Updates across many templates for clarity, spelling, and grammar.

2021-09-05 17:13:45 -04:00 · 2021-09-05 17:13:45 -04:00 · ef1f7c5e92
parent 1f403d4ddb
commit ef1f7c5e92
55 changed files with 74 additions and 74 deletions
--- a/cves/2009/CVE-2009-1151.yaml
+++ b/cves/2009/CVE-2009-1151.yaml
@ -4,7 +4,7 @@ info:
  name: PhpMyAdmin Scripts/setup.php Deserialization Vulnerability
  author: princechaddha
  severity: high
-  description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
+  description: Setup script used to create PhpMyAdmin configurations can be fooled by using a crafted POST request to include arbitrary PHP code in the generated configuration file. Combined with the ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code.
  reference:
    - https://www.phpmyadmin.net/security/PMASA-2009-3/
    - https://github.com/vulhub/vulhub/tree/master/phpmyadmin/WooYun-2016-199433
--- a/cves/2009/CVE-2009-4223.yaml
+++ b/cves/2009/CVE-2009-4223.yaml
@ -2,7 +2,7 @@ id: CVE-2009-4223
 info:
  name: KR-Web <= 1.1b2 RFI
-  description: KR is a web content-server based on Apache-PHP-MySql technology who gives to internet programmers some PHP classes semplifying database content access. Elsewere, it gives some admin and user tools to write, hyerarchize and authorize contents.
+  description: KR is a web content-server based on Apache-PHP-MySql technology which gives to programmers some PHP classes simplifying database content access. Additionally, it gives some admin and user tools to write, hierarchize, and authorize contents.
  reference:
    - https://sourceforge.net/projects/krw/
    - https://www.exploit-db.com/exploits/10216
--- a/cves/2013/CVE-2013-2251.yaml
+++ b/cves/2013/CVE-2013-2251.yaml
@ -4,7 +4,7 @@ info:
  name: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
  author: exploitation,dwisiswant0,alex
  severity: critical
-  description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:" or "redirectAction:" is not properly sanitized. Since said information will be evaluated as OGNL expression against the value stack, this introduces the possibility to inject server side code.
+  description: In Struts 2 before 2.3.15.1 the information following "action:", "redirect:", or "redirectAction:" is not properly sanitized. Since said information will be evaluated as an OGNL expression against the value stack, this introduces the possibility to inject server side code.
  reference: http://struts.apache.org/release/2.3.x/docs/s2-016.html
  tags: cve,cve2013,rce,struts,apache
--- a/cves/2016/CVE-2016-5649.yaml
+++ b/cves/2016/CVE-2016-5649.yaml
@ -4,7 +4,7 @@ info:
  name: NETGEAR DGN2200 / DGND3700 - Admin Password Disclosure
  author: suman_kar
  severity: critical
-  description: Vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. Attacker can use this password to gain administrator access of the targeted routers web interface.
+  description: A vulnerability exists within the page 'BSW_cxttongr.htm' which can allow a remote attacker to access this page without any authentication. The attacker can then use this password to gain administrator access of the targeted router's web interface.
  tags: cve,cve2016,iot,netgear,router
  reference: https://nvd.nist.gov/vuln/detail/CVE-2016-5649
--- a/cves/2017/CVE-2017-15715.yaml
+++ b/cves/2017/CVE-2017-15715.yaml
@ -3,7 +3,7 @@ id: CVE-2017-15715
 info:
  name: Apache Arbitrary File Upload
  author: geeknik
-  description: In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.
+  description: In Apache httpd 2.4.0 to 2.4.29, the expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are externally blocked, but only by matching the trailing portion of the filename.
  reference: https://github.com/vulhub/vulhub/tree/master/httpd/CVE-2017-15715
  severity: high
  tags: cve,cve2017,apache,httpd,fileupload
--- a/cves/2017/CVE-2017-18638.yaml
+++ b/cves/2017/CVE-2017-18638.yaml
@ -4,7 +4,7 @@ info:
  name: Graphite 'graphite.composer.views.send_email' SSRF
  author: huowuzhao
  severity: high
-  description: send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an e-mail address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
+  description: Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is encoded into an image file and then sent to an email address that can be supplied by the attacker. Thus, an attacker can exfiltrate any information.
