Severity and other cleanups

patch-1
sullo 2023-02-02 18:05:19 -05:00
parent f9271d485a
commit fcd29bf40a
13 changed files with 35 additions and 21 deletions

View File

@ -4,7 +4,7 @@ info:
name: Splunk <=7.0.1 - Information Disclosure name: Splunk <=7.0.1 - Information Disclosure
author: harshbothra_ author: harshbothra_
severity: medium severity: medium
description: Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key. An attacker can access sensitive information, modify data, and/or execute unauthorized operations. description: Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license key.
reference: reference:
- https://github.com/kofa2002/splunk - https://github.com/kofa2002/splunk
- https://www.exploit-db.com/exploits/44865/ - https://www.exploit-db.com/exploits/44865/

View File

@ -4,7 +4,7 @@ info:
name: Kirona Dynamic Resource Scheduler - Information Disclosure name: Kirona Dynamic Resource Scheduler - Information Disclosure
author: LogicalHunter author: LogicalHunter
severity: medium severity: medium
description: Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd), which contains sensitive information through SQL queries, such as database version, table name, and column name. description: Kirona Dynamic Resource Scheduler is susceptible to information disclosure. An unauthenticated user can directly access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd), which contains sensitive information with exposed SQL queries, such as database version, table name, and column name.
reference: reference:
- https://www.exploit-db.com/exploits/47498 - https://www.exploit-db.com/exploits/47498
- https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities - https://github.com/Ramikan/Vulnerabilities/blob/master/Kirona-DRS%205.5.3.5%20Multiple%20Vulnerabilities

View File

@ -29,4 +29,12 @@ requests:
- '<title>Manage Filters - Jira</title>' - '<title>Manage Filters - Jira</title>'
condition: and condition: and
# Remediation:
# Ensure that this permission is restricted to specific groups that require it.
# You can restrict it in Administration > System > Global Permissions.
# Turning the feature off will not affect existing filters and dashboards.
# If you change this setting, you will still need to update the existing filters and dashboards if they have already been
# shared publicly.
# Since Jira 7.2.10, a dark feature to disable site-wide anonymous access was introduced.
# Enhanced by md on 2023/02/01 # Enhanced by md on 2023/02/01

View File

@ -1,13 +1,13 @@
id: adiscon-loganalyzer id: adiscon-loganalyzer
info: info:
name: Adiscon LogAnalyzer - Detect name: Adiscon LogAnalyzer - Information Disclosure
author: geeknik author: geeknik
severity: info severity: high
description: Adiscon LogAnalyzer was discovered. Adiscon LogAnalyzer is a web interface to syslog and other network event data. It provides easy browsing and analysis of real-time network events and reporting services. description: Adiscon LogAnalyzer was discovered. Adiscon LogAnalyzer is a web interface to syslog and other network event data. It provides easy browsing and analysis of real-time network events and reporting services.
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 0.0 cvss-score: 7.5
cwe-id: CWE-200 cwe-id: CWE-200
reference: reference:
- https://loganalyzer.adiscon.com/ - https://loganalyzer.adiscon.com/

View File

@ -3,13 +3,14 @@ id: beego-admin-dashboard
info: info:
name: Beego Admin Dashboard Panel- Detect name: Beego Admin Dashboard Panel- Detect
author: DhiyaneshDk author: DhiyaneshDk
severity: info severity: medium
description: Beego Admin Dashboard panel was detected. description: Beego Admin Dashboard panel was detected.
reference: reference:
- https://github.com/beego
- https://twitter.com/shaybt12/status/1584112903577567234/photo/1 - https://twitter.com/shaybt12/status/1584112903577567234/photo/1
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 0.0 cvss-score: 5.3
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata:
verified: true verified: true

View File

@ -6,7 +6,7 @@ info:
severity: info severity: info
description: CompleteView panel was detected. description: CompleteView panel was detected.
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata:

View File

@ -6,7 +6,7 @@ info:
severity: info severity: info
description: Connect Box login panel was detected. description: Connect Box login panel was detected.
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata:

View File

@ -3,14 +3,15 @@ id: grails-database-admin-console
info: info:
name: Grails Admin Console Panel - Detect name: Grails Admin Console Panel - Detect
author: emadshanab author: emadshanab
severity: info severity: medium
description: Grails Admin Console panel was detected. description: Grails Admin Console panel was detected.
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 0.0 cvss-score: 5.3
cwe-id: CWE-200 cwe-id: CWE-200
reference: reference:
- https://www.acunetix.com/vulnerabilities/web/grails-database-console/ - https://www.acunetix.com/vulnerabilities/web/grails-database-console/
- http://h2database.com/html/quickstart.html#h2_console
tags: grails,panel tags: grails,panel
requests: requests:

View File

@ -9,7 +9,8 @@ info:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
reference: https://www.machform.com/ reference:
- https://www.machform.com/
metadata: metadata:
verified: true verified: true
shodan-query: title:"MachForm Admin Panel" shodan-query: title:"MachForm Admin Panel"

View File

@ -6,7 +6,7 @@ info:
severity: info severity: info
description: The Neo4j Browser has been detected. description: The Neo4j Browser has been detected.
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata:

View File

@ -3,11 +3,13 @@ id: odoo-database-manager
info: info:
name: Odoo Database Manager Panel - Detect name: Odoo Database Manager Panel - Detect
author: __Fazal,R3dg33k author: __Fazal,R3dg33k
severity: info severity: critical
description: Odoo database manager was discovered. description: Odoo database manager was discovered and allows access to databases.
reference:
- https://www.odoo.com/
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 0.0 cvss-score: 9.8
cwe-id: CWE-200 cwe-id: CWE-200
tags: panel,odoo tags: panel,odoo

View File

@ -8,6 +8,7 @@ info:
reference: reference:
- https://sidekiq.org - https://sidekiq.org
- https://github.com/mperham/sidekiq - https://github.com/mperham/sidekiq
- https://github.com/mperham/sidekiq/wiki/Monitoring
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0

View File

@ -6,7 +6,7 @@ info:
severity: info severity: info
description: Apache Solr admin panel was detected. description: Apache Solr admin panel was detected.
classification: classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
cvss-score: 0.0 cvss-score: 0.0
cwe-id: CWE-200 cwe-id: CWE-200
metadata: metadata: