web browser.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
 
 requests:
   - method: GET
@@ -20,3 +25,5 @@ requests:
       - type: word
         words:
           - 'Barracuda SSL VPN'
+
+# Enhanced by mp on 2022/03/01

exposed-panels/bitrix-panel.yaml

@@ -5,6 +5,11 @@ info:
   author: juicypotato1
   severity: info
   tags: panel,bitrix,login
+  description: Bitrix24 is a unified work space that places a complete set of business tools into a single, intuitive interface.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
+    cvss-score: 0.0
+    cwe-id: CWE-200
 
 requests:
   - method: GET
@@ -25,3 +30,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/01

misconfiguration/proxy/open-proxy-portscan.yaml

@@ -6,7 +6,7 @@ info:
   severity: high
   tags: exposure,config,proxy,misconfig,fuzz
   description: The host is configured as a proxy which allows access to its internal interface
-  remediation: Disable the proxy or restrict configuraiton to only allow access to approved hosts/ports.
+  remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports.
   reference:
     - https://blog.projectdiscovery.io/abusing-reverse-proxies-internal-access/
     - https://en.wikipedia.org/wiki/Open_proxy

vulnerabilities/other/74cms-sqli.yaml

@@ -1,9 +1,16 @@
-id: 74cms-sqli
+id: CVE-2020-22210
+
 info:
   author: princechaddha
   name: 74cms Sql Injection
   severity: high
   tags: 74cms,sqli
+  description: A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php.
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-22210
+    - https://github.com/blindkey/cve_like/issues/11
+  classification:
+    cve-id: CVE-2020-22210
 
 requests:
   - method: GET
@@ -15,3 +22,5 @@ requests:
         words:
           - "e807f1fcf82d132f9bb018ca6738a19f"
         part: body
+
+# Enhanced by mp on 2022/03/02

vulnerabilities/other/accent-microcomputers-lfi.yaml

@@ -4,10 +4,16 @@ info:
   name: Accent Microcomputers LFI
   author: 0x_Akoko
   severity: high
+  description: A local file inclusion vulnerability in Accent Microcomputers offerings could allow remote attackers to retrieve password files.
   reference:
     - https://cxsecurity.com/issue/WLB-2018050036
     - http://www.accent.com.pl
   tags: microcomputers,accent,lfi
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
+    cvss-score: 8.6
+    cve-id:
+    cwe-id: CWE-22
 
 requests:
   - method: GET
@@ -24,3 +30,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/03/02