  reference:
    - http://blog.orange.tw/2017/07/how-i-chained-4-vulnerabilities-on.html
    - https://github.com/graphite-project/graphite-web/issues/2008
--- a/cves/2019/CVE-2019-13462.yaml
+++ b/cves/2019/CVE-2019-13462.yaml
@ -5,7 +5,7 @@ info:
  author: divya_mudgal
  severity: critical
  reference: https://www.nccgroup.com/ae/our-research/technical-advisory-unauthenticated-sql-injection-in-lansweeper/
-  description: Lansweeper web application through 7.1.115.4 allows unauthenticated SQL injection via the "row" and "column" GET parameter to the /WidgetHandler.ashx?MethodName=Sort&ID=1&column=INJECTION&row=INJECTION URI.
+  description: Lansweeper web application through 7.1.115.4 allows unauthenticated SQL injection via the "row" and "column" GET parameters to /WidgetHandler.ashx?MethodName=Sort&ID=1&column=INJECTION&row=INJECTION URI.
  tags: cve,cve2019,sqli,lansweeper
 requests:
--- a/cves/2019/CVE-2019-15107.yaml
+++ b/cves/2019/CVE-2019-15107.yaml
@ -4,7 +4,7 @@ info:
  name: Webmin <= 1.920 Unauthenticated Remote Command Execution
  author: bp0lr
  severity: high
-  description: An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
+  description: An issue was discovered in Webmin <=1.920. The 'old' parameter in password_change.cgi contains a command injection vulnerability.
  reference: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html
  tags: cve,cve2019,webmin,rce
--- a/cves/2019/CVE-2019-2767.yaml
+++ b/cves/2019/CVE-2019-2767.yaml
@ -4,7 +4,7 @@ info:
  name: Oracle Business Intelligence - Publisher XXE
  author: madrobot
  severity: high
-  description: Vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware. The supported version that is affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher (formerly XML Publisher).
+  description: There is an XXE vulnerability in the BI Publisher (formerly XML Publisher) component of Oracle Fusion Middleware. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise BI Publisher.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2019-2767
    - https://www.exploit-db.com/exploits/46729
--- a/cves/2019/CVE-2019-5127.yaml
+++ b/cves/2019/CVE-2019-5127.yaml
@ -4,7 +4,7 @@ info:
  name: YouPHPTube Encoder RCE
  author: pikpikcu
  severity: critical
-  description: A command injection have been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.
+  description: A command injection vulnerability has been found in YouPHPTube Encoder. A successful attack could allow an attacker to compromise the server. Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3, a plugin for providing encoder functionality in YouPHPTube. The parameter base64Url in /objects/getImage.php is vulnerable to a command injection attack.
  reference: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0917
  tags: cve,cve2019,rce
--- a/cves/2019/CVE-2019-5418.yaml
+++ b/cves/2019/CVE-2019-5418.yaml
@ -4,7 +4,7 @@ info:
  name: File Content Disclosure on Rails
  author: omarkurt
  severity: medium
-  description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's filesystem to be exposed.
+  description: There is a File Content Disclosure vulnerability in Action View <5.2.2.1, <5.1.6.2, <5.0.7.2, <4.2.11.1 and v3 where specially crafted accept headers can cause contents of arbitrary files on the target system's file system to be exposed.
  reference:
    - https://github.com/omarkurt/CVE-2019-5418
    - https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/
--- a/cves/2020/CVE-2020-11034.yaml
+++ b/cves/2020/CVE-2020-11034.yaml
@ -4,7 +4,7 @@ info:
  name: GLPI v.9.4.6 - Open redirect
  author: pikpikcu
  severity: low
-  description: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection based which is based on a regexp. This is fixed in version 9.4.6.
