From ef1f7c5e92133362f6e59b96c491cc95ad0993d1 Mon Sep 17 00:00:00 2001 From: sullo Date: Sun, 5 Sep 2021 17:13:45 -0400 Subject: [PATCH] Updates across many templates for clarity, spelling, and grammar. --- cves/2009/CVE-2009-1151.yaml | 4 ++-- cves/2009/CVE-2009-4223.yaml | 2 +- cves/2013/CVE-2013-2251.yaml | 2 +- cves/2016/CVE-2016-5649.yaml | 4 ++-- cves/2017/CVE-2017-15715.yaml | 4 ++-- cves/2017/CVE-2017-18638.yaml | 2 +- cves/2019/CVE-2019-13462.yaml | 2 +- cves/2019/CVE-2019-15107.yaml | 2 +- cves/2019/CVE-2019-2767.yaml | 2 +- cves/2019/CVE-2019-5127.yaml | 2 +- cves/2019/CVE-2019-5418.yaml | 2 +- cves/2020/CVE-2020-11034.yaml | 2 +- cves/2020/CVE-2020-14883.yaml | 2 +- cves/2020/CVE-2020-25213.yaml | 4 ++-- cves/2020/CVE-2020-25540.yaml | 2 +- cves/2020/CVE-2020-26919.yaml | 2 +- cves/2020/CVE-2020-28871.yaml | 2 +- cves/2020/CVE-2020-28976.yaml | 2 +- cves/2020/CVE-2020-5847.yaml | 2 +- cves/2020/CVE-2020-7209.yaml | 2 +- cves/2020/CVE-2020-9402.yaml | 2 +- cves/2020/CVE-2020-9425.yaml | 2 +- cves/2021/CVE-2021-21972.yaml | 2 +- cves/2021/CVE-2021-28854.yaml | 2 +- cves/2021/CVE-2021-33221.yaml | 2 +- default-logins/glpi/glpi-default-credential.yaml | 2 +- dns/mx-service-detector.yaml | 2 +- exposures/files/yarn-lock.yaml | 2 +- fuzzing/iis-shortname.yaml | 2 +- iot/kevinlab-device-detect.yaml | 2 +- iot/xp-webcam.yaml | 4 ++-- miscellaneous/google-floc-disabled.yaml | 2 +- miscellaneous/joomla-htaccess.yaml | 4 ++-- miscellaneous/joomla-manifest-file.yaml | 4 ++-- miscellaneous/moodle-changelog.yaml | 2 +- misconfiguration/aem/aem-userinfo-servlet.yaml | 4 ++-- misconfiguration/exposed-service-now.yaml | 4 ++-- misconfiguration/http-missing-security-headers.yaml | 4 ++-- misconfiguration/laravel-debug-enabled.yaml | 4 ++-- network/deprecated-sshv1-detection.yaml | 2 +- network/mysql-native-cred-bruteforce.yaml | 2 +- network/openssh5.3-detect.yaml | 2 +- vulnerabilities/generic/open-redirect.yaml | 2 +- vulnerabilities/other/couchdb-adminparty.yaml | 2 +- vulnerabilities/other/eyelock-nano-lfd.yaml | 2 +- vulnerabilities/other/kevinlab-bems-backdoor.yaml | 2 +- vulnerabilities/other/kevinlab-hems-backdoor.yaml | 4 ++-- vulnerabilities/other/netgear-router-auth-bypass.yaml | 2 +- vulnerabilities/other/sar2html-rce.yaml | 2 +- .../springboot/springboot-actuators-jolokia-xxe.yaml | 4 ++-- workflows/azkaban-workflow.yaml | 4 ++-- workflows/bigip-workflow.yaml | 4 ++-- workflows/lucee-workflow.yaml | 4 ++-- workflows/springboot-workflow.yaml | 6 +++--- workflows/worksite-takeover-workflow.yaml | 4 ++-- 55 files changed, 74 insertions(+), 74 deletions(-) diff --git a/cves/2009/CVE-2009-1151.yaml b/cves/2009/CVE-2009-1151.yaml index f52b3c3c1a..2837b0aa42 100644 --- a/cves/2009/CVE-2009-1151.yaml +++ b/cves/2009/CVE-2009-1151.yaml @@ -4,7 +4,7 @@ info: name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability author: princechaddha severity: high - description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. + description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. reference: - https://www.phpmyadmin.net/security/PMASA-2009-3/ - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433 @@ -33,4 +33,4 @@ requests: - type: regex regex: - - "root:.*:0:0:" \ No newline at end of file + - "root:.*:0:0:" diff --git a/cves/2009/CVE-2009-4223.yaml b/cves/2009/CVE-2009-4223.yaml index 5b336af011..c28fd9c671 100644 --- a/cves/2009/CVE-2009-4223.yaml +++ b/cves/2009/CVE-2009-4223.yaml @@ -2,7 +2,7 @@ id: CVE-2009-4223 info: name: KR-Web <= 1.1b2 RFI - description: KR is a web content-server based on Apache-PHP-MySql technology who gives to internet programmers some PHP classes semplifying database content access. Elsewere, it gives some admin and user tools to write, hyerarchize and authorize contents. + description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents. reference: - https://sourceforge.net/projects/krw/ - https://www.exploit-db.com/exploits/10216 diff --git a/cves/2013/CVE-2013-2251.yaml b/cves/2013/CVE-2013-2251.yaml index e149113efa..d322c7908c 100644 --- a/cves/2013/CVE-2013-2251.yaml +++ b/cves/2013/CVE-2013-2251.yaml @@ -4,7 +4,7 @@ info: name: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution author: exploitation,dwisiswant0,alex severity: critical - description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code. + description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized. Since said information will be evaluated as an OGNL expression against the value stack, this introduces the possibility to inject server side code. reference: http://struts.apache.org/release/2.3.x/docs/s2-016.html tags: cve,cve2013,rce,struts,apache diff --git a/cves/2016/CVE-2016-5649.yaml b/cves/2016/CVE-2016-5649.yaml index 5fa539874d..2238126a04 100644 --- a/cves/2016/CVE-2016-5649.yaml +++ b/cves/2016/CVE-2016-5649.yaml @@ -4,7 +4,7 @@ info: name: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure author: suman_kar severity: critical - description: Vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. Attacker can use this password to gain administrator access of the targeted routers web interface. + description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface. tags: cve,cve2016,iot,netgear,router reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649 @@ -32,4 +32,4 @@ requests: part: body group: 1 regex: - - 'Success "([a-z]+)"' \ No newline at end of file + - 'Success "([a-z]+)"' diff --git a/cves/2017/CVE-2017-15715.yaml b/cves/2017/CVE-2017-15715.yaml index 78556fb50d..0677931936 100644 --- a/cves/2017/CVE-2017-15715.yaml +++ b/cves/2017/CVE-2017-15715.yaml @@ -3,7 +3,7 @@ id: CVE-2017-15715 info: name: Apache Arbitrary File Upload author: geeknik - description: In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename. + description: In Apache httpd 2.4.0 to 2.4.29, the expression specified in could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename. reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715 severity: high tags: cve,cve2017,apache,httpd,fileupload @@ -42,4 +42,4 @@ requests: matchers: - type: dsl dsl: - - 'contains(body_2, "{{randstr_1}}")' \ No newline at end of file + - 'contains(body_2, "{{randstr_1}}")' diff --git a/cves/2017/CVE-2017-18638.yaml b/cves/2017/CVE-2017-18638.yaml index bf1abb9b15..fc7f16e8cc 100644 --- a/cves/2017/CVE-2017-18638.yaml +++ b/cves/2017/CVE-2017-18638.yaml @@ -4,7 +4,7 @@ info: name: Graphite 'graphite.composer.views.send_email' SSRF author: huowuzhao severity: high - description: send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. + description: Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information. reference: - http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html - https://github.com/graphite-project/graphite-web/issues/2008 diff --git a/cves/2019/CVE-2019-13462.yaml b/cves/2019/CVE-2019-13462.yaml index 7ad030cba0..41c5e358b9 100644 --- a/cves/2019/CVE-2019-13462.yaml +++ b/cves/2019/CVE-2019-13462.yaml @@ -5,7 +5,7 @@ info: author: divya_mudgal severity: critical reference: https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/ - description: Lansweeper web application through 7.1.115.4 allows unauthenticated SQL injection via the "row" and "column" GET parameter to the /WidgetHandler.ashx?MethodName=Sort&ID=1&column=INJECTION&row=INJECTION URI. + description: Lansweeper web application through 7.1.115.4 allows unauthenticated SQL injection via the "row" and "column" GET parameters to /WidgetHandler.ashx?MethodName=Sort&ID=1&column=INJECTION&row=INJECTION URI. tags: cve,cve2019,sqli,lansweeper requests: diff --git a/cves/2019/CVE-2019-15107.yaml b/cves/2019/CVE-2019-15107.yaml index c04cf98e43..2229b3f142 100644 --- a/cves/2019/CVE-2019-15107.yaml +++ b/cves/2019/CVE-2019-15107.yaml @@ -4,7 +4,7 @@ info: name: Webmin <= 1.920 Unauthenticated Remote Command Execution author: bp0lr severity: high - description: An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability. + description: An issue was discovered in Webmin <=1.920. The 'old' parameter in password_change.cgi contains a command injection vulnerability. reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html tags: cve,cve2019,webmin,rce diff --git a/cves/2019/CVE-2019-2767.yaml b/cves/2019/CVE-2019-2767.yaml index 0ee815a902..3478b09508 100644 --- a/cves/2019/CVE-2019-2767.yaml +++ b/cves/2019/CVE-2019-2767.yaml @@ -4,7 +4,7 @@ info: name: Oracle Business Intelligence - Publisher XXE author: madrobot severity: high - description: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware. The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher). + description: There is an XXE vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher. reference: - https://nvd.nist.gov/vuln/detail/CVE-2019-2767 - https://www.exploit-db.com/exploits/46729 diff --git a/cves/2019/CVE-2019-5127.yaml b/cves/2019/CVE-2019-5127.yaml index f0951986e7..d283867419 100644 --- a/cves/2019/CVE-2019-5127.yaml +++ b/cves/2019/CVE-2019-5127.yaml @@ -4,7 +4,7 @@ info: name: YouPHPTube Encoder RCE author: pikpikcu severity: critical - description: A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. + description: A command injection vulnerability has been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3, a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack. reference: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917 tags: cve,cve2019,rce diff --git a/cves/2019/CVE-2019-5418.yaml b/cves/2019/CVE-2019-5418.yaml index 5639b9366a..b6a5302242 100644 --- a/cves/2019/CVE-2019-5418.yaml +++ b/cves/2019/CVE-2019-5418.yaml @@ -4,7 +4,7 @@ info: name: File Content Disclosure on Rails author: omarkurt severity: medium - description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed. + description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed. reference: - https://github.com/omarkurt/CVE-2019-5418 - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ diff --git a/cves/2020/CVE-2020-11034.yaml b/cves/2020/CVE-2020-11034.yaml index 126476f33d..c43c5b0539 100644 --- a/cves/2020/CVE-2020-11034.yaml +++ b/cves/2020/CVE-2020-11034.yaml @@ -4,7 +4,7 @@ info: name: GLPI v.9.4.6 - Open redirect author: pikpikcu severity: low - description: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6. + description: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection, which is based on a regexp. This is fixed in version 9.4.6. reference: - https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg - https://github.com/glpi-project/glpi/archive/9.4.6.zip diff --git a/cves/2020/CVE-2020-14883.yaml b/cves/2020/CVE-2020-14883.yaml index 84fa26ca9a..9deaa4c983 100644 --- a/cves/2020/CVE-2020-14883.yaml +++ b/cves/2020/CVE-2020-14883.yaml @@ -4,7 +4,7 @@ info: name: Oracle WebLogic Server Administration Console Handle RCE author: pdteam severity: critical - description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. + description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883 tags: cve,cve2020,oracle,rce,weblogic diff --git a/cves/2020/CVE-2020-25213.yaml b/cves/2020/CVE-2020-25213.yaml index 987eee7315..88ec587026 100644 --- a/cves/2020/CVE-2020-25213.yaml +++ b/cves/2020/CVE-2020-25213.yaml @@ -4,7 +4,7 @@ info: name: WP File Manager RCE author: foulenzer severity: critical - description: The vulnerability allows unauthenticated remote attackers to upload .php files. This templates only detects the plugin, not its vulnerability. + description: The vulnerability allows unauthenticated remote attackers to upload .php files. This template only detects the plugin, not its vulnerability. reference: - https://plugins.trac.wordpress.org/changeset/2373068 - https://github.com/w4fz5uck5/wp-file-manager-0day @@ -61,4 +61,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/cves/2020/CVE-2020-25540.yaml b/cves/2020/CVE-2020-25540.yaml index 92402a073f..822c9f5ef4 100644 --- a/cves/2020/CVE-2020-25540.yaml +++ b/cves/2020/CVE-2020-25540.yaml @@ -4,7 +4,7 @@ info: name: ThinkAdmin 6 - Arbitrarily File Read (CVE-2020-25540) author: geeknik severity: medium - description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. + description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter. reference: https://www.exploit-db.com/exploits/48812 tags: cve,cve2020,thinkadmin,lfi diff --git a/cves/2020/CVE-2020-26919.yaml b/cves/2020/CVE-2020-26919.yaml index cc1e8636a0..8381e16ece 100644 --- a/cves/2020/CVE-2020-26919.yaml +++ b/cves/2020/CVE-2020-26919.yaml @@ -4,7 +4,7 @@ info: name: NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution author: gy741 severity: critical - description: It was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument. The problem was located in the login.html webpage, that has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow users execute system commands. + description: NETGEAR ProSAFE Plus was found to allow any HTML page as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow attackers to execute system commands. reference: - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/ diff --git a/cves/2020/CVE-2020-28871.yaml b/cves/2020/CVE-2020-28871.yaml index 2ce50c5cfa..4e77e68e53 100644 --- a/cves/2020/CVE-2020-28871.yaml +++ b/cves/2020/CVE-2020-28871.yaml @@ -4,7 +4,7 @@ info: name: Monitorr 1.7.6m - Unauthenticated Remote Code Execution author: gy741 severity: critical - description: This template detects an Monitorr 1.7.6m a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in web application. An unauthorized attacker with web access to could upload and execute a specially crafted file leading to remote code execution within the Monitorr. + description: This template detects a remote code execution (RCE) vulnerability in Monitorr 1.7.6m. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code execution within the Monitorr. reference: - https://nvd.nist.gov/vuln/detail/CVE-2020-28871 - https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/ diff --git a/cves/2020/CVE-2020-28976.yaml b/cves/2020/CVE-2020-28976.yaml index 00e084429e..3ecd474e88 100644 --- a/cves/2020/CVE-2020-28976.yaml +++ b/cves/2020/CVE-2020-28976.yaml @@ -4,7 +4,7 @@ info: name: Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated) author: LogicalHunter severity: high - description: The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. + description: The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker to make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. reference: - https://www.exploit-db.com/exploits/49189 - https://nvd.nist.gov/vuln/detail/CVE-2020-28976 diff --git a/cves/2020/CVE-2020-5847.yaml b/cves/2020/CVE-2020-5847.yaml index fd2fcf9241..08d43a9cd4 100644 --- a/cves/2020/CVE-2020-5847.yaml +++ b/cves/2020/CVE-2020-5847.yaml @@ -3,7 +3,7 @@ info: name: UnRaid Remote Code Execution author: madrobot severity: high - description: A