diff --git a/default-logins/axis2/axis2-default-login.yaml b/cves/2010/CVE-2010-0219.yaml similarity index 53% rename from default-logins/axis2/axis2-default-login.yaml rename to cves/2010/CVE-2010-0219.yaml index 1320f9e2bc..9e44b7dcc9 100644 --- a/default-logins/axis2/axis2-default-login.yaml +++ b/cves/2010/CVE-2010-0219.yaml @@ -1,10 +1,16 @@ -id: axis2-default-login +id: CVE-2010-0219 info: - name: Axis2 Default Login + name: Apache Axis2 Default Login author: pikpikcu severity: high - tags: axis,apache,default-login,axis2 + description: Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. + tags: cve,cve2010,axis,apache,default-login,axis2 + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2010-0219 + - https://knowledge.broadcom.com/external/article/13994/vulnerability-axis2-default-administrato.html + classification: + cve-id: CVE-2010-0219 requests: - raw: @@ -39,3 +45,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/03/02 diff --git a/cves/2010/CVE-2010-1717.yaml b/cves/2010/CVE-2010-1717.yaml index e72f52bc54..d65f97ddb5 100644 --- a/cves/2010/CVE-2010-1717.yaml +++ b/cves/2010/CVE-2010-1717.yaml @@ -1,16 +1,17 @@ id: CVE-2010-1717 + info: name: Joomla! Component iF surfALERT 1.2 - Local File Inclusion author: daffainfo severity: high description: A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. reference: - https://www.exploit-db.com/exploits/12291 - https://www.cvedetails.com/cve/CVE-2010-1717 tags: cve,cve2010,joomla,lfi classification: cve-id: CVE-2010-1717 + requests: - method: GET path: @@ -23,4 +24,5 @@ requests: - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# Enhanced by mp on 2022/03/01 diff --git a/cves/2010/CVE-2010-1718.yaml b/cves/2010/CVE-2010-1718.yaml index bdd2dab463..881bb545bb 100644 --- a/cves/2010/CVE-2010-1718.yaml +++ b/cves/2010/CVE-2010-1718.yaml @@ -1,16 +1,17 @@ id: CVE-2010-1718 + info: name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion author: daffainfo severity: high description: A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. reference: - https://www.exploit-db.com/exploits/12282 - https://www.cvedetails.com/cve/CVE-2010-1718 tags: cve,cve2010,joomla,lfi classification: cve-id: CVE-2010-1718 + requests: - method: GET path: @@ -23,4 +24,5 @@ requests: - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# Enhanced by mp on 2022/03/01 diff --git a/cves/2010/CVE-2010-1719.yaml b/cves/2010/CVE-2010-1719.yaml index 3dd8bbed2f..809ec7e178 100644 --- a/cves/2010/CVE-2010-1719.yaml +++ b/cves/2010/CVE-2010-1719.yaml @@ -1,16 +1,17 @@ id: CVE-2010-1719 + info: name: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion author: daffainfo severity: high description: A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. reference: - https://www.exploit-db.com/exploits/12233 - https://www.cvedetails.com/cve/CVE-2010-1719 tags: cve,cve2010,joomla,lfi classification: cve-id: CVE-2010-1719 + requests: - method: GET path: @@ -23,4 +24,5 @@ requests: - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# Enhanced by mp on 2022/03/01 diff --git a/cves/2010/CVE-2010-1722.yaml b/cves/2010/CVE-2010-1722.yaml index 5a5e3abffd..224a36ab0d 100644 --- a/cves/2010/CVE-2010-1722.yaml +++ b/cves/2010/CVE-2010-1722.yaml @@ -1,16 +1,17 @@ id: CVE-2010-1722 + info: name: Joomla! Component Online Market 2.x - Local File Inclusion author: daffainfo severity: high description: A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. reference: - https://www.exploit-db.com/exploits/12177 - https://www.cvedetails.com/cve/CVE-2010-1722 tags: cve,cve2010,joomla,lfi classification: cve-id: CVE-2010-1722 + requests: - method: GET path: @@ -23,4 +24,5 @@ requests: - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# Enhanced by mp on 2022/03/01 diff --git a/cves/2010/CVE-2010-1723.yaml b/cves/2010/CVE-2010-1723.yaml index 75c679e3e7..3485c1853a 100644 --- a/cves/2010/CVE-2010-1723.yaml +++ b/cves/2010/CVE-2010-1723.yaml @@ -1,16 +1,17 @@ id: CVE-2010-1723 + info: name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion author: daffainfo severity: high description: A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php. - remediation: Upgrade to a supported version. reference: - https://www.exploit-db.com/exploits/12289 - https://www.cvedetails.com/cve/CVE-2010-1723 tags: cve,cve2010,joomla,lfi classification: cve-id: CVE-2010-1723 + requests: - method: GET path: @@ -23,4 +24,5 @@ requests: - type: status status: - 200 -# Enhanced by mp on 2022/02/15 + +# Enhanced by mp on 2022/03/01 diff --git a/cves/2015/CVE-2015-7297.yaml b/cves/2015/CVE-2015-7297.yaml index b42e4ae2f7..1463c775a8 100644 --- a/cves/2015/CVE-2015-7297.yaml +++ b/cves/2015/CVE-2015-7297.yaml @@ -1,11 +1,16 @@ id: CVE-2015-7297 + info: name: Joomla Core SQL Injection author: princechaddha severity: high - description: SQL injection vulnerability in Joomla 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands. - reference: http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html + description: A SQL injection vulnerability in Joomla 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2015-7297 + - http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html tags: cve,cve2015,joomla,sqli + classification: + cve-id: CVE-2015-7297 requests: - method: GET @@ -17,3 +22,5 @@ requests: words: - "cf79ae6addba60ad018347359bd144d2" part: body + +# Enhanced by mp on 2022/03/02 diff --git a/default-logins/apache/superset-default-login.yaml b/default-logins/apache/superset-default-login.yaml index aca3520299..bc69c3ca6e 100644 --- a/default-logins/apache/superset-default-login.yaml +++ b/default-logins/apache/superset-default-login.yaml @@ -1,11 +1,17 @@ -id: apache-superset-default-login +id: CVE-2021-44451 info: name: Apache Superset Default Login author: dhiyaneshDK severity: high - reference: https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json + description: Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This information could be accessed in a non-trivial way. + remediation: Users should upgrade to Apache Superset 1.4.0 or higher. + reference: + - https://github.com/detectify/ugly-duckling/blob/master/modules/crowdsourced/apache-superset-default-credentials.json + - https://nvd.nist.gov/vuln/detail/CVE-2021-44451 tags: apache, default-login + classification: + cve-id: CVE-2021-44451 requests: - raw: @@ -57,3 +63,5 @@ requests: - type: status status: - 302 + +# Enhanced by mp on 2022/03/02 diff --git a/default-logins/apache/tomcat-default-login.yaml b/default-logins/apache/tomcat-default-login.yaml index 9b4556e810..a9638ecc78 100644 --- a/default-logins/apache/tomcat-default-login.yaml +++ b/default-logins/apache/tomcat-default-login.yaml @@ -63,4 +63,4 @@ requests: - type: word words: - - Apache Tomcat \ No newline at end of file + - Apache Tomcat diff --git a/default-logins/azkaban/azkaban-default-login.yaml b/default-logins/azkaban/azkaban-default-login.yaml index 5d9e13ca58..1970b6e737 100644 --- a/default-logins/azkaban/azkaban-default-login.yaml +++ b/default-logins/azkaban/azkaban-default-login.yaml @@ -1,47 +1,55 @@ -id: azkaban-default-login - -info: - name: Azkaban Web Client Default Credential - author: pussycat0x - severity: high - reference: https://www.shodan.io/search?query=http.title%3A%22Azkaban+Web+Client%22 - tags: default-login,azkaban - -requests: - - raw: - - | - POST / HTTP/1.1 - Host: {{Hostname}} - Content-Type: application/x-www-form-urlencoded; charset=UTF-8 - - action=login&username={{username}}&password={{password}} - - payloads: - username: - - admin - password: - - admin - attack: pitchfork - matchers-condition: and - matchers: - - type: word - words: - - '"session.id"' - - '"success"' - condition: and - - - type: word - words: - - 'azkaban.browser.session.id' - - 'application/json' - condition: and - part: header - - - type: status - status: - - 200 - - extractors: - - type: kval - kval: - - azkaban.browser.session.id +id: azkaban-default-login + +info: + name: Azkaban Web Client Default Credential + author: pussycat0x + severity: high + description: Azkaban is a batch workflow job scheduler created at LinkedIn to run Hadoop jobs. Default web client credentials were discovered. + reference: + - https://www.shodan.io/search?query=http.title%3A%22Azkaban+Web+Client%22 + tags: default-login,azkaban + classification: + cwe-id: 255 + +requests: + - raw: + - | + POST / HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/x-www-form-urlencoded; charset=UTF-8 + + action=login&username={{username}}&password={{password}} + + payloads: + username: + - admin + password: + - admin + attack: pitchfork + matchers-condition: and + matchers: + - type: word + words: + - '"session.id"' + - '"success"' + condition: and + + - type: word + words: + - 'azkaban.browser.session.id' + - 'application/json' + condition: and + part: header + + - type: status + status: + - 200 + + extractors: + - type: kval + kval: + - azkaban.browser.session.id + +# Enhanced by mp on 2022/03/02 + +# Enhanced by mp on 2022/03/02 diff --git a/default-logins/chinaunicom/chinaunicom-default-login.yaml b/default-logins/chinaunicom/chinaunicom-default-login.yaml index 9b69089ffb..bfd586c991 100644 --- a/default-logins/chinaunicom/chinaunicom-default-login.yaml +++ b/default-logins/chinaunicom/chinaunicom-default-login.yaml @@ -1,10 +1,13 @@ id: chinaunicom-default-login info: - name: Chinaunicom Modem Default Login + name: China Unicom Modem Default Login author: princechaddha severity: high + description: Default login credentials were discovered for a China Unicom modem. tags: chinaunicom,default-login + classification: + cwe-id: 798 requests: - raw: @@ -31,3 +34,5 @@ requests: words: - "/menu.gch" part: header + +# Enhanced by mp on 2022/03/02 diff --git a/default-logins/cobbler/cobbler-default-login.yaml b/default-logins/cobbler/cobbler-default-login.yaml index a92b21065f..65f9d50d26 100644 --- a/default-logins/cobbler/cobbler-default-login.yaml +++ b/default-logins/cobbler/cobbler-default-login.yaml @@ -3,11 +3,15 @@ id: cobbler-default-login info: name: Cobbler Default Login author: c-sh0 + description: Cobbler default login credentials were discovered. When in /etc/cobbler/modules.conf in the [authentication] part of the "testing" module, the credential “testing:testing” is used to authenticate users. reference: + - https://seclists.org/oss-sec/2022/q1/146 - https://github.com/cobbler/cobbler/issues/2307 - https://github.com/cobbler/cobbler/issues/2909 severity: high tags: cobbler,default-login,api + classification: + cwe-id: cwe-798 requests: - raw: @@ -64,3 +68,5 @@ requests: part: body regex: - "(.*[a-zA-Z0-9].+==)" + +# Enhanced by mp on 2022/03/02 diff --git a/default-logins/dell/dell-idrac-default-login.yaml b/default-logins/dell/dell-idrac-default-login.yaml index 6e06c1ace2..0ae492af80 100644 --- a/default-logins/dell/dell-idrac-default-login.yaml +++ b/default-logins/dell/dell-idrac-default-login.yaml @@ -1,9 +1,15 @@ id: dell-idrac-default-login + info: - name: Dell iDRAC6/7/8 Default login + name: Dell iDRAC6/7/8 Default Login author: kophjager007 severity: high + description: Dell iDRAC6/7/8 default login information was discovered. The default iDRAC username and password are widely known, and any user with access to the server could change the default password. + reference: + - https://securityforeveryone.com/tools/dell-idrac6-7-8-default-login-scanner tags: dell,idrac,default-login + classification: + cwe-id: 798 requests: - raw: @@ -34,3 +40,5 @@ requests: - type: word words: - '0' + +# Enhanced by mp on 2022/03/02 diff --git a/default-logins/dell/dell-idrac9-default-login.yaml b/default-logins/dell/dell-idrac9-default-login.yaml index d60325405b..2954ca38b1 100644 --- a/default-logins/dell/dell-idrac9-default-login.yaml +++ b/default-logins/dell/dell-idrac9-default-login.yaml @@ -4,7 +4,12 @@ info: name: DELL iDRAC9 Default Login author: kophjager007,milo2012 severity: high + description: DELL iDRAC9 default login information was discovered. The default iDRAC username and password are widely known, and any user with access to the server could change the default password. + reference: + - https://www.dell.com/support/kbdoc/en-us/000177787/how-to-change-the-default-login-password-of-the-idrac-9 tags: dell,idrac,default-login + classification: + cwe-id: 798 requests: - raw: @@ -33,3 +38,5 @@ requests: part: body words: - '"authResult":0' + +# Enhanced by mp on 2022/03/02 diff --git a/exposed-panels/barracuda-panel.yaml b/exposed-panels/barracuda-panel.yaml index 73bbd91333..08f83130c0 100644 --- a/exposed-panels/barracuda-panel.yaml +++ b/exposed-panels/barracuda-panel.yaml @@ -5,6 +5,11 @@ info: author: dhiyaneshDK severity: info tags: barracuda,panel,vpn + description: The Barracuda SSL VPN is an integrated hardware and software solution enabling secure, clientless remote access to internal network resources from any web browser. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 requests: - method: GET @@ -20,3 +25,5 @@ requests: - type: word words: - 'Barracuda SSL VPN' + +# Enhanced by mp on 2022/03/01 diff --git a/exposed-panels/bitrix-panel.yaml b/exposed-panels/bitrix-panel.yaml index 700f7a2a85..a127022b3c 100644 --- a/exposed-panels/bitrix-panel.yaml +++ b/exposed-panels/bitrix-panel.yaml @@ -5,6 +5,11 @@ info: author: juicypotato1 severity: info tags: panel,bitrix,login + description: Bitrix24 is a unified work space that places a complete set of business tools into a single, intuitive interface. + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N + cvss-score: 0.0 + cwe-id: CWE-200 requests: - method: GET @@ -25,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/03/01 diff --git a/misconfiguration/proxy/open-proxy-portscan.yaml b/misconfiguration/proxy/open-proxy-portscan.yaml index 9c08fb84a3..2939d5d9af 100644 --- a/misconfiguration/proxy/open-proxy-portscan.yaml +++ b/misconfiguration/proxy/open-proxy-portscan.yaml @@ -6,7 +6,7 @@ info: severity: high tags: exposure,config,proxy,misconfig,fuzz description: The host is configured as a proxy which allows access to its internal interface - remediation: Disable the proxy or restrict configuraiton to only allow access to approved hosts/ports. + remediation: Disable the proxy or restrict configuration to only allow access to approved hosts/ports. reference: - https://blog.projectdiscovery.io/abusing-reverse-proxies-internal-access/ - https://en.wikipedia.org/wiki/Open_proxy diff --git a/vulnerabilities/other/74cms-sqli.yaml b/vulnerabilities/other/74cms-sqli.yaml index 904b2a3a57..9ec069316e 100644 --- a/vulnerabilities/other/74cms-sqli.yaml +++ b/vulnerabilities/other/74cms-sqli.yaml @@ -1,9 +1,16 @@ -id: 74cms-sqli +id: CVE-2020-22210 + info: author: princechaddha name: 74cms Sql Injection severity: high tags: 74cms,sqli + description: A SQL injection vulnerability exists in 74cms 3.2.0 via the x parameter to ajax_officebuilding.php. + reference: + - https://nvd.nist.gov/vuln/detail/CVE-2020-22210 + - https://github.com/blindkey/cve_like/issues/11 + classification: + cve-id: CVE-2020-22210 requests: - method: GET @@ -15,3 +22,5 @@ requests: words: - "e807f1fcf82d132f9bb018ca6738a19f" part: body + +# Enhanced by mp on 2022/03/02 diff --git a/vulnerabilities/other/accent-microcomputers-lfi.yaml b/vulnerabilities/other/accent-microcomputers-lfi.yaml index 384726e657..4b68e7a6be 100644 --- a/vulnerabilities/other/accent-microcomputers-lfi.yaml +++ b/vulnerabilities/other/accent-microcomputers-lfi.yaml @@ -4,10 +4,16 @@ info: name: Accent Microcomputers LFI author: 0x_Akoko severity: high + description: A local file inclusion vulnerability in Accent Microcomputers offerings could allow remote attackers to retrieve password files. reference: - https://cxsecurity.com/issue/WLB-2018050036 - http://www.accent.com.pl tags: microcomputers,accent,lfi + classification: + cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N + cvss-score: 8.6 + cve-id: + cwe-id: CWE-22 requests: - method: GET @@ -24,3 +30,5 @@ requests: - type: status status: - 200 + +# Enhanced by mp on 2022/03/02