+  description: In GLPI before version 9.4.6, there is a vulnerability that allows bypassing the open redirect protection, which is based on a regexp. This is fixed in version 9.4.6.
  reference:
    - https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg
    - https://github.com/glpi-project/glpi/archive/9.4.6.zip
--- a/cves/2020/CVE-2020-14883.yaml
+++ b/cves/2020/CVE-2020-14883.yaml
@ -4,7 +4,7 @@ info:
  name: Oracle WebLogic Server Administration Console Handle RCE
  author: pdteam
  severity: critical
-  description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
+  description: Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attackers with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14883
  tags: cve,cve2020,oracle,rce,weblogic
--- a/cves/2020/CVE-2020-25213.yaml
+++ b/cves/2020/CVE-2020-25213.yaml
@ -4,7 +4,7 @@ info:
  name: WP File Manager RCE
  author: foulenzer
  severity: critical
-  description: The vulnerability allows unauthenticated remote attackers to upload .php files. This templates only detects the plugin, not its vulnerability.
+  description: The vulnerability allows unauthenticated remote attackers to upload .php files. This template only detects the plugin, not its vulnerability.
  reference:
    - https://plugins.trac.wordpress.org/changeset/2373068
    - https://github.com/w4fz5uck5/wp-file-manager-0day
--- a/cves/2020/CVE-2020-25540.yaml
+++ b/cves/2020/CVE-2020-25540.yaml
@ -4,7 +4,7 @@ info:
  name: ThinkAdmin 6 - Arbitrarily File Read (CVE-2020-25540)
  author: geeknik
  severity: medium
-  description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter.
+  description: ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrary files on a remote server via GET request encode parameter.
  reference: https://www.exploit-db.com/exploits/48812
  tags: cve,cve2020,thinkadmin,lfi
--- a/cves/2020/CVE-2020-26919.yaml
+++ b/cves/2020/CVE-2020-26919.yaml
@ -4,7 +4,7 @@ info:
  name: NETGEAR ProSAFE Plus - Unauthenticated Remote Code Execution
  author: gy741
  severity: critical
-  description: It was found that every section of the web could be used as a valid endpoint to submit POST requests being the action defined by the submitId argument. The problem was located in the login.html webpage, that has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow users execute system commands.
+  description: NETGEAR ProSAFE Plus was found to allow any HTML page as a valid endpoint to submit POST requests, allowing debug action via the submitId and debugCmd parameters. The problem is publicly exposed in the login.html webpage, which has to be publicly available to perform login requests but does not implement any restriction for executing debug actions. This will allow attackers to execute system commands.
  reference:
    - https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
    - https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
--- a/cves/2020/CVE-2020-28871.yaml
+++ b/cves/2020/CVE-2020-28871.yaml
@ -4,7 +4,7 @@ info:
  name: Monitorr 1.7.6m - Unauthenticated Remote Code Execution
  author: gy741
  severity: critical
-  description: This template detects an Monitorr 1.7.6m a remote code execution vulnerability. Improper input validation and lack of authorization leading to arbitrary file upload in web application. An unauthorized attacker with web access to could upload and execute a specially crafted file leading to remote code execution within the Monitorr.
+  description: This template detects a remote code execution (RCE) vulnerability in Monitorr 1.7.6m. Improper input validation and lack of authorization leads to arbitrary file uploads in the web application. An unauthorized attacker with web access to could upload and execute a specially crafted file, leading to remote code execution within the Monitorr.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2020-28871
    - https://lyhinslab.org/index.php/2020/09/12/how-the-white-box-hacking-works-authorization-bypass-and-remote-code-execution-in-monitorr-1-7-6/
--- a/cves/2020/CVE-2020-28976.yaml
+++ b/cves/2020/CVE-2020-28976.yaml
@ -4,7 +4,7 @@ info:
  name: Wordpress Plugin Canto 1.3.0 - Blind SSRF (Unauthenticated)
  author: LogicalHunter
  severity: high
-  description: The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
+  description: The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker to make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF.
  reference:
    - https://www.exploit-db.com/exploits/49189
    - https://nvd.nist.gov/vuln/detail/CVE-2020-28976
--- a/cves/2020/CVE-2020-5847.yaml
+++ b/cves/2020/CVE-2020-5847.yaml
@ -3,7 +3,7 @@ info:
  name: UnRaid Remote Code Execution
  author: madrobot
  severity: high
-  description: A vulnerability in UnRaid allows remote unauthenticated attackers to execute arbirary code.