vulnerability in UnRaid allows remote unauthenticated attackers to execute arbirary code. + description: A vulnerability in UnRaid allows remote unauthenticated attackers to execute arbitrary code. reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/ tags: cve,cve2020,rce diff --git a/cves/2020/CVE-2020-7209.yaml b/cves/2020/CVE-2020-7209.yaml index e4043100bf..d08e8d811a 100644 --- a/cves/2020/CVE-2020-7209.yaml +++ b/cves/2020/CVE-2020-7209.yaml @@ -5,7 +5,7 @@ info: author: dwisiswant0 severity: critical tags: cve,cve2020,rce - description: LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2. + description: LinuxKI v6.0-1 and earlier are vulnerable to a remote code execution. This is resolved in release 6.0-2. reference: - http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html - http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html diff --git a/cves/2020/CVE-2020-9402.yaml b/cves/2020/CVE-2020-9402.yaml index 3e012c49bd..c9f38d9a42 100644 --- a/cves/2020/CVE-2020-9402.yaml +++ b/cves/2020/CVE-2020-9402.yaml @@ -2,7 +2,7 @@ id: CVE-2020-9402 info: name: Django SQL Injection - description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. + description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allow SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it is possible to break character escaping and inject malicious SQL. reference: - https://github.com/vulhub/vulhub/tree/master/django/CVE-2020-9402 - https://docs.djangoproject.com/en/3.0/releases/security/ diff --git a/cves/2020/CVE-2020-9425.yaml b/cves/2020/CVE-2020-9425.yaml index a03934277c..2336c16344 100644 --- a/cves/2020/CVE-2020-9425.yaml +++ b/cves/2020/CVE-2020-9425.yaml @@ -3,7 +3,7 @@ info: name: rConfig Unauthenticated Sensitive Information Disclosure author: madrobot severity: high - description: An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. + description: An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response. reference: - https://blog.hivint.com/rconfig-3-9-3-unauthenticated-sensitive-information-disclosure-ead4ed88f153 - https://github.com/rconfig/rconfig/commit/20f4e3d87e84663d922b937842fddd9af1b68dd9 diff --git a/cves/2021/CVE-2021-21972.yaml b/cves/2021/CVE-2021-21972.yaml index 9b852d57e9..4e9eb24eec 100644 --- a/cves/2021/CVE-2021-21972.yaml +++ b/cves/2021/CVE-2021-21972.yaml @@ -5,7 +5,7 @@ info: author: dwisiswant0 severity: critical reference: https://swarm.ptsecurity.com/unauth-rce-vmware/ - description: The vulnerability allows unauthenticated remote attackers to upload file leading to remote code execution (RCE). This templates only detects the plugin. + description: The vulnerability allows unauthenticated remote attackers to upload files leading to remote code execution (RCE). This templates only detects the plugin. tags: cve,cve2021,vmware,rce requests: diff --git a/cves/2021/CVE-2021-28854.yaml b/cves/2021/CVE-2021-28854.yaml index 4a9b0724e2..0cf3986bfe 100644 --- a/cves/2021/CVE-2021-28854.yaml +++ b/cves/2021/CVE-2021-28854.yaml @@ -4,7 +4,7 @@ info: name: VICIdial - Multiple sensitive Information disclosure author: pdteam severity: high - description: VICIdial's Web Client contains many sensitive files that can be access from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems. This vulnerability affects all versions as of 20/5/21 + description: VICIdial's Web Client contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems. This vulnerability affects all versions as of 20/5/2021. reference: https://github.com/JHHAX/VICIdial tags: cve,cve2021 diff --git a/cves/2021/CVE-2021-33221.yaml b/cves/2021/CVE-2021-33221.yaml index 0426b0eee2..b64016ff6a 100644 --- a/cves/2021/CVE-2021-33221.yaml +++ b/cves/2021/CVE-2021-33221.yaml @@ -3,7 +3,7 @@ id: CVE-2021-33221 info: name: CommScope Ruckus IoT Controller Unauthenticated Service Details author: geeknik - description: A 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices uses for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens). + description: A 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens). reference: https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf severity: medium tags: cve,cve2021,commscope,ruckus,debug diff --git a/default-logins/glpi/glpi-default-credential.yaml b/default-logins/glpi/glpi-default-credential.yaml index 951b8b696c..800d8aef3a 100644 --- a/default-logins/glpi/glpi-default-credential.yaml +++ b/default-logins/glpi/glpi-default-credential.yaml @@ -4,7 +4,7 @@ info: author: andysvints severity: high tags: glpi,default-login - description: GLPI is an ITSM software tool that helps you plan and manage IT changes. Checking is default super admin account(glpi/glpi) is enabled. + description: GLPI is an ITSM software tool that helps you plan and manage IT changes. This template checks if a default super admin account (glpi/glpi) is enabled. reference: https://glpi-project.org/ requests: diff --git a/dns/mx-service-detector.yaml