+  description: A vulnerability in UnRaid allows remote unauthenticated attackers to execute arbitrary code.
  reference: https://sysdream.com/news/lab/2020-02-06-cve-2020-5847-cve-2020-5849-unraid-6-8-0-unauthenticated-remote-code-execution-as-root/
  tags: cve,cve2020,rce
--- a/cves/2020/CVE-2020-7209.yaml
+++ b/cves/2020/CVE-2020-7209.yaml
@ -5,7 +5,7 @@ info:
  author: dwisiswant0
  severity: critical
  tags: cve,cve2020,rce
-  description: LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.0-2.
+  description: LinuxKI v6.0-1 and earlier are vulnerable to a remote code execution. This is resolved in release 6.0-2.
  reference:
    - http://packetstormsecurity.com/files/157739/HP-LinuxKI-6.01-Remote-Command-Injection.html
    - http://packetstormsecurity.com/files/158025/LinuxKI-Toolset-6.01-Remote-Command-Execution.html
--- a/cves/2020/CVE-2020-9402.yaml
+++ b/cves/2020/CVE-2020-9402.yaml
@ -2,7 +2,7 @@ id: CVE-2020-9402
 info:
  name: Django SQL Injection
-  description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL.
+  description: Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allow SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it is possible to break character escaping and inject malicious SQL.
  reference:
    - https://github.com/vulhub/vulhub/tree/master/django/CVE-2020-9402
    - https://docs.djangoproject.com/en/3.0/releases/security/
--- a/cves/2020/CVE-2020-9425.yaml
+++ b/cves/2020/CVE-2020-9425.yaml
@ -3,7 +3,7 @@ info:
  name: rConfig Unauthenticated Sensitive Information Disclosure
  author: madrobot
  severity: high
-  description: An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application was not exiting after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response.
+  description: An issue was discovered in includes/head.inc.php in rConfig before 3.9.4. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executed, resulting in the disclosure of cleartext credentials in the response.
  reference:
    - https://blog.hivint.com/rconfig-3-9-3-unauthenticated-sensitive-information-disclosure-ead4ed88f153
    - https://github.com/rconfig/rconfig/commit/20f4e3d87e84663d922b937842fddd9af1b68dd9
--- a/cves/2021/CVE-2021-21972.yaml
+++ b/cves/2021/CVE-2021-21972.yaml
@ -5,7 +5,7 @@ info:
  author: dwisiswant0
  severity: critical
  reference: https://swarm.ptsecurity.com/unauth-rce-vmware/
-  description: The vulnerability allows unauthenticated remote attackers to upload file leading to remote code execution (RCE). This templates only detects the plugin.
+  description: The vulnerability allows unauthenticated remote attackers to upload files leading to remote code execution (RCE). This templates only detects the plugin.
  tags: cve,cve2021,vmware,rce
 requests:
--- a/cves/2021/CVE-2021-28854.yaml
+++ b/cves/2021/CVE-2021-28854.yaml
@ -4,7 +4,7 @@ info:
  name: VICIdial - Multiple sensitive Information disclosure
  author: pdteam
  severity: high
-  description: VICIdial's Web Client contains many sensitive files that can be access from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems. This vulnerability affects all versions as of 20/5/21
+  description: VICIdial's Web Client contains many sensitive files that can be accessed from the client side. These files contain mysqli logs, auth logs, debug information, successful and unsuccessful login attempts with their corresponding IP's, User-Agents, credentials and much more. This information can be leveraged by an attacker to gain further access to VICIdial systems. This vulnerability affects all versions as of 20/5/2021.
  reference: https://github.com/JHHAX/VICIdial
  tags: cve,cve2021
--- a/cves/2021/CVE-2021-33221.yaml
+++ b/cves/2021/CVE-2021-33221.yaml
@ -3,7 +3,7 @@ id: CVE-2021-33221
 info:
  name: CommScope Ruckus IoT Controller Unauthenticated Service Details
  author: geeknik
-  description: A 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices uses for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens).
+  description: A 'service details' API endpoint discloses system and configuration information to an attacker without requiring authentication. This information includes DNS and NTP servers that the devices use for time and host resolution. It also includes the internal hostname and IoT Controller version. A fully configured device in production may leak other, more sensitive information (API keys and tokens).
  reference: https://www.commscope.com/globalassets/digizuite/917216-faq-security-advisory-id-20210525-v1-0.pdf
  severity: medium
  tags: cve,cve2021,commscope,ruckus,debug
--- a/default-logins/glpi/glpi-default-credential.yaml
+++ b/default-logins/glpi/glpi-default-credential.yaml
@ -4,7 +4,7 @@ info:
  author: andysvints
  severity: high
  tags: glpi,default-login
-  description: GLPI is an ITSM software tool that helps you plan and manage IT changes. Checking is default super admin account(glpi/glpi) is enabled.
+  description: GLPI is an ITSM software tool that helps you plan and manage IT changes. This template checks if a default super admin account (glpi/glpi) is enabled.
  reference: https://glpi-project.org/
 requests:
--- a/dns/mx-service-detector.yaml
+++ b/dns/mx-service-detector.yaml
@ -4,7 +4,7 @@ info:
  name: E-mail service detector
  author: binaryfigments
  severity: info
-  description: Check the email service or spamfilter that is used for a domain.
+  description: Check the email service or spam filter that is used for a domain.
  tags: dns
 dns:
--- a/exposures/files/yarn-lock.yaml
+++ b/exposures/files/yarn-lock.yaml
@ -4,7 +4,7 @@ info:
  name: yarn lock file disclosure
  author: oppsec
  severity: info
-  description: yarn.lock is a file which store all exactly versions of each dependency were installed.
+  description: The yarn.lock file stores the versions of each Yarn dependency installed.
  tags: exposure
 requests:
--- a/fuzzing/iis-shortname.yaml
+++ b/fuzzing/iis-shortname.yaml
@ -3,7 +3,7 @@ info:
  name: iis-shortname
  author: nodauf
  severity: info
-  description: If IIS use old .Net Framwork it's possible to enumeration folder with the symbol ~.
+  description: When IIS uses an old .Net Framwork it's possible to enumeration folder with the symbol ~.
  tags: fuzz
  reference:
--- a/iot/kevinlab-device-detect.yaml
+++ b/iot/kevinlab-device-detect.yaml
@ -2,7 +2,7 @@ id: kevinlab-device-detect
 info:
  name: KevinLAB Devices Detection
-  description: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS (Building Energy Management System) enables efficient energy management in buildings. It improves the efficient of energy use by collecting and analyzing various information of energy usage and facilities in the building. It also manages energy usage, facility efficiency and indoor environment control.
+  description: KevinLab is a venture company specialized in IoT, Big Data, A.I based energy management platform. KevinLAB's BEMS (Building Energy Management System) enables efficient energy management in buildings by collecting and analyzing various information of energy usage and facilities as well as efficiency and indoor environment control.
  author: gy741
  severity: info
  tags: iot
--- a/iot/xp-webcam.yaml
+++ b/iot/xp-webcam.yaml
@ -4,7 +4,7 @@ info:
  name: XP Webcam Viewer Page
  author: aashiq
  severity: medium
-  description: Searches for exposed webcams by querying the /mobile.html endpoint and existance of webcamXP in the body
+  description: Searches for exposed webcams by querying the /mobile.html endpoint and the existence of webcamXP in the body.
  tags: webcam,iot
 requests:
--- a/miscellaneous/google-floc-disabled.yaml
+++ b/miscellaneous/google-floc-disabled.yaml
@ -3,7 +3,7 @@ id: google-floc-disabled
 info:
  name: Google FLoC Disabled
  author: geeknik
-  description: The detected website has decided to explicity exclude itself from Google FLoC tracking.
+  description: The detected website has decided to explicilty exclude itself from Google FLoC tracking.
  reference: https://www.bleepingcomputer.com/news/security/github-disables-google-floc-user-tracking-on-its-website/
  severity: info
  tags: google,floc,misc
--- a/miscellaneous/joomla-htaccess.yaml
+++ b/miscellaneous/joomla-htaccess.yaml
@ -4,8 +4,8 @@ info:
  name: Joomla htaccess file disclosure
  author: oppsec
  severity: info
-  description: Joomla have a htaccess file to store some configuration about HTTP Config, Directory Listening etc...