b/dns/mx-service-detector.yaml index 03d63d443f..0b0ea1c0d4 100644 --- a/dns/mx-service-detector.yaml +++ b/dns/mx-service-detector.yaml @@ -4,7 +4,7 @@ info: name: E-mail service detector author: binaryfigments severity: info - description: Check the email service or spamfilter that is used for a domain. + description: Check the email service or spam filter that is used for a domain. tags: dns dns: diff --git a/exposures/files/yarn-lock.yaml b/exposures/files/yarn-lock.yaml index f2b729f35b..d75da95303 100644 --- a/exposures/files/yarn-lock.yaml +++ b/exposures/files/yarn-lock.yaml @@ -4,7 +4,7 @@ info: name: yarn lock file disclosure author: oppsec severity: info - description: yarn.lock is a file which store all exactly versions of each dependency were installed. + description: The yarn.lock file stores the versions of each Yarn dependency installed. tags: exposure requests: diff --git a/fuzzing/iis-shortname.yaml b/fuzzing/iis-shortname.yaml index 802ed499db..40ef7fe623 100644 --- a/fuzzing/iis-shortname.yaml +++ b/fuzzing/iis-shortname.yaml @@ -3,7 +3,7 @@ info: name: iis-shortname author: nodauf severity: info - description: If IIS use old .Net Framwork it's possible to enumeration folder with the symbol ~. + description: When IIS uses an old .Net Framwork it's possible to enumeration folder with the symbol ~. tags: fuzz reference: diff --git a/iot/kevinlab-device-detect.yaml b/iot/kevinlab-device-detect.yaml index 2f33447a4c..dccb08d14b 100644 --- a/iot/kevinlab-device-detect.yaml +++ b/iot/kevinlab-device-detect.yaml @@ -2,7 +2,7 @@ id: kevinlab-device-detect info: name: KevinLAB Devices Detection - description: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS (Building Energy Management System) enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of energy usage and facilities in the building. It also manages energy usage, facility efficiency and indoor environment control. + description: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS (Building Energy Management System) enables efficient energy management in buildings by collecting and analyzing various information of energy usage and facilities as well as efficiency and indoor environment control. author: gy741 severity: info tags: iot diff --git a/iot/xp-webcam.yaml b/iot/xp-webcam.yaml index f9942032ad..f7578077c4 100644 --- a/iot/xp-webcam.yaml +++ b/iot/xp-webcam.yaml @@ -4,7 +4,7 @@ info: name: XP Webcam Viewer Page author: aashiq severity: medium - description: Searches for exposed webcams by querying the /mobile.html endpoint and existance of webcamXP in the body + description: Searches for exposed webcams by querying the /mobile.html endpoint and the existence of webcamXP in the body. tags: webcam,iot requests: @@ -23,4 +23,4 @@ requests: words: - "Please provide a valid username/password to access this server." part: body - negative: true \ No newline at end of file + negative: true diff --git a/miscellaneous/google-floc-disabled.yaml b/miscellaneous/google-floc-disabled.yaml index 5db3fc078d..04184c7821 100644 --- a/miscellaneous/google-floc-disabled.yaml +++ b/miscellaneous/google-floc-disabled.yaml @@ -3,7 +3,7 @@ id: google-floc-disabled info: name: Google FLoC Disabled author: geeknik - description: The detected website has decided to explicity exclude itself from Google FLoC tracking. + description: The detected website has decided to explicilty exclude itself from Google FLoC tracking. reference: https://www.bleepingcomputer.com/news/security/github-disables-google-floc-user-tracking-on-its-website/ severity: info tags: google,floc,misc diff --git a/miscellaneous/joomla-htaccess.yaml b/miscellaneous/joomla-htaccess.yaml index 1797130f74..ad0de0cd6f 100644 --- a/miscellaneous/joomla-htaccess.yaml +++ b/miscellaneous/joomla-htaccess.yaml @@ -4,8 +4,8 @@ info: name: Joomla htaccess file disclosure author: oppsec severity: info - description: Joomla have a htaccess file to store some configuration about HTTP Config, Directory Listening etc... - tags: misc + description: Joomla has an htaccess file to store configurations about HTTP config, directory listing, etc. + tags: misc,joomla requests: - method: GET diff --git a/miscellaneous/joomla-manifest-file.yaml b/miscellaneous/joomla-manifest-file.yaml index 81b47737ad..99d9cb4e1a 100644 --- a/miscellaneous/joomla-manifest-file.yaml +++ b/miscellaneous/joomla-manifest-file.yaml @@ -4,8 +4,8 @@ info: name: Joomla manifest file disclosure author: oppsec severity: info - description: joomla.xml is a xml file which stores some informations about installed Joomla, like version, files and paths. - tags: misc + description: joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths. + tags: misc,joomla requests: - method: GET diff --git a/miscellaneous/moodle-changelog.yaml b/miscellaneous/moodle-changelog.yaml index c6db772dcd..8f73d5040e 100644 --- a/miscellaneous/moodle-changelog.yaml +++ b/miscellaneous/moodle-changelog.yaml @@ -4,7 +4,7 @@ info: name: Moodle Changelog File author: oppsec severity: info - description: Moodle have a file which describes API changes in core libraries and APIs, can be used to discover Moodle version. + description: Moodle has a file which describes API changes in core libraries and APIs, and can be used to discover Moodle version. tags: misc requests: diff --git a/misconfiguration/aem/aem-userinfo-servlet.yaml b/misconfiguration/aem/aem-userinfo-servlet.yaml index e7b1b39316..f20d99bbc1 100644 --- a/misconfiguration/aem/aem-userinfo-servlet.yaml +++ b/misconfiguration/aem/aem-userinfo-servlet.yaml @@ -4,7 +4,7 @@ info: author: DhiyaneshDk name: AEM UserInfo Servlet severity: info - description: UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node. + description: UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node. tags: aem @@ -28,4 +28,4 @@ requests: - type: word part: header words: - - 'application/json' \ No newline at end of file + - 'application/json' diff --git a/misconfiguration/exposed-service-now.yaml b/misconfiguration/exposed-service-now.yaml index c169a53e49..72c6c61cff 100644 --- a/misconfiguration/exposed-service-now.yaml +++ b/misconfiguration/exposed-service-now.yaml @@ -4,7 +4,7 @@ info: name: ITMS-Misconfigured author: dhiyaneshDK severity: info - description: detectes misconfigured Service-now ITSM instances + description: Detection of misconfigured ServiceNow ITSM instances. reference: - https://medium.com/@th3g3nt3l/multiple-information-exposed-due-to-misconfigured-service-now-itsm-instances-de7a303ebd56 - https://github.com/leo-hildegarde/SnowDownKB/ @@ -24,4 +24,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/misconfiguration/http-missing-security-headers.yaml b/misconfiguration/http-missing-security-headers.yaml index aef6738399..3f53d06de8 100644 --- a/misconfiguration/http-missing-security-headers.yaml +++ b/misconfiguration/http-missing-security-headers.yaml @@ -4,7 +4,7 @@ info: name: HTTP Missing Security Headers author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki severity: info - description: It searches missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty. + description: It searches for missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty. tags: misconfig,generic requests: @@ -124,4 +124,4 @@ requests: - type: regex name: access-control-allow-headers regex: - - "(?i)access-control-allow-headers" \ No newline at end of file + - "(?i)access-control-allow-headers" diff --git a/misconfiguration/laravel-debug-enabled.yaml b/misconfiguration/laravel-debug-enabled.yaml index 06791732aa..7be14a40fd 100644 --- a/misconfiguration/laravel-debug-enabled.yaml +++ b/misconfiguration/laravel-debug-enabled.yaml @@ -2,7 +2,7 @@ id: laravel-debug-enabled info: name: Laravel Debug Enabled author: notsoevilweasel - description: Laravel with APP_DEBUG set to true prone to showing verbose errors. + description: Laravel with APP_DEBUG set to true is prone to show verbose errors. severity: medium tags: debug,laravel,misconfig @@ -19,4 +19,4 @@ requests: - type: status status: - - 200 \ No newline at end of file + - 200 diff --git a/network/deprecated-sshv1-detection.yaml b/network/deprecated-sshv1-detection.yaml index 0897da8dc9..c8dbbcea18 100644 --- a/network/deprecated-sshv1-detection.yaml +++ b/network/deprecated-sshv1-detection.yaml @@ -5,7 +5,7 @@ info: author: iamthefrogy severity: medium tags: network,ssh,openssh - description: SSHv1 is a deprecated and have known cryptographic issues. + description: SSHv1 is deprecated and has known cryptographic issues. reference: - https://www.kb.cert.org/vuls/id/684820 - https://nvd.nist.gov/vuln/detail/CVE-2001-1473 diff --git a/network/mysql-native-cred-bruteforce.yaml b/network/mysql-native-cred-bruteforce.yaml index a13c7b367b..213c71805a 100644 --- a/network/mysql-native-cred-bruteforce.yaml +++ b/network/mysql-native-cred-bruteforce.yaml @@ -5,7 +5,7 @@ info: author: iamthefrogy severity: info tags: network,mysql,bruteforce,db - description: MySQL instance with enabled native password support prone vulnerable for password brute-force attack. + description: MySQL instance with enabled native password support is prone to password brute-force attacks. network: - host: diff --git a/network/openssh5.3-detect.yaml b/network/openssh5.3-detect.yaml index bd7a7338cc..1bfb60d273 100644 --- a/network/openssh5.3-detect.yaml +++ b/network/openssh5.3-detect.yaml @@ -5,7 +5,7 @@ info: author: iamthefrogy severity: low tags: network,openssh - description: OpenSSH 5.3 is vulnerable to username enumeraiton and DoS vulnerabilities. + description: OpenSSH 5.3 is vulnerable to username enumeration and DoS vulnerabilities. reference: - http://seclists.org/fulldisclosure/2016/Jul/51 - https://security-tracker.debian.org/tracker/CVE-2016-6210 diff --git a/vulnerabilities/generic/open-redirect.yaml b/vulnerabilities/generic/open-redirect.yaml index 7190b73c58..b317702918 100644 --- a/vulnerabilities/generic/open-redirect.yaml +++ b/vulnerabilities/generic/open-redirect.yaml @@ -4,7 +4,7 @@ info: name: Open URL redirect detection author: afaq,melbadry9,Elmahdi,pxmme1337,Regala_,andirrahmani1,geeknik severity: low - description: A user-controlled input redirect users to an external website. + description: A user-controlled input redirects users to an external website. tags: redirect,generic requests: diff --git a/vulnerabilities/other/couchdb-adminparty.yaml b/vulnerabilities/other/couchdb-adminparty.yaml index 6e387de0fd..cf0c635784 100644 --- a/vulnerabilities/other/couchdb-adminparty.yaml +++ b/vulnerabilities/other/couchdb-adminparty.yaml @@ -4,7 +4,7 @@ info: name: CouchDB Admin Party author: organiccrap severity: high - description: Requests made against CouchDB is done in the context of an admin user. + description: Requests made against CouchDB are done in the context of an admin user. tags: couchdb requests: diff --git a/vulnerabilities/other/eyelock-nano-lfd.yaml b/vulnerabilities/other/eyelock-nano-lfd.yaml index 7e05dfc26c..c6c41baad6 100644 --- a/vulnerabilities/other/eyelock-nano-lfd.yaml +++ b/vulnerabilities/other/eyelock-nano-lfd.yaml @@ -4,7 +4,7 @@ info: name: EyeLock nano NXT 3.5 - Local File Disclosure author: geeknik severity: high - description: nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources. + description: nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources. reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt tags: iot,lfi,eyelock diff --git a/vulnerabilities/other/kevinlab-bems-backdoor.yaml b/vulnerabilities/other/kevinlab-bems-backdoor.yaml index 54619b0ce4..dd5701ed28 100644 --- a/vulnerabilities/other/kevinlab-bems-backdoor.yaml +++ b/vulnerabilities/other/kevinlab-bems-backdoor.yaml @@ -4,7 +4,7 @@ info: name: KevinLAB BEMS (Building Energy Management System) Undocumented Backdoor Account author: gy741 severity: critical - description: The BEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely. + description: The BEMS solution has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel, and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely. reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5654.php tags: kevinlab diff --git a/vulnerabilities/other/kevinlab-hems-backdoor.yaml b/vulnerabilities/other/kevinlab-hems-backdoor.yaml index ea925ce800..7d4152fc83 100644 --- a/vulnerabilities/other/kevinlab-hems-backdoor.yaml +++ b/vulnerabilities/other/kevinlab-hems-backdoor.yaml @@ -4,7 +4,7 @@ info: name: KevinLAB HEMS Undocumented Backdoor Account author: gy741 severity: critical - description: The HEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the HEMS is offering remotely. + description: The HEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the HEMS is offering remotely. reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5654.php tags: kevinlab,default-login,backdoor @@ -38,4 +38,4 @@ requests: - type: word words: - 'PHPSESSID' - part: header \ No newline at end of file + part: header diff --git a/vulnerabilities/other/netgear-router-auth-bypass.yaml b/vulnerabilities/other/netgear-router-auth-bypass.yaml index 4f6c12b3c8..9bb69eefdd 100644 --- a/vulnerabilities/other/netgear-router-auth-bypass.yaml +++ b/vulnerabilities/other/netgear-router-auth-bypass.yaml @@ -4,7 +4,7 @@ info: name: NETGEAR DGN2200v1 Router Authentication Bypass author: gy741 severity: high - description: NETGEAR decided to use to check if a page has “.jpg”, “.gif” or “ess_” substrings, trying to match the entire URL. We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like “?.gif”). + description: NETGEAR DGN2200v1 Router does not require authentication if a page has “.jpg”, “.gif”, or “ess_” substrings, however matches the entire URL. Any page on the device can therefore be accessed, including those that require authentication, by appending a GET variable with the relevant substring (e.g., “?.gif”). reference: - https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/ - https://kb.netgear.com/000062646/Security-Advisory-for-Multiple-HTTPd-Authentication-Vulnerabilities-on-DGN2200v1 diff --git a/vulnerabilities/other/sar2html-rce.yaml b/vulnerabilities/other/sar2html-rce.yaml index 06555a6586..82c8b1411b 100644 --- a/vulnerabilities/other/sar2html-rce.yaml +++ b/vulnerabilities/other/sar2html-rce.yaml @@ -4,7 +4,7 @@ info: name: sar2html 3.2.1 - 'plot' Remote Code Execution author: gy741 severity: critical - description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a commend injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system. + description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system. reference: - https://www.exploit-db.com/exploits/49344 tags: sar2html,rce,oob diff --git a/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml b/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml index a8c7121123..51dfc17871 100644 --- a/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml +++ b/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml @@ -4,7 +4,7 @@ info: name: Spring Boot Actuators (Jolokia) XXE author: dwisiswant0,ipanda severity: high - description: A vulnerability in Spring Boot Actuators's 'jolokia' endpoint allows remote attackers to preform an XML External Entities attack, include content stored on a remote server as if it was its own - this has the potential to allow the execution of arbitrary code and/or disclosure of sensitive information from the target machine. + description: A vulnerability in Spring Boot Actuators's 'jolokia' endpoint allows remote attackers to perform an XML External Entities (XXE) attack and include content stored on a remote server as if it was its own. This has the potential to allow the execution of arbitrary code and/or disclosure of sensitive information from the target machine. reference: - https://www.veracode.com/blog/research/exploiting-spring-boot-actuators - https://github.com/mpgn/Spring-Boot-Actuator-Exploit @@ -31,4 +31,4 @@ requests: - type: word words: - "X-Application-Context" - part: header \ No newline at end of file + part: header diff --git a/workflows/azkaban-workflow.yaml b/workflows/azkaban-workflow.yaml index e97f2aa339..944c6b04b2 100644 --- a/workflows/azkaban-workflow.yaml +++ b/workflows/azkaban-workflow.yaml @@ -3,11 +3,11 @@ id: azkaban-workflow info: name: Azkaban Security Checks author: pdteam - description: A simple workflow that runs all azkaban related nuclei templates on a given target. + description: A simple workflow that runs all Azkaban related nuclei templates on a given target. tags: workflow workflows: - template: exposed-panels/azkaban-web-client.yaml subtemplates: - - template: default-logins/azkaban/azkaban-web-client-default-creds.yaml \ No newline at end of file + - template: default-logins/azkaban/azkaban-web-client-default-creds.yaml diff --git a/workflows/bigip-workflow.yaml b/workflows/bigip-workflow.yaml index 10db14b804..315999a816 100644 --- a/workflows/bigip-workflow.yaml +++ b/workflows/bigip-workflow.yaml @@ -3,7 +3,7 @@ id: bigip-workflow info: name: F5 BIG-IP Security Checks author: dwisiswant0 - description: A simple workflow that runs all Bigip related nuclei templates on a given target. + description: A simple workflow that runs all BigIP related nuclei templates on a given target. tags: workflow # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) @@ -14,4 +14,4 @@ workflows: - template: technologies/bigip-config-utility-detect.yaml subtemplates: - - template: cves/2020/CVE-2020-5902.yaml \ No newline at end of file + - template: cves/2020/CVE-2020-5902.yaml diff --git a/workflows/lucee-workflow.yaml b/workflows/lucee-workflow.yaml index 6dcd34dc47..3499322be0 100644 --- a/workflows/lucee-workflow.yaml +++ b/workflows/lucee-workflow.yaml @@ -3,10 +3,10 @@ id: lucee-workflow info: name: Lucee Detection Workflow author: geeknik,dhiyaneshDk - description: A simple workflow that runs all Lucee related nuclei templates on given target. + description: A simple workflow that runs all Lucee related nuclei templates on a given target. tags: workflow workflows: - template: technologies/lucee-detect.yaml subtemplates: - - tags: lucee \ No newline at end of file + - tags: lucee diff --git a/workflows/springboot-workflow.yaml b/workflows/springboot-workflow.yaml index 97b372c544..acaad19e2b 100644 --- a/workflows/springboot-workflow.yaml +++ b/workflows/springboot-workflow.yaml @@ -1,9 +1,9 @@ id: springboot-workflow info: - name: Springboot Security Checks + name: Spring Boot Security Checks author: dwisiswant0 - description: A simple workflow that runs all springboot related nuclei templates on a given target. + description: A simple workflow that runs all Spring Boot related nuclei templates on a given target. tags: workflow # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0) @@ -13,4 +13,4 @@ workflows: - template: technologies/springboot-actuator.yaml subtemplates: - - tags: springboot \ No newline at end of file + - tags: springboot diff --git a/workflows/worksite-takeover-workflow.yaml b/workflows/worksite-takeover-workflow.yaml index ed95574336..41429fc2b8 100644 --- a/workflows/worksite-takeover-workflow.yaml +++ b/workflows/worksite-takeover-workflow.yaml @@ -3,10 +3,10 @@ id: worksite-takeover-workflow info: name: Worksite Takeover Workflow author: pdteam - description: A simple workflow that runs DNS based detection to filter hosts runnng worksite and do further HTTP based check to confirm takeover. + description: A simple workflow that runs DNS based detection to filter hosts running Worksite and do further HTTP based check to confirm takeover. reference: https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites workflows: - template: dns/worksites-detection.yaml subtemplates: - - template: takeovers/worksites-takeover.yaml \ No newline at end of file + - template: takeovers/worksites-takeover.yaml