+  description: Joomla has an htaccess file to store configurations about HTTP config, directory listing, etc.
-  tags: misc
+  tags: misc,joomla
 requests:
  - method: GET
--- a/miscellaneous/joomla-manifest-file.yaml
+++ b/miscellaneous/joomla-manifest-file.yaml
@ -4,8 +4,8 @@ info:
  name: Joomla manifest file disclosure
  author: oppsec
  severity: info
-  description: joomla.xml is a xml file which stores some informations about installed Joomla, like version, files and paths.
+  description: joomla.xml is a file which stores information about installed Joomla, such as version, files, and paths.
-  tags: misc
+  tags: misc,joomla
 requests:
  - method: GET
--- a/miscellaneous/moodle-changelog.yaml
+++ b/miscellaneous/moodle-changelog.yaml
@ -4,7 +4,7 @@ info:
  name: Moodle Changelog File
  author: oppsec
  severity: info
-  description: Moodle have a file which describes API changes in core libraries and APIs, can be used to discover Moodle version.
+  description: Moodle has a file which describes API changes in core libraries and APIs, and can be used to discover Moodle version.
  tags: misc
 requests:
--- a/misconfiguration/aem/aem-userinfo-servlet.yaml
+++ b/misconfiguration/aem/aem-userinfo-servlet.yaml
@ -4,7 +4,7 @@ info:
  author: DhiyaneshDk
  name: AEM  UserInfo Servlet
  severity: info
-  description: UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
+  description: UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
  tags: aem
--- a/misconfiguration/exposed-service-now.yaml
+++ b/misconfiguration/exposed-service-now.yaml
@ -4,7 +4,7 @@ info:
  name: ITMS-Misconfigured
  author: dhiyaneshDK
  severity: info
-  description: detectes misconfigured Service-now ITSM instances
+  description: Detection of misconfigured ServiceNow ITSM instances.
  reference:
    - https://medium.com/@th3g3nt3l/multiple-information-exposed-due-to-misconfigured-service-now-itsm-instances-de7a303ebd56
    - https://github.com/leo-hildegarde/SnowDownKB/
--- a/misconfiguration/http-missing-security-headers.yaml
+++ b/misconfiguration/http-missing-security-headers.yaml
@ -4,7 +4,7 @@ info:
  name: HTTP Missing Security Headers
  author: socketz,geeknik,G4L1T0,convisoappsec,kurohost,dawid-czarnecki
  severity: info
-  description: It searches missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty.
+  description: It searches for missing security headers, but obviously, could be so less generic and could be useless for Bug Bounty.
  tags: misconfig,generic
 requests:
--- a/misconfiguration/laravel-debug-enabled.yaml
+++ b/misconfiguration/laravel-debug-enabled.yaml
@ -2,7 +2,7 @@ id: laravel-debug-enabled
 info:
  name: Laravel Debug Enabled
  author: notsoevilweasel
-  description: Laravel with APP_DEBUG set to true prone to showing verbose errors.
+  description: Laravel with APP_DEBUG set to true is prone to show verbose errors.
  severity: medium
  tags: debug,laravel,misconfig
--- a/network/deprecated-sshv1-detection.yaml
+++ b/network/deprecated-sshv1-detection.yaml
@ -5,7 +5,7 @@ info:
  author: iamthefrogy
  severity: medium
  tags: network,ssh,openssh
-  description: SSHv1 is a deprecated and have known cryptographic issues.
+  description: SSHv1 is deprecated and has known cryptographic issues.
  reference:
    - https://www.kb.cert.org/vuls/id/684820
    - https://nvd.nist.gov/vuln/detail/CVE-2001-1473
--- a/network/mysql-native-cred-bruteforce.yaml
+++ b/network/mysql-native-cred-bruteforce.yaml
@ -5,7 +5,7 @@ info:
  author: iamthefrogy
  severity: info
  tags: network,mysql,bruteforce,db
-  description: MySQL instance with enabled native password support prone vulnerable for password brute-force attack.
+  description: MySQL instance with enabled native password support is prone to password brute-force attacks.
 network:
  - host:
--- a/network/openssh5.3-detect.yaml
+++ b/network/openssh5.3-detect.yaml
@ -5,7 +5,7 @@ info:
  author: iamthefrogy
  severity: low
  tags: network,openssh
-  description: OpenSSH 5.3 is vulnerable to username enumeraiton and DoS vulnerabilities.
+  description: OpenSSH 5.3 is vulnerable to username enumeration and DoS vulnerabilities.
  reference:
    - http://seclists.org/fulldisclosure/2016/Jul/51
    - https://security-tracker.debian.org/tracker/CVE-2016-6210
--- a/vulnerabilities/generic/open-redirect.yaml
+++ b/vulnerabilities/generic/open-redirect.yaml
@ -4,7 +4,7 @@ info:
  name: Open URL redirect detection
  author: afaq,melbadry9,Elmahdi,pxmme1337,Regala_,andirrahmani1,geeknik
  severity: low
-  description: A user-controlled input redirect users to an external website.
+  description: A user-controlled input redirects users to an external website.
  tags: redirect,generic
 requests:
--- a/vulnerabilities/other/couchdb-adminparty.yaml
+++ b/vulnerabilities/other/couchdb-adminparty.yaml
@ -4,7 +4,7 @@ info:
  name: CouchDB Admin Party
  author: organiccrap
  severity: high
-  description: Requests made against CouchDB is done in the context of an admin user.
+  description: Requests made against CouchDB are done in the context of an admin user.
  tags: couchdb
 requests:
--- a/vulnerabilities/other/eyelock-nano-lfd.yaml
+++ b/vulnerabilities/other/eyelock-nano-lfd.yaml
@ -4,7 +4,7 @@ info:
  name: EyeLock nano NXT 3.5 - Local File Disclosure
  author: geeknik
  severity: high
-  description: nano NXT suffers from a file disclosure vulnerability when input passed thru the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
+  description: nano NXT suffers from a file disclosure vulnerability when input passed through the 'path' parameter to 'logdownload.php' script is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.
  reference: https://www.zeroscience.mk/codes/eyelock_lfd.txt
  tags: iot,lfi,eyelock
--- a/vulnerabilities/other/kevinlab-bems-backdoor.yaml
+++ b/vulnerabilities/other/kevinlab-bems-backdoor.yaml
@ -4,7 +4,7 @@ info:
  name: KevinLAB BEMS (Building Energy Management System) Undocumented Backdoor Account
  author: gy741
  severity: critical
-  description: The BEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
+  description: The BEMS solution has an undocumented backdoor account, and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel, and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the BEMS is offering remotely.
  reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5654.php
  tags: kevinlab
--- a/vulnerabilities/other/kevinlab-hems-backdoor.yaml
+++ b/vulnerabilities/other/kevinlab-hems-backdoor.yaml
@ -4,7 +4,7 @@ info:
  name: KevinLAB HEMS Undocumented Backdoor Account
  author: gy741
  severity: critical
-  description: The HEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution thru the RMI. Attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the HEMS is offering remotely.
+  description: The HEMS solution has an undocumented backdoor account and these sets of credentials are never exposed to the end-user and cannot be changed through any normal operation of the solution through the RMI. An attacker could exploit this vulnerability by logging in using the backdoor account with highest privileges for administration and gain full system control. The backdoor user cannot be seen in the users settings in the admin panel and it also uses an undocumented privilege level (admin_pk=1) which allows full availability of the features that the HEMS is offering remotely.
  reference: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5654.php
  tags: kevinlab,default-login,backdoor
--- a/vulnerabilities/other/netgear-router-auth-bypass.yaml
+++ b/vulnerabilities/other/netgear-router-auth-bypass.yaml
@ -4,7 +4,7 @@ info:
  name: NETGEAR DGN2200v1 Router Authentication Bypass
  author: gy741
  severity: high
-  description: NETGEAR decided to use to check if a page has “.jpg”, “.gif” or “ess_” substrings, trying to match the entire URL. We can therefore access any page on the device, including those that require authentication, by appending a GET variable with the relevant substring (like “?.gif”).
+  description: NETGEAR DGN2200v1 Router does not require authentication if a page has “.jpg”, “.gif”, or “ess_” substrings, however matches the entire URL. Any page on the device can therefore be accessed, including those that require authentication, by appending a GET variable with the relevant substring (e.g., “?.gif”).
  reference:
    - https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
    - https://kb.netgear.com/000062646/Security-Advisory-for-Multiple-HTTPd-Authentication-Vulnerabilities-on-DGN2200v1
--- a/vulnerabilities/other/sar2html-rce.yaml
+++ b/vulnerabilities/other/sar2html-rce.yaml
@ -4,7 +4,7 @@ info:
  name: sar2html 3.2.1 - 'plot' Remote Code Execution
  author: gy741
  severity: critical
-  description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a commend injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
+  description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
  reference:
    - https://www.exploit-db.com/exploits/49344
  tags: sar2html,rce,oob
--- a/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml
+++ b/vulnerabilities/springboot/springboot-actuators-jolokia-xxe.yaml
@ -4,7 +4,7 @@ info:
  name: Spring Boot Actuators (Jolokia) XXE
  author: dwisiswant0,ipanda
  severity: high
-  description: A vulnerability in Spring Boot Actuators's 'jolokia' endpoint allows remote attackers to preform an XML External Entities attack, include content stored on a remote server as if it was its own - this has the potential to allow the execution of arbitrary code and/or disclosure of sensitive information from the target machine.
+  description: A vulnerability in Spring Boot Actuators's 'jolokia' endpoint allows remote attackers to perform an XML External Entities (XXE) attack and include content stored on a remote server as if it was its own. This has the potential to allow the execution of arbitrary code and/or disclosure of sensitive information from the target machine.
  reference:
    - https://www.veracode.com/blog/research/exploiting-spring-boot-actuators
    - https://github.com/mpgn/Spring-Boot-Actuator-Exploit
--- a/workflows/azkaban-workflow.yaml
+++ b/workflows/azkaban-workflow.yaml
@ -3,7 +3,7 @@ id: azkaban-workflow
 info:
  name: Azkaban Security Checks
  author: pdteam
-  description: A simple workflow that runs all azkaban related nuclei templates on a given target.
+  description: A simple workflow that runs all Azkaban related nuclei templates on a given target.
  tags: workflow
 workflows:
--- a/workflows/bigip-workflow.yaml
+++ b/workflows/bigip-workflow.yaml
@ -3,7 +3,7 @@ id: bigip-workflow
 info:
  name: F5 BIG-IP Security Checks
  author: dwisiswant0
-  description: A simple workflow that runs all Bigip related nuclei templates on a given target.
+  description: A simple workflow that runs all BigIP related nuclei templates on a given target.
  tags: workflow
  # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
--- a/workflows/lucee-workflow.yaml
+++ b/workflows/lucee-workflow.yaml
@ -3,7 +3,7 @@ id: lucee-workflow
 info:
  name: Lucee Detection Workflow
  author: geeknik,dhiyaneshDk
-  description: A simple workflow that runs all Lucee related nuclei templates on given target.
+  description: A simple workflow that runs all Lucee related nuclei templates on a given target.
  tags: workflow
 workflows:
--- a/workflows/springboot-workflow.yaml
+++ b/workflows/springboot-workflow.yaml
@ -1,9 +1,9 @@
 id: springboot-workflow
 info:
-  name: Springboot Security Checks
+  name: Spring Boot Security Checks
  author: dwisiswant0
-  description: A simple workflow that runs all springboot related nuclei templates on a given target.
+  description: A simple workflow that runs all Spring Boot related nuclei templates on a given target.
  tags: workflow
  # Supported on Nuclei v2.2.0 (https://github.com/projectdiscovery/nuclei/releases/tag/v2.2.0)
--- a/workflows/worksite-takeover-workflow.yaml
+++ b/workflows/worksite-takeover-workflow.yaml
@ -3,7 +3,7 @@ id: worksite-takeover-workflow
 info:
  name: Worksite Takeover Workflow
  author: pdteam
-  description: A simple workflow that runs DNS based detection to filter hosts runnng worksite and do further HTTP based check to confirm takeover.
+  description: A simple workflow that runs DNS based detection to filter hosts running Worksite and do further HTTP based check to confirm takeover.
  reference: https://blog.melbadry9.xyz/dangling-dns/xyz-services/ddns-worksites
 workflows: